From f598f56fab4492821eaf8e7507d7b3a99e4a9e2a Mon Sep 17 00:00:00 2001 From: Matthew Somerville Date: Wed, 6 Apr 2016 15:28:47 +0100 Subject: Prevent dev sites auto-creating session. We check for a session's existence before looking in it, as looking in it first would auto create a session. --- perllib/Catalyst/Plugin/Session/State/Cookie.pm | 7 ------- perllib/FixMyStreet/App.pm | 8 ++++---- t/app/controller/auth_social.t | 3 +++ 3 files changed, 7 insertions(+), 11 deletions(-) diff --git a/perllib/Catalyst/Plugin/Session/State/Cookie.pm b/perllib/Catalyst/Plugin/Session/State/Cookie.pm index bef0c1e66..c4b61123b 100644 --- a/perllib/Catalyst/Plugin/Session/State/Cookie.pm +++ b/perllib/Catalyst/Plugin/Session/State/Cookie.pm @@ -50,13 +50,6 @@ sub update_session_cookie { sub cookie_is_rejecting { my ( $c, $cookie ) = @_; - # Prevent infinite loop in request->path. mySociety addition - return 0 if $c->request->has_uri && !$c->request->_has_path; - - # Don't output cookie for JS or JPEG files. mySociety addition - return 1 if substr($c->request->path, -3) eq '.js' - || substr($c->request->path, -5) eq '.jpeg'; - if ( $cookie->{path} ) { return 1 if index '/'.$c->request->path, $cookie->{path}; } diff --git a/perllib/FixMyStreet/App.pm b/perllib/FixMyStreet/App.pm index af9dc1f9d..79ca7f9ee 100644 --- a/perllib/FixMyStreet/App.pm +++ b/perllib/FixMyStreet/App.pm @@ -246,7 +246,7 @@ sub setup_dev_overrides { delete $params{$_} for grep { !m{^_override_} } keys %params; # stop if there is nothing to add - return 1 unless scalar keys %params; + return unless scalar keys %params; # Check to see if we should clear all if ( $params{_override_clear_all} ) { @@ -270,14 +270,14 @@ sub setup_dev_overrides { Checks the overrides for the value given and returns it if found, undef if not. -Always returns undef unless on a staging site (avoids autovivifying overrides -hash in session and so creating a session for all users). +Always returns undef unless on a staging site and we already have a session +(avoids autovivifying overrides hash and so creating a session for all users). =cut sub get_override { my ( $c, $key ) = @_; - return unless $c->config->{STAGING_SITE}; + return unless $c->config->{STAGING_SITE} && $c->sessionid; return $c->session->{overrides}->{$key}; } diff --git a/t/app/controller/auth_social.t b/t/app/controller/auth_social.t index 84fdd4dfe..b8675a8fd 100644 --- a/t/app/controller/auth_social.t +++ b/t/app/controller/auth_social.t @@ -31,7 +31,10 @@ my $fb_uid = 123456789; for my $fb_state ( 'refused', 'no email', 'existing UID', 'okay' ) { for my $page ( 'my', 'report', 'update' ) { subtest "test FB '$fb_state' login for page '$page'" => sub { + # Lots of user changes happening here, make sure we don't confuse + # Catalyst with a cookie session user that no longer exists $mech->log_out_ok; + $mech->cookie_jar({}); if ($fb_state eq 'existing UID') { my $user = $mech->create_user_ok($fb_email); $user->update({ facebook_id => $fb_uid }); -- cgit v1.2.3