TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-01-08 18:27:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: delete cookies (#5885)

Browse Source 
Co-authored-by: Livio Spring <livio.a@gmail.com>
This commit is contained in:
Elio Bischof 2023-05-19 07:12:31 +02:00 committed by GitHub
parent 133aec4568
commit 2e86c44aa5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
internal/api/grpc/server/gateway.go
View File

@ -210,7 +210,7 @@ type cookieResponseWriter struct {
func (r *cookieResponseWriter) WriteHeader(status int) { func (r *cookieResponseWriter) WriteHeader(status int) {
if status >= 200 && status < 300 { if status >= 200 && status < 300 {
r.accessInterceptor.DeleteExhaustedCookie(r.ResponseWriter, r.request) r.accessInterceptor.DeleteExhaustedCookie(r.ResponseWriter)
} }
if status == http.StatusTooManyRequests { if status == http.StatusTooManyRequests {
r.accessInterceptor.SetExhaustedCookie(r.ResponseWriter, r.request) r.accessInterceptor.SetExhaustedCookie(r.ResponseWriter, r.request)

4
internal/api/http/cookie.go
View File

@ -123,8 +123,8 @@ func (c *CookieHandler) SetEncryptedCookie(w http.ResponseWriter, name, domain s
return nil return nil
} }
func (c *CookieHandler) DeleteCookie(w http.ResponseWriter, r *http.Request, name string) { func (c *CookieHandler) DeleteCookie(w http.ResponseWriter, name string) {
c.httpSet(w, name, r.Host, "", -1) c.httpSet(w, name, "", "", -1)
} }
func (c *CookieHandler) httpSet(w http.ResponseWriter, name, domain, value string, maxage int) { func (c *CookieHandler) httpSet(w http.ResponseWriter, name, domain, value string, maxage int) {

6
internal/api/http/middleware/access_interceptor.go
View File

@ -77,8 +77,8 @@ func (a *AccessInterceptor) SetExhaustedCookie(writer http.ResponseWriter, reque
a.cookieHandler.SetCookie(writer, a.limitConfig.ExhaustedCookieKey, domain, cookieValue) a.cookieHandler.SetCookie(writer, a.limitConfig.ExhaustedCookieKey, domain, cookieValue)
} }
func (a *AccessInterceptor) DeleteExhaustedCookie(writer http.ResponseWriter, request *http.Request) { func (a *AccessInterceptor) DeleteExhaustedCookie(writer http.ResponseWriter) {
a.cookieHandler.DeleteCookie(writer, request, a.limitConfig.ExhaustedCookieKey) a.cookieHandler.DeleteCookie(writer, a.limitConfig.ExhaustedCookieKey)
} }
func (a *AccessInterceptor) Handle(next http.Handler) http.Handler { func (a *AccessInterceptor) Handle(next http.Handler) http.Handler {
@ -96,7 +96,7 @@ func (a *AccessInterceptor) Handle(next http.Handler) http.Handler {
http.Error(wrappedWriter, "quota for authenticated requests is exhausted", http.StatusTooManyRequests) http.Error(wrappedWriter, "quota for authenticated requests is exhausted", http.StatusTooManyRequests)
} }
if !limited && !a.storeOnly { if !limited && !a.storeOnly {
a.DeleteExhaustedCookie(wrappedWriter, request) a.DeleteExhaustedCookie(wrappedWriter)
} }
if !limited { if !limited {
next.ServeHTTP(wrappedWriter, request) next.ServeHTTP(wrappedWriter, request)

2
internal/api/ui/console/console.go
View File

@ -125,7 +125,7 @@ func Start(config Config, externalSecure bool, issuer op.IssuerFromRequest, call
if exhausted { if exhausted {
limitingAccessInterceptor.SetExhaustedCookie(w, r) limitingAccessInterceptor.SetExhaustedCookie(w, r)
} else { } else {
limitingAccessInterceptor.DeleteExhaustedCookie(w, r) limitingAccessInterceptor.DeleteExhaustedCookie(w)
} }
_, err = w.Write(environmentJSON) _, err = w.Write(environmentJSON)
logging.OnError(err).Error("error serving environment.json") logging.OnError(err).Error("error serving environment.json")