fix(API): do not reset the auth cookie on every request to GET /login (#4459)

The cookie and the JWT refresh is already handled in `refreshExpiringCookie` middleware, which only updates the cookie 3 days before the expiration.

The middleware also uses `issueCookie`, which ensures that attributes like `sameSite` and `httpOnly` are correctly set on the cookie.
This commit is contained in:
कारतोफ्फेलस्क्रिप्ट™ 2022-10-27 17:39:59 +02:00 committed by GitHub
parent 14ea21af97
commit c66929f53d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 8 deletions

View file

@ -70,11 +70,6 @@ export function authenticationMethods(this: N8nApp): void {
// If logged in, return user
try {
user = await resolveJwt(cookieContents);
if (!config.get('userManagement.isInstanceOwnerSetUp')) {
res.cookie(AUTH_COOKIE_NAME, cookieContents);
}
return sanitizeUser(user);
} catch (error) {
res.clearCookie(AUTH_COOKIE_NAME);

View file

@ -103,8 +103,9 @@ test('GET /login should return 401 Unauthorized if no cookie', async () => {
expect(authToken).toBeUndefined();
});
test('GET /login should return cookie if UM is disabled', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
test('GET /login should return cookie if UM is disabled and no cookie is already set', async () => {
const authlessAgent = utils.createAgent(app);
await testDb.createUserShell(globalOwnerRole);
config.set('userManagement.isInstanceOwnerSetUp', false);
@ -113,7 +114,7 @@ test('GET /login should return cookie if UM is disabled', async () => {
{ value: JSON.stringify(false) },
);
const response = await authAgent(ownerShell).get('/login');
const response = await authlessAgent.get('/login');
expect(response.statusCode).toBe(200);