Merge pull request #418 from jonnybarnes/develop

MTM JWT and Cookie fixes
2022-09-10 13:31:24 +01:00 · 2022-09-10 13:31:24 +01:00 · 729c52df2f
commit 729c52df2f
parent ac19c02e76 18fb386082
7 changed files with 590 additions and 678 deletions
--- a/app/Providers/AppServiceProvider.php
+++ b/app/Providers/AppServiceProvider.php
@ -85,7 +85,7 @@ class AppServiceProvider extends ServiceProvider
        // Configure JWT builder
        $this->app->bind('Lcobucci\JWT\Configuration', function () {
-            $key = InMemory::plainText('testing');
+            $key = InMemory::plainText(config('app.key'));
            $config = Configuration::forSymmetricSigner(new Sha256(), $key);
--- a/composer.json
+++ b/composer.json
@ -36,7 +36,7 @@
        "barryvdh/laravel-ide-helper": "^2.6",
        "beyondcode/laravel-dump-server": "^1.0",
        "fakerphp/faker": "^1.9.2",
-        "laravel/dusk": "^6.0",
+        "laravel/dusk": "^7.0",
        "laravel/pint": "^1.0.0",
        "laravel/sail": "^1.15",
        "mockery/mockery": "^1.0",
--- a/composer.lock
+++ b/composer.lock
--- a/config/session.php
+++ b/config/session.php
@ -128,7 +128,7 @@ return [
    'cookie' => env(
        'SESSION_COOKIE',
-        Str::slug(env('APP_NAME', 'laravel'), '_') . '_session'
+        (env('SECURE_SESSION_COOKIE') ? '__Host-' : '') . Str::slug(env('APP_NAME', 'laravel'), '_') . '_session'
    ),
    /*
@ -196,6 +196,6 @@ return [
    |
    */
-    'same_site' => 'lax',
+    'same_site' => 'strict',
 ];
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -6,27 +6,27 @@
    "license": "CC0-1.0",
    "dependencies": {
        "normalize.css": "^8.0.1",
-        "puppeteer": "^16.2.0"
+        "puppeteer": "^17.1.3"
    },
    "devDependencies": {
-        "@babel/core": "^7.18.10",
+        "@babel/core": "^7.19.0",
-        "@babel/preset-env": "^7.18.10",
+        "@babel/preset-env": "^7.19.0",
        "autoprefixer": "^10.4.8",
        "babel-loader": "^8.2.1",
        "browserlist": "^1.0.1",
        "compression-webpack-plugin": "^10.0.0",
        "css-loader": "^6.2.0",
        "cssnano": "^5.1.13",
-        "eslint": "^8.22.0",
+        "eslint": "^8.23.0",
        "eslint-webpack-plugin": "^3.2.0",
        "mini-css-extract-plugin": "^2.6.1",
        "postcss": "^8.4.16",
        "postcss-combine-duplicated-selectors": "^10.0.2",
        "postcss-combine-media-query": "^1.0.1",
-        "postcss-import": "^14.0.0",
+        "postcss-import": "^15.0.0",
        "postcss-loader": "^7.0.1",
-        "stylelint": "^14.9.1",
+        "stylelint": "^14.11.0",
-        "stylelint-config-standard": "^27.0.0",
+        "stylelint-config-standard": "^28.0.0",
        "stylelint-webpack-plugin": "^3.1.1",
        "webpack": "^5.74.0",
        "webpack-cli": "^4.10.0"
--- a/tests/Feature/TokenServiceTest.php
+++ b/tests/Feature/TokenServiceTest.php
@ -37,7 +37,11 @@ class TokenServiceTest extends TestCase
        $this->assertSame($data, $validData);
    }
-    /** @test */
+    /**
     * @test
     *
     * @throws \Exception
     */
    public function tokensWithDifferentSigningKeyThrowsException(): void
    {
        $this->expectException(RequiredConstraintsViolated::class);
@ -56,7 +60,7 @@ class TokenServiceTest extends TestCase
            ->withClaim('me', $data['me'])
            ->withClaim('scope', $data['scope'])
            ->withClaim('nonce', bin2hex(random_bytes(8)))
-            ->getToken($config->signer(), InMemory::plainText('r4andomk3y'))
+            ->getToken($config->signer(), InMemory::plainText(random_bytes(32)))
            ->toString();
        $service = new TokenService();