Skip to content

Commit

Permalink
fix: default to st-auth-mode if getTokenTransferMethod returns any in…
Browse files Browse the repository at this point in the history
… createNewSession
  • Loading branch information
furkansenharputlu committed Apr 24, 2024
1 parent f581384 commit 20cd6b9
Show file tree
Hide file tree
Showing 3 changed files with 43 additions and 9 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [unreleased]

- `session.CreateNewSession` now defaults to the value of the `st-auth-mode` header (if available) if the configured `config.GetTokenTransferMethod` returns `any`.

## [0.17.5] - 2024-03-14
- Adds a type uint64 to the `accessTokenCookiesExpiryDurationMillis` local variable in `recipe/session/utils.go`. It also removes the redundant `uint64` type forcing needed because of the untyped variable.
Expand Down
44 changes: 36 additions & 8 deletions recipe/emailpassword/authMode_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -224,15 +224,43 @@ func TestWithGetTokenTransferMethodProvidedCreateNewSessionWithShouldUseHeaderIf
defer testServer.Close()
setupRoutesForTest(t, mux)

resp := createNewSession(t, testServer.URL, nil, nil, nil, nil)
t.Run("no st-auth-mode", func(t *testing.T) {
resp := createNewSession(t, testServer.URL, nil, nil, nil, nil)

assert.Equal(t, resp["sAccessToken"], "-not-present-")
assert.Equal(t, resp["sRefreshToken"], "-not-present-")
assert.Equal(t, resp["antiCsrf"], "-not-present-")
assert.NotEmpty(t, resp["accessTokenFromHeader"])
assert.NotEqual(t, resp["accessTokenFromHeader"], "-not-present-")
assert.NotEmpty(t, resp["refreshTokenFromHeader"])
assert.NotEqual(t, resp["refreshTokenFromHeader"], "-not-present-")
})

assert.Equal(t, resp["sAccessToken"], "-not-present-")
assert.Equal(t, resp["sRefreshToken"], "-not-present-")
assert.Equal(t, resp["antiCsrf"], "-not-present-")
assert.NotEmpty(t, resp["accessTokenFromHeader"])
assert.NotEqual(t, resp["accessTokenFromHeader"], "-not-present-")
assert.NotEmpty(t, resp["refreshTokenFromHeader"])
assert.NotEqual(t, resp["refreshTokenFromHeader"], "-not-present-")
t.Run("st-auth-mode is cookie", func(t *testing.T) {
authMode := string(sessmodels.CookieTransferMethod)
resp := createNewSession(t, testServer.URL, &authMode, nil, nil, nil)

assert.NotEqual(t, resp["sAccessToken"], "-not-present-")
assert.NotEqual(t, resp["sRefreshToken"], "-not-present-")
assert.NotEqual(t, resp["antiCsrf"], "-not-present-")
assert.NotEmpty(t, resp["accessTokenFromHeader"])
assert.Equal(t, resp["accessTokenFromHeader"], "-not-present-")
assert.NotEmpty(t, resp["refreshTokenFromHeader"])
assert.Equal(t, resp["refreshTokenFromHeader"], "-not-present-")
})

t.Run("st-auth-mode is header", func(t *testing.T) {
authMode := string(sessmodels.HeaderTransferMethod)
resp := createNewSession(t, testServer.URL, &authMode, nil, nil, nil)

assert.Equal(t, resp["sAccessToken"], "-not-present-")
assert.Equal(t, resp["sRefreshToken"], "-not-present-")
assert.Equal(t, resp["antiCsrf"], "-not-present-")
assert.NotEmpty(t, resp["accessTokenFromHeader"])
assert.NotEqual(t, resp["accessTokenFromHeader"], "-not-present-")
assert.NotEmpty(t, resp["refreshTokenFromHeader"])
assert.NotEqual(t, resp["refreshTokenFromHeader"], "-not-present-")
})
}

func TestWithGetTokenTransferMethodProvidedCreateNewSessionWithShouldUseHeaderIfMethodReturnsHeader(t *testing.T) {
Expand Down
7 changes: 6 additions & 1 deletion recipe/session/sessionRequestFunctions.go
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,12 @@ func CreateNewSessionInRequest(req *http.Request, res http.ResponseWriter, tenan

outputTokenTransferMethod := config.GetTokenTransferMethod(req, true, userContext)
if outputTokenTransferMethod == sessmodels.AnyTransferMethod {
outputTokenTransferMethod = sessmodels.HeaderTransferMethod
authMode := GetAuthmodeFromHeader(req)
if authMode != nil && *authMode == sessmodels.CookieTransferMethod {
outputTokenTransferMethod = *authMode
} else {
outputTokenTransferMethod = sessmodels.HeaderTransferMethod
}
}

supertokens.LogDebugMessage(fmt.Sprintf("createNewSession: using transfer method %s", outputTokenTransferMethod))
Expand Down

0 comments on commit 20cd6b9

Please sign in to comment.