Skip to content

Commit

Permalink
maybe fixes issue, testing pending
Browse files Browse the repository at this point in the history
  • Loading branch information
rishabhpoddar committed Oct 15, 2024
1 parent 0e21e6d commit eff8792
Show file tree
Hide file tree
Showing 3 changed files with 76 additions and 2 deletions.
10 changes: 9 additions & 1 deletion lib/build/recipe/session/cookieAndHeaders.js
Original file line number Diff line number Diff line change
Expand Up @@ -256,7 +256,15 @@ function parseCookieStringFromRequestHeaderAllowingDuplicates(cookieString) {
const [name, value] = cookiePair
.trim()
.split("=")
.map((part) => decodeURIComponent(part));
.map((part) => {
try {
return decodeURIComponent(part);
} catch (e) {
// this is there in case the cookie value is not encoded. This can happe
// if the user has set their own cookie in a different format.
return part;
}
});
if (cookies.hasOwnProperty(name)) {
cookies[name].push(value);
} else {
Expand Down
10 changes: 9 additions & 1 deletion lib/ts/recipe/session/cookieAndHeaders.ts
Original file line number Diff line number Diff line change
Expand Up @@ -306,7 +306,15 @@ function parseCookieStringFromRequestHeaderAllowingDuplicates(cookieString: stri
const [name, value] = cookiePair
.trim()
.split("=")
.map((part) => decodeURIComponent(part));
.map((part) => {
try {
return decodeURIComponent(part);
} catch (e) {
// this is there in case the cookie value is not encoded. This can happe
// if the user has set their own cookie in a different format.
return part;
}
});

if (cookies.hasOwnProperty(name)) {
cookies[name].push(value);
Expand Down
58 changes: 58 additions & 0 deletions test/session.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -245,6 +245,64 @@ describe(`session: ${printPath("[test/session.test.js]")}`, function () {
assert(cookies.refreshTokenExpiry === new Date(0).toUTCString());
});

it("test that custom cookie format does nto throw an error during cookie parsing", async function () {
const connectionURI = await startST();
SuperTokens.init({
supertokens: {
connectionURI,
},
appInfo: {
apiDomain: "api.supertokens.io",
appName: "SuperTokens",
websiteDomain: "supertokens.io",
},
recipeList: [Session.init({ getTokenTransferMethod: () => "cookie", antiCsrf: "VIA_TOKEN" })],
});
const app = express();
app.use(middleware());

app.post("/create", async (req, res) => {
await Session.createNewSession(req, res, "public", SuperTokens.convertToRecipeUserId("testuserid"), {}, {});
res.status(200).send("");
});

app.use(errorHandler());
let res = extractInfoFromResponse(
await new Promise((resolve) =>
request(app)
.post("/create")
.expect(200)
.end((err, res) => {
if (err) {
resolve(undefined);
} else {
resolve(res);
}
})
)
);

let res2 = await new Promise((resolve) =>
request(app)
.post("/auth/session/refresh")
.set("Cookie", ["sAccessToken=" + res.accessToken + ";custom=" + ""])
.set("anti-csrf", res.antiCsrf)
.end((err, res) => {
if (err) {
resolve(undefined);
} else {
resolve(res);
}
})
);
let cookies = extractInfoFromResponse(res2);
assert(res2.status === 401);
assert(cookies.accessToken === "");
assert(cookies.accessTokenExpiry === new Date(0).toUTCString());
assert(cookies.refreshToken === "");
assert(cookies.refreshTokenExpiry === new Date(0).toUTCString());
});

it("test that session tokens are cleared if refresh token api is called without the refresh token but with an expired access token", async function () {
const connectionURI = await startST({ coreConfig: { access_token_validity: 1 } });
SuperTokens.init({
Expand Down

0 comments on commit eff8792

Please sign in to comment.