From 9acb62fd1a12adf0efa96dbd505349522ddc2f11 Mon Sep 17 00:00:00 2001 From: Dominik Remo <47261058+DominikRemo@users.noreply.github.com> Date: Thu, 14 Sep 2023 10:58:13 +0200 Subject: [PATCH] Development: Disable secure cookies for local testing with dev profile (#7162) --- .../tum/in/www1/artemis/security/jwt/JWTCookieService.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/main/java/de/tum/in/www1/artemis/security/jwt/JWTCookieService.java b/src/main/java/de/tum/in/www1/artemis/security/jwt/JWTCookieService.java index f16565a28e9f..bc58f81579c9 100644 --- a/src/main/java/de/tum/in/www1/artemis/security/jwt/JWTCookieService.java +++ b/src/main/java/de/tum/in/www1/artemis/security/jwt/JWTCookieService.java @@ -17,6 +17,8 @@ public class JWTCookieService { private static final String CYPRESS_PROFILE = "cypress"; + private static final String DEVELOPMENT_PROFILE = "dev"; + private final TokenProvider tokenProvider; private final Environment environment; @@ -56,12 +58,13 @@ public ResponseCookie buildLogoutCookie() { */ private ResponseCookie buildJWTCookie(String jwt, Duration duration) { + // TODO - Remove cypress workaround once cypress uses https and find a better solution for testing locally in Safari Collection activeProfiles = Arrays.asList(environment.getActiveProfiles()); - boolean isCypress = activeProfiles.contains(CYPRESS_PROFILE); + boolean isSecure = !activeProfiles.contains(CYPRESS_PROFILE) && !activeProfiles.contains(DEVELOPMENT_PROFILE); return ResponseCookie.from(JWT_COOKIE_NAME, jwt).httpOnly(true) // Must be httpOnly .sameSite("Lax") // Must be Lax to allow navigation links to Artemis to work - .secure(!isCypress) // Must be secure - TODO - Remove cypress workaround once cypress uses https + .secure(isSecure) // Must be secure .path("/") // Must be "/" to be sent in ALL request .maxAge(duration) // Duration should match the duration of the jwt .build(); // Build cookie