From 5540b0fd1bdca4236bd7cbb37d0ffa89a2a86b8d Mon Sep 17 00:00:00 2001 From: Mike Dalessio Date: Sun, 10 Aug 2025 18:53:52 -0400 Subject: [PATCH] Make sure session cookie has the correct path for the tenant ref: https://fizzy.37signals.com/5986089/collections/7/cards/1234 --- app/controllers/concerns/authentication.rb | 2 +- config/initializers/tenanting/default_tenant.rb | 6 ++++++ test/test_helper.rb | 3 +++ test/test_helpers/session_test_helper.rb | 7 +++++-- 4 files changed, 15 insertions(+), 3 deletions(-) create mode 100644 config/initializers/tenanting/default_tenant.rb diff --git a/app/controllers/concerns/authentication.rb b/app/controllers/concerns/authentication.rb index 0cd5aa422..1ce96c7a2 100644 --- a/app/controllers/concerns/authentication.rb +++ b/app/controllers/concerns/authentication.rb @@ -81,7 +81,7 @@ module Authentication def set_current_session(session) logger.struct " Authorized User##{session.user.id}", authentication: { user: { id: session.user.id } } Current.session = session - cookies.signed.permanent[:session_token] = { value: session.signed_id, httponly: true, same_site: :lax } + cookies.signed.permanent[:session_token] = { value: session.signed_id, httponly: true, same_site: :lax, path: Account.sole.slug } end def terminate_session diff --git a/config/initializers/tenanting/default_tenant.rb b/config/initializers/tenanting/default_tenant.rb new file mode 100644 index 000000000..096c5721e --- /dev/null +++ b/config/initializers/tenanting/default_tenant.rb @@ -0,0 +1,6 @@ +Rails.application.configure do + # In test environment, default tenant is set in test_helper.rb + if Rails.env.development? + config.active_record_tenanted.default_tenant = "175932900" # Honcho + end +end diff --git a/test/test_helper.rb b/test/test_helper.rb index d68021462..d0c6b8710 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -1,5 +1,8 @@ ENV["RAILS_ENV"] ||= "test" require_relative "../config/environment" + +Rails.application.config.active_record_tenanted.default_tenant = ActiveRecord::FixtureSet.identify :'37s_fizzy' + require "rails/test_help" require "webmock/minitest" require "vcr" diff --git a/test/test_helpers/session_test_helper.rb b/test/test_helpers/session_test_helper.rb index f4bb6aa45..bff7d8e90 100644 --- a/test/test_helpers/session_test_helper.rb +++ b/test/test_helpers/session_test_helper.rb @@ -4,10 +4,13 @@ module SessionTestHelper end def sign_in_as(user) - cookies[:session_token] = nil + cookies.delete :session_token user = users(user) unless user.is_a? User put session_launchpad_path, params: { sig: user.signal_user.perishable_signature } - assert cookies[:session_token].present? + + cookie = cookies.get_cookie "session_token" + assert_not_nil cookie, "Expected session_token cookie to be set after sign in" + assert_equal Account.sole.slug, cookie.path, "Expected session_token cookie to be scoped to account slug" end def sign_out