From 64474c8673b12fa2cb9b6cb398aa85927992c8f1 Mon Sep 17 00:00:00 2001
From: Joe Ardent <code@ardent.nebcorp.com>
Date: Sat, 30 Dec 2023 13:33:14 -0800
Subject: [PATCH] update tower_sessions, allow insecure cookies

---
 Cargo.lock   | 24 +++++++++++++-----------
 Cargo.toml   |  4 ++--
 src/auth.rs  |  2 +-
 src/login.rs |  2 +-
 4 files changed, 17 insertions(+), 15 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index b3e0b6a..4d0cd87 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -332,12 +332,13 @@ dependencies = [
 
 [[package]]
 name = "axum-login"
-version = "0.10.2"
+version = "0.11.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "61b018d073eea48729e2309c8ecd7198e1eea90e132d99a5e1cc7e952053c8d6"
+checksum = "6f10f9f96befdaed5ba6668b1d428824ef2ddde2a0d8e3f640b8100c486679fa"
 dependencies = [
  "async-trait",
  "axum",
+ "form_urlencoded",
  "ring",
  "serde",
  "thiserror",
@@ -2553,9 +2554,9 @@ checksum = "b6bc1c9ce2b5135ac7f93c72918fc37feb872bdc6a5533a8b85eb4b86bfdae52"
 
 [[package]]
 name = "tower-sessions"
-version = "0.7.0"
+version = "0.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ce23a9827d593712d471a19d3cb1334e57a97e5b34a9f02b4eef2114b7405dcd"
+checksum = "645170f7fa7975a65ccb4a14ba2271c4df9598afc2755c2bfe05f294cda3a556"
 dependencies = [
  "tower-sessions-core",
  "tower-sessions-memory-store",
@@ -2564,9 +2565,9 @@ dependencies = [
 
 [[package]]
 name = "tower-sessions-core"
-version = "0.7.0"
+version = "0.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b1d733b3ae4a6a4cb80cd585e87ffe1a1a7011174581785039c83c4cd63ee61c"
+checksum = "2f01972091af543726f9a48afb73efcd6b142699f1bc743975c774117db4bba2"
 dependencies = [
  "async-trait",
  "axum-core",
@@ -2577,6 +2578,7 @@ dependencies = [
  "serde_json",
  "thiserror",
  "time 0.3.31",
+ "tokio",
  "tower-cookies",
  "tower-layer",
  "tower-service",
@@ -2586,21 +2588,21 @@ dependencies = [
 
 [[package]]
 name = "tower-sessions-memory-store"
-version = "0.7.0"
+version = "0.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "78d855ef8feaef2382c6df2cf4c4b6651dce890019ceaf0ec70c8af2516a1ce9"
+checksum = "2a09281f8b4d3a847b9479658bafc2dab1224f76f03e877c8eca354ed42fb2c3"
 dependencies = [
  "async-trait",
- "parking_lot",
  "time 0.3.31",
+ "tokio",
  "tower-sessions-core",
 ]
 
 [[package]]
 name = "tower-sessions-sqlx-store"
-version = "0.7.0"
+version = "0.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "301af43dd82426f36ac20e3b7217cc350d581e3b4cf1f40118d76d7e533ad51f"
+checksum = "df50c47fa6b79ebc4c54ca814f087469f47293fb08025b7822597f9a55a39304"
 dependencies = [
  "async-trait",
  "rmp-serde",
diff --git a/Cargo.toml b/Cargo.toml
index 59fa8d4..3c638eb 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -16,7 +16,7 @@ async-session = "3"
 async-trait = "0.1.74"
 axum = { version = "0.7", features = ["macros"] }
 axum-htmx = "0.5"
-axum-login = "0.10"
+axum-login = "0.11"
 axum-macros = "0.4"
 chrono = { version = "0.4", default-features = false, features = ["std", "clock"] }
 clap = { version = "4", features = ["derive", "env", "unicode", "suggestions", "usage"] }
@@ -36,7 +36,7 @@ tokio-retry = "0.3"
 tokio-stream = "0.1"
 tower = { version = "0.4", features = ["util", "timeout"], default-features = false }
 tower-http = { version = "0.5", features = ["add-extension", "trace", "tracing", "fs"], default-features = false }
-tower-sessions = { version = "0.7", default-features = false, features = ["sqlite-store"] }
+tower-sessions = { version = "0.8", default-features = false, features = ["sqlite-store"] }
 tracing = "0.1"
 tracing-subscriber = { version = "0.3", features = ["env-filter"] }
 unicode-segmentation = "1"
diff --git a/src/auth.rs b/src/auth.rs
index 00de6e8..12ac619 100644
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -85,6 +85,6 @@ pub async fn session_layer(pool: SqlitePool) -> SessionManagerLayer<SqliteStore>
         .expect("Calling `migrate()` should be reliable, is the DB gone?");
 
     SessionManagerLayer::new(store)
-        .with_secure(true)
+        .with_secure(false)
         .with_expiry(Expiry::OnInactivity(SESSION_TTL))
 }
diff --git a/src/login.rs b/src/login.rs
index 0f5d723..7e7672f 100644
--- a/src/login.rs
+++ b/src/login.rs
@@ -81,7 +81,7 @@ pub async fn get_logout() -> impl IntoResponse {
 }
 
 pub async fn post_logout(mut auth: AuthSession) -> impl IntoResponse {
-    match auth.logout() {
+    match auth.logout().await {
         Ok(_) => LogoutSuccessPage.into_response(),
         Err(e) => {
             tracing::debug!("{e}");