From 06fc0a060b9429d475f15a88670338bfe3eb05ed Mon Sep 17 00:00:00 2001 From: Skye Bender-deMoll <122867176+skyemeedan@users.noreply.github.com> Date: Wed, 17 Jul 2024 11:23:12 +0100 Subject: [PATCH] [CV2-4007] update _checkdesk_session cookie permissions to entire domain (#1929) * [CV2-4007] Set _checkdesk_session_cookie name depending on configuration and environment [CV2-4007] Set _checkdesk_session_cookie name depending on configuration and environment --------- Co-authored-by: Skye Bender-deMoll Co-authored-by: Jay Joshua <7008757+jayjay-w@users.noreply.github.com> --- config/config.yml.example | 3 +++ config/initializers/session_store.rb | 7 +++++- test/lib/check_session_store_test.rb | 37 ++++++++++++++++++++++++++++ 3 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 test/lib/check_session_store_test.rb diff --git a/config/config.yml.example b/config/config.yml.example index 691cd71933..b8ecd2a8ec 100644 --- a/config/config.yml.example +++ b/config/config.yml.example @@ -273,6 +273,9 @@ development: &default devise_unlock_accounts_after: 1 login_rate_limit: 10 api_rate_limit: 100 + + session_store_key: '_checkdesk_session_dev' + session_store_domain: 'localhost' test: <<: *default checkdesk_base_url_private: http://api:3000 diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index f8f9ad672c..06c2b3fb15 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -1,3 +1,8 @@ # Be sure to restart your server when you modify this file. -Rails.application.config.session_store :cookie_store, key: '_checkdesk_session' +# Retrieve the session key and domain based on the environment using CheckConfig. +cookie_key = CheckConfig.get('session_store_key', '_checkdesk_session') +domain_setting = CheckConfig.get('session_store_domain', Rails.env.development? ? 'localhost' : '.checkmedia.org') + +# Configure the session store with the dynamically obtained session key and domain. +Rails.application.config.session_store :cookie_store, key: cookie_key, domain: domain_setting diff --git a/test/lib/check_session_store_test.rb b/test/lib/check_session_store_test.rb new file mode 100644 index 0000000000..f379290398 --- /dev/null +++ b/test/lib/check_session_store_test.rb @@ -0,0 +1,37 @@ +require 'test_helper' + +class SessionStoreTest < ActiveSupport::TestCase + def with_environment(env) + original_env = Rails.env + Rails.singleton_class.class_eval do + define_method(:env) { ActiveSupport::StringInquirer.new(env) } + end + yield + ensure + Rails.singleton_class.class_eval do + define_method(:env) { original_env } + end + end + + test "session store configuration with default key and domain when config values are not set" do + with_environment('production') do + stub_configs({ 'session_store_key' => nil, 'session_store_domain' => nil }) do + load Rails.root.join('config/initializers/session_store.rb') + assert_equal ActionDispatch::Session::CookieStore, Rails.application.config.session_store + assert_equal '_checkdesk_session', Rails.application.config.session_options[:key] + assert_equal '.checkmedia.org', Rails.application.config.session_options[:domain] + end + end + end + + test "session store configuration with overriding key and domain in config" do + with_environment('production') do + stub_configs({ 'session_store_key' => '_checkdesk_session_qa', 'session_store_domain' => 'qa.checkmedia.org' }) do + load Rails.root.join('config/initializers/session_store.rb') + assert_equal ActionDispatch::Session::CookieStore, Rails.application.config.session_store + assert_equal '_checkdesk_session_qa', Rails.application.config.session_options[:key] + assert_equal 'qa.checkmedia.org', Rails.application.config.session_options[:domain] + end + end + end +end