From cb4ff1876d929e756a17404d9b6b8112c6f62523 Mon Sep 17 00:00:00 2001
From: Alex Sherman <yul.golem@gmail.com>
Date: Thu, 11 Mar 2021 17:16:16 +0500
Subject: [PATCH] Fix CookieOverflow error using current Tara test keys

---
 app/controllers/sso/tara_controller.rb         |  2 +-
 config/application.yml.sample                  |  2 +-
 .../registrar_area/tara/tara_users_test.rb     | 18 ++++++++++++++++++
 3 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/app/controllers/sso/tara_controller.rb b/app/controllers/sso/tara_controller.rb
index 37c8ab608..eb046730b 100644
--- a/app/controllers/sso/tara_controller.rb
+++ b/app/controllers/sso/tara_controller.rb
@@ -14,7 +14,7 @@ module Sso
 
     # rubocop:disable Style/AndOr
     def callback(user, registrar: true)
-      session[:omniauth_hash] = user_hash
+      session[:omniauth_hash] = user_hash.delete_if { |key, _| key == 'credentials' }
       (show_error(registrar: registrar) and return) unless user
 
       flash[:notice] = t(:signed_in_successfully)
diff --git a/config/application.yml.sample b/config/application.yml.sample
index dd38e206c..88fc28a0d 100644
--- a/config/application.yml.sample
+++ b/config/application.yml.sample
@@ -170,7 +170,7 @@ tara_issuer: 'https://tara-test.ria.ee'
 tara_identifier: 'identifier'
 tara_secret: 'secret'
 tara_redirect_uri: 'redirect_url'
-tara_keys: "{\"kty\":\"RSA\",\"kid\":\"de6cc4\",\"n\":\"jWwAjT_03ypme9ZWeSe7c-jY26NO50Wo5I1LBnPW2JLc0dPMj8v7y4ehiRpClYNTaSWcLd4DJmlKXDXXudEUWwXa7TtjBFJfzlZ-1u0tDvJ-H9zv9MzO7UhUFytztUEMTrtStdhGbzkzdEZZCgFYeo2i33eXxzIR1nGvI05d9Y-e_LHnNE2ZKTa89BC7ZiCXq5nfAaCgQna_knh4kFAX-KgiPRAtsiDHcAWKcBY3qUVcb-5XAX8p668MlGLukzsh5tFkQCbJVyNtmlbIHdbGvVHPb8C0H3oLYciv1Fjy_tS1lO7OT_cb3GVp6Ql-CG0uED_8pkpVtfsGRviub4_ElQ\",\"e\":\"AQAB\"}"
+tara_keys: "{\"kty\":\"RSA\",\"kid\":\"public:xWbbVoYq9EwMqphp\",\"n\":\"2vlgaxaUJYUWjkNM_b-ruADW3gyGnkPvxDyEXWeLyP668vn5aTrSdZ42psr6Vpu6V1MEjMr27bnE7swqndfmspqJHKlp47fO9orWWNGmrHFtClxU36wqFiIg9V39hbHdoXqZVdLywwjx6KLgsuYff95KvwfDqUK9IxxADm91ckD9m9aoQaPTrn8KsB9uhkyEchejNHRg7EGZDvWHF-aiQHCMnieSowiapPd7kTYGemPMheVyY_Zwvyya8DkvjnVa8HlrmbzjMjGdSRq5dVL0lCxb4-OlZ-QZuORUBqZ5xEAhWg2Jl6oG0slj3z8l_fd7l2oj7THNoepYWTnzUDxsN1hvRLzFnJh8MNUklYHWf8CFrwmPdqGDs0jeLP2v7X8LJeQ-Ly3GHsUBai1aVORZXCHq1Tzt2XyQhvPVt_3WoaVKJBi4hjz0CLKlSE0eUv9TWL58CU76tU98dxOwSb6hhqEu3xn6mLApyyEZzeUdYdJutDFQuTYz2pb1yqMFqlp2LHa49p7Q5TvBp4pKOxwjrqnlKTsasL8BU2vA9xHuEEYttVzAPWjH_5-BfoJ8GKQTLaXc6LOmWIZcMDVM8QEOkLXQdUtlaPVz-2wl9Q_FwhoBzXSZujEYQVcSZznxIdNyV4nvn2mo56isITX18PTcdyZ4V-wWlS5PuUNVVRQHWE0\",\"e\":\"AQAB\"}"
 
 tara_rant_identifier: 'identifier'
 tara_rant_secret: 'secret'
diff --git a/test/system/registrar_area/tara/tara_users_test.rb b/test/system/registrar_area/tara/tara_users_test.rb
index a2defd715..005504043 100644
--- a/test/system/registrar_area/tara/tara_users_test.rb
+++ b/test/system/registrar_area/tara/tara_users_test.rb
@@ -34,6 +34,18 @@ class TaraUsersTest < ApplicationSystemTestCase
     assert_text('Signed in successfully')
   end
 
+  def test_existing_user_logs_in_without_cookie_overflow
+    @existing_user_hash['credentials'] = massive_hash
+    OmniAuth.config.mock_auth[:tara] = OmniAuth::AuthHash.new(@existing_user_hash)
+
+    visit new_registrar_user_session_path
+    assert_nothing_raised do
+      click_link('Sign in')
+    end
+
+    assert_text('Signed in successfully')
+  end
+
   def test_nonexisting_user_gets_error_message
     OmniAuth.config.mock_auth[:tara] = OmniAuth::AuthHash.new(@new_user_hash)
 
@@ -42,4 +54,10 @@ class TaraUsersTest < ApplicationSystemTestCase
 
     assert_text('No such user')
   end
+
+  def massive_hash
+    o = [('a'..'z'), ('A'..'Z')].map(&:to_a).flatten
+    string = (0...5000).map { o[rand(o.length)] }.join
+    {"access_token":"AT-540-Fj5gbPvJp4jPkO-4EdgzIhIhhJapoRTM","token_type":"bearer","expires_in":600,"id_token":string}
+  end
 end