Testing samesite cookie option
This commit is contained in:
eldadfux
parent
30b5773e1f
commit
6c7fa7ea71
|
|
@ -3,15 +3,16 @@
|
|||
global $utopia, $register, $response, $user, $audit, $project, $projectDB, $providers;
|
||||
|
||||
use Utopia\Exception;
|
||||
use Utopia\Response;
|
||||
use Utopia\Validator\Text;
|
||||
use Utopia\Validator\Email;
|
||||
use Utopia\Locale\Locale;
|
||||
use Auth\Auth;
|
||||
use Auth\Validator\Password;
|
||||
use Database\Database;
|
||||
use Database\Validator\Authorization;
|
||||
use DeviceDetector\DeviceDetector;
|
||||
use GeoIp2\Database\Reader;
|
||||
use Utopia\Locale\Locale;
|
||||
|
||||
$utopia->get('/v1/account')
|
||||
->desc('Get Account')
|
||||
|
|
@ -352,7 +353,7 @@ $utopia->delete('/v1/account')
|
|||
;
|
||||
|
||||
$response
|
||||
->addCookie(Auth::$cookieName, '', time() - 3600, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true)
|
||||
->addCookie(Auth::$cookieName, '', time() - 3600, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, Response::COOKIE_SAMESITE_NONE)
|
||||
->json(array('result' => 'success'));
|
||||
}
|
||||
);
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@
|
|||
global $utopia, $register, $request, $response, $user, $audit, $webhook, $project, $domain, $projectDB, $providers, $clients;
|
||||
|
||||
use Utopia\Exception;
|
||||
use Utopia\Response;
|
||||
use Utopia\Validator\WhiteList;
|
||||
use Utopia\Validator\Text;
|
||||
use Utopia\Validator\Email;
|
||||
|
|
@ -174,7 +175,8 @@ $utopia->post('/v1/auth/register')
|
|||
->setParam('event', 'auth.register')
|
||||
;
|
||||
|
||||
$response->addCookie(Auth::$cookieName, Auth::encodeSession($user->getUid(), $loginSecret), $expiry, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true);
|
||||
$response
|
||||
->addCookie(Auth::$cookieName, Auth::encodeSession($user->getUid(), $loginSecret), $expiry, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, Response::COOKIE_SAMESITE_NONE);
|
||||
|
||||
if ($success) {
|
||||
$response->redirect($success);
|
||||
|
|
@ -372,7 +374,8 @@ $utopia->post('/v1/auth/login')
|
|||
;
|
||||
|
||||
$response
|
||||
->addCookie(Auth::$cookieName, Auth::encodeSession($profile->getUid(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true);
|
||||
->addHeader('testx', 'valuex')
|
||||
->addCookie(Auth::$cookieName, Auth::encodeSession($profile->getUid(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, Response::COOKIE_SAMESITE_NONE);
|
||||
|
||||
if ($success) {
|
||||
$response->redirect($success);
|
||||
|
|
@ -409,7 +412,7 @@ $utopia->delete('/v1/auth/logout')
|
|||
$audit->setParam('event', 'auth.logout');
|
||||
|
||||
$response
|
||||
->addCookie(Auth::$cookieName, '', time() - 3600, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true)
|
||||
->addCookie(Auth::$cookieName, '', time() - 3600, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, Response::COOKIE_SAMESITE_NONE)
|
||||
->json(array('result' => 'success'))
|
||||
;
|
||||
}
|
||||
|
|
@ -439,7 +442,7 @@ $utopia->delete('/v1/auth/logout/:id')
|
|||
;
|
||||
|
||||
if ($token->getAttribute('secret') == Auth::hash(Auth::$secret)) { // If current session delete cookies
|
||||
$response->addCookie(Auth::$cookieName, '', time() - 3600, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true);
|
||||
$response->addCookie(Auth::$cookieName, '', time() - 3600, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, Response::COOKIE_SAMESITE_NONE);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -813,7 +816,7 @@ $utopia->get('/v1/auth/login/oauth/:provider/redirect')
|
|||
;
|
||||
|
||||
$response
|
||||
->addCookie(Auth::$cookieName, Auth::encodeSession($user->getUid(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true)
|
||||
->addCookie(Auth::$cookieName, Auth::encodeSession($user->getUid(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, Response::COOKIE_SAMESITE_NONE)
|
||||
;
|
||||
|
||||
$response->redirect($state['success']);
|
||||
|
|
|
|||
|
|
@ -592,7 +592,7 @@ $utopia->patch('/v1/teams/:teamId/memberships/:inviteId/status')
|
|||
->setParam('event', 'auth.join')
|
||||
;
|
||||
|
||||
$response->addCookie(Auth::$cookieName, Auth::encodeSession($user->getUid(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true);
|
||||
$response->addCookie(Auth::$cookieName, Auth::encodeSession($user->getUid(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, Response::COOKIE_SAMESITE_NONE);
|
||||
|
||||
if ($success) {
|
||||
$response->redirect($success);
|
||||
|
|
|
|||
|
|
@ -55,7 +55,8 @@ $canonical = $this->getParam('canonical', '');
|
|||
PROTOCOL: '<?php echo $protocol; ?>',
|
||||
DOMAIN: '<?php echo $domain; ?>',
|
||||
HOME: '<?php echo $this->escape($this->getParam('home')); ?>',
|
||||
API: '<?php echo $api; ?>/v1',
|
||||
|
||||
API: 'https://localhost/v1',
|
||||
PROJECT: '<?php echo $project; ?>',
|
||||
LOCALE: '<?php echo $this->escape(Locale::getText('settings.locale')); ?>',
|
||||
PREFIX: '<?php echo $this->escape($this->getParam('prefix')); ?>',
|
||||
|
|
|
|||
16
composer.lock
generated
16
composer.lock
generated
|
|
@ -1440,12 +1440,12 @@
|
|||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/twigphp/Twig.git",
|
||||
"reference": "d073fed7f1979689a25d161423c90ecccaf87c4f"
|
||||
"reference": "468f5cbe21e3fdcd5a351e615c28bf549dbe4dcc"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/twigphp/Twig/zipball/d073fed7f1979689a25d161423c90ecccaf87c4f",
|
||||
"reference": "d073fed7f1979689a25d161423c90ecccaf87c4f",
|
||||
"url": "https://api.github.com/repos/twigphp/Twig/zipball/468f5cbe21e3fdcd5a351e615c28bf549dbe4dcc",
|
||||
"reference": "468f5cbe21e3fdcd5a351e615c28bf549dbe4dcc",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
|
|
@ -1499,7 +1499,7 @@
|
|||
"keywords": [
|
||||
"templating"
|
||||
],
|
||||
"time": "2019-10-23T15:56:47+00:00"
|
||||
"time": "2019-11-07T21:14:26+00:00"
|
||||
},
|
||||
{
|
||||
"name": "utopia-php/abuse",
|
||||
|
|
@ -1649,12 +1649,12 @@
|
|||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/utopia-php/framework.git",
|
||||
"reference": "315b97b6558346348e2c3f56a826dcfb6c455791"
|
||||
"reference": "9ca3337cdc5bbf3cc6458c51b06a91fc4f666567"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/utopia-php/framework/zipball/315b97b6558346348e2c3f56a826dcfb6c455791",
|
||||
"reference": "315b97b6558346348e2c3f56a826dcfb6c455791",
|
||||
"url": "https://api.github.com/repos/utopia-php/framework/zipball/9ca3337cdc5bbf3cc6458c51b06a91fc4f666567",
|
||||
"reference": "9ca3337cdc5bbf3cc6458c51b06a91fc4f666567",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
|
|
@ -1685,7 +1685,7 @@
|
|||
"php",
|
||||
"upf"
|
||||
],
|
||||
"time": "2019-10-16T14:30:55+00:00"
|
||||
"time": "2019-11-08T06:20:41+00:00"
|
||||
},
|
||||
{
|
||||
"name": "utopia-php/locale",
|
||||
|
|
|
|||
Loading…
Reference in a new issue