Merge pull request #3930 from 3scale/THREESCALE-11440-impersonation-c…

…redentials-header THREESCALE-11440: Reduce impersonation token expiration time to 1 minute
3scale · Oct 29, 2024 · 1e68474 · 1e68474
2 parents 63181b9 + 843f30a
commit 1e68474
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 8 deletions.
diff --git a/app/controllers/buyers/impersonations_controller.rb b/app/controllers/buyers/impersonations_controller.rb
@@ -8,13 +8,13 @@ def create
 
     user= provider.users.impersonation_admin!
 
-    sso_token = SSOToken.new user_id: user.id
+    sso_token = SSOToken.new user_id: user.id, expires_in: 1.minute
 
     sso_token.protocol     = 'http'                unless request.ssl?
     sso_token.redirect_url = params[:redirect_url] if params[:redirect_url] && params[:redirect_url] != "null"
     sso_token.account      = provider
 
-    sso_url = sso_token.sso_url!(provider.external_admin_domain)
+    sso_url = sso_token.sso_url!(host: provider.external_admin_domain, port: request.port)
 
     respond_to do | format |
       format.json { render json: {url: sso_url}, status: :created }

diff --git a/app/controllers/partners/sessions_controller.rb b/app/controllers/partners/sessions_controller.rb
@@ -10,7 +10,7 @@ def openid
         sso_token = SSOToken.new user_id: @user.id
         sso_token.protocol = 'http' unless request.ssl?
         sso_token.account = @account
-        sso_url = sso_token.sso_url!(@account.external_admin_domain)
+        sso_url = sso_token.sso_url!(host: @account.external_admin_domain, port: request.port)
         sso_url << "&return_to=#{params[:return_to]}" if params[:return_to].present?
         redirect_to sso_url
       end

diff --git a/app/models/sso_token.rb b/app/models/sso_token.rb
@@ -59,11 +59,12 @@ def assign_attributes values
   # however, if the provider is also master, host needs to be the provider's admin domain for which we create the URL
   #
   #
-  def sso_url! host = nil
+  def sso_url!(host: nil, port: nil)
     save if new_record?
 
     params= {
       host: host || account.external_domain,
+      port: port,
       protocol: protocol,
       token: encrypted_token,
       expires_at: expires_at.to_i,

diff --git a/features/old/buyers/impersonate.feature b/features/old/buyers/impersonate.feature
@@ -14,7 +14,5 @@ Feature: Impersonate
     And I navigate to the accounts page
     Then I should not see link "Act as" for provider "bar.3scale.localhost"
     When I follow "Act as" for account "foo.3scale.localhost"
-    # FIXME: after enabling javascript, the impersonation redirect does not work
-    # Then I should see "Signed in successfully"
-    # And I should be logged in as "impersonation_admin"
-    # And the current domain should be the admin domain of provider "foo.3scale.localhost"
+    Then the current domain in a new window should be admin.foo.3scale.localhost
+    And I should be logged in as "impersonation_admin"