Discourse/discourse
Discourse/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-10-03 17:21:20 +08:00
Code Packages Activity Actions 7

Revert "DEV: Move more data into the server session" (#35115)

Browse source 
Reverts discourse/discourse#35009
This commit is contained in:
Loïc Guitaut 2025-10-01 16:44:43 +02:00 committed by GitHub
parent eae2370424
commit 2676c70572
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
10 changed files with 42 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

6
app/controllers/invites_controller.rb
View file

@ -351,7 +351,7 @@ class InvitesController < ApplicationController


if invite.present? if invite.present?
begin begin
attrs = { ip_address: request.remote_ip, session: server_session } attrs = { ip_address: request.remote_ip, session: session }


if redeeming_user if redeeming_user
attrs[:redeeming_user] = redeeming_user attrs[:redeeming_user] = redeeming_user
@ -532,8 +532,8 @@ class InvitesController < ApplicationController
# Show email if the user already authenticated their email # Show email if the user already authenticated their email
different_external_email = false different_external_email = false


if server_session[:authentication] if session[:authentication]
auth_result = Auth::Result.from_session_data(server_session[:authentication], user: nil) auth_result = Auth::Result.from_session_data(session[:authentication], user: nil)
if invite.email == auth_result.email if invite.email == auth_result.email
email = invite.email email = invite.email
else else

6
app/controllers/session_controller.rb
View file

@ -240,9 +240,9 @@ class SessionController < ApplicationController
topic = invite.topics.first topic = invite.topics.first
return_path = topic.present? ? path(topic.relative_url) : path("/") return_path = topic.present? ? path(topic.relative_url) : path("/")
elsif !user.active? elsif !user.active?
activation = UserActivator.new(user, request, server_session, cookies) activation = UserActivator.new(user, request, session, cookies)
activation.finish activation.finish
server_session["user_created_message"] = activation.message session["user_created_message"] = activation.message
return redirect_to(users_account_created_path) return redirect_to(users_account_created_path)
else else
login_sso_user(sso, user) login_sso_user(sso, user)
@ -891,7 +891,7 @@ class SessionController < ApplicationController
username: sso.username, username: sso.username,
name: sso.name, name: sso.name,
ip_address: request.remote_ip, ip_address: request.remote_ip,
session: server_session, session: session,
email: sso.email, email: sso.email,
redeeming_user: redeeming_user, redeeming_user: redeeming_user,
).redeem ).redeem

6
app/controllers/users/omniauth_callbacks_controller.rb
View file

@ -149,7 +149,7 @@ class Users::OmniauthCallbacksController < ApplicationController
elsif invite_required? elsif invite_required?
@auth_result.requires_invite = true @auth_result.requires_invite = true
else else
server_session[:authentication] = @auth_result.session_data session[:authentication] = @auth_result.session_data
end end
end end


@ -207,7 +207,7 @@ class Users::OmniauthCallbacksController < ApplicationController


log_on_user(user, { authenticated_with_oauth: true }) log_on_user(user, { authenticated_with_oauth: true })
Invite.invalidate_for_email(user.email) # invite link can't be used to log in anymore Invite.invalidate_for_email(user.email) # invite link can't be used to log in anymore
server_session.delete(:authentication) # don't carry around old auth info session[:authentication] = nil # don't carry around old auth info, perhaps move elsewhere
@auth_result.authenticated = true @auth_result.authenticated = true
else else
if SiteSetting.must_approve_users? && !user.approved? if SiteSetting.must_approve_users? && !user.approved?
@ -221,7 +221,7 @@ class Users::OmniauthCallbacksController < ApplicationController
def persist_auth_token(auth) def persist_auth_token(auth)
secret = SecureRandom.hex secret = SecureRandom.hex
key = Users::AssociateAccountsController.key(secret) key = Users::AssociateAccountsController.key(secret)
server_session.set(key, auth.to_json, expires: 10.minutes) server_session.set key, auth.to_json, expires: 10.minutes
"#{Discourse.base_path}/associate/#{secret}" "#{Discourse.base_path}/associate/#{secret}"
end end
end end

10
app/controllers/users_controller.rb
View file

@ -740,7 +740,7 @@ class UsersController < ApplicationController
end end
end end


authentication = UserAuthenticator.new(user, server_session) authentication = UserAuthenticator.new(user, session)


if !authentication.has_authenticator? && !SiteSetting.enable_local_logins && if !authentication.has_authenticator? && !SiteSetting.enable_local_logins &&
!(current_user&.admin? && is_api?) !(current_user&.admin? && is_api?)
@ -754,7 +754,7 @@ class UsersController < ApplicationController
return fail_with("login.incorrect_username_email_or_password") return fail_with("login.incorrect_username_email_or_password")
end end


activation = UserActivator.new(user, request, server_session, cookies) activation = UserActivator.new(user, request, session, cookies)
activation.start activation.start


if user.save if user.save
@ -767,7 +767,7 @@ class UsersController < ApplicationController
server_session.delete(CHALLENGE_KEY) server_session.delete(CHALLENGE_KEY)


# save user email in session, to show on account-created page # save user email in session, to show on account-created page
server_session["user_created_message"] = activation.message session["user_created_message"] = activation.message
session[SessionController::ACTIVATE_USER_KEY] = user.id session[SessionController::ACTIVATE_USER_KEY] = user.id


# If the user was created as active this will # If the user was created as active this will
@ -780,7 +780,7 @@ class UsersController < ApplicationController
) )
elsif SiteSetting.hide_email_address_taken && elsif SiteSetting.hide_email_address_taken &&
user.errors[:primary_email]&.include?(I18n.t("errors.messages.taken")) user.errors[:primary_email]&.include?(I18n.t("errors.messages.taken"))
server_session["user_created_message"] = activation.success_message session["user_created_message"] = activation.success_message


existing_user = User.find_by_email(user.primary_email&.email) existing_user = User.find_by_email(user.primary_email&.email)
if !existing_user && SiteSetting.normalize_emails if !existing_user && SiteSetting.normalize_emails
@ -1091,7 +1091,7 @@ class UsersController < ApplicationController
end end


@custom_body_class = "static-account-created" @custom_body_class = "static-account-created"
@message = server_session["user_created_message"] || I18n.t("activation.missing_session") @message = session["user_created_message"] || I18n.t("activation.missing_session")
@account_created = { message: @message, show_controls: false } @account_created = { message: @message, show_controls: false }


if session_user_id = session[SessionController::ACTIVATE_USER_KEY] if session_user_id = session[SessionController::ACTIVATE_USER_KEY]

4
app/services/user_activator.rb
View file

@ -29,7 +29,7 @@ class UserActivator
end end


def factory def factory
invite = Invite.find_by(email: Email.downcase(user.email)) invite = Invite.find_by(email: Email.downcase(@user.email))


if !user.active? if !user.active?
EmailActivator EmailActivator
@ -67,7 +67,7 @@ class LoginActivator < UserActivator
include CurrentUser include CurrentUser


def activate def activate
log_on_user(user, { authenticated_with_oauth: session["authenticated_with_oauth"] }) log_on_user(user, { authenticated_with_oauth: @session["authenticated_with_oauth"] })
user.enqueue_welcome_message("welcome_user") user.enqueue_welcome_message("welcome_user")
success_message success_message
end end

7
app/services/user_authenticator.rb
View file

@ -9,7 +9,7 @@ class UserAuthenticator
) )
@user = user @user = user
@session = session @session = session
if session.try(:[], :authentication).is_a?(Hash) if session&.dig(:authentication) && session[:authentication].is_a?(Hash)
@auth_result = Auth::Result.from_session_data(session[:authentication], user: user) @auth_result = Auth::Result.from_session_data(session[:authentication], user: user)
end end
@authenticator_finder = authenticator_finder @authenticator_finder = authenticator_finder
@ -35,9 +35,8 @@ class UserAuthenticator
authenticator.after_create_account(@user, @auth_result) authenticator.after_create_account(@user, @auth_result)
confirm_email confirm_email
end end
if @session.try(:[], :authentication) if @session&.dig(:authentication)
@session.delete(:authentication) @session[:authentication] = @auth_result = nil
@auth_result = nil
@session[:authenticated_with_oauth] = true @session[:authenticated_with_oauth] = true
end end
end end

2
plugins/discourse-apple-auth/spec/requests/auth_apple_spec.rb
View file

@ -124,7 +124,7 @@ describe "sign in with apple" do
expect(response.status).to eq(302) expect(response.status).to eq(302)
expect(response.location).to eq("http://test.localhost/") expect(response.location).to eq("http://test.localhost/")


result = Auth::Result.from_session_data(server_session[:authentication], user: nil) result = Auth::Result.from_session_data(session[:authentication], user: nil)
expect(result.email).to eq("verified-email@example.com") expect(result.email).to eq("verified-email@example.com")
expect(result.name).to eq("Disco Bot") expect(result.name).to eq("Disco Bot")
expect(result.extra_data[:uid]).to eq("unique-user-id") expect(result.extra_data[:uid]).to eq("unique-user-id")

8
spec/rails_helper.rb
View file

@ -904,14 +904,12 @@ RSpec.configure do |config|


class TestCurrentUserProvider < Auth::DefaultCurrentUserProvider class TestCurrentUserProvider < Auth::DefaultCurrentUserProvider
def log_on_user(user, session, cookies, opts = {}) def log_on_user(user, session, cookies, opts = {})
# Try using the main session as `session` sometimes is a server session session[:current_user_id] = user.id
(cookies.try(:request).try(:session) || session)[:current_user_id] = user.id
super super
end end


def log_off_user(session, cookies) def log_off_user(session, cookies)
# Try using the main session as `session` sometimes is a server session session[:current_user_id] = nil
(cookies.try(:request).try(:session) || session).delete(:current_user_id)
super super
end end
end end
@ -1132,7 +1130,7 @@ def swap_2_different_characters(str)
end end


def create_request_env(path: nil) def create_request_env(path: nil)
env = Rails.application.env_config.dup.merge("rack.session" => ActionController::TestSession.new) env = Rails.application.env_config.dup
env.merge!(Rack::MockRequest.env_for(path)) if path env.merge!(Rack::MockRequest.env_for(path)) if path
env env
end end

10
spec/requests/invites_controller_spec.rb
View file

@ -47,7 +47,15 @@ RSpec.describe InvitesController do
end end


context "when email data is present in authentication data" do context "when email data is present in authentication data" do
before { server_session[:authentication] = { email: invite.email } } let(:store) { ActionDispatch::Session::CookieStore.new({}) }
let(:session_stub) do
ActionDispatch::Request::Session.create(store, ActionDispatch::TestRequest.create, {})
end

before do
session_stub[:authentication] = { email: invite.email }
ActionDispatch::Request.any_instance.stubs(:session).returns(session_stub)
end


it "shows unobfuscated email" do it "shows unobfuscated email" do
get "/invites/#{invite.invite_key}" get "/invites/#{invite.invite_key}"

20
spec/requests/users_controller_spec.rb
View file

@ -1052,8 +1052,8 @@ RSpec.describe UsersController do
expect(response.status).to eq(200) expect(response.status).to eq(200)
expect(response.parsed_body["active"]).to be_falsey expect(response.parsed_body["active"]).to be_falsey


# should save user_created_message in server session # should save user_created_message in session
expect(server_session["user_created_message"]).to be_present expect(session["user_created_message"]).to be_present
expect(session[SessionController::ACTIVATE_USER_KEY]).to be_present expect(session[SessionController::ACTIVATE_USER_KEY]).to be_present


expect(Jobs::SendSystemMessage.jobs.size).to eq(0) expect(Jobs::SendSystemMessage.jobs.size).to eq(0)
@ -1072,8 +1072,8 @@ RSpec.describe UsersController do


expect(response.parsed_body["active"]).to be_falsey expect(response.parsed_body["active"]).to be_falsey


# should save user_created_message in server session # should save user_created_message in session
expect(server_session["user_created_message"]).to be_present expect(session["user_created_message"]).to be_present
expect(session[SessionController::ACTIVATE_USER_KEY]).to be_present expect(session[SessionController::ACTIVATE_USER_KEY]).to be_present


expect(Jobs::SendSystemMessage.jobs.size).to eq(0) expect(Jobs::SendSystemMessage.jobs.size).to eq(0)
@ -1114,7 +1114,7 @@ RSpec.describe UsersController do
end.to_not change { User.count } end.to_not change { User.count }


expect(response.status).to eq(200) expect(response.status).to eq(200)
expect(server_session["user_created_message"]).to be_present expect(session["user_created_message"]).to be_present
end end
end end


@ -1145,7 +1145,7 @@ RSpec.describe UsersController do
}.to_not change { User.count } }.to_not change { User.count }


expect(response.status).to eq(200) expect(response.status).to eq(200)
expect(server_session["user_created_message"]).to be_present expect(session["user_created_message"]).to be_present


json = response.parsed_body json = response.parsed_body
expect(json["active"]).to be_falsey expect(json["active"]).to be_falsey
@ -1365,8 +1365,8 @@ RSpec.describe UsersController do
post_user post_user
expect(response.status).to eq(200) expect(response.status).to eq(200)


# should save user_created_message in server session # should save user_created_message in session
expect(server_session["user_created_message"]).to be_present expect(session["user_created_message"]).to be_present
expect(session[SessionController::ACTIVATE_USER_KEY]).to be_present expect(session[SessionController::ACTIVATE_USER_KEY]).to be_present
end end


@ -1547,7 +1547,7 @@ RSpec.describe UsersController do
expect(json["success"]).to eq(true) expect(json["success"]).to eq(true)


# should not change the session # should not change the session
expect(server_session["user_created_message"]).to be_blank expect(session["user_created_message"]).to be_blank
expect(session[SessionController::ACTIVATE_USER_KEY]).to be_blank expect(session[SessionController::ACTIVATE_USER_KEY]).to be_blank
end end
end end
@ -1607,7 +1607,7 @@ RSpec.describe UsersController do
expect(json["success"]).not_to eq(true) expect(json["success"]).not_to eq(true)


# should not change the session # should not change the session
expect(server_session["user_created_message"]).to be_blank expect(session["user_created_message"]).to be_blank
expect(session[SessionController::ACTIVATE_USER_KEY]).to be_blank expect(session[SessionController::ACTIVATE_USER_KEY]).to be_blank
end end
end end