Honour cookie domain when custom sso is enabled

This commit is contained in:
Rory Powell 2021-10-06 16:50:15 +01:00
parent d10fe0f770
commit 322ef42713
2 changed files with 10 additions and 3 deletions

View File

@ -41,13 +41,19 @@ async function authInternal(ctx, user, err = null, info = null) {
return ctx.throw(403, info ? info : "Unauthorized") return ctx.throw(403, info ? info : "Unauthorized")
} }
// just store the user ID const config = {
ctx.cookies.set(Cookies.Auth, user.token, {
expires, expires,
path: "/", path: "/",
httpOnly: false, httpOnly: false,
overwrite: true, overwrite: true,
}) }
if (env.COOKIE_DOMAIN) {
config.domain = env.COOKIE_DOMAIN
}
// just store the user ID
ctx.cookies.set(Cookies.Auth, user.token, config)
} }
exports.authenticate = async (ctx, next) => { exports.authenticate = async (ctx, next) => {

View File

@ -41,6 +41,7 @@ module.exports = {
SMTP_PORT: process.env.SMTP_PORT, SMTP_PORT: process.env.SMTP_PORT,
SMTP_FROM_ADDRESS: process.env.SMTP_FROM_ADDRESS, SMTP_FROM_ADDRESS: process.env.SMTP_FROM_ADDRESS,
PLATFORM_URL: process.env.PLATFORM_URL, PLATFORM_URL: process.env.PLATFORM_URL,
COOKIE_DOMAIN: process.env.COOKIE_DOMAIN,
_set(key, value) { _set(key, value) {
process.env[key] = value process.env[key] = value
module.exports[key] = value module.exports[key] = value