Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fix: auth cookie serialization/deserialization #93

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Jan 12, 2024
Merged

fix: auth cookie serialization/deserialization #93

merged 10 commits into from
Jan 12, 2024

Conversation

matus-vacula
Copy link
Contributor

@matus-vacula matus-vacula commented Jan 11, 2024
edited by pavkam
Loading

This PR fixes an issue with cached token serialization and adds preventive fix in case a token is manually modified or possibly invalid due to server-side credential changes.

@matus-vacula matus-vacula requested review from Munter and pavkam January 11, 2024 15:04
Munter
Munter reviewed Jan 11, 2024
View reviewed changes
@pavkam pavkam self-assigned this Jan 11, 2024
@pavkam pavkam requested review from pavkam and removed request for pavkam January 11, 2024 18:04
@matus-vacula
Copy link
Contributor Author

Good from my side but cannot hit "Approve" since I opened PR 👍

roncohen
roncohen reviewed Jan 11, 2024
View reviewed changes
Munter
Munter reviewed Jan 12, 2024
View reviewed changes
Copy link
Contributor

@Munter Munter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I notice that at n point are we actually testing a full end-to-end writing and reading of the cookie. We're only using mocks. Since we ran into problems during the development of this branch I think it would be prudent to add a test that doesn't actually mock the setting and reading of cookies. vitest has a jsdom enviromnent available, which I assume will be able to write and read cookies, including handling of cookie expiration etc

@pavkam
Copy link
Contributor

pavkam commented Jan 12, 2024

I notice that at n point are we actually testing a full end-to-end writing and reading of the cookie. We're only using mocks. Since we ran into problems during the development of this branch I think it would be prudent to add a test that doesn't actually mock the setting and reading of cookies. vitest has a jsdom enviromnent available, which I assume will be able to write and read cookies, including handling of cookie expiration etc

That would be testing the functionality of the js-cookie library in that case. Not sure we need to go that far. As long as we're testing the calls into it I think we're good. But if you think that's a good strategy, I can add a deeper test.

@Munter
Copy link
Contributor

Munter commented Jan 12, 2024

That would be testing the functionality of the js-cookie library in that case. Not sure we need to go that far. As long as we're testing the calls into it I think we're good. But if you think that's a good strategy, I can add a deeper test.

Unless we have a good explanation for why @matus-vacula hit a case where cookie readind was not unescaped correctly, and a guarantee that we cannot hit this case accidentally again, I do indeed think we should be testing the full flow, including the cookie library. We might want to upgrade the library at some point, and with no test to verify that functionality is intact, we might well regress here in the future

@matus-vacula
Copy link
Contributor Author

I think the escaping problem might have been from an incorrect linking of the SDK.

@pavkam
Copy link
Contributor

pavkam commented Jan 12, 2024

That would be testing the functionality of the js-cookie library in that case. Not sure we need to go that far. As long as we're testing the calls into it I think we're good. But if you think that's a good strategy, I can add a deeper test.

Unless we have a good explanation for why @matus-vacula hit a case where cookie readind was not unescaped correctly, and a guarantee that we cannot hit this case accidentally again, I do indeed think we should be testing the full flow, including the cookie library. We might want to upgrade the library at some point, and with no test to verify that functionality is intact, we might well regress here in the future

Right, I still think it's an overkill but I have basically added all kinds of tests on "real cookies". This will at least ensure the formatting stays consistent across versions of js-cookie

@pavkam pavkam requested review from roncohen and Munter January 12, 2024 10:49
roncohen
roncohen approved these changes Jan 12, 2024
View reviewed changes
Copy link
Contributor

@roncohen roncohen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tried sending a prompt locally and that works 👍

@pavkam pavkam merged commit 60be189 into main Jan 12, 2024
@pavkam pavkam deleted the fix_cookie_deserialisation branch January 12, 2024 14:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@roncohen roncohen roncohen approved these changes

@Swiftwork Swiftwork Awaiting requested review from Swiftwork

@pavkam pavkam Awaiting requested review from pavkam

+1 more reviewer

@Munter Munter Munter approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees

@pavkam pavkam

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@matus-vacula @pavkam @Munter @roncohen