From 93fbeab317901033612318b672aff060682df8a6 Mon Sep 17 00:00:00 2001
From: Justin Wind <justin.wind+git@gmail.com>
Date: Mon, 6 Jun 2022 11:22:35 -0700
Subject: [PATCH] test coverage for allowed insecure cookies

---
 lib/authenticator.js      |  2 +-
 test/lib/authenticator.js | 10 ++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/lib/authenticator.js b/lib/authenticator.js
index 4449a94..c69ada9 100644
--- a/lib/authenticator.js
+++ b/lib/authenticator.js
@@ -274,7 +274,7 @@ class Authenticator {
         'SameSite=Lax',
         `Path=${this.options.dingus.proxyPrefix}/`,
       ];
-      if (this.options.authenticator.secureAuthOnly) {
+      if (this.secureAuthOnly) {
         cookieParts.push('Secure');
       }
       res.setHeader(Enum.Header.SetCookie, cookieParts.join('; '));
diff --git a/test/lib/authenticator.js b/test/lib/authenticator.js
index 5da6439..9fa2200 100644
--- a/test/lib/authenticator.js
+++ b/test/lib/authenticator.js
@@ -305,6 +305,16 @@ describe('Authenticator', function () {
       const result = await authenticator.sessionCheck(req, res, ctx, loginPath, required, profilesAllowed);
       assert.strictEqual(result, true);
     });
+    it('covers valid insecure cookie session', async function () {
+      authenticator.secureAuthOnly = false;
+      req.getHeader.returns(cookie);
+      sinon.stub(authenticator, 'isValidCookieAuth').resolves(true);
+      ctx.session = {
+        authenticatedIdentifier: 'user',
+      };
+      const result = await authenticator.sessionCheck(req, res, ctx, loginPath, required, profilesAllowed);
+      assert.strictEqual(result, true);
+    });
     it('rejects insecure connection', async function () {
       ctx.clientProtocol = 'http';
       try {
-- 
2.43.2