diff options
| -rw-r--r-- | app/controllers/sessions/controller_test.go | 11 | ||||
| -rw-r--r-- | pkg/web/cookie/cookie_test.go | 2 | ||||
| -rw-r--r-- | pkg/web/cookie/new.go | 5 |
3 files changed, 5 insertions, 13 deletions
diff --git a/app/controllers/sessions/controller_test.go b/app/controllers/sessions/controller_test.go index c0c1de2..9ece4f9 100644 --- a/app/controllers/sessions/controller_test.go +++ b/app/controllers/sessions/controller_test.go @@ -11,7 +11,6 @@ import ( "github.com/oauth2-proxy/mockoidc" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/xlgmokha/x/pkg/x" xcfg "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/cfg" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/domain" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc" @@ -62,11 +61,8 @@ func TestSessions(t *testing.T) { cookieHeader := w.Header().Get("Set-Cookie") require.NotEmpty(t, cookieHeader) - cookies, err := http.ParseCookie(cookieHeader) + cookie, err := http.ParseSetCookie(w.Header().Get("Set-Cookie")) require.NoError(t, err) - cookie := x.Find(cookies, func(item *http.Cookie) bool { - return item.Name == "oauth_state" - }) require.NotZero(t, cookie) }) }) @@ -126,11 +122,8 @@ func TestSessions(t *testing.T) { mux.ServeHTTP(w, r) - cookies, err := http.ParseCookie(w.Header().Get("Set-Cookie")) + cookie, err := http.ParseSetCookie(w.Header().Get("Set-Cookie")) require.NoError(t, err) - cookie := x.Find(cookies, func(item *http.Cookie) bool { - return item.Name == "session" - }) require.NotZero(t, cookie) data, err := base64.URLEncoding.DecodeString(cookie.Value) require.NoError(t, err) diff --git a/pkg/web/cookie/cookie_test.go b/pkg/web/cookie/cookie_test.go index c91efdc..9ac1817 100644 --- a/pkg/web/cookie/cookie_test.go +++ b/pkg/web/cookie/cookie_test.go @@ -11,7 +11,7 @@ import ( func TestCookie(t *testing.T) { t.Run("New", func(t *testing.T) { t.Run("returns a cookie pinned to the HOST", func(t *testing.T) { - env.With(env.Vars{"HOST": "sparkle.example.com", "APP_ENV": "production"}, func() { + env.With(env.Vars{"HOST": "sparkle.example.com"}, func() { cookie := New("name", "value", time.Now().Add(1*time.Minute)) assert.Equal(t, cookie.Domain, "sparkle.example.com") assert.Equal(t, cookie.HttpOnly, true) diff --git a/pkg/web/cookie/new.go b/pkg/web/cookie/new.go index e1d8477..335b305 100644 --- a/pkg/web/cookie/new.go +++ b/pkg/web/cookie/new.go @@ -8,15 +8,14 @@ import ( ) func New(name, value string, expires time.Time) *http.Cookie { - production := env.Fetch("APP_ENV", "development") == "production" return &http.Cookie{ Name: name, Value: value, // TODO:: digitally sign the value Expires: expires, MaxAge: int(time.Until(expires).Seconds()), Path: "/", - HttpOnly: production, - Secure: production, + HttpOnly: true, + Secure: true, SameSite: http.SameSiteDefaultMode, Domain: env.Fetch("HOST", "localhost"), } |