Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

[app] Delete all cookies on signout #421

Merged
merged 1 commit into from
Aug 27, 2022
Merged

[app] Delete all cookies on signout #421

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -49,6 +49,7 @@ NOTE: As semantic versioning states all 0.y.z releases can contain breaking chan
- [#417](https://github.com/kobsio/kobs/pull/417): [jira] Adjust notification style based on the issue status.
- [#418](https://github.com/kobsio/kobs/pull/418): [app] Go to details page when a user selects an application.
- [#420](https://github.com/kobsio/kobs/pull/420): [app] Use generics for `jwt` package and reuse the package for the GitHub and Jira plugin, to make the generated cookies more secure.
- [#421](https://github.com/kobsio/kobs/pull/421): [app] Delete all cookies on signout.

## [v0.9.1](https://github.com/kobsio/kobs/releases/tag/v0.9.1) (2022-07-08)

22 changes: 14 additions & 8 deletions pkg/hub/auth/auth.go
View file
Original file line number Diff line number Diff line change
@@ -209,14 +209,20 @@ func (c *client) signinHandler(w http.ResponseWriter, r *http.Request) {
// signoutHandler handles the logout for an user. For this we are setting the value of the auth cookie to an empty
// string and we adjust the expiration date of the cookie.
func (c *client) signoutHandler(w http.ResponseWriter, r *http.Request) {
http.SetCookie(w, &http.Cookie{
Name: "kobs",
Value: "",
Path: "/",
Secure: true,
HttpOnly: true,
Expires: time.Unix(0, 0),
})
cookies := r.Cookies()

for _, cookie := range cookies {
if strings.HasPrefix(cookie.Name, "kobs") {
http.SetCookie(w, &http.Cookie{
Name: cookie.Name,
Value: "",
Path: "/",
Secure: true,
HttpOnly: true,
Expires: time.Unix(0, 0),
})
}
}

render.JSON(w, r, nil)
}
8 changes: 8 additions & 0 deletions pkg/hub/auth/auth_test.go
View file
Original file line number Diff line number Diff line change
@@ -307,6 +307,14 @@ func TestSignoutHandler(t *testing.T) {
}

req, _ := http.NewRequestWithContext(context.Background(), http.MethodGet, "/", nil)
req.AddCookie(&http.Cookie{
Name: "kobs",
Value: "1234",
Path: "/",
Secure: true,
HttpOnly: true,
Expires: time.Unix(0, 0),
})
w := httptest.NewRecorder()
c.signoutHandler(w, req)
require.Equal(t, http.StatusOK, w.Code)