gitadmin/freeCodeCamp
1
0
Fork 0
mirror of https://github.com/freeCodeCamp/freeCodeCamp.git synced 2026-05-28 18:26:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(api): clear cookies on account/delete (#55260)

Browse Source
This commit is contained in:
Oliver Eyton-Williams
2024-06-21 16:39:31 +02:00
committed by GitHub
parent 7fdd9d0380
commit dda9c929b0
2 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
api/src/routes/user.test.ts
+14
View File
@@ -362,6 +362,20 @@ describe('userRoutes', () => {
expect(userTokens).toHaveLength(1);
expect(userTokens[0]?.userId).toBe(otherUserId);
});
test("POST deletes all the user's cookies", async () => {
const res = await superPost('/account/delete');
const setCookie = res.headers['set-cookie'];
expect(setCookie).toEqual(
expect.arrayContaining([
'jwt_access_token=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT',
'_csrf=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT',
'csrf_token=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT'
])
);
expect(setCookie).toHaveLength(3);
});
});
describe('/account/reset-progress', () => {
api/src/routes/user.ts
+3 -1
View File
@@ -119,7 +119,9 @@ export const userRoutes: FastifyPluginCallbackTypebox = (
await fastify.prisma.user.delete({
where: { id: req.user!.id }
});
void reply.clearCookie('sessionId');
void reply.clearCookie('jwt_access_token');
void reply.clearCookie('_csrf');
void reply.clearCookie('csrf_token');
return {};
}