Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed missing payload encoding conversion (from UTF-8 to UTF-16) #56

Merged
merged 3 commits into from
May 8, 2024
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion lib/src/front-token.dart
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ class FrontToken {

static Map<String, dynamic> _parseFrontToken(fronTokenDecoded) {
var base64Decoded = base64Decode(fronTokenDecoded);
String decodedString = new String.fromCharCodes(base64Decoded);
String decodedString = utf8.decode(base64Decoded);
var result = jsonDecode(decodedString);
return result;
}
Expand Down
17 changes: 17 additions & 0 deletions test/accesstoken_http_test.dart
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,23 @@ void main() {
}
});

test("should convert utf-8 access token payload to utf-16", () async {
await SuperTokensTestUtils.startST(validity: 3);
SuperTokens.init(apiDomain: apiBasePath);
Request req = SuperTokensTestUtils.getLoginRequestUtf8Encoded();
StreamedResponse streamedResp;
streamedResp = await http.send(req);
var resp = await Response.fromStream(streamedResp);
if (resp.statusCode != 200) {
fail("login failed");
}

var payload = await SuperTokens.getAccessTokenPayloadSecurely();
assert(payload.length == 1);
assert(payload["name"] == "öäü-áàâ");
assert(payload["name"] == "\u00f6\u00e4\u00fc\u002d\u00e1\u00e0\u00e2");
});

test("should be able to refresh a session started w/ CDI 2.18", () async {
await SuperTokensTestUtils.startST(validity: 3);
SuperTokens.init(apiDomain: apiBasePath);
Expand Down
12 changes: 12 additions & 0 deletions test/test-utils.dart
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,18 @@ class SuperTokensTestUtils {
return request;
}

static http.Request getLoginRequestUtf8Encoded() {
var loginAPIURL = "$baseUrl/login";
var request = http.Request('POST', Uri.parse(loginAPIURL));
request.headers['Content-Type'] = "application/json; charset=utf-8";
var body = {"userId": "supertokens-flutter-tests", "payload": {
"name": "\xc3\xb6\xc3\xa4\xc3\xbc\x2d\xc3\xa1\xc3\xa0\xc3\xa2" // UTF-8 encoded öäü-áàâ
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i don't think the login enpoint here actually uses the payload prop in the reuqest to add to the access token payload of the session. So that probably needs to be modified as well

Copy link
Author

@djuelg djuelg Apr 24, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah yes, that's a mixup with /login-2.18, where the request payload gets passed to the token. Would it be fine to run the test against /login-2.18? Or should I rather adapt the /login node-function?

In the second case, I guess I would need to pass the payload like so: Session.createNewSession(req, res, userId, accessTokenPayload: payloadFromRequest);?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

correct. You should adapt the login API and pass in the payloadFromRequest to the createNewSession function in case the request body has this prop

}};
var jsonBody = jsonEncode(body);
request.body = jsonBody;
return request;
}

static http.Request getLogin218Request() {
var loginAPIURL = "$baseUrl/login-2.18";
var request = http.Request('POST', Uri.parse(loginAPIURL));
Expand Down
Loading