LBRYCommunity/lbry-desktop
1
0
Fork 0
Code Issues 596 Pull requests 6 Projects Releases 238 Packages Wiki Activity

update cookies to remove leading "." in domain value

Browse source
This commit is contained in:
Sean Yesmunt 2020-03-11 22:29:53 -04:00
parent d08aae26b1
commit 878ad61fd1
2 changed files with 39 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
ui/index.jsx
View file

@ -16,22 +16,15 @@ import { Provider } from 'react-redux';
import { doDaemonReady, doAutoUpdate, doOpenModal, doHideModal, doToggle3PAnalytics } from 'redux/actions/app'; import { doDaemonReady, doAutoUpdate, doOpenModal, doHideModal, doToggle3PAnalytics } from 'redux/actions/app';
import { Lbry, doToast, isURIValid, setSearchApi, apiCall } from 'lbry-redux'; import { Lbry, doToast, isURIValid, setSearchApi, apiCall } from 'lbry-redux';
import { doSetLanguage, doUpdateIsNightAsync } from 'redux/actions/settings'; import { doSetLanguage, doUpdateIsNightAsync } from 'redux/actions/settings';
import { import { Lbryio, rewards, doBlackListedOutpointsSubscribe, doFilteredOutpointsSubscribe } from 'lbryinc';
doAuthenticate,
Lbryio,
rewards,
doBlackListedOutpointsSubscribe,
doFilteredOutpointsSubscribe,
} from 'lbryinc';
import { store, persistor, history } from 'store'; import { store, persistor, history } from 'store';
import pjson from 'package.json';
import app from './app'; import app from './app';
import doLogWarningConsoleMessage from './logWarningConsoleMessage'; import doLogWarningConsoleMessage from './logWarningConsoleMessage';
import { ConnectedRouter, push } from 'connected-react-router'; import { ConnectedRouter, push } from 'connected-react-router';
import { formatLbryUrlForWeb, formatInAppUrl } from 'util/url'; import { formatLbryUrlForWeb, formatInAppUrl } from 'util/url';
import { PersistGate } from 'redux-persist/integration/react'; import { PersistGate } from 'redux-persist/integration/react';
import analytics from 'analytics'; import analytics from 'analytics';
import { getAuthToken, setAuthToken } from 'util/saved-passwords'; import { getAuthToken, setAuthToken, doCookieCleanup } from 'util/saved-passwords';
import { X_LBRY_AUTH_TOKEN } from 'constants/token'; import { X_LBRY_AUTH_TOKEN } from 'constants/token';
// Import our app styles // Import our app styles
@ -94,6 +87,11 @@ if (process.env.SEARCH_API_URL) {
setSearchApi(process.env.SEARCH_API_URL); setSearchApi(process.env.SEARCH_API_URL);
} }
// Fix to make sure old users' cookies are set to the correct domain
// This can be removed after March 11th, 2021
// https://github.com/lbryio/lbry-desktop/pull/3830
doCookieCleanup();
// We need to override Lbryio for getting/setting the authToken // We need to override Lbryio for getting/setting the authToken
// We interact with ipcRenderer to get the auth key from a users keyring // We interact with ipcRenderer to get the auth key from a users keyring
// We keep a local variable for authToken because `ipcRenderer.send` does not // We keep a local variable for authToken because `ipcRenderer.send` does not

49
ui/util/saved-passwords.js
View file

@ -1,7 +1,11 @@
// @flow // @flow
import { ipcRenderer } from 'electron'; import { ipcRenderer } from 'electron';
import { DOMAIN } from 'config';
const AUTH_TOKEN = 'auth_token';
const SAVED_PASSWORD = 'saved_password';
const DEPRECATED_SAVED_PASSWORD = 'saved-password';
const domain = window.location.hostname;
const isProduction = process.env.NODE_ENV === 'production'; const isProduction = process.env.NODE_ENV === 'production';
const maxExpiration = 2147483647; const maxExpiration = 2147483647;
let sessionPassword; let sessionPassword;
@ -17,7 +21,7 @@ function setCookie(name: string, value: string, expirationDaysOnWeb: number) {
let cookie = `${name}=${value || ''}; ${expires} path=/; SameSite=Lax;`; let cookie = `${name}=${value || ''}; ${expires} path=/; SameSite=Lax;`;
if (isProduction) { if (isProduction) {
cookie += ` domain=.${DOMAIN}; Secure;`; cookie += ` domain=${domain}; Secure;`;
} }
document.cookie = cookie; document.cookie = cookie;
@ -41,12 +45,13 @@ function getCookie(name: string) {
} }
function deleteCookie(name: string) { function deleteCookie(name: string) {
document.cookie = name + `=; Max-Age=-99999999; domain=.${DOMAIN}; path=/;`; document.cookie = name + `=; Max-Age=-99999999; domain=${domain}; path=/;`;
// Legacy // Legacy
// Adding this here to delete any old cookies before we switched to . + DOMAIN // Adding this here to delete any old cookies before we removed the "." in front of the domain
// Remove this if you see it after July 1st, 2020 // Remove this if you see it after March 11th, 2021
document.cookie = name + `=; Max-Age=-99999999; domain=${DOMAIN}; path=/;`; // https://github.com/lbryio/lbry-desktop/pull/3830
document.cookie = name + `=; Max-Age=-99999999; domain=.${domain}; path=/;`;
} }
export const setSavedPassword = (value?: string, saveToDisk: boolean) => { export const setSavedPassword = (value?: string, saveToDisk: boolean) => {
@ -56,7 +61,7 @@ export const setSavedPassword = (value?: string, saveToDisk: boolean) => {
if (saveToDisk) { if (saveToDisk) {
if (password) { if (password) {
setCookie('saved-password', password, 14); setCookie(SAVED_PASSWORD, password, 14);
} else { } else {
deleteSavedPassword(); deleteSavedPassword();
} }
@ -80,12 +85,12 @@ export const getKeychainPassword = () => {
// @if TARGET='web' // @if TARGET='web'
// In the future, this will be the only code in this function // In the future, this will be the only code in this function
// Handling keytar stuff separately so we can easily rip it out later // Handling keytar stuff separately so we can easily rip it out later
password = getCookie('saved-password'); password = getCookie(SAVED_PASSWORD);
resolve(password); resolve(password);
// @endif // @endif
// @if TARGET='app' // @if TARGET='app'
password = getCookie('saved-password'); password = getCookie(SAVED_PASSWORD);
if (password) { if (password) {
resolve(password); resolve(password);
@ -108,30 +113,30 @@ export const getKeychainPassword = () => {
export const deleteSavedPassword = () => { export const deleteSavedPassword = () => {
return new Promise<*>(resolve => { return new Promise<*>(resolve => {
deleteCookie('saved-password'); deleteCookie(SAVED_PASSWORD);
resolve(); resolve();
}); });
}; };
export const getAuthToken = () => { export const getAuthToken = () => {
return getCookie('auth_token'); return getCookie(AUTH_TOKEN);
}; };
export const setAuthToken = (value: string) => { export const setAuthToken = (value: string) => {
return setCookie('auth_token', value, 365); return setCookie(AUTH_TOKEN, value, 365);
}; };
export const deleteAuthToken = () => { export const deleteAuthToken = () => {
return new Promise<*>(resolve => { return new Promise<*>(resolve => {
deleteCookie('auth_token'); deleteCookie(AUTH_TOKEN);
resolve(); resolve();
}); });
}; };
export const doSignOutCleanup = () => { export const doSignOutCleanup = () => {
return new Promise<*>(resolve => { return new Promise<*>(resolve => {
deleteCookie('auth_token'); deleteAuthToken();
deleteCookie('saved-password'); deleteSavedPassword();
resolve(); resolve();
// @if TARGET='app' // @if TARGET='app'
@ -141,6 +146,16 @@ export const doSignOutCleanup = () => {
}); });
}; };
export const testKeychain = () => { export const doCookieCleanup = () => {
// we should make sure it works on startup const authToken = getAuthToken();
if (authToken) {
deleteAuthToken();
setAuthToken(authToken);
}
const savedPassword = getCookie(DEPRECATED_SAVED_PASSWORD);
if (savedPassword) {
deleteCookie(DEPRECATED_SAVED_PASSWORD);
setSavedPassword(savedPassword, true);
}
}; };