Added support for SameSite cookie option
This commit is contained in:
parent
ba5f0c8b31
commit
d5044ce1d5
|
@ -384,6 +384,7 @@ $utopia->post('/v1/account/sessions')
|
|||
|
||||
$response
|
||||
->addCookie(Auth::$cookieName, Auth::encodeSession($profile->getUid(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, COOKIE_SAMESITE)
|
||||
->addCookie(Auth::$cookieName.'_legacy', Auth::encodeSession($profile->getUid(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, null)
|
||||
->setStatusCode(Response::STATUS_CODE_CREATED)
|
||||
->json($session->getArrayCopy(['$uid', 'type', 'expire']))
|
||||
;
|
||||
|
@ -612,9 +613,9 @@ $utopia->get('/v1/account/sessions/oauth/:provider/redirect')
|
|||
|
||||
$response
|
||||
->addCookie(Auth::$cookieName, Auth::encodeSession($user->getUid(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, COOKIE_SAMESITE)
|
||||
->addCookie(Auth::$cookieName.'_legacy', Auth::encodeSession($user->getUid(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, null)
|
||||
->redirect($state['success'])
|
||||
;
|
||||
|
||||
$response->redirect($state['success']);
|
||||
}
|
||||
);
|
||||
|
||||
|
@ -827,6 +828,7 @@ $utopia->delete('/v1/account')
|
|||
|
||||
$response
|
||||
->addCookie(Auth::$cookieName, '', time() - 3600, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, COOKIE_SAMESITE)
|
||||
->addCookie(Auth::$cookieName.'_legacy', '', time() - 3600, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, null)
|
||||
->noContent()
|
||||
;
|
||||
}
|
||||
|
@ -862,7 +864,10 @@ $utopia->delete('/v1/account/sessions')
|
|||
;
|
||||
|
||||
if ($token->getAttribute('secret') == Auth::hash(Auth::$secret)) { // If current session delete the cookies too
|
||||
$response->addCookie(Auth::$cookieName, '', time() - 3600, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, COOKIE_SAMESITE);
|
||||
$response
|
||||
->addCookie(Auth::$cookieName, '', time() - 3600, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, COOKIE_SAMESITE)
|
||||
->addCookie(Auth::$cookieName.'_legacy', '', time() - 3600, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, null)
|
||||
;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -902,7 +907,10 @@ $utopia->delete('/v1/account/sessions/:id')
|
|||
;
|
||||
|
||||
if ($token->getAttribute('secret') == Auth::hash(Auth::$secret)) { // If current session delete the cookies too
|
||||
$response->addCookie(Auth::$cookieName, '', time() - 3600, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, COOKIE_SAMESITE);
|
||||
$response
|
||||
->addCookie(Auth::$cookieName, '', time() - 3600, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, COOKIE_SAMESITE)
|
||||
->addCookie(Auth::$cookieName.'_legacy', '', time() - 3600, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, null)
|
||||
;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -938,6 +946,7 @@ $utopia->delete('/v1/account/sessions/current')
|
|||
|
||||
$response
|
||||
->addCookie(Auth::$cookieName, '', time() - 3600, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, COOKIE_SAMESITE)
|
||||
->addCookie(Auth::$cookieName.'_legacy', '', time() - 3600, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, null)
|
||||
->noContent()
|
||||
;
|
||||
}
|
||||
|
|
|
@ -177,7 +177,7 @@ $utopia->post('/v1/auth/register')
|
|||
;
|
||||
|
||||
$response
|
||||
->addCookie(Auth::$cookieName, Auth::encodeSession($user->getUid(), $loginSecret), $expiry, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, COOKIE_SAMESITE);
|
||||
->addCookie(Auth::$cookieName, Auth::encodeSession($user->getUid(), $loginSecret), $expiry, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, null);
|
||||
|
||||
if ($success) {
|
||||
$response->redirect($success);
|
||||
|
@ -375,7 +375,7 @@ $utopia->post('/v1/auth/login')
|
|||
;
|
||||
|
||||
$response
|
||||
->addCookie(Auth::$cookieName, Auth::encodeSession($profile->getUid(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, COOKIE_SAMESITE);
|
||||
->addCookie(Auth::$cookieName, Auth::encodeSession($profile->getUid(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, null);
|
||||
|
||||
if ($success) {
|
||||
$response->redirect($success);
|
||||
|
@ -608,7 +608,7 @@ $utopia->get('/v1/auth/login/oauth/:provider/redirect')
|
|||
;
|
||||
|
||||
$response
|
||||
->addCookie(Auth::$cookieName, Auth::encodeSession($user->getUid(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, COOKIE_SAMESITE)
|
||||
->addCookie(Auth::$cookieName, Auth::encodeSession($user->getUid(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, null)
|
||||
;
|
||||
|
||||
$response->redirect($state['success']);
|
||||
|
@ -641,7 +641,7 @@ $utopia->delete('/v1/auth/logout')
|
|||
$audit->setParam('event', 'auth.logout');
|
||||
|
||||
$response
|
||||
->addCookie(Auth::$cookieName, '', time() - 3600, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, COOKIE_SAMESITE)
|
||||
->addCookie(Auth::$cookieName, '', time() - 3600, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, null)
|
||||
->json(array('result' => 'success'))
|
||||
;
|
||||
}
|
||||
|
@ -671,7 +671,7 @@ $utopia->delete('/v1/auth/logout/:id')
|
|||
;
|
||||
|
||||
if ($token->getAttribute('secret') == Auth::hash(Auth::$secret)) { // If current session delete cookies
|
||||
$response->addCookie(Auth::$cookieName, '', time() - 3600, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, COOKIE_SAMESITE);
|
||||
$response->addCookie(Auth::$cookieName, '', time() - 3600, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, null);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -594,7 +594,10 @@ $utopia->patch('/v1/teams/:teamId/memberships/:inviteId/status')
|
|||
->setParam('event', 'auth.join')
|
||||
;
|
||||
|
||||
$response->addCookie(Auth::$cookieName, Auth::encodeSession($user->getUid(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, COOKIE_SAMESITE);
|
||||
$response
|
||||
->addCookie(Auth::$cookieName, Auth::encodeSession($user->getUid(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, COOKIE_SAMESITE)
|
||||
->addCookie(Auth::$cookieName.'_legacy', Auth::encodeSession($user->getUid(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $request->getServer('REQUEST_SCHEME', 'https')), true, null)
|
||||
;
|
||||
|
||||
if ($success) {
|
||||
$response->redirect($success);
|
||||
|
|
|
@ -56,7 +56,7 @@ define('COOKIE_DOMAIN',
|
|||
)
|
||||
? null
|
||||
: '.'.parse_url($scheme.'://'.$request->getServer('HTTP_HOST', ''), PHP_URL_HOST));
|
||||
define('COOKIE_SAMESITE', null); // Response::COOKIE_SAMESITE_NONE
|
||||
define('COOKIE_SAMESITE', Response::COOKIE_SAMESITE_NONE);
|
||||
|
||||
/*
|
||||
* Registry
|
||||
|
@ -222,7 +222,10 @@ if (APP_MODE_ADMIN === $mode) {
|
|||
Auth::setCookieName('a_session_'.$console->getUid());
|
||||
}
|
||||
|
||||
$session = Auth::decodeSession($request->getCookie(Auth::$cookieName, $request->getHeader('X-Appwrite-Key', '')));
|
||||
$session = Auth::decodeSession(
|
||||
$request->getCookie(Auth::$cookieName, // Get sessions
|
||||
$request->getCookie(Auth::$cookieName.'_legacy', // Get fallback session from old clients (no SameSite support)
|
||||
$request->getHeader('X-Appwrite-Key', '')))); // Get API Key
|
||||
Auth::$unique = $session['id'];
|
||||
Auth::$secret = $session['secret'];
|
||||
|
||||
|
|
Loading…
Reference in a new issue