Improved the way we handle localhost cookies

2024-05-20 20:52:36 +12:00 · 2019-11-12 20:42:58 +02:00 · 2019-11-12 20:42:58 +02:00 · 3a0f6639b3
parent 1e86d5c429
commit 3a0f6639b3
11 changed files with 36 additions and 28 deletions
--- a/app/controllers/account.php
+++ b/app/controllers/account.php
@ -3,7 +3,6 @@
 global $utopia, $register, $response, $user, $audit, $project, $projectDB, $providers;

 use Utopia\Exception;
-use Utopia\Response;
 use Utopia\Validator\Text;
 use Utopia\Validator\Email;
 use Utopia\Locale\Locale;
@ -353,7 +352,7 @@ $utopia->delete('/v1/account')
            ;

            $response
-                ->addCookie(Auth::$cookieName, '', time() - 3600, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, Response::COOKIE_SAMESITE_NONE)
+                ->addCookie(Auth::$cookieName, '', time() - 3600, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, COOKIE_SAMESITE)
                ->json(array('result' => 'success'));
        }
    );
--- a/app/controllers/auth.php
+++ b/app/controllers/auth.php
@ -3,7 +3,6 @@
 global $utopia, $register, $request, $response, $user, $audit, $webhook, $project, $domain, $projectDB, $providers, $clients;

 use Utopia\Exception;
-use Utopia\Response;
 use Utopia\Validator\WhiteList;
 use Utopia\Validator\Text;
 use Utopia\Validator\Email;
@ -176,7 +175,7 @@ $utopia->post('/v1/auth/register')
            ;

            $response
-                ->addCookie(Auth::$cookieName, Auth::encodeSession($user->getUid(), $loginSecret), $expiry, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, Response::COOKIE_SAMESITE_NONE);
+                ->addCookie(Auth::$cookieName, Auth::encodeSession($user->getUid(), $loginSecret), $expiry, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, COOKIE_SAMESITE);

            if ($success) {
                $response->redirect($success);
@ -374,7 +373,7 @@ $utopia->post('/v1/auth/login')
            ;

            $response
-                ->addCookie(Auth::$cookieName, Auth::encodeSession($profile->getUid(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, Response::COOKIE_SAMESITE_NONE);
+                ->addCookie(Auth::$cookieName, Auth::encodeSession($profile->getUid(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, COOKIE_SAMESITE);

            if ($success) {
                $response->redirect($success);
@ -609,7 +608,7 @@ $utopia->get('/v1/auth/login/oauth/:provider/redirect')
            ;

            $response
-                ->addCookie(Auth::$cookieName, Auth::encodeSession($user->getUid(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, Response::COOKIE_SAMESITE_NONE)
+                ->addCookie(Auth::$cookieName, Auth::encodeSession($user->getUid(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, COOKIE_SAMESITE)
            ;

            $response->redirect($state['success']);
@ -642,7 +641,7 @@ $utopia->delete('/v1/auth/logout')
            $audit->setParam('event', 'auth.logout');

            $response
-                ->addCookie(Auth::$cookieName, '', time() - 3600, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, Response::COOKIE_SAMESITE_NONE)
+                ->addCookie(Auth::$cookieName, '', time() - 3600, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, COOKIE_SAMESITE)
                ->json(array('result' => 'success'))
            ;
        }
@ -672,7 +671,7 @@ $utopia->delete('/v1/auth/logout/:id')
                    ;

                    if ($token->getAttribute('secret') == Auth::hash(Auth::$secret)) { // If current session delete cookies
-                        $response->addCookie(Auth::$cookieName, '', time() - 3600, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, Response::COOKIE_SAMESITE_NONE);
+                        $response->addCookie(Auth::$cookieName, '', time() - 3600, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, COOKIE_SAMESITE);
                    }
                }
            }
--- a/app/controllers/teams.php
+++ b/app/controllers/teams.php
@ -592,7 +592,7 @@ $utopia->patch('/v1/teams/:teamId/memberships/:inviteId/status')
                ->setParam('event', 'auth.join')
            ;

-            $response->addCookie(Auth::$cookieName, Auth::encodeSession($user->getUid(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, Response::COOKIE_SAMESITE_NONE);
+            $response->addCookie(Auth::$cookieName, Auth::encodeSession($user->getUid(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, COOKIE_SAMESITE);

            if ($success) {
                $response->redirect($success);
--- a/app/init.php
+++ b/app/init.php
@ -47,7 +47,12 @@ $port = (string) (isset($_SERVER['HTTP_HOST'])) ? parse_url($_SERVER['HTTP_HOST'

 Resque::setBackend($redisHost.':'.$redisPort);

-define('COOKIE_DOMAIN', ($request->getServer('HTTP_HOST', null) === 'localhost' || $request->getServer('HTTP_HOST', null) === 'localhost:'.$port) ? false : '.'.$request->getServer('HTTP_HOST', false));
+define('COOKIE_DOMAIN', (
+    $request->getServer('HTTP_HOST', null) === 'localhost' ||
+    $request->getServer('HTTP_HOST', null) === 'localhost:'.$port)
+        ? null
+        : '.'.parse_url($request->getServer('HTTP_HOST', false), PHP_URL_HOST));
+define('COOKIE_SAMESITE', null); // Response::COOKIE_SAMESITE_NONE

 /*
 * Registry
@ -210,10 +215,10 @@ if (is_null($project->getUid()) || Database::SYSTEM_COLLECTION_PROJECTS !== $pro

 $mode = $request->getParam('mode', $request->getHeader('X-Appwrite-Mode', 'default'));

-Auth::setCookieName('a-session-'.$project->getUid());
+Auth::setCookieName('a_session_'.$project->getUid());

 if (APP_MODE_ADMIN === $mode) {
-    Auth::setCookieName('a-session-'.$console->getUid());
+    Auth::setCookieName('a_session_'.$console->getUid());
 }

 $session = Auth::decodeSession($request->getCookie(Auth::$cookieName, $request->getHeader('X-Appwrite-Key', '')));
--- a/public/dist/styles/default-ltr.css
+++ b/public/dist/styles/default-ltr.css
--- a/public/dist/styles/default-rtl.css
+++ b/public/dist/styles/default-rtl.css
--- a/public/styles/scopes/home.less
+++ b/public/styles/scopes/home.less
@ -7,4 +7,9 @@ html.home {
        max-height: 35px;
        margin: 45px 25px 25px 25px;
    }
+
+    footer {
+        background: transparent;
+        text-align: center;
+    }
 }
--- a/src/Auth/Auth.php
+++ b/src/Auth/Auth.php
@ -59,7 +59,7 @@ class Auth
    /**
     * @var string
     */
-    public static $cookieName = 'a-session';
+    public static $cookieName = 'a_session';

    /**
     * User Unique ID.
--- a/tests/e2e/BaseConsole.php
+++ b/tests/e2e/BaseConsole.php
@ -55,12 +55,12 @@ class BaseConsole extends TestCase
        $this->assertEquals('http://localhost/success', $response['headers']['location']);
        $this->assertEquals("", $response['body']);

-        $session = $this->client->parseCookie($response['headers']['set-cookie'])['a-session-console'];
+        $session = $this->client->parseCookie($response['headers']['set-cookie'])['a_session_console'];

        $team = $this->client->call(Client::METHOD_POST, '/teams', [
            'origin' => 'http://localhost',
            'content-type' => 'application/json',
-            'cookie' => 'a-session-console=' . $session,
+            'cookie' => 'a_session_console=' . $session,
        ], [
            'name' => 'Demo Project Team',
        ]);
@ -72,7 +72,7 @@ class BaseConsole extends TestCase
        $project = $this->client->call(Client::METHOD_POST, '/projects', [
            'origin' => 'http://localhost',
            'content-type' => 'application/json',
-            'cookie' => 'a-session-console=' . $session,
+            'cookie' => 'a_session_console=' . $session,
        ], [
            'name' => 'Demo Project',
            'teamId' => $team['body']['$uid'],
@ -93,7 +93,7 @@ class BaseConsole extends TestCase
        $key = $this->client->call(Client::METHOD_POST, '/projects/' . $project['body']['$uid'] . '/keys', [
            'origin' => 'http://localhost',
            'content-type' => 'application/json',
-            'cookie' => 'a-session-console=' . $session,
+            'cookie' => 'a_session_console=' . $session,
        ], [
            'name' => 'Demo Project Key',
            'scopes' => $scopes,
@ -114,7 +114,7 @@ class BaseConsole extends TestCase
            'session' => $session,
            'projectUid' => $project['body']['$uid'],
            'projectAPIKeySecret' => $key['body']['secret'],
-            'projectSession' => $this->client->parseCookie($user['headers']['set-cookie'])['a-session-' . $project['body']['$uid']],
+            'projectSession' => $this->client->parseCookie($user['headers']['set-cookie'])['a_session_' . $project['body']['$uid']],
        ];
    }
 }
--- a/tests/e2e/ConsoleProjectsTest.php
+++ b/tests/e2e/ConsoleProjectsTest.php
@ -13,7 +13,7 @@ class ConsoleProjectsTest extends BaseConsole
        $this->assertEquals('http://localhost/success', $response['headers']['location']);
        $this->assertEquals("", $response['body']);

-        $session = $this->client->parseCookie($response['headers']['set-cookie'])['a-session-console'];
+        $session = $this->client->parseCookie($response['headers']['set-cookie'])['a_session_console'];

        return [
            'email' => $this->demoEmail,
@ -30,7 +30,7 @@ class ConsoleProjectsTest extends BaseConsole
        $response = $this->client->call(Client::METHOD_GET, '/projects', [
            'origin' => 'http://localhost',
            'content-type' => 'application/json',
-            'cookie' => 'a-session-console=' . $data['session'],
+            'cookie' => 'a_session_console=' . $data['session'],
        ], []);

        $this->assertEquals(200, $response['headers']['status-code']);
@ -45,7 +45,7 @@ class ConsoleProjectsTest extends BaseConsole
        $team = $this->client->call(Client::METHOD_POST, '/teams', [
            'origin' => 'http://localhost',
            'content-type' => 'application/json',
-            'cookie' => 'a-session-console=' . $data['session'],
+            'cookie' => 'a_session_console=' . $data['session'],
        ], [
            'name' => 'Demo Project Team',
        ]);
@ -57,7 +57,7 @@ class ConsoleProjectsTest extends BaseConsole
        $response = $this->client->call(Client::METHOD_POST, '/projects', [
            'origin' => 'http://localhost',
            'content-type' => 'application/json',
-            'cookie' => 'a-session-console=' . $data['session'],
+            'cookie' => 'a_session_console=' . $data['session'],
        ], [
            'name' => 'Demo Project',
            'teamId' => $team['body']['$uid'],
@ -88,7 +88,7 @@ class ConsoleProjectsTest extends BaseConsole
        $response = $this->client->call(Client::METHOD_POST, '/projects', [
            'origin' => 'http://localhost',
            'content-type' => 'application/json',
-            'cookie' => 'a-session-console=' . $data['session'],
+            'cookie' => 'a_session_console=' . $data['session'],
        ], array_merge($data['project'], [
            'name' => 'New Project Name',
            'description' => 'New Demo Project Description',
--- a/tests/e2e/ConsoleTest.php
+++ b/tests/e2e/ConsoleTest.php
@ -34,7 +34,7 @@ class ConsoleTest extends BaseConsole
            'failure' => 'http://localhost/failure',
        ]);

-        $session = $this->client->parseCookie($response['headers']['set-cookie'])['a-session-console'];
+        $session = $this->client->parseCookie($response['headers']['set-cookie'])['a_session_console'];

        $this->assertEquals('http://localhost/success', $response['headers']['location']);
        $this->assertEquals("", $response['body']);
@ -54,7 +54,7 @@ class ConsoleTest extends BaseConsole
        $response = $this->client->call(Client::METHOD_GET, '/account', [
            'origin' => 'http://localhost',
            'content-type' => 'application/json',
-            'cookie' => 'a-session-console=' . $data['session'],
+            'cookie' => 'a_session_console=' . $data['session'],
        ], []);

        $this->assertEquals('Demo User', $response['body']['name']);
@ -77,7 +77,7 @@ class ConsoleTest extends BaseConsole
        $response = $this->client->call(Client::METHOD_DELETE, '/auth/logout', [
            'origin' => 'http://localhost',
            'content-type' => 'application/json',
-            'cookie' => 'a-session-console=' . $data['session'],
+            'cookie' => 'a_session_console=' . $data['session'],
        ], []);

        $this->assertEquals(200, $response['headers']['status-code']);