From 1353876e44ffbe362e523b1c2dd5fa3f63d16455 Mon Sep 17 00:00:00 2001
From: Ankit Tiwari <ankucodes@gmail.com>
Date: Wed, 1 May 2024 13:48:30 +0530
Subject: [PATCH] fix: normaliseSessionScope and add tests

---
 CHANGELOG.md                         |  4 ++
 recipe/session/session_utils_test.go | 67 ++++++++++++++++++++++++++++
 recipe/session/utils.go              | 40 ++++++++++-------
 supertokens/constants.go             |  2 +-
 4 files changed, 97 insertions(+), 16 deletions(-)
 create mode 100644 recipe/session/session_utils_test.go

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6b954343..563eb163 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [unreleased]
 
+## [0.18.1] - 2024-05-01
+
+- Fixed a bug in the `normaliseSessionScopeOrThrowError` util function that caused it to remove leading dots from the scope string.
+
 ## [0.18.0] - 2024-04-30
 
 ### Changes
diff --git a/recipe/session/session_utils_test.go b/recipe/session/session_utils_test.go
new file mode 100644
index 00000000..fd450110
--- /dev/null
+++ b/recipe/session/session_utils_test.go
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2024, VRAI Labs and/or its affiliates. All rights reserved.
+ *
+ * This software is licensed under the Apache License, Version 2.0 (the
+ * "License") as published by the Apache Software Foundation.
+ *
+ * You may not use this file except in compliance with the License. You may
+ * obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+package session
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestNormaliseSessionScope(t *testing.T) {
+	t.Run("test with leading dot", func(t *testing.T) {
+		result, err := normaliseSessionScopeOrThrowError(".example.com")
+		assert.NoError(t, err)
+		assert.Equal(t, ".example.com", *result)
+	})
+
+	t.Run("test without leading dot", func(t *testing.T) {
+		result, err := normaliseSessionScopeOrThrowError("example.com")
+		assert.NoError(t, err)
+		assert.Equal(t, "example.com", *result)
+	})
+
+	t.Run("test with http prefix", func(t *testing.T) {
+		result, err := normaliseSessionScopeOrThrowError("http://example.com")
+		assert.NoError(t, err)
+		assert.Equal(t, "example.com", *result)
+	})
+
+	t.Run("test with https prefix", func(t *testing.T) {
+		result, err := normaliseSessionScopeOrThrowError("https://example.com")
+		assert.NoError(t, err)
+		assert.Equal(t, "example.com", *result)
+	})
+
+	t.Run("test with IP address", func(t *testing.T) {
+		result, err := normaliseSessionScopeOrThrowError("192.168.1.1")
+		assert.NoError(t, err)
+		assert.Equal(t, "192.168.1.1", *result)
+	})
+
+	t.Run("test with localhost", func(t *testing.T) {
+		result, err := normaliseSessionScopeOrThrowError("localhost")
+		assert.NoError(t, err)
+		assert.Equal(t, "localhost", *result)
+	})
+
+	t.Run("test with leading and trailing whitespace", func(t *testing.T) {
+		result, err := normaliseSessionScopeOrThrowError("  example.com  ")
+		assert.NoError(t, err)
+		assert.Equal(t, "example.com", *result)
+	})
+}
diff --git a/recipe/session/utils.go b/recipe/session/utils.go
index 01a302e1..c2e00536 100644
--- a/recipe/session/utils.go
+++ b/recipe/session/utils.go
@@ -259,35 +259,45 @@ func GetURLScheme(URL string) (string, error) {
 }
 
 func normaliseSessionScopeOrThrowError(sessionScope string) (*string, error) {
-	sessionScope = strings.TrimSpace(sessionScope)
-	sessionScope = strings.ToLower(sessionScope)
+	helper := func(scope string) (string, error) {
+		scope = strings.TrimSpace(scope)
+		scope = strings.ToLower(scope)
 
-	sessionScope = strings.TrimPrefix(sessionScope, ".")
+		scope = strings.TrimPrefix(scope, ".")
 
-	if !strings.HasPrefix(sessionScope, "http://") && !strings.HasPrefix(sessionScope, "https://") {
-		sessionScope = "http://" + sessionScope
+		if !strings.HasPrefix(scope, "http://") && !strings.HasPrefix(scope, "https://") {
+			scope = "http://" + scope
+		}
+
+		parsedURL, err := url.Parse(scope)
+		if err != nil {
+			return "", errors.New("please provide a valid sessionScope")
+		}
+
+		hostname := parsedURL.Hostname()
+
+		return hostname, nil
 	}
 
-	urlObj, err := url.Parse(sessionScope)
+	noDotNormalised, err := helper(sessionScope)
 	if err != nil {
-		return nil, errors.New("Please provide a valid sessionScope")
+		return nil, err
 	}
 
-	sessionScope = urlObj.Hostname()
-	sessionScope = strings.TrimPrefix(sessionScope, ".")
-
-	noDotNormalised := sessionScope
-
 	isAnIP, err := supertokens.IsAnIPAddress(sessionScope)
 	if err != nil {
 		return nil, err
 	}
-	if sessionScope == "localhost" || isAnIP {
-		noDotNormalised = sessionScope
+
+	if noDotNormalised == "localhost" || isAnIP {
+		return &noDotNormalised, nil
 	}
+
 	if strings.HasPrefix(sessionScope, ".") {
-		noDotNormalised = "." + sessionScope
+		noDotNormalised = "." + noDotNormalised
+		return &noDotNormalised, nil
 	}
+
 	return &noDotNormalised, nil
 }
 
diff --git a/supertokens/constants.go b/supertokens/constants.go
index e3db5743..402b0b31 100644
--- a/supertokens/constants.go
+++ b/supertokens/constants.go
@@ -21,7 +21,7 @@ const (
 )
 
 // VERSION current version of the lib
-const VERSION = "0.18.0"
+const VERSION = "0.18.1"
 
 var (
 	cdiSupported = []string{"3.0"}