github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-10-17 21:05:04 -04:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #18741 from overleaf/bg-cookie-session-test-rotation-support

Browse source 
test session key rotation in cookie-session module

GitOrigin-RevId: 57486b3df527a9998da3b93981c9d45f510802b8
This commit is contained in:
Brian Gough 2024-06-12 09:12:50 +01:00 committed by Copybot
parent c8e8c5213c
commit 97956856ca
3 changed files with 24 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
package-lock.json generated
View file

@ -17844,9 +17844,9 @@
"integrity": "sha1-4wOogrNCzD7oylE6eZmXNNqzriw=" "integrity": "sha1-4wOogrNCzD7oylE6eZmXNNqzriw="
}, },
"node_modules/cookie-signature": { "node_modules/cookie-signature": {
"version": "1.1.0", "version": "1.2.1",
"resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.1.0.tgz", "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.2.1.tgz",
"integrity": "sha512-Alvs19Vgq07eunykd3Xy2jF0/qSNv2u7KDbAek9H5liV1UMijbqFs5cycZvv5dVsvseT/U4H8/7/w8Koh35C4A==", "integrity": "sha512-78KWk9T26NhzXtuL26cIJ8/qNHANyJ/ZYrmEXFzUmhZdjpBv+DlWlOANRTGBt48YcyslsLrj0bMLFTmXvLRCOw==",
"dev": true, "dev": true,
"engines": { "engines": {
"node": ">=6.6.0" "node": ">=6.6.0"
@ -44508,6 +44508,7 @@
"chartjs-plugin-datalabels": "^2.2.0", "chartjs-plugin-datalabels": "^2.2.0",
"cheerio": "^1.0.0-rc.3", "cheerio": "^1.0.0-rc.3",
"classnames": "^2.2.6", "classnames": "^2.2.6",
"cookie-signature": "^1.2.1",
"copy-webpack-plugin": "^11.0.0", "copy-webpack-plugin": "^11.0.0",
"crypto-js": "^4.2.0", "crypto-js": "^4.2.0",
"css-loader": "^6.8.1", "css-loader": "^6.8.1",
@ -52905,6 +52906,7 @@
"contentful": "^10.8.5", "contentful": "^10.8.5",
"cookie": "^0.2.3", "cookie": "^0.2.3",
"cookie-parser": "1.4.6", "cookie-parser": "1.4.6",
"cookie-signature": "^1.2.1",
"copy-webpack-plugin": "^11.0.0", "copy-webpack-plugin": "^11.0.0",
"core-js": "^3.30.2", "core-js": "^3.30.2",
"crc-32": "^1.2.2", "crc-32": "^1.2.2",
@ -61323,9 +61325,9 @@
} }
}, },
"cookie-signature": { "cookie-signature": {
"version": "1.1.0", "version": "1.2.1",
"resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.1.0.tgz", "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.2.1.tgz",
"integrity": "sha512-Alvs19Vgq07eunykd3Xy2jF0/qSNv2u7KDbAek9H5liV1UMijbqFs5cycZvv5dVsvseT/U4H8/7/w8Koh35C4A==", "integrity": "sha512-78KWk9T26NhzXtuL26cIJ8/qNHANyJ/ZYrmEXFzUmhZdjpBv+DlWlOANRTGBt48YcyslsLrj0bMLFTmXvLRCOw==",
"dev": true "dev": true
}, },
"cookiejar": { "cookiejar": {

3
services/web/package.json
View file

@ -276,6 +276,7 @@
"chartjs-plugin-datalabels": "^2.2.0", "chartjs-plugin-datalabels": "^2.2.0",
"cheerio": "^1.0.0-rc.3", "cheerio": "^1.0.0-rc.3",
"classnames": "^2.2.6", "classnames": "^2.2.6",
"cookie-signature": "^1.2.1",
"copy-webpack-plugin": "^11.0.0", "copy-webpack-plugin": "^11.0.0",
"crypto-js": "^4.2.0", "crypto-js": "^4.2.0",
"css-loader": "^6.8.1", "css-loader": "^6.8.1",
@ -341,9 +342,9 @@
"requirejs": "^2.3.6", "requirejs": "^2.3.6",
"resolve-url-loader": "^5.0.0", "resolve-url-loader": "^5.0.0",
"samlp": "^7.0.2", "samlp": "^7.0.2",
"sandboxed-module": "overleaf/node-sandboxed-module#cafa2d60f17ce75cc023e6f296eb8de79d92d35d",
"sass": "^1.77.1", "sass": "^1.77.1",
"sass-loader": "^14.2.1", "sass-loader": "^14.2.1",
"sandboxed-module": "overleaf/node-sandboxed-module#cafa2d60f17ce75cc023e6f296eb8de79d92d35d",
"scroll-into-view-if-needed": "^2.2.25", "scroll-into-view-if-needed": "^2.2.25",
"sinon": "^7.5.0", "sinon": "^7.5.0",
"sinon-chai": "^3.7.0", "sinon-chai": "^3.7.0",

22
services/web/test/acceptance/src/helpers/User.js
View file

@ -10,6 +10,8 @@ const fs = require('fs')
const Path = require('path') const Path = require('path')
const { Cookie } = require('tough-cookie') const { Cookie } = require('tough-cookie')
const COOKIE_DOMAIN = settings.cookieDomain const COOKIE_DOMAIN = settings.cookieDomain
// The cookie domain has a leading '.' but the cookie jar stores it without.
const DEFAULT_COOKIE_URL = `https://${COOKIE_DOMAIN.replace(/^\./, '')}/`
let count = settings.test.counterInit let count = settings.test.counterInit
@ -196,19 +198,23 @@ class User {
/* Return the session cookie, url decoded. Use the option {raw:true} to get the original undecoded value */ /* Return the session cookie, url decoded. Use the option {raw:true} to get the original undecoded value */
sessionCookie(options) { sessionCookie(options) {
const cookie = Cookie.parse( const cookie = Cookie.parse(this.jar.getCookieString(DEFAULT_COOKIE_URL))
this.jar.getCookieString(
// The cookie domain has a leading '.' but
// the cookie jar stores it without.
'https://' + COOKIE_DOMAIN.replace(/^\./, '') + '/'
)
)
if (cookie?.value && !options?.raw) { if (cookie?.value && !options?.raw) {
cookie.value = decodeURIComponent(cookie.value) cookie.value = decodeURIComponent(cookie.value)
} }
return cookie return cookie
} }
/* Set the session cookie from a string and store it in the cookie jar, so that it will be used
for subsequent requests. */
setSessionCookie(cookie) {
const sessionCookie = request.cookie(
`${settings.cookieName}=${cookie}; Domain=${COOKIE_DOMAIN}; Max-age=3600; Path=/; SameSite=Lax`
)
this.jar.setCookie(sessionCookie, DEFAULT_COOKIE_URL)
}
getEmailConfirmationCode(callback) { getEmailConfirmationCode(callback) {
this.getSession((err, session) => { this.getSession((err, session) => {
if (err != null) { if (err != null) {
@ -1247,7 +1253,7 @@ class User {
} }
User.promises = promisifyClass(User, { User.promises = promisifyClass(User, {
without: ['setExtraAttributes', 'sessionCookie'], without: ['setExtraAttributes', 'sessionCookie', 'setSessionCookie'],
}) })
User.promises.prototype.doRequest = async function (method, params) { User.promises.prototype.doRequest = async function (method, params) {