From 39aa889e481cf1e4afee6de753e18ead3b87f48a Mon Sep 17 00:00:00 2001
From: Emmanuel Gaillot <emmanuel.gaillot@beta.gouv.fr>
Date: Thu, 23 May 2024 17:01:28 +0200
Subject: [PATCH] [NETTOYAGE] Supprime gestion cookie session devenue inutile

Co-authored-by: Fabien Lamarque <fabien.lamarque@beta.gouv.fr>
---
 .env.oots.template                         |  1 -
 package-lock.json                          | 62 ----------------------
 package.json                               |  1 -
 src/adaptateurs/adaptateurEnvironnement.js |  6 ---
 src/ootsFrance.js                          |  9 ----
 test/routes/serveurTest.js                 |  2 -
 6 files changed, 81 deletions(-)

diff --git a/.env.oots.template b/.env.oots.template
index f31fab7..932a08f 100644
--- a/.env.oots.template
+++ b/.env.oots.template
@@ -1,4 +1,3 @@
-AVEC_ENVOI_COOKIE_SUR_HTTP= # autorise envoi du cookie de session par HTTP avec valeur true
 AVEC_REQUETE_PIECE_JUSTIFICATIVE= # active l'API /requete/pieceJustificative avec valeur true
 IDENTIFIANT_EIDAS= # identifiant eIDAS injecté dans les requêtes (tant qu'on ne sait pas le récupérer)
 URL_OOTS_FRANCE= # URL Serveur OOTS-France, ex. https://oots.gouv.fr
diff --git a/package-lock.json b/package-lock.json
index 2981b6f..6944627 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,7 +10,6 @@
       "license": "Apache-2.0",
       "dependencies": {
         "axios": "^1.6.0",
-        "cookie-session": "^2.1.0",
         "express": "^4.19.2",
         "fast-xml-parser": "^4.2.5",
         "jose": "^5.2.0",
@@ -2083,45 +2082,11 @@
         "node": ">= 0.6"
       }
     },
-    "node_modules/cookie-session": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/cookie-session/-/cookie-session-2.1.0.tgz",
-      "integrity": "sha512-u73BDmR8QLGcs+Lprs0cfbcAPKl2HnPcjpwRXT41sEV4DRJ2+W0vJEEZkG31ofkx+HZflA70siRIjiTdIodmOQ==",
-      "dependencies": {
-        "cookies": "0.9.1",
-        "debug": "3.2.7",
-        "on-headers": "~1.0.2",
-        "safe-buffer": "5.2.1"
-      },
-      "engines": {
-        "node": ">= 0.10"
-      }
-    },
-    "node_modules/cookie-session/node_modules/debug": {
-      "version": "3.2.7",
-      "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz",
-      "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==",
-      "dependencies": {
-        "ms": "^2.1.1"
-      }
-    },
     "node_modules/cookie-signature": {
       "version": "1.0.6",
       "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
       "integrity": "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ=="
     },
-    "node_modules/cookies": {
-      "version": "0.9.1",
-      "resolved": "https://registry.npmjs.org/cookies/-/cookies-0.9.1.tgz",
-      "integrity": "sha512-TG2hpqe4ELx54QER/S3HQ9SRVnQnGBtKUz5bLQWtYAQ+o6GpgMs6sYUvaiJjVxb+UXwhRhAEP3m7LbsIZ77Hmw==",
-      "dependencies": {
-        "depd": "~2.0.0",
-        "keygrip": "~1.1.0"
-      },
-      "engines": {
-        "node": ">= 0.8"
-      }
-    },
     "node_modules/cross-spawn": {
       "version": "7.0.3",
       "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
@@ -4445,17 +4410,6 @@
         "json5": "lib/cli.js"
       }
     },
-    "node_modules/keygrip": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/keygrip/-/keygrip-1.1.0.tgz",
-      "integrity": "sha512-iYSchDJ+liQ8iwbSI2QqsQOvqv58eJCEanyJPJi+Khyu8smkcKSFUCbPwzFcL7YVtZ6eONjqRX/38caJ7QjRAQ==",
-      "dependencies": {
-        "tsscmp": "1.0.6"
-      },
-      "engines": {
-        "node": ">= 0.6"
-      }
-    },
     "node_modules/kleur": {
       "version": "3.0.3",
       "resolved": "https://registry.npmjs.org/kleur/-/kleur-3.0.3.tgz",
@@ -4892,14 +4846,6 @@
         "node": ">= 0.8"
       }
     },
-    "node_modules/on-headers": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.0.2.tgz",
-      "integrity": "sha512-pZAE+FJLoyITytdqK0U5s+FIpjN0JP3OzFi/u8Rx+EV5/W+JTWGXG8xFzevE7AjBfDqHv/8vL8qQsIhHnqRkrA==",
-      "engines": {
-        "node": ">= 0.8"
-      }
-    },
     "node_modules/once": {
       "version": "1.4.0",
       "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
@@ -5902,14 +5848,6 @@
         "strip-bom": "^3.0.0"
       }
     },
-    "node_modules/tsscmp": {
-      "version": "1.0.6",
-      "resolved": "https://registry.npmjs.org/tsscmp/-/tsscmp-1.0.6.tgz",
-      "integrity": "sha512-LxhtAkPDTkVCMQjt2h6eBVY28KCjikZqZfMcC15YBeNjkgUpdCfBu5HoiOTDu86v6smE8yOjyEktJ8hlbANHQA==",
-      "engines": {
-        "node": ">=0.6.x"
-      }
-    },
     "node_modules/type-check": {
       "version": "0.4.0",
       "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz",
diff --git a/package.json b/package.json
index 871d156..4459315 100644
--- a/package.json
+++ b/package.json
@@ -19,7 +19,6 @@
   },
   "dependencies": {
     "axios": "^1.6.0",
-    "cookie-session": "^2.1.0",
     "express": "^4.19.2",
     "fast-xml-parser": "^4.2.5",
     "jose": "^5.2.0",
diff --git a/src/adaptateurs/adaptateurEnvironnement.js b/src/adaptateurs/adaptateurEnvironnement.js
index fb15e50..0cff015 100644
--- a/src/adaptateurs/adaptateurEnvironnement.js
+++ b/src/adaptateurs/adaptateurEnvironnement.js
@@ -1,14 +1,8 @@
-const avecEnvoiCookieSurHTTP = () => process.env.AVEC_ENVOI_COOKIE_SUR_HTTP === 'true';
-
 const avecRequetePieceJustificative = () => process.env.AVEC_REQUETE_PIECE_JUSTIFICATIVE === 'true';
 
 const identifiantEIDAS = () => process.env.IDENTIFIANT_EIDAS;
 
-const secretJetonSession = () => new TextEncoder().encode(process.env.SECRET_JETON_SESSION);
-
 module.exports = {
-  avecEnvoiCookieSurHTTP,
   avecRequetePieceJustificative,
   identifiantEIDAS,
-  secretJetonSession,
 };
diff --git a/src/ootsFrance.js b/src/ootsFrance.js
index d4158f9..1915373 100644
--- a/src/ootsFrance.js
+++ b/src/ootsFrance.js
@@ -1,4 +1,3 @@
-const cookieSession = require('cookie-session');
 const express = require('express');
 const mustacheExpress = require('mustache-express');
 
@@ -25,14 +24,6 @@ const creeServeur = (config) => {
   app.set('view engine', 'mustache');
   app.engine('mustache', mustacheExpress());
 
-  app.use(cookieSession({
-    maxAge: 15 * 60 * 1000,
-    name: 'session',
-    sameSite: true,
-    secret: adaptateurEnvironnement.secretJetonSession(),
-    secure: !adaptateurEnvironnement.avecEnvoiCookieSurHTTP(),
-  }));
-
   app.use('/admin', routesAdmin({ ecouteurDomibus }));
 
   app.use('/ebms', routesEbms({ adaptateurUUID, horodateur }));
diff --git a/test/routes/serveurTest.js b/test/routes/serveurTest.js
index 3427377..d21ddb0 100644
--- a/test/routes/serveurTest.js
+++ b/test/routes/serveurTest.js
@@ -23,10 +23,8 @@ const serveurTest = () => {
     };
 
     adaptateurEnvironnement = {
-      avecEnvoiCookieSurHTTP: () => true,
       avecRequetePieceJustificative: () => true,
       identifiantEIDAS: () => 'FR/BE/123456789',
-      secretJetonSession: () => 'secret',
     };
 
     adaptateurUUID = {