Skip to content

Commit

Permalink
fix: session required in signout
Browse files Browse the repository at this point in the history
  • Loading branch information
furkansenharputlu committed Apr 26, 2024
1 parent 2d5fac1 commit 15a6ce7
Show file tree
Hide file tree
Showing 4 changed files with 9 additions and 8 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

- `session.CreateNewSession` now defaults to the value of the `st-auth-mode` header (if available) if the configured `config.GetTokenTransferMethod` returns `any`.
- Enable smooth switching between `useDynamicAccessTokenSigningKey` settings by allowing refresh calls to change the signing key type of a session.
- Make session required during signout.

## [0.17.5] - 2024-03-14
- Adds a type uint64 to the `accessTokenCookiesExpiryDurationMillis` local variable in `recipe/session/utils.go`. It also removes the redundant `uint64` type forcing needed because of the untyped variable.
Expand Down
6 changes: 3 additions & 3 deletions recipe/emailpassword/authFlow_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1387,7 +1387,7 @@ func TestDefaultSignoutRouteRevokesSession(t *testing.T) {
assert.Equal(t, "", cookieData1["refreshTokenDomain"])
}

func TestCallingTheAPIwithoutSessionShouldReturnOk(t *testing.T) {
func TestCallingTheAPIwithoutSessionShouldReturnUnauthorized(t *testing.T) {
configValue := supertokens.TypeInput{
Supertokens: &supertokens.ConnectionInfo{
ConnectionURI: "http://localhost:8080",
Expand Down Expand Up @@ -1442,8 +1442,8 @@ func TestCallingTheAPIwithoutSessionShouldReturnOk(t *testing.T) {
t.Error(err.Error())
}

assert.Equal(t, 200, res.StatusCode)
assert.Equal(t, "OK", data["status"])
assert.Equal(t, http.StatusUnauthorized, res.StatusCode)
assert.Empty(t, data["status"])
assert.Nil(t, req.Header["Cookie"])
}

Expand Down
4 changes: 2 additions & 2 deletions recipe/session/signout.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,9 @@ func SignOutAPI(apiImplementation sessmodels.APIInterface, options sessmodels.AP
return nil
}

False := false
sessionRequired := true
sessionContainer, err := GetSessionFromRequest(options.Req, options.Res, options.Config, &sessmodels.VerifySessionOptions{
SessionRequired: &False,
SessionRequired: &sessionRequired,
OverrideGlobalClaimValidators: func(globalClaimValidators []claims.SessionClaimValidator, sessionContainer sessmodels.SessionContainer, userContext supertokens.UserContext) ([]claims.SessionClaimValidator, error) {
return []claims.SessionClaimValidator{}, nil
},
Expand Down
6 changes: 3 additions & 3 deletions recipe/thirdparty/signoutFeature_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ import (
"gopkg.in/h2non/gock.v1"
)

func TestThatCallingTheAPIwithoutASessionShouldReturnOk(t *testing.T) {
func TestThatCallingTheAPIwithoutASessionShouldReturnUnauthorized(t *testing.T) {
configValue := supertokens.TypeInput{
Supertokens: &supertokens.ConnectionInfo{
ConnectionURI: "http://localhost:8080",
Expand Down Expand Up @@ -80,7 +80,7 @@ func TestThatCallingTheAPIwithoutASessionShouldReturnOk(t *testing.T) {
if err != nil {
t.Error(err.Error())
}
assert.Equal(t, http.StatusOK, resp.StatusCode)
assert.Equal(t, http.StatusUnauthorized, resp.StatusCode)

dataInBytes, err := ioutil.ReadAll(resp.Body)
if err != nil {
Expand All @@ -94,7 +94,7 @@ func TestThatCallingTheAPIwithoutASessionShouldReturnOk(t *testing.T) {
t.Error(err.Error())
}

assert.Equal(t, "OK", response["status"])
assert.Empty(t, response["status"])

assert.Equal(t, 0, len(resp.Cookies()))
}
Expand Down

0 comments on commit 15a6ce7

Please sign in to comment.