Skip to content

Commit 2e92f86

Browse files
sudiptosarkarsudiptosarkar
committed
Fixed Cookie Authentication
* Fixed Cookie Removal for Logouts * Fixed Setting of Cookie by specifying the path * Adding secure only when target is SSL/TLS * Added Unit Tests
1 parent 113996f commit 2e92f86

File tree

2 files changed

+85
-4
lines changed

2 files changed

+85
-4
lines changed

src/core/plugins/auth/wrap-actions.js

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,11 @@ export const authorize = (oriAction, system) => (payload) => {
2424
const isApiKeyInCookie = isApiKeyAuth && isInCookie
2525

2626
if (isApiKeyInCookie) {
27-
document.cookie = `${schema.get("name")}=${value}; SameSite=None; Secure`
27+
const secure = `${configs.url?.split("/")[0] === "https:" ? ";secure" : ""}`
28+
const urlBasePath = configs.url?.split("/")[3]
29+
const path = `${urlBasePath === undefined ? ";path=/" : ";path=/".concat(urlBasePath)}`
30+
let cookieStr = `${schema.get("name")}=${value};samesite=None${secure}${path}`
31+
document.cookie = cookieStr
2832
}
2933
} catch (error) {
3034
console.error(
@@ -49,7 +53,9 @@ export const logout = (oriAction, system) => (payload) => {
4953

5054
if (isApiKeyInCookie) {
5155
const cookieName = auth.getIn(["schema", "name"])
52-
document.cookie = `${cookieName}=; Max-Age=-99999999`
56+
const urlBasePath = configs.url?.split("/")[3]
57+
const path = `${urlBasePath === undefined ? ";path=/" : ";path=/".concat(urlBasePath)}`
58+
document.cookie = `${cookieName}=;max-age=-99999999${path}`
5359
}
5460
})
5561
}

test/unit/core/plugins/auth/wrap-actions.js

Lines changed: 77 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,82 @@ describe("Cookie based apiKey persistence in document.cookie", () => {
3838
authorize(jest.fn(), system)(payload)
3939

4040
expect(document.cookie).toEqual(
41-
"apiKeyCookie=test; SameSite=None; Secure"
41+
"apiKeyCookie=test;samesite=None;path=/"
42+
)
43+
})
44+
45+
it("should persist secure cookie in document.cookie for non-SSL targets", () => {
46+
const system = {
47+
getConfigs: () => ({
48+
persistAuthorization: true,
49+
url: "http://example.org"
50+
}),
51+
}
52+
const payload = {
53+
api_key: {
54+
schema: fromJS({
55+
type: "apiKey",
56+
name: "apiKeyCookie",
57+
in: "cookie",
58+
}),
59+
value: "test",
60+
},
61+
}
62+
63+
authorize(jest.fn(), system)(payload)
64+
65+
expect(document.cookie).toEqual(
66+
"apiKeyCookie=test;samesite=None;path=/"
67+
)
68+
})
69+
70+
it("should persist secure cookie in document.cookie for SSL targets", () => {
71+
const system = {
72+
getConfigs: () => ({
73+
persistAuthorization: true,
74+
url: "https://example.org"
75+
}),
76+
}
77+
const payload = {
78+
api_key: {
79+
schema: fromJS({
80+
type: "apiKey",
81+
name: "apiKeyCookie",
82+
in: "cookie",
83+
}),
84+
value: "test",
85+
},
86+
}
87+
88+
authorize(jest.fn(), system)(payload)
89+
90+
expect(document.cookie).toEqual(
91+
"apiKeyCookie=test;samesite=None;secure;path=/"
92+
)
93+
})
94+
95+
it("should persist secure cookie in document.cookie for non-root SSL targets", () => {
96+
const system = {
97+
getConfigs: () => ({
98+
persistAuthorization: true,
99+
url: "https://example.org/api"
100+
}),
101+
}
102+
const payload = {
103+
api_key: {
104+
schema: fromJS({
105+
type: "apiKey",
106+
name: "apiKeyCookie",
107+
in: "cookie",
108+
}),
109+
value: "test",
110+
},
111+
}
112+
113+
authorize(jest.fn(), system)(payload)
114+
115+
expect(document.cookie).toEqual(
116+
"apiKeyCookie=test;samesite=None;secure;path=/api"
42117
)
43118
})
44119

@@ -64,7 +139,7 @@ describe("Cookie based apiKey persistence in document.cookie", () => {
64139

65140
logout(jest.fn(), system)(["api_key"])
66141

67-
expect(document.cookie).toEqual("apiKeyCookie=; Max-Age=-99999999")
142+
expect(document.cookie).toEqual("apiKeyCookie=;max-age=-99999999;path=/")
68143
})
69144
})
70145

0 commit comments

Comments
 (0)