add SameSite value for access cookies,

add proper minimum expire time for username/auth access cookie,
fix bug in setUser
This commit is contained in:
Arthur Lu 2024-10-30 18:59:10 +00:00
parent 4984877ab7
commit 7626dcf387
3 changed files with 15 additions and 5 deletions

View File

@ -250,7 +250,7 @@ class USER_BACKEND_MANAGER extends USER_BACKEND {
for (const backend of this.#config.realm[user.realm]) {
const atomicChange = await global.backends[backend].setUser(user, attributes, params);
if (atomicChange.valid === false) { // if any fails, preemptively exit
return atomicChange.stauts;
return atomicChange.status;
}
atomicChanges.push(atomicChange); // queue callback into array
}

View File

@ -73,12 +73,17 @@ router.post("/ticket", async (req, res) => {
return;
}
const cookies = cm.exportCookies();
let minimumExpires = Infinity;
for (const cookie of cookies) {
const expiresDate = new Date(Date.now() + cookie.expiresMSFromNow);
res.cookie(cookie.name, cookie.value, { domain, path: "/", httpOnly: true, secure: true, expires: expiresDate });
res.cookie(cookie.name, cookie.value, { domain, path: "/", httpOnly: true, secure: true, expires: expiresDate, sameSite: "none" });
if (cookie.expiresMSFromNow < minimumExpires) {
minimumExpires = cookie.expiresMSFromNow;
}
res.cookie("username", params.username, { domain, path: "/", secure: true });
res.cookie("auth", 1, { domain, path: "/", secure: true });
}
const expiresDate = new Date(Date.now() + minimumExpires);
res.cookie("username", params.username, { domain, path: "/", secure: true, expires: expiresDate, sameSite: "none" });
res.cookie("auth", 1, { domain, path: "/", secure: true, expires: expiresDate, sameSite: "none" });
res.status(200).send({ auth: true });
});
@ -95,7 +100,7 @@ router.delete("/ticket", async (req, res) => {
const domain = global.config.application.domain;
const expire = new Date(0);
for (const cookie in req.cookies) {
res.cookie(cookie, "", { domain, path: "/", expires: expire });
res.cookie(cookie, "", { domain, path: "/", expires: expire, secure: true, sameSite: "none" });
}
await global.pve.closeSession(req.cookies);
await global.userManager.closeSession(req.cookies);

View File

@ -379,6 +379,11 @@ export function readJSONFile (path) {
}
};
/**
*
* @param {*} username
* @returns {Object | null} user object containing username and realm or null if user does not exist
*/
export function getUserObjFromUsername (username) {
if (username) {
const userRealm = username.split("@").at(-1);