Unsign auth token cookies per discussion on #215 (PR #241)

GitHub

I’m actually not sure how to write the test case for ensuring consistent behaviour between @current_user and CurrentUser.lookup_from_env due to the setup required for each to work correctly.

I tried some things but couldn’t get it to work cleanly. Any recommendations @eviltrout ?

@tms actually this may be worth exploring for you, understanding rack is interesting, can you look at the middleware test in /vendor/gems/message-bus/specs it has the framework stuff you need to test this.

also, we probably want to streamline the code so all go through the same path if possible.

other option would be hard core mocking, not sure which I prefer … I can look at this tomorrow if you don’t have a chance.

I didn’t think to look in the message bus gem itself for relevant example tests, so I’ll take a look a bit later today and see if I can get it sorted myself.

fyi, if you really really want this signed we would need a custom signing process, we need to be able to get a user from a raw env, for background event machine loops

pulling this in for now so notifications start coming through again, its going to log out all users again, something slightly annoying.

This was stupid of me, whoops…will remove.

oops, fixed that

I’m throwing in the towel on the test case, I’ll leave that to you. I get how to test the call from the middleware now, but I’m not familiar enough with rspect et al to understand how to test for consistency between @current_user and the return of lookup_from_env.

Whenever I try to mix the Rails controller/Rack middleware stuff together it all goes haywire, so I guess I’m just not going about it correctly.