Skip to content

Commit

Permalink
Use fancy sids, not silly sids, by default.
Browse files Browse the repository at this point in the history
  • Loading branch information
kajmagnus committed Dec 1, 2021
1 parent 657ee5b commit b071291
Show file tree
Hide file tree
Showing 5 changed files with 11 additions and 16 deletions.
6 changes: 2 additions & 4 deletions appsv/server/ed/server/http/PlainApiActions.scala
Original file line number Diff line number Diff line change
Expand Up @@ -549,10 +549,8 @@ class PlainApiActions(
// Part 4 HttpOnly is required, but is missing. Dupl code [btr_sid_part_4]
assert(anyTySession.isDefined, "TyE04MWG245")
assert(anyTySession.get.part4Absent, "TyE04MWG246")
val tryFancySid = site.isFeatureEnabled("ffTryNewSid", globals.config.featureFlags)
val onlyFancySid = site.isFeatureEnabled("ffUseNewSid", globals.config.featureFlags)
val doUseFancySid = onlyFancySid || tryFancySid
if (doUseFancySid) {
val useOldSid = site.isFeatureEnabled("ffUseOldSid", globals.config.featureFlags)
if (!useOldSid) {
throwForbidden("TyEWEAKSID_",
s"Please log out and log in, to get a complete session id — \n" +
s"this endpoint, ${request.path}, requires the HttpOnly part of the session id")
Expand Down
6 changes: 2 additions & 4 deletions appsv/server/ed/server/pubsub/SubscriberController.scala
Original file line number Diff line number Diff line change
Expand Up @@ -162,10 +162,8 @@ class SubscriberController @Inject()(cc: ControllerComponents, tyCtx: EdContext)
// maybe reconsider, and e.g. allow live updates of embedded comments.
if (anyTySession.exists(_.part4Absent)) {
// Dupl code [btr_sid_part_4]
val tryFancySid = site.isFeatureEnabled("ffTryNewSid", globals.config.featureFlags)
val onlyFancySid = site.isFeatureEnabled("ffUseNewSid", globals.config.featureFlags)
val doUseFancySid = onlyFancySid || tryFancySid
if (doUseFancySid) {
val useOldSid = site.isFeatureEnabled("ffUseOldSid", globals.config.featureFlags)
if (!useOldSid) {
UNTESTED
throwForbidden("TyEWEAKSIDWS",
s"Please log out and log in, to get a complete session id — \n" +
Expand Down
10 changes: 4 additions & 6 deletions appsv/server/ed/server/security/package.scala
Original file line number Diff line number Diff line change
Expand Up @@ -788,8 +788,7 @@ class EdSecurity(globals: Globals) {
val site = req.site
val dao = req.dao

val tryFancySid = site.isFeatureEnabled("ffTryNewSid", globals.config.featureFlags)
val useFancySid = site.isFeatureEnabled("ffUseNewSid", globals.config.featureFlags)
val useOldSid = site.isFeatureEnabled("ffUseOldSid", globals.config.featureFlags)

val ppt = dao.getParticipant(userId)
throwForbiddenIf(ppt.exists(_.isGroup), "TyELGIGRP", "Cannot login as a group") // [imp-groups]
Expand All @@ -804,7 +803,7 @@ class EdSecurity(globals: Globals) {
// New better sid [btr_sid]
// ----------------------------------------

if (tryFancySid || useFancySid) {
if (!useOldSid) {
val (newSidCookies, session) = genAndSaveFancySid(req, patId = userId,
expireIdleAfterSecs = expireIdleAfterSecs, dao.now(),
dao.asInstanceOf[SessionSiteDaoMixin])
Expand Down Expand Up @@ -931,10 +930,9 @@ class EdSecurity(globals: Globals) {

val hasFancySid = anyFancySidPart12Maybe3.isDefined || anyFancySidPart4.isDefined ||
anyFancySidPart5.isDefined
val useOnlyFancySid = site.isFeatureEnabled("ffUseNewSid", globals.config.featureFlags)
val tryFancySid = site.isFeatureEnabled("ffTryNewSid", globals.config.featureFlags)
val useOldSid = site.isFeatureEnabled("ffUseOldSid", globals.config.featureFlags)

if (useOnlyFancySid || (tryFancySid && hasFancySid)) {
if (!useOldSid) {
var result = checkFancySessionId(anyPart12Maybe3 = anyFancySidPart12Maybe3,
anyPart4 = anyFancySidPart4, anyPart5 = anyFancySidPart5,
dao, now, expireIdleAfterMillis = expireIdleAfterMillis)
Expand Down
2 changes: 1 addition & 1 deletion client/app-slim/Server.ts
Original file line number Diff line number Diff line change
Expand Up @@ -1159,7 +1159,7 @@ export function loginWithOneTimeSecret(oneTimeLoginSecret: string,
export function getCurSid12Maybe3(): St | N { // [ts_authn_modl]
const store: Store = debiki2.ReactStore.allData();
const cookieName =
debiki2.store_isFeatFlagOn(store, 'ffUseNewSid') ? 'TyCoSid123' : 'dwCoSid';
!debiki2.store_isFeatFlagOn(store, 'ffUseOldSid') ? 'TyCoSid123' : 'dwCoSid';
let sid = getSetCookie(cookieName);
if (!sid) {
// Cannot use store.me.mySidPart1 — we might not yet have loaded
Expand Down
3 changes: 2 additions & 1 deletion client/app-slim/start-page.ts
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,8 @@ function handleLoginInOtherBrowserTab() {

// New style session id: [btr_sid]
// ------------------------------------------
if (debiki2.store_isFeatFlagOn(store, 'ffUseNewSid')) {
const useNewSid = !debiki2.store_isFeatFlagOn(store, 'ffUseOldSid');
if (useNewSid) {
const sidParts123 = debiki2.Server.getCurSid12Maybe3();
const stillTheSameSid = sidParts123
? me.mySidPart1 && sidParts123.startsWith(me.mySidPart1)
Expand Down

0 comments on commit b071291

Please # to comment.