Skip to content

Commit

Permalink
Fixed Cookie Authentication for Multi level target base Url
Browse files Browse the repository at this point in the history
* Fixed Cookie Path for Multi level target base Url
* Fixed Cookie Removal for Multi level target base Url
* Added Unit Tests
  • Loading branch information
sudiptosarkar committed Aug 6, 2024
1 parent 8d00972 commit a326f67
Show file tree
Hide file tree
Showing 2 changed files with 79 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/core/plugins/auth/wrap-actions.js
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ export const authorize = (oriAction, system) => (payload) => {

if (isApiKeyInCookie) {
const secure = `${configs.url?.split("/")[0] === "https:" ? ";secure" : ""}`
const urlBasePath = configs.url?.split("/")[3]
const urlBasePath = configs.url?.split("/").splice(3).join("/")
const path = `${urlBasePath === undefined ? ";path=/" : ";path=/".concat(urlBasePath)}`
let cookieStr = `${schema.get("name")}=${value};samesite=None${secure}${path}`
document.cookie = cookieStr
Expand Down Expand Up @@ -53,7 +53,7 @@ export const logout = (oriAction, system) => (payload) => {

if (isApiKeyInCookie) {
const cookieName = auth.getIn(["schema", "name"])
const urlBasePath = configs.url?.split("/")[3]
const urlBasePath = configs.url?.split("/").splice(3).join("/")
const path = `${urlBasePath === undefined ? ";path=/" : ";path=/".concat(urlBasePath)}`
document.cookie = `${cookieName}=;max-age=-99999999${path}`
}
Expand Down
77 changes: 77 additions & 0 deletions test/unit/core/plugins/auth/wrap-actions.js
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,31 @@ describe("Cookie based apiKey persistence in document.cookie", () => {
)
})

it("should persist secure cookie in document.cookie for SSL targets with non-root multi-level base path", () => {
const system = {
getConfigs: () => ({
persistAuthorization: true,
url: "https://example.org/api/production"
}),
}
const payload = {
api_key: {
schema: fromJS({
type: "apiKey",
name: "apiKeyCookie",
in: "cookie",
}),
value: "test",
},
}

authorize(jest.fn(), system)(payload)

expect(document.cookie).toEqual(
"apiKeyCookie=test;samesite=None;secure;path=/api/production"
)
})

it("should delete cookie from document.cookie", () => {
const payload = fromJS({
api_key: {
Expand All @@ -141,6 +166,32 @@ describe("Cookie based apiKey persistence in document.cookie", () => {

expect(document.cookie).toEqual("apiKeyCookie=;max-age=-99999999;path=/")
})

it("should delete cookie from document.cookie for targets with non-root multi-level base path", () => {
const payload = fromJS({
api_key: {
schema: {
type: "apiKey",
name: "apiKeyCookie",
in: "cookie",
},
value: "test",
},
})
const system = {
getConfigs: () => ({
persistAuthorization: true,
url: "https://example.org/api/production"
}),
authSelectors: {
authorized: () => payload,
},
}

logout(jest.fn(), system)(["api_key"])

expect(document.cookie).toEqual("apiKeyCookie=;max-age=-99999999;path=/api/production")
})
})

describe("given persistAuthorization=false", () => {
Expand Down Expand Up @@ -191,4 +242,30 @@ describe("Cookie based apiKey persistence in document.cookie", () => {
expect(document.cookie).toEqual("")
})
})

it("should delete cookie from document.cookie for targets with non-root multi-level base path", () => {
const payload = fromJS({
api_key: {
schema: {
type: "apiKey",
name: "apiKeyCookie",
in: "cookie",
},
value: "test",
},
})
const system = {
getConfigs: () => ({
persistAuthorization: false,
url: "https://example.org/api/production"
}),
authSelectors: {
authorized: () => payload,
},
}

logout(jest.fn(), system)(["api_key"])

expect(document.cookie).toEqual("")
})
})

0 comments on commit a326f67

Please sign in to comment.