From 99e252107f671e5df9954dfd892e3bcdacad872f Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sun, 4 Feb 2024 15:18:48 +0100 Subject: [PATCH] Dafuq Aleks, we do need to send the SSO cookie on all route not just the portal API route --- src/authenticators/ldap_admin.py | 2 +- src/authenticators/ldap_ynhuser.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/authenticators/ldap_admin.py b/src/authenticators/ldap_admin.py index f50632f8c..36bde5452 100644 --- a/src/authenticators/ldap_admin.py +++ b/src/authenticators/ldap_admin.py @@ -208,7 +208,7 @@ class Authenticator(BaseAuthenticator): except Exception as e: logger.debug(f"User logged out, but failed to properly invalidate the session : {e}") - response.delete_cookie("yunohost.admin", path="/") + response.delete_cookie("yunohost.admin", path="/yunohost/api") def purge_expired_session_files(self): diff --git a/src/authenticators/ldap_ynhuser.py b/src/authenticators/ldap_ynhuser.py index 1a0c028ec..31378526d 100644 --- a/src/authenticators/ldap_ynhuser.py +++ b/src/authenticators/ldap_ynhuser.py @@ -196,7 +196,7 @@ class Authenticator(BaseAuthenticator): jwt.encode(infos, SESSION_SECRET(), algorithm="HS256"), secure=True, httponly=True, - path="/yunohost/portalapi", + path="/", # Doesn't this cause issues ? May cause issue if the portal is on different subdomain than the portal API ? Will surely cause issue for development similar to CORS ? samesite="strict" if not is_dev else None, ) @@ -252,7 +252,7 @@ class Authenticator(BaseAuthenticator): except Exception as e: logger.debug(f"User logged out, but failed to properly invalidate the session : {e}") - response.delete_cookie("yunohost.portal", path="/yunohost/portalapi") + response.delete_cookie("yunohost.portal", path="/") def purge_expired_session_files(self):