CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-07-01 04:30:59 +12:00
Code Issues Projects Releases Wiki Activity

fix: encode session for ssr clients

Browse source
This commit is contained in:
loks0n 2023-12-19 15:45:44 +00:00
parent 2c5c799d13
commit 1b6a833bed
3 changed files with 8 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
app/controllers/api/account.php
View file

@ -278,7 +278,7 @@ App::post('/v1/account/sessions/email')
->setAttribute('current', true) ->setAttribute('current', true)
->setAttribute('countryName', $countryName) ->setAttribute('countryName', $countryName)
->setAttribute('expire', $expire) ->setAttribute('expire', $expire)
->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $secret : '') ->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? Auth::encodeSession($user->getId(), $secret) : '')
; ;
$queueForEvents $queueForEvents
@ -1242,7 +1242,7 @@ App::put('/v1/account/sessions/token')
->setAttribute('current', true) ->setAttribute('current', true)
->setAttribute('countryName', $countryName) ->setAttribute('countryName', $countryName)
->setAttribute('expire', $expire) ->setAttribute('expire', $expire)
->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $sessionSecret : '') ->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? Auth::encodeSession($user->getId(), $sessionSecret) : '')
; ;
$response->dynamic($session, Response::MODEL_SESSION); $response->dynamic($session, Response::MODEL_SESSION);
@ -1377,7 +1377,7 @@ App::post('/v1/account/tokens/phone')
); );
// Hide secret for clients // Hide secret for clients
$token->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $secret : ''); $token->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? Auth::encodeSession($user->getId(), $secret) : '');
$response $response
->setStatusCode(Response::STATUS_CODE_CREATED) ->setStatusCode(Response::STATUS_CODE_CREATED)
@ -1520,7 +1520,7 @@ App::post('/v1/account/sessions/anonymous')
->setAttribute('current', true) ->setAttribute('current', true)
->setAttribute('countryName', $countryName) ->setAttribute('countryName', $countryName)
->setAttribute('expire', $expire) ->setAttribute('expire', $expire)
->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $secret : '') ->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? Auth::encodeSession($user->getId(), $secret) : '')
; ;
$response->dynamic($session, Response::MODEL_SESSION); $response->dynamic($session, Response::MODEL_SESSION);

3
tests/e2e/Scopes/ProjectCustom.php
View file

@ -83,7 +83,8 @@ trait ProjectCustom
'health.read', 'health.read',
'rules.read', 'rules.read',
'rules.write', 'rules.write',
'sessions' 'sessions',
'account'
], ],
]); ]);

4
tests/e2e/Services/Account/AccountCustomServerTest.php
View file

@ -133,13 +133,13 @@ class AccountCustomServerTest extends Scope
$this->assertNotEmpty($response['body']['secret']); $this->assertNotEmpty($response['body']['secret']);
$sessionId = $response['body']['$id']; $sessionId = $response['body']['$id'];
$session = $response['cookies']['a_session_' . $this->getProject()['$id']]; $session = $response['body']['secret'];
$response = $this->client->call(Client::METHOD_GET, '/account', array_merge( $response = $this->client->call(Client::METHOD_GET, '/account', array_merge(
[ [
'content-type' => 'application/json', 'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-project' => $this->getProject()['$id'],
'cookie' => 'a_session_' . $this->getProject()['$id'] . '=' . $session, 'x-appwrite-session' => $session
], ],
$this->getHeaders() $this->getHeaders()
)); ));