Page MenuHomeIn-Portal Phabricator

INP-1822 - Use modern cookie encryption library
ClosedPublic

Authored by alex on Thu, Sep 8, 9:11 AM.

Details

Test Plan

Preparations

  1. apply D428 and D429

Plan (part 1)

  1. perform a clean install
  2. confirm, that:
    • In-Portal is working
    • decrypted cookies are shown in the Debugger
    • attempt to inspect cookies using JavaScript or browser add-ons similar to EditThisCookie shows, that they're encrypted
  3. perform an upgrade
  4. confirm, that:
    • In-Portal is working
    • decrypted cookies are shown in the Debugger
    • attempt to inspect cookies using JavaScript or browser add-ons similar to EditThisCookie shows, that they're encrypted

Plan (part 2)

  1. login to the Admin Console
  2. go to ConfigurationWebsiteAdvanced section
  3. confirm, that Encrypted Cookies contains the value of the Session Cookie Name system setting:
    • with/without adm_ prefix
    • with/without _live suffix
  4. change the value of the Session Cookie Name system setting and save changes
  5. confirm, that Encrypted Cookies contains the value of the Session Cookie Name system setting:
    • with/without adm_ prefix
    • with/without _live suffix
  6. confirm, that there are Plain Text Cookies and Encrypted Cookies system settings
  7. confirm, that attempt to write the same cookie name in both Plain Text Cookies and Encrypted Cookies system settings would result in a validation error
  8. confirm, that attempt to remove any of 4 cookie names containing Session Cookie Name system setting value in them would result in them being auto-added back into the Encrypted Cookies system setting upon the Save button press
  9. open Debugger
  10. confirm, that Debugger is only showing cookies listed in either of Plain Text Cookies or Encrypted Cookies system setting

Plan (part 3)

  1. go to the Front-End
  2. perform a login
  3. add any products to the shopping cart
  4. perform logout
  5. confirm, that shopping cart is empty
  6. perform a login
  7. confirm, that shopping cart contains previously added product

Diff Detail

Repository
rINP In-Portal
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

alex created this revision.Thu, Sep 8, 9:11 AM
alex requested review of this revision.Thu, Sep 8, 9:11 AM
erik accepted this revision.Fri, Sep 9, 10:50 AM
This revision is now accepted and ready to land.Fri, Sep 9, 10:50 AM
This revision was landed with ongoing or failed builds.Tue, Sep 13, 8:08 AM
This revision was automatically updated to reflect the committed changes.