diff --git a/src/core/plugins/auth/wrap-actions.js b/src/core/plugins/auth/wrap-actions.js index 4c4026069e22..8be692b3f746 100644 --- a/src/core/plugins/auth/wrap-actions.js +++ b/src/core/plugins/auth/wrap-actions.js @@ -24,7 +24,11 @@ export const authorize = (oriAction, system) => (payload) => { const isApiKeyInCookie = isApiKeyAuth && isInCookie if (isApiKeyInCookie) { - document.cookie = `${schema.get("name")}=${value}; SameSite=None; Secure` + const secure = `${configs.url?.split("/")[0] === "https:" ? ";secure" : ""}` + const urlBasePath = configs.url?.split("/")[3] + const path = `${urlBasePath === undefined ? ";path=/" : ";path=/".concat(urlBasePath)}` + let cookieStr = `${schema.get("name")}=${value};samesite=None${secure}${path}` + document.cookie = cookieStr } } catch (error) { console.error( @@ -49,7 +53,9 @@ export const logout = (oriAction, system) => (payload) => { if (isApiKeyInCookie) { const cookieName = auth.getIn(["schema", "name"]) - document.cookie = `${cookieName}=; Max-Age=-99999999` + const urlBasePath = configs.url?.split("/")[3] + const path = `${urlBasePath === undefined ? ";path=/" : ";path=/".concat(urlBasePath)}` + document.cookie = `${cookieName}=;max-age=-99999999${path}` } }) } diff --git a/test/unit/core/plugins/auth/wrap-actions.js b/test/unit/core/plugins/auth/wrap-actions.js index cd1327d7be2a..ff2e8f6269d5 100644 --- a/test/unit/core/plugins/auth/wrap-actions.js +++ b/test/unit/core/plugins/auth/wrap-actions.js @@ -38,7 +38,82 @@ describe("Cookie based apiKey persistence in document.cookie", () => { authorize(jest.fn(), system)(payload) expect(document.cookie).toEqual( - "apiKeyCookie=test; SameSite=None; Secure" + "apiKeyCookie=test;samesite=None;path=/" + ) + }) + + it("should persist secure cookie in document.cookie for non-SSL targets", () => { + const system = { + getConfigs: () => ({ + persistAuthorization: true, + url: "http://example.org" + }), + } + const payload = { + api_key: { + schema: fromJS({ + type: "apiKey", + name: "apiKeyCookie", + in: "cookie", + }), + value: "test", + }, + } + + authorize(jest.fn(), system)(payload) + + expect(document.cookie).toEqual( + "apiKeyCookie=test;samesite=None;path=/" + ) + }) + + it("should persist secure cookie in document.cookie for SSL targets", () => { + const system = { + getConfigs: () => ({ + persistAuthorization: true, + url: "https://example.org" + }), + } + const payload = { + api_key: { + schema: fromJS({ + type: "apiKey", + name: "apiKeyCookie", + in: "cookie", + }), + value: "test", + }, + } + + authorize(jest.fn(), system)(payload) + + expect(document.cookie).toEqual( + "apiKeyCookie=test;samesite=None;secure;path=/" + ) + }) + + it("should persist secure cookie in document.cookie for non-root SSL targets", () => { + const system = { + getConfigs: () => ({ + persistAuthorization: true, + url: "https://example.org/api" + }), + } + const payload = { + api_key: { + schema: fromJS({ + type: "apiKey", + name: "apiKeyCookie", + in: "cookie", + }), + value: "test", + }, + } + + authorize(jest.fn(), system)(payload) + + expect(document.cookie).toEqual( + "apiKeyCookie=test;samesite=None;secure;path=/api" ) }) @@ -64,7 +139,7 @@ describe("Cookie based apiKey persistence in document.cookie", () => { logout(jest.fn(), system)(["api_key"]) - expect(document.cookie).toEqual("apiKeyCookie=; Max-Age=-99999999") + expect(document.cookie).toEqual("apiKeyCookie=;max-age=-99999999;path=/") }) })