summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
Diffstat (limited to 'app')
-rw-r--r--app/controllers/sessions/controller.go7
-rw-r--r--app/controllers/sessions/controller_test.go10
2 files changed, 14 insertions, 3 deletions
diff --git a/app/controllers/sessions/controller.go b/app/controllers/sessions/controller.go
index b9240c6..50aac63 100644
--- a/app/controllers/sessions/controller.go
+++ b/app/controllers/sessions/controller.go
@@ -4,6 +4,7 @@ import (
"net/http"
"time"
+ xcookie "github.com/xlgmokha/x/pkg/cookie"
"github.com/xlgmokha/x/pkg/log"
"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/middleware"
"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc"
@@ -37,8 +38,8 @@ func (c *Controller) New(w http.ResponseWriter, r *http.Request) {
http.SetCookie(w, cookie.New(
"oauth_state",
nonce,
- cookie.WithSameSite(http.SameSiteLaxMode),
- cookie.WithExpiration(time.Now().Add(10*time.Minute)),
+ xcookie.WithSameSite(http.SameSiteLaxMode),
+ xcookie.WithExpiration(time.Now().Add(10*time.Minute)),
))
http.Redirect(w, r, url, http.StatusFound)
}
@@ -138,7 +139,7 @@ func (c *Controller) Create(w http.ResponseWriter, r *http.Request) {
return
}
- http.SetCookie(w, cookie.New("session", encoded, cookie.WithExpiration(tokens.Expiry)))
+ http.SetCookie(w, cookie.New("session", encoded, xcookie.WithExpiration(tokens.Expiry)))
http.Redirect(w, r, "/dashboard", http.StatusFound)
}
diff --git a/app/controllers/sessions/controller_test.go b/app/controllers/sessions/controller_test.go
index c40dbe7..8efc813 100644
--- a/app/controllers/sessions/controller_test.go
+++ b/app/controllers/sessions/controller_test.go
@@ -6,10 +6,12 @@ import (
"net/http"
"net/url"
"testing"
+ "time"
"github.com/oauth2-proxy/mockoidc"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
+ "github.com/xlgmokha/x/pkg/x"
xcfg "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/cfg"
"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/domain"
"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc"
@@ -150,6 +152,14 @@ func TestSessions(t *testing.T) {
sub, err := token.Claims.GetSubject()
require.NoError(t, err)
assert.Equal(t, user.Subject, sub)
+
+ assert.Equal(t, "/", cookie.Path)
+ assert.Equal(t, "localhost", cookie.Domain)
+ assert.Equal(t, "session", cookie.Name)
+ assert.Zero(t, cookie.SameSite)
+ assert.Equal(t, x.Must(time.Parse(time.RFC3339, tokens["expiry"].(string))).Unix(), cookie.Expires.Unix())
+ assert.True(t, cookie.HttpOnly)
+ assert.True(t, cookie.Secure)
})
t.Run("stores the refresh token in a session cookie", func(t *testing.T) {
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-02 09:00:28 +0000