fix(authentication): properly setup the session cookie to restore authentication on remote environments (#433)

DrRaider · web-flow · commit 556c56d37d03 · 2021-03-04T09:35:46.000+01:00
diff --git a/app/controllers/forest_liana/authentication_controller.rb b/app/controllers/forest_liana/authentication_controller.rb
@@ -69,7 +69,7 @@ def authentication_callback
             httponly: true,
             secure: true,
             expires: ForestLiana::Token.expiration_in_days,
-            samesite: 'none',
+            same_site: :None,
             path: '/'
           },
         )
@@ -104,7 +104,7 @@ def logout
                 httponly: true,
                 secure: true,
                 expires: Time.at(0),
-                samesite: 'none',
+                same_site: :None,
                 path: '/'
               },
             )
diff --git a/spec/requests/authentications_spec.rb b/spec/requests/authentications_spec.rb
@@ -61,7 +61,7 @@
 
     it "should return a valid authentication token" do
       session_cookie = response.headers['set-cookie']
-      expect(session_cookie).to match(/^forest_session_token=[^;]+; path=\/; expires=[^;]+; secure; HttpOnly$/)
+      expect(session_cookie).to match(/^forest_session_token=[^;]+; path=\/; expires=[^;]+; secure; HttpOnly; SameSite=None$/)
 
       token = session_cookie.match(/^forest_session_token=([^;]+);/)[1]
       decoded = JWT.decode(token, ForestLiana.auth_secret, true, { algorithm: 'HS256' })[0]
@@ -100,7 +100,7 @@
 
     it "should invalidate token from browser" do
       invalidated_session_cookie = response.headers['set-cookie']
-      expect(invalidated_session_cookie).to match(/^forest_session_token=[^;]+; path=\/; expires=Thu, 01 Jan 1970 00:00:00 GMT; secure; HttpOnly$/)
+      expect(invalidated_session_cookie).to match(/^forest_session_token=[^;]+; path=\/; expires=Thu, 01 Jan 1970 00:00:00 GMT; secure; HttpOnly; SameSite=None$/)
     end
   end
 end
