Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed Cookie Authentication #9186

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Fixed Cookie Authentication #9186

wants to merge 2 commits into from

Conversation

sudiptosarkar
Copy link

@sudiptosarkar sudiptosarkar commented Sep 2, 2023
edited
Loading

Fixes for Cookie Authentication. This builds on top of the changes done as part of the issue #8683 (PR #8689) and #9710. The changes done as part of that PR don't work (both setting the Cookie as well as resetting it).

Description

  • Fixed Cookie Removal for Logouts
  • Fixed Setting of Cookie by specifying the path
  • Adding secure only when target is SSL/TLS
  • Added Unit Tests

Motivation and Context

The Cookie based Authentication was not working in at least Safari. Neither was the cookie being set, nor was was it being unset (after fixing the setting part). This was causing the API testing of Cookie Authentication based endpoints impossible.

The official Mozilla Developer Documentation on document.cookie was followed to implement the fix.

Swagger UI's official documentation states that cross domain Cookie Auth is not supported. While that may still be the case after this fix is released because of CORS blocks, this fix will work if the swagger UI is loaded from the same domain, where the APIs reside.

Fixes for removing the set Cookies have also been added

How Has This Been Tested?

  • A cookie authentication based nodejs application was used with swagger-express-ui.
  • The persistAuthorization configuration field was set to true
  • After deploying the application, the Authentication Cookie was set.
  • API endpoints were hit using these browsers:
    • Mozilla Firefox
    • Google Chrome
    • Safari
    • Microsoft Edge
  • The Cookie Request Header was verified to have an entry for the authentication cookie
  • Logout was tested in the same manner.

Screenshots (if appropriate):

Checklist

My PR contains...

  • No code changes (src/ is unmodified: changes to documentation, CI, metadata, etc.)
  • Dependency changes (any modification to dependencies in package.json)
  • Bug fixes (non-breaking change which fixes an issue)
  • Improvements (misc. changes to existing features)
  • Features (non-breaking change which adds functionality)

My changes...

  • are breaking changes to a public API (config options, System API, major UI change, etc).
  • are breaking changes to a private API (Redux, component props, utility functions, etc.).
  • are breaking changes to a developer API (npm script behavior changes, new dev system dependencies, etc).
  • are not breaking changes.

Documentation

  • My changes do not require a change to the project documentation.
  • My changes require a change to the project documentation.
  • If yes to above: I have updated the documentation accordingly.

Automated tests

  • My changes can not or do not need to be tested.
  • My changes can and should be tested by unit and/or integration tests.
  • If yes to above: I have added tests to cover my changes.
  • If yes to above: I have taken care to cover edge cases in my tests.
  • All new and existing tests passed.

@sudiptosarkar sudiptosarkar force-pushed the bugfix/cookieAuthentication branch 2 times, most recently from c5e2442 to e93dd55 Compare September 5, 2023 12:45
@sudiptosarkar sudiptosarkar mentioned this pull request Nov 4, 2023
Open
@sudiptosarkar
Fixed Cookie Authentication
8d00972 
* Fixed Cookie Removal for Logouts
* Fixed Setting of Cookie by specifying the path
* Adding secure only when target is SSL/TLS
* Added Unit Tests
@sudiptosarkar
Fixed Cookie Authentication for Multi level target base Url
a326f67 
* Fixed Cookie Path for Multi level target base Url
* Fixed Cookie Removal for Multi level target base Url
* Added Unit Tests
@sudiptosarkar sudiptosarkar force-pushed the bugfix/cookieAuthentication branch from 9b5332a to a326f67 Compare August 6, 2024 11:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@sudiptosarkar