fix: encode session for ssr clients
This commit is contained in:
parent
2c5c799d13
commit
1b6a833bed
3 changed files with 8 additions and 7 deletions
|
@ -278,7 +278,7 @@ App::post('/v1/account/sessions/email')
|
||||||
->setAttribute('current', true)
|
->setAttribute('current', true)
|
||||||
->setAttribute('countryName', $countryName)
|
->setAttribute('countryName', $countryName)
|
||||||
->setAttribute('expire', $expire)
|
->setAttribute('expire', $expire)
|
||||||
->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $secret : '')
|
->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? Auth::encodeSession($user->getId(), $secret) : '')
|
||||||
;
|
;
|
||||||
|
|
||||||
$queueForEvents
|
$queueForEvents
|
||||||
|
@ -1242,7 +1242,7 @@ App::put('/v1/account/sessions/token')
|
||||||
->setAttribute('current', true)
|
->setAttribute('current', true)
|
||||||
->setAttribute('countryName', $countryName)
|
->setAttribute('countryName', $countryName)
|
||||||
->setAttribute('expire', $expire)
|
->setAttribute('expire', $expire)
|
||||||
->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $sessionSecret : '')
|
->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? Auth::encodeSession($user->getId(), $sessionSecret) : '')
|
||||||
;
|
;
|
||||||
|
|
||||||
$response->dynamic($session, Response::MODEL_SESSION);
|
$response->dynamic($session, Response::MODEL_SESSION);
|
||||||
|
@ -1377,7 +1377,7 @@ App::post('/v1/account/tokens/phone')
|
||||||
);
|
);
|
||||||
|
|
||||||
// Hide secret for clients
|
// Hide secret for clients
|
||||||
$token->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $secret : '');
|
$token->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? Auth::encodeSession($user->getId(), $secret) : '');
|
||||||
|
|
||||||
$response
|
$response
|
||||||
->setStatusCode(Response::STATUS_CODE_CREATED)
|
->setStatusCode(Response::STATUS_CODE_CREATED)
|
||||||
|
@ -1520,7 +1520,7 @@ App::post('/v1/account/sessions/anonymous')
|
||||||
->setAttribute('current', true)
|
->setAttribute('current', true)
|
||||||
->setAttribute('countryName', $countryName)
|
->setAttribute('countryName', $countryName)
|
||||||
->setAttribute('expire', $expire)
|
->setAttribute('expire', $expire)
|
||||||
->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $secret : '')
|
->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? Auth::encodeSession($user->getId(), $secret) : '')
|
||||||
;
|
;
|
||||||
|
|
||||||
$response->dynamic($session, Response::MODEL_SESSION);
|
$response->dynamic($session, Response::MODEL_SESSION);
|
||||||
|
|
|
@ -83,7 +83,8 @@ trait ProjectCustom
|
||||||
'health.read',
|
'health.read',
|
||||||
'rules.read',
|
'rules.read',
|
||||||
'rules.write',
|
'rules.write',
|
||||||
'sessions'
|
'sessions',
|
||||||
|
'account'
|
||||||
],
|
],
|
||||||
]);
|
]);
|
||||||
|
|
||||||
|
|
|
@ -133,13 +133,13 @@ class AccountCustomServerTest extends Scope
|
||||||
$this->assertNotEmpty($response['body']['secret']);
|
$this->assertNotEmpty($response['body']['secret']);
|
||||||
|
|
||||||
$sessionId = $response['body']['$id'];
|
$sessionId = $response['body']['$id'];
|
||||||
$session = $response['cookies']['a_session_' . $this->getProject()['$id']];
|
$session = $response['body']['secret'];
|
||||||
|
|
||||||
$response = $this->client->call(Client::METHOD_GET, '/account', array_merge(
|
$response = $this->client->call(Client::METHOD_GET, '/account', array_merge(
|
||||||
[
|
[
|
||||||
'content-type' => 'application/json',
|
'content-type' => 'application/json',
|
||||||
'x-appwrite-project' => $this->getProject()['$id'],
|
'x-appwrite-project' => $this->getProject()['$id'],
|
||||||
'cookie' => 'a_session_' . $this->getProject()['$id'] . '=' . $session,
|
'x-appwrite-session' => $session
|
||||||
],
|
],
|
||||||
$this->getHeaders()
|
$this->getHeaders()
|
||||||
));
|
));
|
||||||
|
|
Loading…
Reference in a new issue