From 98fc1ab51e9658e8837a412742a2305673010933 Mon Sep 17 00:00:00 2001 From: Pascal Precht Date: Thu, 18 Oct 2018 14:25:19 +0200 Subject: [PATCH] fix(cockpit/AppContainer): allow bootstrap with query params Cockpit allows for authentication via a `token` query parameter a la ``` http://localhost:8000/embark?token=xxxx-xxxx-xxxx-xxxx ``` So far, this was the only query parameter cockpit knew about, which is why the algorithm during bootstrap always assumed that, if we have query parameters, there has to be a `token` query parameter. However, since https://github.com/status-im/embark-area-51/commit/20831179fc116bb56224486844e20a172a2eafc9, this turns out to be a problem. The hashing algorithm for the request headers will throw, when `token` is not defined, which can be possible with future features that add new query parameters. This can be easily reproduced by bootstrapping/refreshing Cockpit using any arbitrary query string parameter that is not `token`. With this commit we ensure that we only perform query string authentication when a `token` parameter is available. --- embark-ui/src/containers/AppContainer.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/embark-ui/src/containers/AppContainer.js b/embark-ui/src/containers/AppContainer.js index 9ab22081..d5a47e02 100644 --- a/embark-ui/src/containers/AppContainer.js +++ b/embark-ui/src/containers/AppContainer.js @@ -30,10 +30,11 @@ class AppContainer extends Component { } queryStringAuthenticate() { - if (!this.props.location.search) { + const token = qs.parse(this.props.location.search, {ignoreQueryPrefix: true}).token; + + if (!token) { return; } - const token = qs.parse(this.props.location.search, {ignoreQueryPrefix: true}).token; const host = process.env.NODE_ENV === 'development' ? DEFAULT_HOST : window.location.host; if (token === this.props.credentials.token && this.props.credentials.host === host) { return;