From: Justin Wind Date: Mon, 6 Jun 2022 18:22:35 +0000 (-0700) Subject: test coverage for allowed insecure cookies X-Git-Tag: v1.2.4~2 X-Git-Url: https://git.squeep.com/?a=commitdiff_plain;h=93fbeab317901033612318b672aff060682df8a6;p=squeep-authentication-module test coverage for allowed insecure cookies --- diff --git a/lib/authenticator.js b/lib/authenticator.js index 4449a94..c69ada9 100644 --- a/lib/authenticator.js +++ b/lib/authenticator.js @@ -274,7 +274,7 @@ class Authenticator { 'SameSite=Lax', `Path=${this.options.dingus.proxyPrefix}/`, ]; - if (this.options.authenticator.secureAuthOnly) { + if (this.secureAuthOnly) { cookieParts.push('Secure'); } res.setHeader(Enum.Header.SetCookie, cookieParts.join('; ')); diff --git a/test/lib/authenticator.js b/test/lib/authenticator.js index 5da6439..9fa2200 100644 --- a/test/lib/authenticator.js +++ b/test/lib/authenticator.js @@ -305,6 +305,16 @@ describe('Authenticator', function () { const result = await authenticator.sessionCheck(req, res, ctx, loginPath, required, profilesAllowed); assert.strictEqual(result, true); }); + it('covers valid insecure cookie session', async function () { + authenticator.secureAuthOnly = false; + req.getHeader.returns(cookie); + sinon.stub(authenticator, 'isValidCookieAuth').resolves(true); + ctx.session = { + authenticatedIdentifier: 'user', + }; + const result = await authenticator.sessionCheck(req, res, ctx, loginPath, required, profilesAllowed); + assert.strictEqual(result, true); + }); it('rejects insecure connection', async function () { ctx.clientProtocol = 'http'; try {