Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve login and cookie handling #76

Open
wants to merge 10 commits into
base: main
Choose a base branch
from

Conversation

line-o
Copy link
Member

@line-o line-o commented Sep 22, 2024

Please have a look at the documentation for the new feature:
https://github.com/eeditiones/roaster/blob/3b0ab4e867a21683bb00b93ab0be7809b6200887/doc/cookie-auth.md

FEATURES

  • allow and encourage custom login route handlers
    • read user name and login from any body or header content including XML bodies
  • allow and encourage custom logout route handlers
  • allows setting HttpOnly and SameSite attributes on login domain cookies (implementation in content/cookie.xqm)

FIXES

  • no redirect needed for logout, nor logout=true
  • do not attempt to login on every request
  • get rid of hard-coded field names user, password

- Use persistent login module directly to allow custom login and logout route handlers.
- Logout route does not need to redirect anymore.
- Add cookie.xqm utility module that is package private.
- Add custom login and logout route handlers to test app.
- Add and extend tests for login and logout.
When a route tries to call a handler function that does not exist, roaster will return
with status code 500 and an actionable description:
"Operation not found for operationId:<operationId>"
- use cookie-name everywhere and deprecate "login domain"
- guard against cookie-name not being set
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant