feat: env-driven Secure flag on portal session cookie
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,16 @@
|
||||
import importlib
|
||||
from tests.conftest import make_project
|
||||
from backend.auth_passwords import hash_password
|
||||
|
||||
|
||||
def test_cookie_secure_flag_is_applied(monkeypatch, client, db_session):
|
||||
import backend.portal_auth as pa
|
||||
monkeypatch.setattr(pa, "COOKIE_SECURE", True, raising=False)
|
||||
# also patch the name imported into the router module
|
||||
import backend.routers.portal as pr
|
||||
monkeypatch.setattr(pr, "COOKIE_SECURE", True, raising=False)
|
||||
|
||||
make_project(db_session, portal_enabled=True, portal_link_token="ts",
|
||||
portal_password_hash=hash_password("pw"))
|
||||
r = client.post("/portal/p/ts", data={"password": "pw"}, follow_redirects=False)
|
||||
assert "secure" in r.headers.get("set-cookie", "").lower()
|
||||
Reference in New Issue
Block a user