Remove all fields from SSO cookie except name and uuid (#1667)

Dantemss · web-flow · commit 9260c9eb430f · 2025-10-17T18:20:19.000-05:00
diff --git a/app/representers/api/v1/sso_cookie_representer.rb b/app/representers/api/v1/sso_cookie_representer.rb
@@ -0,0 +1,15 @@
+module Api::V1
+  class SsoCookieRepresenter < Roar::Decorator
+    include Roar::JSON
+
+    property :name,
+             type: String,
+             readable: true,
+             writeable: false
+
+    property :uuid,
+             type: String,
+             readable: true,
+             writeable: false
+  end
+end
diff --git a/lib/sso_cookie.rb b/lib/sso_cookie.rb
@@ -14,7 +14,7 @@ module SsoCookie
   @encryption_method = secrets[:encryption_method]
 
   def self.user_hash(user)
-    Api::V1::UserRepresenter.new(user).to_hash
+    Api::V1::SsoCookieRepresenter.new(user).to_hash
   end
 
   # This method is used in 2 different ways:
diff --git a/spec/controllers/api/v1/users_controller_spec.rb b/spec/controllers/api/v1/users_controller_spec.rb
@@ -408,7 +408,7 @@
 
       sso_cookie = parsed_response['sso']
       sso_hash = SsoCookie.read sso_cookie
-      expect(sso_hash['sub']).to eq Api::V1::UserRepresenter.new(new_user).to_hash
+      expect(sso_hash['sub']).to eq Api::V1::SsoCookieRepresenter.new(new_user).to_hash
       expect(sso_hash['exp']).to be <= (
         Time.current + Api::V1::UsersController::SSO_TOKEN_INITIAL_DURATION
       ).to_i
