From 999ea1e43d5439cfc7b184eacb64ddb9eac94591 Mon Sep 17 00:00:00 2001 From: Andrew Dryga Date: Mon, 23 Jan 2023 13:38:57 -0600 Subject: [PATCH] Add version suffix to cookie signing salt (#1369) This will make sure that users need to reauthenticate every time a new version is deployed. Closes https://github.com/firezone/firezone/issues/1358 --- apps/fz_http/lib/fz_http_web/session.ex | 7 ++++++- .../test/fz_http_web/acceptance/authentication_test.exs | 5 +++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/apps/fz_http/lib/fz_http_web/session.ex b/apps/fz_http/lib/fz_http_web/session.ex index b993ac29b..c4c77c692 100644 --- a/apps/fz_http/lib/fz_http_web/session.ex +++ b/apps/fz_http/lib/fz_http_web/session.ex @@ -29,7 +29,12 @@ defmodule FzHttpWeb.Session do end defp signing_salt do - FzHttp.Config.fetch_env!(:fz_http, :cookie_signing_salt) + [vsn | _] = + Application.spec(:fz_http, :vsn) + |> to_string() + |> String.split("+") + + FzHttp.Config.fetch_env!(:fz_http, :cookie_signing_salt) <> vsn end defp encryption_salt do diff --git a/apps/fz_http/test/fz_http_web/acceptance/authentication_test.exs b/apps/fz_http/test/fz_http_web/acceptance/authentication_test.exs index b6631cc97..6a67082e6 100644 --- a/apps/fz_http/test/fz_http_web/acceptance/authentication_test.exs +++ b/apps/fz_http/test/fz_http_web/acceptance/authentication_test.exs @@ -65,8 +65,9 @@ defmodule FzHttpWeb.Acceptance.AuthenticationTest do |> fill_form(%{"email" => "foo@bar.com"}) |> click(Query.button("Send")) |> assert_el(Query.text("Reset Password")) - |> visit(~p"/dev/mailbox") - |> assert_el(Query.text("Empty mailbox...")) + + emails = Swoosh.Adapters.Local.Storage.Memory.all() + refute Enum.find(emails, &(&1.to == "foo@bar.com")) end feature "can reset password using email link", %{session: session} do