fix: encode session for ssr clients
This commit is contained in:
parent
2c5c799d13
commit
1b6a833bed
3 changed files with 8 additions and 7 deletions
|
@ -278,7 +278,7 @@ App::post('/v1/account/sessions/email')
|
|||
->setAttribute('current', true)
|
||||
->setAttribute('countryName', $countryName)
|
||||
->setAttribute('expire', $expire)
|
||||
->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $secret : '')
|
||||
->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? Auth::encodeSession($user->getId(), $secret) : '')
|
||||
;
|
||||
|
||||
$queueForEvents
|
||||
|
@ -1242,7 +1242,7 @@ App::put('/v1/account/sessions/token')
|
|||
->setAttribute('current', true)
|
||||
->setAttribute('countryName', $countryName)
|
||||
->setAttribute('expire', $expire)
|
||||
->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $sessionSecret : '')
|
||||
->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? Auth::encodeSession($user->getId(), $sessionSecret) : '')
|
||||
;
|
||||
|
||||
$response->dynamic($session, Response::MODEL_SESSION);
|
||||
|
@ -1377,7 +1377,7 @@ App::post('/v1/account/tokens/phone')
|
|||
);
|
||||
|
||||
// Hide secret for clients
|
||||
$token->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $secret : '');
|
||||
$token->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? Auth::encodeSession($user->getId(), $secret) : '');
|
||||
|
||||
$response
|
||||
->setStatusCode(Response::STATUS_CODE_CREATED)
|
||||
|
@ -1520,7 +1520,7 @@ App::post('/v1/account/sessions/anonymous')
|
|||
->setAttribute('current', true)
|
||||
->setAttribute('countryName', $countryName)
|
||||
->setAttribute('expire', $expire)
|
||||
->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $secret : '')
|
||||
->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? Auth::encodeSession($user->getId(), $secret) : '')
|
||||
;
|
||||
|
||||
$response->dynamic($session, Response::MODEL_SESSION);
|
||||
|
|
|
@ -83,7 +83,8 @@ trait ProjectCustom
|
|||
'health.read',
|
||||
'rules.read',
|
||||
'rules.write',
|
||||
'sessions'
|
||||
'sessions',
|
||||
'account'
|
||||
],
|
||||
]);
|
||||
|
||||
|
|
|
@ -133,13 +133,13 @@ class AccountCustomServerTest extends Scope
|
|||
$this->assertNotEmpty($response['body']['secret']);
|
||||
|
||||
$sessionId = $response['body']['$id'];
|
||||
$session = $response['cookies']['a_session_' . $this->getProject()['$id']];
|
||||
$session = $response['body']['secret'];
|
||||
|
||||
$response = $this->client->call(Client::METHOD_GET, '/account', array_merge(
|
||||
[
|
||||
'content-type' => 'application/json',
|
||||
'x-appwrite-project' => $this->getProject()['$id'],
|
||||
'cookie' => 'a_session_' . $this->getProject()['$id'] . '=' . $session,
|
||||
'x-appwrite-session' => $session
|
||||
],
|
||||
$this->getHeaders()
|
||||
));
|
||||
|
|
Loading…
Reference in a new issue