Skip to content

Commit

Permalink
fix: Handle ec2 instances public url seperately when extracting TLDs
Browse files Browse the repository at this point in the history
  • Loading branch information
KShivendu committed Sep 19, 2023
1 parent 7d0ca24 commit 077ff3b
Show file tree
Hide file tree
Showing 5 changed files with 98 additions and 2 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

- Uses `nest_asyncio` patch in event loop - sync to async
- Retry Querier request on `AsyncLibraryNotFoundError`
- Handle AWS Public URLs (ending with `.amazonaws.com`) separately while extracting TLDs for SameSite attribute.

## [0.16.0] - 2023-09-13

Expand Down
2 changes: 1 addition & 1 deletion supertokens_python/constants.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
from __future__ import annotations

SUPPORTED_CDI_VERSIONS = ["3.0"]
VERSION = "0.16.0"
VERSION = "0.16.1"
TELEMETRY = "/telemetry"
USER_COUNT = "/users/count"
USER_DELETE = "/user/remove"
Expand Down
5 changes: 5 additions & 0 deletions supertokens_python/utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -299,8 +299,13 @@ def get_top_level_domain_for_same_site_resolution(url: str) -> str:

if hostname.startswith("localhost") or is_an_ip_address(hostname):
return "localhost"

parsed_url: Any = extract(hostname, include_psl_private_domains=True)
if parsed_url.domain == "": # type: ignore
# We need to do this because of https://github.com/supertokens/supertokens-python/issues/394
if hostname.endswith(".amazonaws.com") and parsed_url.suffix == hostname:
return hostname

raise Exception(
"Please make sure that the apiDomain and websiteDomain have correct values"
)
Expand Down
64 changes: 64 additions & 0 deletions tests/test_config.py
Original file line number Diff line number Diff line change
Expand Up @@ -736,3 +736,67 @@ async def test_samesite_invalid_config():
)
else:
assert False, "Exception not raised"


@mark.asyncio
async def test_cookie_samesite_with_ec2_public_url():
start_st()
init(
supertokens_config=SupertokensConfig("http://localhost:3567"),
app_info=InputAppInfo(
app_name="SuperTokens Demo",
api_domain="https://ec2-xx-yyy-zzz-0.compute-1.amazonaws.com:3001",
website_domain="https://blog.supertokens.com",
api_base_path="/",
),
framework="fastapi",
recipe_list=[
session.init(get_token_transfer_method=lambda _, __, ___: "cookie")
],
)

# domain name isn't provided so browser decides to use the same host
# which will be ec2-xx-yyy-zzz-0.compute-1.amazonaws.com
assert SessionRecipe.get_instance().config.cookie_domain is None
assert SessionRecipe.get_instance().config.cookie_same_site == "none"
assert SessionRecipe.get_instance().config.cookie_secure is True

reset()

init(
supertokens_config=SupertokensConfig("http://localhost:3567"),
app_info=InputAppInfo(
app_name="SuperTokens Demo",
api_domain="http://ec2-xx-yyy-zzz-0.compute-1.amazonaws.com:3001",
website_domain="http://ec2-aa-bbb-ccc-0.compute-1.amazonaws.com:3000",
api_base_path="/",
),
framework="fastapi",
recipe_list=[
session.init(get_token_transfer_method=lambda _, __, ___: "cookie")
],
)

assert SessionRecipe.get_instance().config.cookie_domain is None
assert SessionRecipe.get_instance().config.cookie_same_site == "none"
assert SessionRecipe.get_instance().config.cookie_secure is False

reset()

init(
supertokens_config=SupertokensConfig("http://localhost:3567"),
app_info=InputAppInfo(
app_name="SuperTokens Demo",
api_domain="http://ec2-xx-yyy-zzz-0.compute-1.amazonaws.com:3001",
website_domain="http://ec2-xx-yyy-zzz-0.compute-1.amazonaws.com:3000",
api_base_path="/",
),
framework="fastapi",
recipe_list=[
session.init(get_token_transfer_method=lambda _, __, ___: "cookie")
],
)

assert SessionRecipe.get_instance().config.cookie_domain is None
assert SessionRecipe.get_instance().config.cookie_same_site == "lax"
assert SessionRecipe.get_instance().config.cookie_secure is False
28 changes: 27 additions & 1 deletion tests/test_utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,11 @@
import pytest
import threading

from supertokens_python.utils import humanize_time, is_version_gte
from supertokens_python.utils import (
humanize_time,
is_version_gte,
get_top_level_domain_for_same_site_resolution,
)
from supertokens_python.utils import RWMutex

from tests.utils import is_subset
Expand Down Expand Up @@ -171,3 +175,25 @@ def balance_is_valid():
expected_balance -= 10 * 5 # 10 threads withdrawing 5 each
actual_balance, _ = account.get_stats()
assert actual_balance == expected_balance, "Incorrect account balance"


@pytest.mark.parametrize(
"url,res",
[
("http://localhost:3001", "localhost"),
(
"https://ec2-xx-yyy-zzz-0.compute-1.amazonaws.com",
"ec2-xx-yyy-zzz-0.compute-1.amazonaws.com",
),
(
"https://foo.vercel.com",
"vercel.com",
),
(
"https://blog.supertokens.com",
"supertokens.com",
),
],
)
def test_tld_for_same_site(url: str, res: str):
assert get_top_level_domain_for_same_site_resolution(url) == res

0 comments on commit 077ff3b

Please sign in to comment.