mirror of
https://gh.wpcy.net/https://github.com/discourse/discourse.git
synced 2026-05-04 00:13:08 +08:00
b4e4833d2a
This patch will be followed by https://github.com/discourse/discourse/pull/34747. `SecureSession` doesn’t make a lot of sense anymore and can be confusing as the current cookie store used for the session is actually secure since it’s encrypted. Renaming it to `ServerSession` better conveys what it does: providing a session but on the server side only. This patch also makes some improvements, like injecting that server session into Rack-like request objects, allowing the server session to be available virtually everywhere.
25 lines
923 B
Ruby
25 lines
923 B
Ruby
# frozen_string_literal: true
|
|
|
|
RSpec.describe DiscourseWebauthn::ChallengeGenerator do
|
|
it "generates a DiscourseWebauthn::ChallengeGenerator::ChallengeSession with a challenge" do
|
|
session = DiscourseWebauthn::ChallengeGenerator.generate
|
|
expect(session).to be_a(DiscourseWebauthn::ChallengeGenerator::ChallengeSession)
|
|
expect(session.challenge).not_to eq(nil)
|
|
end
|
|
|
|
describe "ChallengeSession" do
|
|
describe "#commit_to_session" do
|
|
let(:user) { Fabricate(:user) }
|
|
let(:server_session) { ServerSession.new("some-prefix") }
|
|
let(:generated_session) { DiscourseWebauthn::ChallengeGenerator.generate }
|
|
|
|
it "stores the challenge in the provided session object" do
|
|
generated_session.commit_to_session(server_session, user)
|
|
|
|
expect(server_session["staged-webauthn-challenge-#{user&.id}"]).to eq(
|
|
generated_session.challenge,
|
|
)
|
|
end
|
|
end
|
|
end
|
|
end
|
