misc: make opened session cookie http only and secure (#76809)
gitea/authentic/pipeline/head This commit looks good
Details
gitea/authentic/pipeline/head This commit looks good
Details
This commit is contained in:
parent
ddec7aac6b
commit
670481b026
|
@ -119,8 +119,6 @@ LOGGING = {
|
|||
},
|
||||
}
|
||||
|
||||
A2_OPENED_SESSION_COOKIE_SECURE = True
|
||||
|
||||
|
||||
# Old settings method
|
||||
def extract_settings_from_environ():
|
||||
|
|
|
@ -45,8 +45,6 @@ if 'syslog' in LOGGING['handlers']:
|
|||
'level': 'WARNING',
|
||||
}
|
||||
|
||||
A2_OPENED_SESSION_COOKIE_SECURE = True
|
||||
|
||||
A2_PASSWORD_POLICY_DICTIONARIES = {'richelieu': '/usr/share/authentic2/richelieu'}
|
||||
|
||||
# Rest Authentication Class for services access
|
||||
|
|
|
@ -180,7 +180,6 @@ default_settings = dict(
|
|||
VALID_REFERERS=Setting(default=(), definition='List of prefix to match referers'),
|
||||
A2_OPENED_SESSION_COOKIE_NAME=Setting(default='A2_OPENED_SESSION', definition='Authentic session open'),
|
||||
A2_OPENED_SESSION_COOKIE_DOMAIN=Setting(default=None),
|
||||
A2_OPENED_SESSION_COOKIE_SECURE=Setting(default=False),
|
||||
A2_ATTRIBUTE_KINDS=Setting(default=(), definition='List of other attribute kinds'),
|
||||
A2_ATTRIBUTE_KIND_PROFILE_IMAGE_SIZE=Setting(
|
||||
default=200, definition='Width and height for a profile image'
|
||||
|
|
|
@ -76,7 +76,8 @@ class OpenedSessionCookieMiddleware(MiddlewareMixin):
|
|||
value=uuid.uuid4().hex,
|
||||
max_age=None,
|
||||
domain=domain,
|
||||
secure=app_settings.A2_OPENED_SESSION_COOKIE_SECURE,
|
||||
secure=settings.SESSION_COOKIE_SECURE,
|
||||
httponly=True,
|
||||
samesite='Lax',
|
||||
)
|
||||
elif app_settings.A2_OPENED_SESSION_COOKIE_NAME in request.COOKIES:
|
||||
|
|
|
@ -572,7 +572,6 @@ def test_login_opened_session_cookie(db, app, settings, simple_user):
|
|||
login(app, simple_user)
|
||||
assert 'A2_OPENED_SESSION' in app.cookies
|
||||
|
||||
settings.A2_OPENED_SESSION_COOKIE_SECURE = True
|
||||
app.cookiejar.clear()
|
||||
login(app, simple_user)
|
||||
assert 'A2_OPENED_SESSION' in app.cookies
|
||||
|
|
Loading…
Reference in New Issue