From eff8792d572a28445a469e9cc957ad8f8500ada0 Mon Sep 17 00:00:00 2001 From: rishabhpoddar Date: Tue, 15 Oct 2024 21:09:47 +0530 Subject: [PATCH] maybe fixes issue, testing pending --- lib/build/recipe/session/cookieAndHeaders.js | 10 +++- lib/ts/recipe/session/cookieAndHeaders.ts | 10 +++- test/session.test.js | 58 ++++++++++++++++++++ 3 files changed, 76 insertions(+), 2 deletions(-) diff --git a/lib/build/recipe/session/cookieAndHeaders.js b/lib/build/recipe/session/cookieAndHeaders.js index 553671956..26c1d3475 100644 --- a/lib/build/recipe/session/cookieAndHeaders.js +++ b/lib/build/recipe/session/cookieAndHeaders.js @@ -256,7 +256,15 @@ function parseCookieStringFromRequestHeaderAllowingDuplicates(cookieString) { const [name, value] = cookiePair .trim() .split("=") - .map((part) => decodeURIComponent(part)); + .map((part) => { + try { + return decodeURIComponent(part); + } catch (e) { + // this is there in case the cookie value is not encoded. This can happe + // if the user has set their own cookie in a different format. + return part; + } + }); if (cookies.hasOwnProperty(name)) { cookies[name].push(value); } else { diff --git a/lib/ts/recipe/session/cookieAndHeaders.ts b/lib/ts/recipe/session/cookieAndHeaders.ts index 206c7cfbf..6c3180f40 100644 --- a/lib/ts/recipe/session/cookieAndHeaders.ts +++ b/lib/ts/recipe/session/cookieAndHeaders.ts @@ -306,7 +306,15 @@ function parseCookieStringFromRequestHeaderAllowingDuplicates(cookieString: stri const [name, value] = cookiePair .trim() .split("=") - .map((part) => decodeURIComponent(part)); + .map((part) => { + try { + return decodeURIComponent(part); + } catch (e) { + // this is there in case the cookie value is not encoded. This can happe + // if the user has set their own cookie in a different format. + return part; + } + }); if (cookies.hasOwnProperty(name)) { cookies[name].push(value); diff --git a/test/session.test.js b/test/session.test.js index 0fecb5048..5ec4a22eb 100644 --- a/test/session.test.js +++ b/test/session.test.js @@ -245,6 +245,64 @@ describe(`session: ${printPath("[test/session.test.js]")}`, function () { assert(cookies.refreshTokenExpiry === new Date(0).toUTCString()); }); + it("test that custom cookie format does nto throw an error during cookie parsing", async function () { + const connectionURI = await startST(); + SuperTokens.init({ + supertokens: { + connectionURI, + }, + appInfo: { + apiDomain: "api.supertokens.io", + appName: "SuperTokens", + websiteDomain: "supertokens.io", + }, + recipeList: [Session.init({ getTokenTransferMethod: () => "cookie", antiCsrf: "VIA_TOKEN" })], + }); + const app = express(); + app.use(middleware()); + + app.post("/create", async (req, res) => { + await Session.createNewSession(req, res, "public", SuperTokens.convertToRecipeUserId("testuserid"), {}, {}); + res.status(200).send(""); + }); + + app.use(errorHandler()); + let res = extractInfoFromResponse( + await new Promise((resolve) => + request(app) + .post("/create") + .expect(200) + .end((err, res) => { + if (err) { + resolve(undefined); + } else { + resolve(res); + } + }) + ) + ); + + let res2 = await new Promise((resolve) => + request(app) + .post("/auth/session/refresh") + .set("Cookie", ["sAccessToken=" + res.accessToken + ";custom=" + ""]) + .set("anti-csrf", res.antiCsrf) + .end((err, res) => { + if (err) { + resolve(undefined); + } else { + resolve(res); + } + }) + ); + let cookies = extractInfoFromResponse(res2); + assert(res2.status === 401); + assert(cookies.accessToken === ""); + assert(cookies.accessTokenExpiry === new Date(0).toUTCString()); + assert(cookies.refreshToken === ""); + assert(cookies.refreshTokenExpiry === new Date(0).toUTCString()); + }); + it("test that session tokens are cleared if refresh token api is called without the refresh token but with an expired access token", async function () { const connectionURI = await startST({ coreConfig: { access_token_validity: 1 } }); SuperTokens.init({