fix: unaligned types in session recipe

supertokens · Nov 14, 2023 · 29f92dc · 29f92dc
1 parent 4fd944c
commit 29f92dc
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 14 deletions.
diff --git a/supertokens_python/recipe/session/cookie_and_header.py b/supertokens_python/recipe/session/cookie_and_header.py
@@ -18,8 +18,6 @@
 
 from typing_extensions import Literal
 
-from django import conf
-
 from .constants import (
     ACCESS_CONTROL_EXPOSE_HEADERS,
     ACCESS_TOKEN_COOKIE_KEY,
@@ -117,8 +115,7 @@ def _set_cookie(
 ):
     domain = config.cookie_domain
     secure = config.cookie_secure
-    same_site = config.cookie_same_site  # TODO: this will become a function
-    # same_site = config.get_cookie_same_site(request, user_context)
+    same_site = config.get_cookie_same_site(request, user_context)
     path = ""
     if path_type == "refresh_token_path":
         path = config.refresh_token_path.get_as_string_dangerous()
@@ -143,11 +140,13 @@ def set_cookie_response_mutator(
     value: str,
     expires: int,
     path_type: Literal["refresh_token_path", "access_token_path"],
+    request: BaseRequest,
+    user_context: Dict[str, Any],
 ):
     def mutator(
         response: BaseResponse,
     ):
-        return _set_cookie(response, config, key, value, expires, path_type)
+        return _set_cookie(response, config, key, value, expires, path_type, request, user_context)
 
     return mutator
 
@@ -301,6 +300,8 @@ def token_response_mutator(
     value: str,
     expires: int,
     transfer_method: TokenTransferMethod,
+    request: BaseRequest,
+    user_context: Dict[str, Any],
 ):
     def mutator(response: BaseResponse):
         _set_token(
@@ -310,6 +311,8 @@ def mutator(response: BaseResponse):
             value,
             expires,
             transfer_method,
+            request,
+            user_context
         )
 
     return mutator
@@ -374,4 +377,6 @@ def _set_access_token_in_response(
             access_token,
             get_timestamp_ms() + HUNDRED_YEARS_IN_MS,
             "header",
+            request,
+            user_context
         )
diff --git a/supertokens_python/recipe/session/recipe.py b/supertokens_python/recipe/session/recipe.py
@@ -112,15 +112,15 @@ def __init__(
             None,
             override.openid_feature if override is not None else None,
         )
-        log_debug_message("session init: anti_csrf: %s", self.config.anti_csrf)
+        log_debug_message("session init: anti_csrf: %s", self.config.anti_csrf_function_or_string)
         if self.config.cookie_domain is not None:
             log_debug_message(
                 "session init: cookie_domain: %s", self.config.cookie_domain
             )
         else:
             log_debug_message("session init: cookie_domain: None")
         log_debug_message(
-            "session init: cookie_same_site: %s", self.config.cookie_same_site
+            "session init: cookie_same_site: %s", self.config.get_cookie_same_site
         )
         log_debug_message(
             "session init: cookie_secure: %s", str(self.config.cookie_secure)

diff --git a/supertokens_python/recipe/session/recipe_implementation.py b/supertokens_python/recipe/session/recipe_implementation.py
@@ -183,7 +183,7 @@ async def get_session(
     ) -> Optional[SessionContainer]:
         if (
             anti_csrf_check is not False
-            and self.config.anti_csrf == "VIA_CUSTOM_HEADER"
+            and self.config.anti_csrf_function_or_string == "VIA_CUSTOM_HEADER" # TODO: add case when this is a function
         ):
             raise Exception(
                 "Since the anti-csrf mode is VIA_CUSTOM_HEADER getSession can't check the CSRF token. Please either use VIA_TOKEN or set anti_csrf_check to false"
@@ -282,7 +282,7 @@ async def refresh_session(
     ) -> SessionContainer:
         if (
             disable_anti_csrf is not True
-            and self.config.anti_csrf == "VIA_CUSTOM_HEADER"
+            and self.config.anti_csrf_function_or_string == "VIA_CUSTOM_HEADER"  # TODO: this can be a function
         ):
             raise Exception(
                 "Since the anti-csrf mode is VIA_CUSTOM_HEADER getSession can't check the CSRF token. Please either use VIA_TOKEN or set antiCsrfCheck to false"

diff --git a/supertokens_python/recipe/session/session_class.py b/supertokens_python/recipe/session/session_class.py
@@ -56,7 +56,7 @@ async def attach_to_request_response(
                     self.front_token,
                     self.config,
                     transfer_method,
-                    self.req_res_info.request,
+                    request,
                     user_context
                 )
             )
@@ -68,6 +68,8 @@ async def attach_to_request_response(
                         self.refresh_token.token,
                         self.refresh_token.expiry,
                         transfer_method,
+                        request,
+                        user_context
                     )
                 )
             if self.anti_csrf_token is not None:

diff --git a/supertokens_python/recipe/session/session_request_functions.py b/supertokens_python/recipe/session/session_request_functions.py
@@ -157,8 +157,10 @@ async def get_session_from_request(
     if request_access_token is None:
         do_anti_csrf_check = False
 
-    if do_anti_csrf_check and config.anti_csrf == "VIA_CUSTOM_HEADER":
-        if config.anti_csrf == "VIA_CUSTOM_HEADER":
+    #  TODO: anti_csrf can be a function
+
+    if do_anti_csrf_check and config.anti_csrf_function_or_string == "VIA_CUSTOM_HEADER":
+        if config.anti_csrf_function_or_string == "VIA_CUSTOM_HEADER":
             if get_rid_from_header(request) is None:
                 log_debug_message(
                     "getSession: Returning TRY_REFRESH_TOKEN because custom header (rid) was not passed"
@@ -262,7 +264,7 @@ async def create_new_session_in_request(
 
     if (
         output_transfer_method == "cookie"
-        and config.cookie_same_site == "none"
+        and config.get_cookie_same_site(request, user_context) == "none"
         and not config.cookie_secure
         and not (
             (
@@ -377,6 +379,8 @@ async def refresh_session_in_request(
                     "",
                     0,
                     "access_token_path",
+                    request,
+                    user_context
                 )
             )
 
@@ -394,7 +398,7 @@ async def refresh_session_in_request(
     disable_anti_csrf = request_transfer_method == "header"
     anti_csrf_token = get_anti_csrf_header(request)
 
-    if config.anti_csrf == "VIA_CUSTOM_HEADER" and not disable_anti_csrf:
+    if config.anti_csrf_function_or_string == "VIA_CUSTOM_HEADER" and not disable_anti_csrf: #TODO: can be function
         if get_rid_from_header(request) is None:
             log_debug_message(
                 "refreshSession: Returning UNAUTHORISED because anti-csrf token is undefined"
@@ -428,6 +432,8 @@ async def refresh_session_in_request(
                         "",
                         0,
                         "access_token_path",
+                        request,
+                        user_context
                     )
                 )
 
@@ -462,6 +468,8 @@ async def refresh_session_in_request(
                 "",
                 0,
                 "access_token_path",
+                request,
+                user_context
             )
         )