diff --git a/modules/openid_connect/lib/open_project/openid_connect/hooks/hook.rb b/modules/openid_connect/lib/open_project/openid_connect/hooks/hook.rb index 2d3b92c952d9..f2d446830767 100644 --- a/modules/openid_connect/lib/open_project/openid_connect/hooks/hook.rb +++ b/modules/openid_connect/lib/open_project/openid_connect/hooks/hook.rb @@ -41,22 +41,9 @@ def user_logged_in(context) end ## - # Once omniauth has returned with an auth hash - # persist the access token - def omniauth_user_authorized(context) - auth_hash = context[:auth_hash] - controller = context[:controller] - - # fetch the access token if it's present - access_token = auth_hash.fetch(:credentials, {})[:token] - # put it into a cookie - if controller && access_token - controller.send(:cookies)[:_open_project_session_access_token] = { - value: access_token, - secure: !!Rails.configuration.force_ssl - } - end - end + # Called once omniauth has returned with an auth hash + # NOTE: It's a passthrough as we no longer persist the access token into the cookie + def omniauth_user_authorized(_context); end end end end diff --git a/modules/openid_connect/spec/requests/openid_connect_spec.rb b/modules/openid_connect/spec/requests/openid_connect_spec.rb index c09af595b26b..686f588b7297 100644 --- a/modules/openid_connect/spec/requests/openid_connect_spec.rb +++ b/modules/openid_connect/spec/requests/openid_connect_spec.rb @@ -98,13 +98,6 @@ expect(response).to have_http_status :found expect(response.location).to match /\/\?first_time_user=true$/ - # after_login requires the optional third context parameter - # remove this guard once we are on v4.1 - if OpenProject::OmniAuth::Authorization.method(:after_login!).arity.abs > 2 - # check that cookie is stored in the access token - expect(response.cookies["_open_project_session_access_token"]).to eq "foo bar baz" - end - user = User.find_by(mail: user_info[:email]) expect(user).not_to be_nil