set the domain for the token cookies w/ burnettk

This commit is contained in:
jasquat 2023-01-12 11:50:11 -05:00
parent 3cae7055a1
commit 9103118326
1 changed files with 9 additions and 4 deletions

View File

@ -2,6 +2,7 @@
import ast
import base64
import json
import re
from typing import Any
from typing import Dict
from typing import Optional
@ -177,16 +178,20 @@ def set_new_access_token_in_cookie(
It will also delete the cookies if the user has logged out.
"""
tld = current_app.config["THREAD_LOCAL_DATA"]
domain_for_frontend_cookie: Optional[str] = re.sub(r"^https?:\/\/", '', current_app.config['SPIFFWORKFLOW_FRONTEND_URL'])
if domain_for_frontend_cookie and domain_for_frontend_cookie.startswith('localhost'):
domain_for_frontend_cookie = None
if hasattr(tld, "new_access_token") and tld.new_access_token:
response.set_cookie("access_token", tld.new_access_token)
response.set_cookie("access_token", tld.new_access_token, domain=domain_for_frontend_cookie)
# id_token is required for logging out since this gets passed back to the openid server
if hasattr(tld, "new_id_token") and tld.new_id_token:
response.set_cookie("id_token", tld.new_id_token)
response.set_cookie("id_token", tld.new_id_token, domain=domain_for_frontend_cookie)
if hasattr(tld, "user_has_logged_out") and tld.user_has_logged_out:
response.set_cookie("id_token", "", max_age=0)
response.set_cookie("access_token", "", max_age=0)
response.set_cookie("id_token", "", max_age=0, domain=domain_for_frontend_cookie)
response.set_cookie("access_token", "", max_age=0, domain=domain_for_frontend_cookie)
_clear_auth_tokens_from_thread_local_data()