mirror of
https://github.com/Unleash/unleash.git
synced 2024-12-22 19:07:54 +01:00
feat: add option to disable 'Clear-Site-Data' header on logout (#1645)
This commit is contained in:
parent
ff7842b2f1
commit
3359dd204d
@ -89,6 +89,8 @@ Object {
|
||||
"unleashUrl": "http://localhost:4242",
|
||||
},
|
||||
"session": Object {
|
||||
"clearSiteDataOnLogout": true,
|
||||
"cookieName": "unleash-session",
|
||||
"db": true,
|
||||
"ttlHours": 48,
|
||||
},
|
||||
|
@ -91,6 +91,11 @@ const defaultDbOptions: IDBOption = {
|
||||
|
||||
const defaultSessionOption: ISessionOption = {
|
||||
ttlHours: parseEnvVarNumber(process.env.SESSION_TTL_HOURS, 48),
|
||||
clearSiteDataOnLogout: parseEnvVarBoolean(
|
||||
process.env.SESSION_CLEAR_SITE_DATA_ON_LOGOUT,
|
||||
true,
|
||||
),
|
||||
cookieName: 'unleash-session',
|
||||
db: true,
|
||||
};
|
||||
|
||||
|
@ -10,7 +10,7 @@ function sessionDb(
|
||||
knex: Knex,
|
||||
): RequestHandler {
|
||||
let store;
|
||||
const { db } = config.session;
|
||||
const { db, cookieName } = config.session;
|
||||
const age =
|
||||
hoursToMilliseconds(config.session.ttlHours) || hoursToMilliseconds(48);
|
||||
const KnexSessionStore = knexSessionStore(session);
|
||||
@ -25,7 +25,7 @@ function sessionDb(
|
||||
store = new session.MemoryStore();
|
||||
}
|
||||
return session({
|
||||
name: 'unleash-session',
|
||||
name: cookieName,
|
||||
rolling: false,
|
||||
resave: false,
|
||||
saveUninitialized: false,
|
||||
|
@ -5,13 +5,12 @@ import SimplePasswordProvider from './auth/simple-password-provider';
|
||||
import { IUnleashConfig } from '../types/option';
|
||||
import { IUnleashServices } from '../types/services';
|
||||
import { api } from './api-def';
|
||||
import LogoutController from './logout';
|
||||
|
||||
const AdminApi = require('./admin-api');
|
||||
const ClientApi = require('./client-api');
|
||||
const Controller = require('./controller');
|
||||
const HealthCheckController = require('./health-check');
|
||||
const LogoutController = require('./logout');
|
||||
|
||||
class IndexRouter extends Controller {
|
||||
constructor(config: IUnleashConfig, services: IUnleashServices) {
|
||||
super(config);
|
||||
|
@ -44,6 +44,59 @@ test('should set "Clear-Site-Data" header', async () => {
|
||||
.expect('Clear-Site-Data', '"cookies", "storage"');
|
||||
});
|
||||
|
||||
test('should not set "Clear-Site-Data" header', async () => {
|
||||
const baseUriPath = '';
|
||||
const app = express();
|
||||
const config = createTestConfig({
|
||||
server: { baseUriPath },
|
||||
session: { clearSiteDataOnLogout: false },
|
||||
});
|
||||
app.use('/logout', new LogoutController(config).router);
|
||||
const request = supertest(app);
|
||||
expect.assertions(1);
|
||||
await request
|
||||
.get(`${baseUriPath}/logout`)
|
||||
.expect(302)
|
||||
.expect((res) =>
|
||||
expect(res.headers['Clear-Site-Data']).toBeUndefined(),
|
||||
);
|
||||
});
|
||||
|
||||
test('should clear "unleash-session" cookies', async () => {
|
||||
const baseUriPath = '';
|
||||
const app = express();
|
||||
const config = createTestConfig({ server: { baseUriPath } });
|
||||
app.use('/logout', new LogoutController(config).router);
|
||||
const request = supertest(app);
|
||||
expect.assertions(0);
|
||||
await request
|
||||
.get(`${baseUriPath}/logout`)
|
||||
.expect(302)
|
||||
.expect(
|
||||
'Set-Cookie',
|
||||
'unleash-session=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT',
|
||||
);
|
||||
});
|
||||
|
||||
test('should clear "unleash-session" cookie even when disabled clear site data', async () => {
|
||||
const baseUriPath = '';
|
||||
const app = express();
|
||||
const config = createTestConfig({
|
||||
server: { baseUriPath },
|
||||
session: { clearSiteDataOnLogout: false },
|
||||
});
|
||||
app.use('/logout', new LogoutController(config).router);
|
||||
const request = supertest(app);
|
||||
expect.assertions(0);
|
||||
await request
|
||||
.get(`${baseUriPath}/logout`)
|
||||
.expect(302)
|
||||
.expect(
|
||||
'Set-Cookie',
|
||||
'unleash-session=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT',
|
||||
);
|
||||
});
|
||||
|
||||
test('should call destroy on session', async () => {
|
||||
const baseUriPath = '';
|
||||
const fakeSession = {
|
||||
|
@ -4,11 +4,17 @@ import Controller from './controller';
|
||||
import { IAuthRequest } from './unleash-types';
|
||||
|
||||
class LogoutController extends Controller {
|
||||
private clearSiteDataOnLogout: boolean;
|
||||
|
||||
private cookieName: string;
|
||||
|
||||
private baseUri: string;
|
||||
|
||||
constructor(config: IUnleashConfig) {
|
||||
super(config);
|
||||
this.baseUri = config.server.baseUriPath;
|
||||
this.clearSiteDataOnLogout = config.session.clearSiteDataOnLogout;
|
||||
this.cookieName = config.session.cookieName;
|
||||
this.get('/', this.logout);
|
||||
}
|
||||
|
||||
@ -27,10 +33,14 @@ class LogoutController extends Controller {
|
||||
req.logout();
|
||||
}
|
||||
|
||||
res.set('Clear-Site-Data', '"cookies", "storage"');
|
||||
res.clearCookie(this.cookieName);
|
||||
|
||||
if (this.clearSiteDataOnLogout) {
|
||||
res.set('Clear-Site-Data', '"cookies", "storage"');
|
||||
}
|
||||
|
||||
res.redirect(`${this.baseUri}/`);
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = LogoutController;
|
||||
export default LogoutController;
|
||||
|
@ -37,6 +37,8 @@ export interface IDBOption {
|
||||
export interface ISessionOption {
|
||||
ttlHours: number;
|
||||
db: boolean;
|
||||
clearSiteDataOnLogout: boolean;
|
||||
cookieName: string;
|
||||
}
|
||||
|
||||
export interface IVersionOption {
|
||||
|
Loading…
Reference in New Issue
Block a user