Skip to content

Commit

Permalink
Fixed Cookie Authentication
Browse files Browse the repository at this point in the history 
* Fixed Cookie Removal for Logouts
* Fixed Setting of Cookie by specifying the path
* Adding secure only when target is SSL/TLS
* Added Unit Tests
  • Loading branch information
@sudiptosarkar
sudiptosarkar committed Sep 5, 2023
1 parent 113996f commit 2e92f86
Show file tree
Hide file tree
Showing 2 changed files with 85 additions and 4 deletions.
10 changes: 8 additions & 2 deletions src/core/plugins/auth/wrap-actions.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,11 @@ export const authorize = (oriAction, system) => (payload) => {
const isApiKeyInCookie = isApiKeyAuth && isInCookie

if (isApiKeyInCookie) {
document.cookie = `${schema.get("name")}=${value}; SameSite=None; Secure`
const secure = `${configs.url?.split("/")[0] === "https:" ? ";secure" : ""}`
const urlBasePath = configs.url?.split("/")[3]
const path = `${urlBasePath === undefined ? ";path=/" : ";path=/".concat(urlBasePath)}`
let cookieStr = `${schema.get("name")}=${value};samesite=None${secure}${path}`
document.cookie = cookieStr
}
} catch (error) {
console.error(
Expand All @@ -49,7 +53,9 @@ export const logout = (oriAction, system) => (payload) => {

if (isApiKeyInCookie) {
const cookieName = auth.getIn(["schema", "name"])
document.cookie = `${cookieName}=; Max-Age=-99999999`
const urlBasePath = configs.url?.split("/")[3]
const path = `${urlBasePath === undefined ? ";path=/" : ";path=/".concat(urlBasePath)}`
document.cookie = `${cookieName}=;max-age=-99999999${path}`
}
})
}
Expand Down
79 changes: 77 additions & 2 deletions test/unit/core/plugins/auth/wrap-actions.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,82 @@ describe("Cookie based apiKey persistence in document.cookie", () => {
authorize(jest.fn(), system)(payload)

expect(document.cookie).toEqual(
"apiKeyCookie=test; SameSite=None; Secure"
"apiKeyCookie=test;samesite=None;path=/"
)
})

it("should persist secure cookie in document.cookie for non-SSL targets", () => {
const system = {
getConfigs: () => ({
persistAuthorization: true,
url: "http://example.org"
}),
}
const payload = {
api_key: {
schema: fromJS({
type: "apiKey",
name: "apiKeyCookie",
in: "cookie",
}),
value: "test",
},
}

authorize(jest.fn(), system)(payload)

expect(document.cookie).toEqual(
"apiKeyCookie=test;samesite=None;path=/"
)
})

it("should persist secure cookie in document.cookie for SSL targets", () => {
const system = {
getConfigs: () => ({
persistAuthorization: true,
url: "https://example.org"
}),
}
const payload = {
api_key: {
schema: fromJS({
type: "apiKey",
name: "apiKeyCookie",
in: "cookie",
}),
value: "test",
},
}

authorize(jest.fn(), system)(payload)

expect(document.cookie).toEqual(
"apiKeyCookie=test;samesite=None;secure;path=/"
)
})

it("should persist secure cookie in document.cookie for non-root SSL targets", () => {
const system = {
getConfigs: () => ({
persistAuthorization: true,
url: "https://example.org/api"
}),
}
const payload = {
api_key: {
schema: fromJS({
type: "apiKey",
name: "apiKeyCookie",
in: "cookie",
}),
value: "test",
},
}

authorize(jest.fn(), system)(payload)

expect(document.cookie).toEqual(
"apiKeyCookie=test;samesite=None;secure;path=/api"
)
})

Expand All @@ -64,7 +139,7 @@ describe("Cookie based apiKey persistence in document.cookie", () => {

logout(jest.fn(), system)(["api_key"])

expect(document.cookie).toEqual("apiKeyCookie=; Max-Age=-99999999")
expect(document.cookie).toEqual("apiKeyCookie=;max-age=-99999999;path=/")
})
})

Expand Down

0 comments on commit 2e92f86

Please sign in to comment.