Skip to content

Commit 9953d83

Browse files
nkshah2nkshah2
authored
chore: Fix logic of detecting cookie strings in storage (#82)
* Refactor logic * Refactor logic * Refactor logic
1 parent f3e6a2a commit 9953d83

File tree

4 files changed

+90
-48
lines changed

4 files changed

+90
-48
lines changed

lib/build/antiCsrf.js

Lines changed: 20 additions & 11 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

lib/build/frontToken.js

Lines changed: 20 additions & 11 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

lib/ts/antiCsrf.ts

Lines changed: 25 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -49,20 +49,32 @@ export default class AntiCSRF {
4949

5050
if (fromStorage != null) {
5151
let value = "; " + fromStorage;
52-
let parts = value.split("; " + ANTI_CSRF_NAME + "=");
53-
let last = parts.pop();
54-
55-
if (last !== undefined) {
56-
let temp = last.split(";").shift();
57-
if (temp !== undefined) {
58-
// This means that the storage had a cookie string instead of a simple key value (legacy sessions)
59-
// We update storage to set just the value and return it
60-
await AntiCSRF.setItem(associatedAccessTokenUpdate, temp);
61-
return temp;
62-
}
6352

64-
// This means that the storage had a cookie string but it was malformed somehow
65-
return null;
53+
if (value.includes("; " + ANTI_CSRF_NAME + "=")) {
54+
// This means that the storage had a cookie string instead of a simple key value (legacy sessions)
55+
let parts = value.split("; " + ANTI_CSRF_NAME + "=");
56+
let last = parts.pop();
57+
58+
if (last !== undefined) {
59+
let splitForExpiry = fromStorage.split(";");
60+
let expiry = Date.parse(splitForExpiry[1].split("=")[1]);
61+
let currentTime = Date.now();
62+
63+
if (expiry < currentTime) {
64+
await AntiCSRF.removeToken();
65+
return null;
66+
}
67+
68+
let temp = last.split(";").shift();
69+
if (temp !== undefined) {
70+
// We update storage to set just the value and return it
71+
await AntiCSRF.setItem(associatedAccessTokenUpdate, temp);
72+
return temp;
73+
}
74+
75+
// This means that the storage had a cookie string but it was malformed somehow
76+
return null;
77+
}
6678
}
6779
}
6880

lib/ts/frontToken.ts

Lines changed: 25 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -18,20 +18,32 @@ export default class FrontToken {
1818

1919
if (frontTokenFromStorage !== null) {
2020
let value = "; " + frontTokenFromStorage;
21-
let parts = value.split("; " + FRONT_TOKEN_NAME + "=");
22-
23-
let last = parts.pop();
24-
if (last !== undefined) {
25-
let temp = last.split(";").shift();
26-
if (temp !== undefined) {
27-
// This means that the storage had a cookie string instead of a simple key value (legacy sessions)
28-
// We update storage to set just the value and return it
29-
await FrontToken.setFrontToken(temp);
30-
return temp;
31-
}
3221

33-
// This means that the storage had a cookie string but it was malformed somehow
34-
return null;
22+
if (value.includes("; " + FRONT_TOKEN_NAME + "=")) {
23+
// This means that the storage had a cookie string instead of a simple key value (legacy sessions)
24+
let parts = value.split("; " + FRONT_TOKEN_NAME + "=");
25+
26+
let last = parts.pop();
27+
if (last !== undefined) {
28+
let splitForExpiry = frontTokenFromStorage.split(";");
29+
let expiry = Date.parse(splitForExpiry[1].split("=")[1]);
30+
let currentTime = Date.now();
31+
32+
if (expiry < currentTime) {
33+
await FrontToken.removeToken();
34+
return null;
35+
}
36+
37+
let temp = last.split(";").shift();
38+
if (temp !== undefined) {
39+
// We update storage to set just the value and return it
40+
await FrontToken.setFrontToken(temp);
41+
return temp;
42+
}
43+
44+
// This means that the storage had a cookie string but it was malformed somehow
45+
return null;
46+
}
3547
}
3648

3749
return frontTokenFromStorage;

0 commit comments

Comments
 (0)