Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: options to customize cookie names #272

Merged
merged 2 commits into from
Oct 16, 2024
Merged

feat: options to customize cookie names #272

merged 2 commits into from
Oct 16, 2024

Conversation

vtkac
Copy link
Contributor

@vtkac vtkac commented Sep 14, 2024
edited
Loading

Hi, I do realize that these are very short-lived cookies, but I have a project where I have to follow a naming convention for all cookies, so it would be great if we could customize these too.

Checklist

Eomm
Eomm requested changes Sep 22, 2024
View reviewed changes
index.js Outdated
const stateCookie = request.cookies['oauth2-redirect-state']
const stateCookie =
request.cookies[
this.redirectStateCookieName || DEFAULT_REDIRECT_STATE_COOKIE_NAME
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is a potential security issue - we can't try to read both cookie

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmm, I don't think it is reading both. If you have provided redirectStateCookieName in options it will read request.cookies[this.redirectStateCookieName] otherwise it uses a default value and takes request.cookies[DEFAULT_REDIRECT_STATE_COOKIE_NAME] - never tries to read both.

index.js Outdated
@@ -116,10 +134,14 @@ function fastifyOauth2 (fastify, options, next) {
tokenRequestParams = {},
scope,
generateStateFunction = defaultGenerateStateFunction,
checkStateFunction = defaultCheckStateFunction,
checkStateFunction = defaultCheckStateFunction.bind({
redirectStateCookieName: configured.redirectStateCookieName
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
redirectStateCookieName: configured.redirectStateCookieName
redirectStateCookieName: configured.redirectStateCookieName || DEFAULT_REDIRECT_STATE_COOKIE_NAME

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh, ok, I see. Sure I can move that default value from defaultCheckStateFunction here, it should effectively do the same

Eomm
Eomm reviewed Sep 22, 2024
View reviewed changes
Copy link
Member

@Eomm Eomm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should update the Readme too

@vtkac vtkac requested a review from Eomm September 23, 2024 10:59
mcollina
mcollina approved these changes Oct 15, 2024
View reviewed changes
Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@mcollina
Copy link
Member

@Eomm PTAL

@mcollina mcollina merged commit 3b1ab83 into fastify:master Oct 16, 2024
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Eomm Eomm Eomm approved these changes

@mcollina mcollina mcollina approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@vtkac @mcollina @Eomm