From ac2ea9f34dc62449baab4de8b61f28a0fab249fb Mon Sep 17 00:00:00 2001 From: Jakob Ackermann Date: Tue, 16 Apr 2024 09:36:58 +0100 Subject: [PATCH] Merge pull request #17865 from overleaf/jpa-open-in-overleaf-session-storage [web] open-in-overleaf: cleanup redis and browser session storage GitOrigin-RevId: af79bb49ff474545fc0d206d2a6f5a0ffa1416bc --- .../infrastructure/SessionAutostartMiddleware.js | 5 ++++- .../src/Security/SessionAutostartMiddlewareTests.js | 13 +++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/services/web/app/src/infrastructure/SessionAutostartMiddleware.js b/services/web/app/src/infrastructure/SessionAutostartMiddleware.js index 89c4094276..eaf6f587cf 100644 --- a/services/web/app/src/infrastructure/SessionAutostartMiddleware.js +++ b/services/web/app/src/infrastructure/SessionAutostartMiddleware.js @@ -77,7 +77,10 @@ class SessionAutostartMiddleware { } middleware(req, _res, next) { - if (!req.signedCookies[this._cookieName]) { + if ( + !req.signedCookies[this._cookieName] && + req.query?.autostartSession !== 'true' + ) { const callback = this.autostartCallbackForRequest(req) if (callback) { req.session = { diff --git a/services/web/test/unit/src/Security/SessionAutostartMiddlewareTests.js b/services/web/test/unit/src/Security/SessionAutostartMiddlewareTests.js index 02a7891bbf..df4af22f85 100644 --- a/services/web/test/unit/src/Security/SessionAutostartMiddlewareTests.js +++ b/services/web/test/unit/src/Security/SessionAutostartMiddlewareTests.js @@ -48,12 +48,25 @@ describe('SessionAutostartMiddleware', function () { expect(req.session.noSessionCallback).to.equal(excludedCallback) }) + it('does not execute the callback for the excluded route with ?autostartSession=true set', function () { + req.query = { autostartSession: 'true' } + middleware.middleware(req, {}, next) + expect(req.session).not.to.exist + }) + it('does not execute the callback if the method is not excluded', function () { req.method = 'GET' middleware.middleware(req, {}, next) expect(req.session).not.to.exist }) + it('does not execute the callback if the method is not excluded and ?autostartSession=true is set', function () { + req.method = 'GET' + req.query = { autostartSession: 'true' } + middleware.middleware(req, {}, next) + expect(req.session).not.to.exist + }) + it('does not execute the callback if the path is not excluded', function () { req.path = '/giraffe' middleware.middleware(req, {}, next)