1
0
mirror of https://github.com/Unleash/unleash.git synced 2024-12-22 19:07:54 +01:00

feat: add option to disable 'Clear-Site-Data' header on logout (#1645)

This commit is contained in:
Ivar Conradi Østhus 2022-06-03 11:50:58 +02:00 committed by GitHub
parent ff7842b2f1
commit 3359dd204d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 77 additions and 6 deletions

View File

@ -89,6 +89,8 @@ Object {
"unleashUrl": "http://localhost:4242",
},
"session": Object {
"clearSiteDataOnLogout": true,
"cookieName": "unleash-session",
"db": true,
"ttlHours": 48,
},

View File

@ -91,6 +91,11 @@ const defaultDbOptions: IDBOption = {
const defaultSessionOption: ISessionOption = {
ttlHours: parseEnvVarNumber(process.env.SESSION_TTL_HOURS, 48),
clearSiteDataOnLogout: parseEnvVarBoolean(
process.env.SESSION_CLEAR_SITE_DATA_ON_LOGOUT,
true,
),
cookieName: 'unleash-session',
db: true,
};

View File

@ -10,7 +10,7 @@ function sessionDb(
knex: Knex,
): RequestHandler {
let store;
const { db } = config.session;
const { db, cookieName } = config.session;
const age =
hoursToMilliseconds(config.session.ttlHours) || hoursToMilliseconds(48);
const KnexSessionStore = knexSessionStore(session);
@ -25,7 +25,7 @@ function sessionDb(
store = new session.MemoryStore();
}
return session({
name: 'unleash-session',
name: cookieName,
rolling: false,
resave: false,
saveUninitialized: false,

View File

@ -5,13 +5,12 @@ import SimplePasswordProvider from './auth/simple-password-provider';
import { IUnleashConfig } from '../types/option';
import { IUnleashServices } from '../types/services';
import { api } from './api-def';
import LogoutController from './logout';
const AdminApi = require('./admin-api');
const ClientApi = require('./client-api');
const Controller = require('./controller');
const HealthCheckController = require('./health-check');
const LogoutController = require('./logout');
class IndexRouter extends Controller {
constructor(config: IUnleashConfig, services: IUnleashServices) {
super(config);

View File

@ -44,6 +44,59 @@ test('should set "Clear-Site-Data" header', async () => {
.expect('Clear-Site-Data', '"cookies", "storage"');
});
test('should not set "Clear-Site-Data" header', async () => {
const baseUriPath = '';
const app = express();
const config = createTestConfig({
server: { baseUriPath },
session: { clearSiteDataOnLogout: false },
});
app.use('/logout', new LogoutController(config).router);
const request = supertest(app);
expect.assertions(1);
await request
.get(`${baseUriPath}/logout`)
.expect(302)
.expect((res) =>
expect(res.headers['Clear-Site-Data']).toBeUndefined(),
);
});
test('should clear "unleash-session" cookies', async () => {
const baseUriPath = '';
const app = express();
const config = createTestConfig({ server: { baseUriPath } });
app.use('/logout', new LogoutController(config).router);
const request = supertest(app);
expect.assertions(0);
await request
.get(`${baseUriPath}/logout`)
.expect(302)
.expect(
'Set-Cookie',
'unleash-session=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT',
);
});
test('should clear "unleash-session" cookie even when disabled clear site data', async () => {
const baseUriPath = '';
const app = express();
const config = createTestConfig({
server: { baseUriPath },
session: { clearSiteDataOnLogout: false },
});
app.use('/logout', new LogoutController(config).router);
const request = supertest(app);
expect.assertions(0);
await request
.get(`${baseUriPath}/logout`)
.expect(302)
.expect(
'Set-Cookie',
'unleash-session=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT',
);
});
test('should call destroy on session', async () => {
const baseUriPath = '';
const fakeSession = {

View File

@ -4,11 +4,17 @@ import Controller from './controller';
import { IAuthRequest } from './unleash-types';
class LogoutController extends Controller {
private clearSiteDataOnLogout: boolean;
private cookieName: string;
private baseUri: string;
constructor(config: IUnleashConfig) {
super(config);
this.baseUri = config.server.baseUriPath;
this.clearSiteDataOnLogout = config.session.clearSiteDataOnLogout;
this.cookieName = config.session.cookieName;
this.get('/', this.logout);
}
@ -27,10 +33,14 @@ class LogoutController extends Controller {
req.logout();
}
res.set('Clear-Site-Data', '"cookies", "storage"');
res.clearCookie(this.cookieName);
if (this.clearSiteDataOnLogout) {
res.set('Clear-Site-Data', '"cookies", "storage"');
}
res.redirect(`${this.baseUri}/`);
}
}
module.exports = LogoutController;
export default LogoutController;

View File

@ -37,6 +37,8 @@ export interface IDBOption {
export interface ISessionOption {
ttlHours: number;
db: boolean;
clearSiteDataOnLogout: boolean;
cookieName: string;
}
export interface IVersionOption {