From c3ba7daa16aced1761a6850ec565b3c8df0d0364 Mon Sep 17 00:00:00 2001 From: Denis Arnst Date: Thu, 25 Jan 2024 16:05:41 +0100 Subject: [PATCH] Auth: Remove is_rest cookie --- server/Auth.js | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/server/Auth.js b/server/Auth.js index a2f6cfd2..9dfe2416 100644 --- a/server/Auth.js +++ b/server/Auth.js @@ -186,6 +186,16 @@ class Auth { } } + /** + * Returns if the given auth method is API based. + * + * @param {string} authMethod + * @returns {boolean} + */ + isAuthMethodAPIBased(authMethod) { + return ['api', 'openid-mobile'].includes(authMethod) + } + /** * Stores the client's choice of login callback method in temporary cookies. * @@ -201,14 +211,10 @@ class Auth { */ paramsToCookies(req, res, authMethod = 'local') { const TWO_MINUTES = 120000 // 2 minutes in milliseconds - const isRest = ['api', 'openid-mobile'].includes(authMethod) const callback = req.query.redirect_uri || req.query.callback - // Set the 'is_rest' cookie based on the authentication method - res.cookie('is_rest', isRest.toString(), { maxAge: TWO_MINUTES, httpOnly: true }) - - // Additional handling for 'local' authMethod - if (!isRest) { + // Additional handling for non-API based authMethod + if (!this.isAuthMethodAPIBased(authMethod)) { // Store 'auth_state' if present in the request if (req.query.state) { res.cookie('auth_state', req.query.state, { maxAge: TWO_MINUTES, httpOnly: true }) @@ -236,7 +242,7 @@ class Auth { // get userLogin json (information about the user, server and the session) const data_json = await this.getUserLoginResponsePayload(req.user) - if (req.cookies.is_rest === 'true') { + if (this.isAuthMethodAPIBased(req.cookies.auth_method)) { // REST request - send data res.json(data_json) } else {