Skip to content

Commit

Permalink
Merge pull request #1444 from GSA/24-configure-cookie-domain
Browse files Browse the repository at this point in the history 
[24] configure cookie domain
  • Loading branch information
@stepchud
stepchud authored Oct 8, 2024
2 parents ab41f70 + 329b030 commit 0d4ef47
Show file tree
Hide file tree
Showing 7 changed files with 11 additions and 5 deletions.
3 changes: 2 additions & 1 deletion .envrc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,4 +13,5 @@ PATH_add $MIX_HOME/bin
PATH_add $HEX_HOME/bin

export LOGIN_SECRET="f4d3c40a00a8e6ed72fae5204d9ddacd40f087865d40803a6fcfb935591a271838533f06081067dac24c0085c74123e7e1c8b3e0ab562c6645b17eb769854d0d"
export JWT_SECRET="fc28c5738ca45162f61126e770a8fbdbd938d0fedcfe8fbb9f851b855b0264866364a9130e96aca8b1977e9f58edf064f1aa435ceccf415ff22fd3c24adba320"
export JWT_SECRET="fc28c5738ca45162f61126e770a8fbdbd938d0fedcfe8fbb9f851b855b0264866364a9130e96aca8b1977e9f58edf064f1aa435ceccf415ff22fd3c24adba320"
export SESSION_COOKIE_DOMAIN="localhost"
2 changes: 2 additions & 0 deletions config/dev.exs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,8 @@ config :challenge_gov, :gov_delivery, module: ChallengeGov.GovDelivery.Mock

config :challenge_gov, :public_root_url, "http://localhost:4001"

config :challenge_gov, :session_cookie_domain, "localhost"

config :waffle,
storage: Waffle.Storage.Local,
storage_dir_prefix: Path.expand("../priv/waffle/uploads", __DIR__)
Expand Down
2 changes: 2 additions & 0 deletions config/prod.exs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,8 @@ config :challenge_gov, :login_gov_logout, %{
logout_redirect_uri: System.get_env("LOGOUT_REDIRECT_URI")
}

config :challenge_gov, :session_cookie_domain, System.get_env("SESSION_COOKIE_DOMAIN")

config :challenge_gov,
session_timeout_in_minutes: System.get_env("SESSION_TIMEOUT_IN_MINUTES") || 15,
account_deactivation_in_days: System.get_env("ACCOUNT_DEACTIVATION_IN_DAYS") || 90,
Expand Down
4 changes: 2 additions & 2 deletions lib/challenge_gov/challenges.ex
View file
Original file line number Diff line number Diff line change
Expand Up @@ -772,9 +772,9 @@ defmodule ChallengeGov.Challenges do
def is_allowed_to_view_submission?(user = %{role: "challenge_manager"}),
do: validate_gov_mil?(user.email)

def is_allowed_to_view_submission?(user = %{role: "super_admin"}), do: true
def is_allowed_to_view_submission?(%{role: "super_admin"}), do: true

def is_allowed_to_view_submission?(user = %{role: "admin"}), do: true
def is_allowed_to_view_submission?(%{role: "admin"}), do: true

def allowed_to_submit?(%{role: "super_admin"}), do: true

Expand Down
2 changes: 1 addition & 1 deletion lib/web/controllers/api/session_controller.ex
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,6 @@ defmodule Web.Api.SessionController do
end

defp clear_rails_session(conn) do
delete_resp_cookie(conn, "_rails_new_session")
delete_resp_cookie(conn, "_challenge_platform_key")
end
end
2 changes: 1 addition & 1 deletion lib/web/controllers/session_controller.ex
View file
Original file line number Diff line number Diff line change
Expand Up @@ -181,6 +181,6 @@ defmodule Web.SessionController do
end

defp clear_rails_session(conn) do
delete_resp_cookie(conn, "_rails_new_session")
delete_resp_cookie(conn, "_challenge_platform_key")
end
end
1 change: 1 addition & 0 deletions lib/web/endpoint.ex
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ defmodule Web.Endpoint do
@session_options [
store: :cookie,
key: "_challenge_gov_key",
domain: Application.compile_env(:challenge_gov, :session_cookie_domain),
same_site: "Lax",
signing_salt: "+S7HWPoL"
]
Expand Down

0 comments on commit 0d4ef47

Please sign in to comment.