logged in requests were being treated as anon, causing major havoc

2024-11-27 17:46:05 -05:00 · 2013-10-17 10:37:06 +11:00 · 2013-10-17 10:37:06 +11:00 · 1b81f73325
commit 1b81f73325
parent 85387b8f72
2 changed files with 5 additions and 1 deletions
--- a/lib/auth/default_current_user_provider.rb
+++ b/lib/auth/default_current_user_provider.rb
@ -73,7 +73,7 @@ class Auth::DefaultCurrentUserProvider

  def has_auth_cookie?
    request = Rack::Request.new(@env)
-    cookie = request.cookies[CURRENT_USER_KEY]
+    cookie = request.cookies[TOKEN_COOKIE]
    !cookie.nil? && cookie.length == 32
  end
 end
--- a/spec/components/middleware/anonymous_cache_spec.rb
+++ b/spec/components/middleware/anonymous_cache_spec.rb
@ -19,6 +19,10 @@ describe Middleware::AnonymousCache::Helper do
    it "is false for non GET" do
      new_helper("ANON_CACHE_DURATION" => 10, "REQUEST_METHOD" => "POST").cacheable?.should be_false
    end
+
+    it "is false if it has an auth cookie" do
+      new_helper("HTTP_COOKIE" => "jack=1; _t=#{"1"*32}; jill=2").cacheable?.should be_false
+    end
  end

  context "cached" do