mirror of
https://github.com/mealie-recipes/mealie.git
synced 2026-07-16 12:40:16 -04:00
fix: Fix embedded tokens not persisting across sessions (#7860)
This commit is contained in:
81
frontend/app/composables/use-token-cookie.test.ts
Normal file
81
frontend/app/composables/use-token-cookie.test.ts
Normal file
@@ -0,0 +1,81 @@
|
||||
import { describe, expect, test, vi, beforeEach, afterEach } from "vitest";
|
||||
import { getTokenCookieOptions } from "./use-token-cookie";
|
||||
|
||||
function setLocation(protocol: string) {
|
||||
Object.defineProperty(window, "location", {
|
||||
value: { ...window.location, protocol },
|
||||
configurable: true,
|
||||
writable: true,
|
||||
});
|
||||
}
|
||||
|
||||
function setFramed(framed: boolean) {
|
||||
Object.defineProperty(window, "top", {
|
||||
value: framed ? ({} as Window) : window,
|
||||
configurable: true,
|
||||
});
|
||||
}
|
||||
|
||||
function stubNuxtApp(production: boolean) {
|
||||
vi.stubGlobal("useNuxtApp", () => ({
|
||||
$appInfo: { production, tokenTime: 48 },
|
||||
}));
|
||||
}
|
||||
|
||||
describe("getTokenCookieOptions", () => {
|
||||
beforeEach(() => {
|
||||
setFramed(false);
|
||||
});
|
||||
|
||||
afterEach(() => {
|
||||
vi.unstubAllGlobals();
|
||||
});
|
||||
|
||||
test("top-level https connection gets a lax, non-partitioned cookie", () => {
|
||||
stubNuxtApp(true);
|
||||
setLocation("https:");
|
||||
setFramed(false);
|
||||
|
||||
const options = getTokenCookieOptions();
|
||||
|
||||
expect(options.secure).toBe(true);
|
||||
expect(options.sameSite).toBe("lax");
|
||||
expect(options.partitioned).toBe(false);
|
||||
});
|
||||
|
||||
test("iframe-embedded https connection gets a none, partitioned cookie", () => {
|
||||
stubNuxtApp(true);
|
||||
setLocation("https:");
|
||||
setFramed(true);
|
||||
|
||||
const options = getTokenCookieOptions();
|
||||
|
||||
expect(options.secure).toBe(true);
|
||||
expect(options.sameSite).toBe("none");
|
||||
expect(options.partitioned).toBe(true);
|
||||
});
|
||||
|
||||
test("insecure (http) connection stays lax and non-partitioned even when framed", () => {
|
||||
stubNuxtApp(true);
|
||||
setLocation("http:");
|
||||
setFramed(true);
|
||||
|
||||
const options = getTokenCookieOptions();
|
||||
|
||||
expect(options.secure).toBe(false);
|
||||
expect(options.sameSite).toBe("lax");
|
||||
expect(options.partitioned).toBe(false);
|
||||
});
|
||||
|
||||
test("non-production build stays lax and non-partitioned even when framed over https", () => {
|
||||
stubNuxtApp(false);
|
||||
setLocation("https:");
|
||||
setFramed(true);
|
||||
|
||||
const options = getTokenCookieOptions();
|
||||
|
||||
expect(options.secure).toBe(false);
|
||||
expect(options.sameSite).toBe("lax");
|
||||
expect(options.partitioned).toBe(false);
|
||||
});
|
||||
});
|
||||
Reference in New Issue
Block a user