Fix/cookie host (#76)

lakhansamani · web-flow · commit 00565c871785 · 2021-12-11T06:41:35.000+05:30
* fix: cookie host

* feat: add test for url utils

* fix: url test

* fix: multi domain cookie if allowed
diff --git a/Makefile b/Makefile
@@ -4,4 +4,6 @@ VERSION := $(or $(VERSION),$(DEFAULT_VERSION))
 cmd:
 	cd server && go build -ldflags "-w -X main.Version=$(VERSION)" -o '../build/server'
 clean:
-	rm -rf build
+	rm -rf build
+test:
+	cd server && go test ./...
diff --git a/server/handlers/oauthCallback.go b/server/handlers/oauthCallback.go
@@ -40,7 +40,7 @@ func processGoogleUserInfo(code string) (db.User, error) {
 	// Parse and verify ID Token payload.
 	idToken, err := verifier.Verify(ctx, rawIDToken)
 	if err != nil {
-		return user, fmt.Errorf("unable to verify id_token:", err.Error())
+		return user, fmt.Errorf("unable to verify id_token: %s", err.Error())
 	}
 
 	// Extract custom claims
diff --git a/server/utils/cookie.go b/server/utils/cookie.go
@@ -11,9 +11,14 @@ func SetCookie(gc *gin.Context, token string) {
 	secure := true
 	httpOnly := true
 	host := GetHostName(constants.AUTHORIZER_URL)
+	domain := GetDomainName(constants.AUTHORIZER_URL)
+	if domain != "localhost" {
+		domain = "." + domain
+	}
 
 	gc.SetSameSite(http.SameSiteNoneMode)
 	gc.SetCookie(constants.COOKIE_NAME, token, 3600, "/", host, secure, httpOnly)
+	gc.SetCookie(constants.COOKIE_NAME+"-client", token, 3600, "/", domain, secure, httpOnly)
 }
 
 func GetCookie(gc *gin.Context) (string, error) {
@@ -29,8 +34,13 @@ func DeleteCookie(gc *gin.Context) {
 	secure := true
 	httpOnly := true
 
-	host := GetHostName(constants.AUTHORIZER_URL)
+	host := GetDomainName(constants.AUTHORIZER_URL)
+	domain := GetDomainName(constants.AUTHORIZER_URL)
+	if domain != "localhost" {
+		domain = "." + domain
+	}
 
 	gc.SetSameSite(http.SameSiteNoneMode)
 	gc.SetCookie(constants.COOKIE_NAME, "", -1, "/", host, secure, httpOnly)
+	gc.SetCookie(constants.COOKIE_NAME+"-client", "", -1, "/", domain, secure, httpOnly)
 }
diff --git a/server/utils/urls.go b/server/utils/urls.go
@@ -17,7 +17,7 @@ func GetHostName(auth_url string) string {
 	return host
 }
 
-// function to get domain name
+// GetDomainName function to get domain name
 func GetDomainName(auth_url string) string {
 	u, err := url.Parse(auth_url)
 	if err != nil {
diff --git a/server/utils/urls_test.go b/server/utils/urls_test.go
@@ -0,0 +1,25 @@
+package utils
+
+import "testing"
+
+func TestGetHostName(t *testing.T) {
+	authorizer_url := "http://test.herokuapp.com"
+
+	got := GetHostName(authorizer_url)
+	want := "test.herokuapp.com"
+
+	if got != want {
+		t.Errorf("GetHostName Test failed got %s, wanted %s", got, want)
+	}
+}
+
+func TestGetDomainName(t *testing.T) {
+	authorizer_url := "http://test.herokuapp.com"
+
+	got := GetDomainName(authorizer_url)
+	want := "herokuapp.com"
+
+	if got != want {
+		t.Errorf("GetHostName Test failed got %q, wanted %q", got, want)
+	}
+}

Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,7 @@ func processGoogleUserInfo(code string) (db.User, error) {`
`40`	`40`	`// Parse and verify ID Token payload.`
`41`	`41`	`idToken, err := verifier.Verify(ctx, rawIDToken)`
`42`	`42`	`if err != nil {`
`43`		`- return user, fmt.Errorf("unable to verify id_token:", err.Error())`
	`43`	`+ return user, fmt.Errorf("unable to verify id_token: %s", err.Error())`
`44`	`44`	`}`
`45`	`45`
`46`	`46`	`// Extract custom claims`
Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@ func GetHostName(auth_url string) string {`
`17`	`17`	`return host`
`18`	`18`	`}`
`19`	`19`
`20`		`-// function to get domain name`
	`20`	`+// GetDomainName function to get domain name`
`21`	`21`	`func GetDomainName(auth_url string) string {`
`22`	`22`	`u, err := url.Parse(auth_url)`
`23`	`23`	`if err != nil {`