codeninjasllc/discourse
1
0
Fork 0
mirror of https://github.com/codeninjasllc/discourse.git synced 2025-02-25 16:04:22 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

logged in requests were being treated as anon, causing major havoc

Browse source
This commit is contained in:
Sam 2013-10-17 10:37:06 +11:00
parent 85387b8f72
commit 1b81f73325
2 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/auth/default_current_user_provider.rb
View file

@ -73,7 +73,7 @@ class Auth::DefaultCurrentUserProvider
def has_auth_cookie? def has_auth_cookie?
request = Rack::Request.new(@env) request = Rack::Request.new(@env)
cookie = request.cookies[CURRENT_USER_KEY] cookie = request.cookies[TOKEN_COOKIE]
!cookie.nil? && cookie.length == 32 !cookie.nil? && cookie.length == 32
end end
end end

4
spec/components/middleware/anonymous_cache_spec.rb
View file

@ -19,6 +19,10 @@ describe Middleware::AnonymousCache::Helper do
it "is false for non GET" do it "is false for non GET" do
new_helper("ANON_CACHE_DURATION" => 10, "REQUEST_METHOD" => "POST").cacheable?.should be_false new_helper("ANON_CACHE_DURATION" => 10, "REQUEST_METHOD" => "POST").cacheable?.should be_false
end end
it "is false if it has an auth cookie" do
new_helper("HTTP_COOKIE" => "jack=1; _t=#{"1"*32}; jill=2").cacheable?.should be_false
end
end end
context "cached" do context "cached" do