fix(aws-amplify): createKeyValueStorageFromCookieStorageAdapter misse…

…s default path and secure values (aws-amplify#13508) * fix(aws-amplify): createKeyValueStorageFromCookieStorageAdapter misses default path and secure values * Ensure Path is being serialized * Delete cookie without path attr before setting it
jjarvisp · Jul 19, 2024 · 60a559f · 60a559f
1 parent aa7ae18
commit 60a559f
Show file tree

Hide file tree

Showing 5 changed files with 36 additions and 4 deletions.
diff --git a/...es/adapter-nextjs/__tests__/utils/createCookieStorageAdapterFromNextServerContext.test.ts b/...es/adapter-nextjs/__tests__/utils/createCookieStorageAdapterFromNextServerContext.test.ts
@@ -147,6 +147,7 @@ describe('createCookieStorageAdapterFromNextServerContext', () => {
 			sameSite: 'strict' as any,
 			httpOnly: true,
 			secure: true,
+			path: '/a-path',
 		};
 
 		const result = createCookieStorageAdapterFromNextServerContext(mockContext);
@@ -176,7 +177,7 @@ describe('createCookieStorageAdapterFromNextServerContext', () => {
 					mockSerializeOptions.domain
 				};Expires=${mockSerializeOptions.expires.toUTCString()};HttpOnly;SameSite=${
 					mockSerializeOptions.sameSite
-				};Secure`,
+				};Secure;Path=${mockSerializeOptions.path}`,
 			);
 		});
 
@@ -188,7 +189,7 @@ describe('createCookieStorageAdapterFromNextServerContext', () => {
 					mockSerializeOptions.domain
 				};Expires=${mockSerializeOptions.expires.toUTCString()};HttpOnly;SameSite=${
 					mockSerializeOptions.sameSite
-				};Secure`,
+				};Secure;Path=${mockSerializeOptions.path}`,
 			);
 		});
 

diff --git a/packages/adapter-nextjs/src/utils/createCookieStorageAdapterFromNextServerContext.ts b/packages/adapter-nextjs/src/utils/createCookieStorageAdapterFromNextServerContext.ts
@@ -218,7 +218,7 @@ const createMutableCookieStoreFromHeaders = (
 const serializeSetCookieOptions = (
 	options: CookieStorage.SetCookieOptions,
 ): string => {
-	const { expires, domain, httpOnly, sameSite, secure } = options;
+	const { expires, domain, httpOnly, sameSite, secure, path } = options;
 	const serializedOptions: string[] = [];
 	if (domain) {
 		serializedOptions.push(`Domain=${domain}`);
@@ -235,6 +235,9 @@ const serializeSetCookieOptions = (
 	if (secure) {
 		serializedOptions.push(`Secure`);
 	}
+	if (path) {
+		serializedOptions.push(`Path=${path}`);
+	}
 
 	return serializedOptions.join(';');
 };

diff --git a/...ests__/adapterCore/storageFactories/createKeyValueStorageFromCookieStorageAdapter.test.ts b/...ests__/adapterCore/storageFactories/createKeyValueStorageFromCookieStorageAdapter.test.ts
@@ -40,6 +40,21 @@ describe('keyValueStorage', () => {
 				);
 			});
 
+			it('should remove item before setting item', async () => {
+				const testKey = 'testKey';
+				const testValue = 'testValue';
+				keyValueStorage.setItem(testKey, testValue);
+				expect(mockCookiesStorageAdapter.delete).toHaveBeenCalledWith(testKey);
+				expect(mockCookiesStorageAdapter.set).toHaveBeenCalledWith(
+					testKey,
+					testValue,
+					{
+						...defaultSetCookieOptions,
+						expires: expect.any(Date),
+					},
+				);
+			});
+
 			it('should set item with options', async () => {
 				const testKey = 'testKey';
 				const testValue = 'testValue';

diff --git a/...mplify/src/adapter-core/storageFactories/createKeyValueStorageFromCookieStorageAdapter.ts b/...mplify/src/adapter-core/storageFactories/createKeyValueStorageFromCookieStorageAdapter.ts
@@ -10,6 +10,8 @@ import {
 export const defaultSetCookieOptions: CookieStorage.SetCookieOptions = {
 	// TODO: allow configure with a public interface
 	sameSite: 'lax',
+	secure: true,
+	path: '/',
 };
 const ONE_YEAR_IN_MS = 365 * 24 * 60 * 60 * 1000;
 
@@ -25,6 +27,11 @@ export const createKeyValueStorageFromCookieStorageAdapter = (
 ): KeyValueStorageInterface => {
 	return {
 		setItem(key, value) {
+			// Delete the cookie item first then set it. This results:
+			// SetCookie: key=;expires=1970-01-01;(path='current-path') <- remove path'ed cookies
+			// SetCookie: key=value;expires=Date.now() + 365 days;path=/;secure=true
+			cookieStorageAdapter.delete(key);
+
 			// TODO(HuiSF): follow up the default CookieSerializeOptions values
 			cookieStorageAdapter.set(key, value, {
 				...defaultSetCookieOptions,

diff --git a/packages/core/src/adapterCore/serverContext/types/cookieStorage.ts b/packages/core/src/adapterCore/serverContext/types/cookieStorage.ts
@@ -7,7 +7,13 @@ export declare namespace CookieStorage {
 	export type SetCookieOptions = Partial<
 		Pick<
 			CookieSerializeOptions,
-			'domain' | 'expires' | 'httpOnly' | 'maxAge' | 'sameSite' | 'secure'
+			| 'domain'
+			| 'expires'
+			| 'httpOnly'
+			| 'maxAge'
+			| 'sameSite'
+			| 'secure'
+			| 'path'
 		>
 	>;