From d6944ce93bb684e8d2f2854cfb1efe10c13f0559 Mon Sep 17 00:00:00 2001 From: KShivendu Date: Tue, 19 Sep 2023 13:08:52 +0530 Subject: [PATCH] fix: AWS Public URLs tld extract --- CHANGELOG.md | 3 ++ setup.py | 2 +- supertokens_python/constants.py | 2 +- supertokens_python/utils.py | 5 +++ tests/test_config.py | 64 +++++++++++++++++++++++++++++++++ tests/test_utils.py | 28 ++++++++++++++- 6 files changed, 101 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3e4aa70f2..13fe645fd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [unreleased] +## [0.16.1] - 2023-09-19 +- Handle AWS Public URLs (ending with `.amazonaws.com`) separately while extracting TLDs for SameSite attribute. + ## [0.16.0] - 2023-09-13 diff --git a/setup.py b/setup.py index ca2400964..2b13aff2e 100644 --- a/setup.py +++ b/setup.py @@ -70,7 +70,7 @@ setup( name="supertokens_python", - version="0.16.0", + version="0.16.1", author="SuperTokens", license="Apache 2.0", author_email="team@supertokens.com", diff --git a/supertokens_python/constants.py b/supertokens_python/constants.py index 075ff9309..292277329 100644 --- a/supertokens_python/constants.py +++ b/supertokens_python/constants.py @@ -14,7 +14,7 @@ from __future__ import annotations SUPPORTED_CDI_VERSIONS = ["3.0"] -VERSION = "0.16.0" +VERSION = "0.16.1" TELEMETRY = "/telemetry" USER_COUNT = "/users/count" USER_DELETE = "/user/remove" diff --git a/supertokens_python/utils.py b/supertokens_python/utils.py index a79d182c1..1b8afd85b 100644 --- a/supertokens_python/utils.py +++ b/supertokens_python/utils.py @@ -299,8 +299,13 @@ def get_top_level_domain_for_same_site_resolution(url: str) -> str: if hostname.startswith("localhost") or is_an_ip_address(hostname): return "localhost" + parsed_url: Any = extract(hostname, include_psl_private_domains=True) if parsed_url.domain == "": # type: ignore + # We need to do this because of https://github.com/supertokens/supertokens-python/issues/394 + if hostname.endswith(".amazonaws.com") and parsed_url.suffix == hostname: + return hostname + raise Exception( "Please make sure that the apiDomain and websiteDomain have correct values" ) diff --git a/tests/test_config.py b/tests/test_config.py index 521827f99..2df57fe59 100644 --- a/tests/test_config.py +++ b/tests/test_config.py @@ -736,3 +736,67 @@ async def test_samesite_invalid_config(): ) else: assert False, "Exception not raised" + + +@mark.asyncio +async def test_cookie_samesite_with_ec2_public_url(): + start_st() + init( + supertokens_config=SupertokensConfig("http://localhost:3567"), + app_info=InputAppInfo( + app_name="SuperTokens Demo", + api_domain="https://ec2-xx-yyy-zzz-0.compute-1.amazonaws.com:3001", + website_domain="https://blog.supertokens.com", + api_base_path="/", + ), + framework="fastapi", + recipe_list=[ + session.init(get_token_transfer_method=lambda _, __, ___: "cookie") + ], + ) + + # domain name isn't provided so browser decides to use the same host + # which will be ec2-xx-yyy-zzz-0.compute-1.amazonaws.com + assert SessionRecipe.get_instance().config.cookie_domain is None + assert SessionRecipe.get_instance().config.cookie_same_site == "none" + assert SessionRecipe.get_instance().config.cookie_secure is True + + reset() + + init( + supertokens_config=SupertokensConfig("http://localhost:3567"), + app_info=InputAppInfo( + app_name="SuperTokens Demo", + api_domain="http://ec2-xx-yyy-zzz-0.compute-1.amazonaws.com:3001", + website_domain="http://ec2-aa-bbb-ccc-0.compute-1.amazonaws.com:3000", + api_base_path="/", + ), + framework="fastapi", + recipe_list=[ + session.init(get_token_transfer_method=lambda _, __, ___: "cookie") + ], + ) + + assert SessionRecipe.get_instance().config.cookie_domain is None + assert SessionRecipe.get_instance().config.cookie_same_site == "none" + assert SessionRecipe.get_instance().config.cookie_secure is False + + reset() + + init( + supertokens_config=SupertokensConfig("http://localhost:3567"), + app_info=InputAppInfo( + app_name="SuperTokens Demo", + api_domain="http://ec2-xx-yyy-zzz-0.compute-1.amazonaws.com:3001", + website_domain="http://ec2-xx-yyy-zzz-0.compute-1.amazonaws.com:3000", + api_base_path="/", + ), + framework="fastapi", + recipe_list=[ + session.init(get_token_transfer_method=lambda _, __, ___: "cookie") + ], + ) + + assert SessionRecipe.get_instance().config.cookie_domain is None + assert SessionRecipe.get_instance().config.cookie_same_site == "lax" + assert SessionRecipe.get_instance().config.cookie_secure is False diff --git a/tests/test_utils.py b/tests/test_utils.py index 28b822539..db41552d2 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -3,7 +3,11 @@ import pytest import threading -from supertokens_python.utils import humanize_time, is_version_gte +from supertokens_python.utils import ( + humanize_time, + is_version_gte, + get_top_level_domain_for_same_site_resolution, +) from supertokens_python.utils import RWMutex from tests.utils import is_subset @@ -171,3 +175,25 @@ def balance_is_valid(): expected_balance -= 10 * 5 # 10 threads withdrawing 5 each actual_balance, _ = account.get_stats() assert actual_balance == expected_balance, "Incorrect account balance" + + +@pytest.mark.parametrize( + "url,res", + [ + ("http://localhost:3001", "localhost"), + ( + "https://ec2-xx-yyy-zzz-0.compute-1.amazonaws.com", + "ec2-xx-yyy-zzz-0.compute-1.amazonaws.com", + ), + ( + "https://foo.vercel.com", + "vercel.com", + ), + ( + "https://blog.supertokens.com", + "supertokens.com", + ), + ], +) +def test_tld_for_same_site(url: str, res: str): + assert get_top_level_domain_for_same_site_resolution(url) == res