WPB-23422 endpoint to rotate and mark cookie#5033
WPB-23422 endpoint to rotate and mark cookie#5033battermann wants to merge 13 commits intodevelopfrom
Conversation
zebot
added
the
ok-to-test
There was a problem hiding this comment.
Pull request overview
This PR introduces a new endpoint /access/rotate that provides cookie rotation functionality with optional labeling. This is particularly useful for scenarios where devices or sessions need to be marked (e.g., "shared-device") while obtaining new authentication tokens.
Changes:
- Added new
/access/rotateendpoint that validates existing cookies, revokes them, and issues new cookies with optional labels - Introduced
RotateCookiedata type to support optional cookie labeling in the request body - Refactored SAML login test helpers to extract reusable cookie retrieval functions
- Added integration test coverage for SSO users using the new endpoint
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
services/nginz/integration-test/conf/nginz/nginx.conf |
Added nginx route configuration for /cookies endpoint |
services/brig/src/Brig/API/Public.hs |
Wired up the new access-rotate-cookie handler in the servant sitemap |
services/brig/src/Brig/API/Auth.hs |
Implemented accessRotateCookie handler with cookie rotation logic and validation |
libs/wire-api/src/Wire/API/User/Auth.hs |
Added RotateCookie newtype with optional label field |
libs/wire-api/src/Wire/API/Routes/Public/Brig.hs |
Defined the new API route with documentation |
integration/test/Test/Auth.hs |
Added integration test for SSO user cookie rotation scenario |
integration/test/SetupHelpers.hs |
Refactored SAML login helpers to extract reusable getCookieWithSamlLogin function |
integration/test/API/Nginz.hs |
Added accessRotate client function for testing |
integration/test/API/Brig.hs |
Added getCookies client function (contains typo in query parameter) |
changelog.d/2-features/WPB-23422 |
Added changelog entry documenting the new feature |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
akshaymankar
left a comment
akshaymankar
left a comment
There was a problem hiding this comment.
Looks good overall. Most in-line comments at nits, I understand its just copy paste, but now that we understand the code we can take time to clean it up a bit.
Apart from that can we please add unit tests for the functions moved? Or at least the new function?
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 45 out of 45 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
adjust brig to wire-subsystem changes rotate cookie unit test Update libs/wire-api/src/Wire/API/Routes/Public/Brig.hs Co-authored-by: Akshay Mankar <akshay@wire.com> renamed ClientStoreX back to ClientStore
battermann
force-pushed
the
WPB-23422-implement-single-shared-device-enforcement-logout-by-cookie-label-logout-event
branch
from
275420b to
c765f94
Compare
|
obsolete. implemented by #5049 |
battermann
deleted the
WPB-23422-implement-single-shared-device-enforcement-logout-by-cookie-label-logout-event
branch
This is part of https://wearezeta.atlassian.net/browse/WPB-23422
Checklist
changelog.d