Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Handle AWS public urls separately when extracting TLDs #447

Closed
wants to merge 15 commits into from
Closed
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -8,6 +8,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [unreleased]

## [0.16.1] - 2023-09-19

- Uses `nest_asyncio` patch in event loop - sync to async
- Retry Querier request on `AsyncLibraryNotFoundError`
- Handle AWS Public URLs (ending with `.amazonaws.com`) separately while extracting TLDs for SameSite attribute.

## [0.16.0] - 2023-09-13

@@ -535,6 +540,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
}
```

## [0.14.10] - 2023-09-31

- Uses nest_asyncio patch in event loop - sync to async

## [0.14.9] - 2023-09-28

- Add logic to retry network calls if the core returns status 429

## [0.14.8] - 2023-07-07
## Fixes

6 changes: 0 additions & 6 deletions addDevTag
Original file line number Diff line number Diff line change
@@ -1,11 +1,5 @@
#!/bin/bash

# check if we need to merge master into this branch------------
if [[ $(git log origin/master ^HEAD) ]]; then
echo "You need to merge master into this branch. Exiting"
exit 1
fi

# get version------------
version=`cat setup.py | grep -e 'version='`
while IFS='"' read -ra ADDR; do
2 changes: 1 addition & 1 deletion html/supertokens_python/constants.html
Original file line number Diff line number Diff line change
@@ -87,4 +87,4 @@ <h2>Index</h2>
<p>Generated by <a href="https://pdoc3.github.io/pdoc" title="pdoc: Python API documentation generator"><cite>pdoc</cite> 0.10.0</a>.</p>
</footer>
</body>
</html>
</html>
3 changes: 2 additions & 1 deletion setup.py
Original file line number Diff line number Diff line change
@@ -70,7 +70,7 @@

setup(
name="supertokens_python",
version="0.16.0",
version="0.16.1",
author="SuperTokens",
license="Apache 2.0",
author_email="team@supertokens.com",
@@ -112,6 +112,7 @@
"twilio==7.9.1",
"aiosmtplib==1.1.6",
"pkce==1.0.3",
"nest-asyncio==1.5.1",
],
python_requires=">=3.7",
include_package_data=True,
2 changes: 2 additions & 0 deletions supertokens_python/async_to_sync_wrapper.py
Original file line number Diff line number Diff line change
@@ -12,6 +12,7 @@
# License for the specific language governing permissions and limitations
# under the License.

import nest_asyncio # type: ignore
import asyncio
from typing import Any, Coroutine, TypeVar

@@ -24,6 +25,7 @@ def check_event_loop():
except RuntimeError as ex:
if "There is no current event loop in thread" in str(ex):
loop = asyncio.new_event_loop()
nest_asyncio.apply(loop) # type: ignore
asyncio.set_event_loop(loop)


2 changes: 1 addition & 1 deletion supertokens_python/constants.py
Original file line number Diff line number Diff line change
@@ -14,7 +14,7 @@
from __future__ import annotations

SUPPORTED_CDI_VERSIONS = ["3.0"]
VERSION = "0.16.0"
VERSION = "0.16.1"
TELEMETRY = "/telemetry"
USER_COUNT = "/users/count"
USER_DELETE = "/user/remove"
5 changes: 5 additions & 0 deletions supertokens_python/utils.py
Original file line number Diff line number Diff line change
@@ -299,8 +299,13 @@ def get_top_level_domain_for_same_site_resolution(url: str) -> str:

if hostname.startswith("localhost") or is_an_ip_address(hostname):
return "localhost"

parsed_url: Any = extract(hostname, include_psl_private_domains=True)
if parsed_url.domain == "": # type: ignore
# We need to do this because of https://github.com/supertokens/supertokens-python/issues/394
if hostname.endswith(".amazonaws.com") and parsed_url.suffix == hostname:
return hostname
rishabhpoddar marked this conversation as resolved.
Show resolved Hide resolved

raise Exception(
"Please make sure that the apiDomain and websiteDomain have correct values"
)
64 changes: 64 additions & 0 deletions tests/test_config.py
Original file line number Diff line number Diff line change
@@ -736,3 +736,67 @@ async def test_samesite_invalid_config():
)
else:
assert False, "Exception not raised"


@mark.asyncio
async def test_cookie_samesite_with_ec2_public_url():
start_st()
init(
supertokens_config=SupertokensConfig("http://localhost:3567"),
app_info=InputAppInfo(
app_name="SuperTokens Demo",
api_domain="https://ec2-xx-yyy-zzz-0.compute-1.amazonaws.com:3001",
website_domain="https://blog.supertokens.com",
api_base_path="/",
),
framework="fastapi",
recipe_list=[
session.init(get_token_transfer_method=lambda _, __, ___: "cookie")
],
)

# domain name isn't provided so browser decides to use the same host
# which will be ec2-xx-yyy-zzz-0.compute-1.amazonaws.com
assert SessionRecipe.get_instance().config.cookie_domain is None
assert SessionRecipe.get_instance().config.cookie_same_site == "none"
assert SessionRecipe.get_instance().config.cookie_secure is True

reset()

init(
supertokens_config=SupertokensConfig("http://localhost:3567"),
app_info=InputAppInfo(
app_name="SuperTokens Demo",
api_domain="http://ec2-xx-yyy-zzz-0.compute-1.amazonaws.com:3001",
website_domain="http://ec2-aa-bbb-ccc-0.compute-1.amazonaws.com:3000",
api_base_path="/",
),
framework="fastapi",
recipe_list=[
session.init(get_token_transfer_method=lambda _, __, ___: "cookie")
],
)

assert SessionRecipe.get_instance().config.cookie_domain is None
assert SessionRecipe.get_instance().config.cookie_same_site == "none"
assert SessionRecipe.get_instance().config.cookie_secure is False

reset()

init(
supertokens_config=SupertokensConfig("http://localhost:3567"),
app_info=InputAppInfo(
app_name="SuperTokens Demo",
api_domain="http://ec2-xx-yyy-zzz-0.compute-1.amazonaws.com:3001",
website_domain="http://ec2-xx-yyy-zzz-0.compute-1.amazonaws.com:3000",
api_base_path="/",
),
framework="fastapi",
recipe_list=[
session.init(get_token_transfer_method=lambda _, __, ___: "cookie")
],
)

assert SessionRecipe.get_instance().config.cookie_domain is None
assert SessionRecipe.get_instance().config.cookie_same_site == "lax"
assert SessionRecipe.get_instance().config.cookie_secure is False
28 changes: 27 additions & 1 deletion tests/test_utils.py
Original file line number Diff line number Diff line change
@@ -3,7 +3,11 @@
import pytest
import threading

from supertokens_python.utils import humanize_time, is_version_gte
from supertokens_python.utils import (
humanize_time,
is_version_gte,
get_top_level_domain_for_same_site_resolution,
)
from supertokens_python.utils import RWMutex

from tests.utils import is_subset
@@ -171,3 +175,25 @@ def balance_is_valid():
expected_balance -= 10 * 5 # 10 threads withdrawing 5 each
actual_balance, _ = account.get_stats()
assert actual_balance == expected_balance, "Incorrect account balance"


@pytest.mark.parametrize(
"url,res",
[
("http://localhost:3001", "localhost"),
(
"https://ec2-xx-yyy-zzz-0.compute-1.amazonaws.com",
"ec2-xx-yyy-zzz-0.compute-1.amazonaws.com",
),
(
"https://foo.vercel.com",
"vercel.com",
),
(
"https://blog.supertokens.com",
"supertokens.com",
),
],
)
def test_tld_for_same_site(url: str, res: str):
assert get_top_level_domain_for_same_site_resolution(url) == res