add SameSite value for access cookies,
add proper minimum expire time for username/auth access cookie, fix bug in setUser
This commit is contained in:
parent
4984877ab7
commit
7626dcf387
@ -250,7 +250,7 @@ class USER_BACKEND_MANAGER extends USER_BACKEND {
|
||||
for (const backend of this.#config.realm[user.realm]) {
|
||||
const atomicChange = await global.backends[backend].setUser(user, attributes, params);
|
||||
if (atomicChange.valid === false) { // if any fails, preemptively exit
|
||||
return atomicChange.stauts;
|
||||
return atomicChange.status;
|
||||
}
|
||||
atomicChanges.push(atomicChange); // queue callback into array
|
||||
}
|
||||
|
@ -73,12 +73,17 @@ router.post("/ticket", async (req, res) => {
|
||||
return;
|
||||
}
|
||||
const cookies = cm.exportCookies();
|
||||
let minimumExpires = Infinity;
|
||||
for (const cookie of cookies) {
|
||||
const expiresDate = new Date(Date.now() + cookie.expiresMSFromNow);
|
||||
res.cookie(cookie.name, cookie.value, { domain, path: "/", httpOnly: true, secure: true, expires: expiresDate });
|
||||
res.cookie(cookie.name, cookie.value, { domain, path: "/", httpOnly: true, secure: true, expires: expiresDate, sameSite: "none" });
|
||||
if (cookie.expiresMSFromNow < minimumExpires) {
|
||||
minimumExpires = cookie.expiresMSFromNow;
|
||||
}
|
||||
res.cookie("username", params.username, { domain, path: "/", secure: true });
|
||||
res.cookie("auth", 1, { domain, path: "/", secure: true });
|
||||
}
|
||||
const expiresDate = new Date(Date.now() + minimumExpires);
|
||||
res.cookie("username", params.username, { domain, path: "/", secure: true, expires: expiresDate, sameSite: "none" });
|
||||
res.cookie("auth", 1, { domain, path: "/", secure: true, expires: expiresDate, sameSite: "none" });
|
||||
res.status(200).send({ auth: true });
|
||||
});
|
||||
|
||||
@ -95,7 +100,7 @@ router.delete("/ticket", async (req, res) => {
|
||||
const domain = global.config.application.domain;
|
||||
const expire = new Date(0);
|
||||
for (const cookie in req.cookies) {
|
||||
res.cookie(cookie, "", { domain, path: "/", expires: expire });
|
||||
res.cookie(cookie, "", { domain, path: "/", expires: expire, secure: true, sameSite: "none" });
|
||||
}
|
||||
await global.pve.closeSession(req.cookies);
|
||||
await global.userManager.closeSession(req.cookies);
|
||||
|
@ -379,6 +379,11 @@ export function readJSONFile (path) {
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
*
|
||||
* @param {*} username
|
||||
* @returns {Object | null} user object containing username and realm or null if user does not exist
|
||||
*/
|
||||
export function getUserObjFromUsername (username) {
|
||||
if (username) {
|
||||
const userRealm = username.split("@").at(-1);
|
||||
|
Loading…
Reference in New Issue
Block a user