Add MO Fortify cookie fixes (#1317)

* Add MO Fortify cookie fixes * Fix lint issue * Update yarn-audit-known-issues * Update yarn-audit-known-issues * enabling fortify scan to test if the stage passes * Use released node lib version --------- Co-authored-by: Kasi Subramaniam <singlekasi@gmail.com> Co-authored-by: Andy Wilkins <49269487+andywilkinshmcts@users.noreply.github.com>
hmcts · Dec 18, 2024 · ccb84a8 · ccb84a8
1 parent cf74fcd
commit ccb84a8
Show file tree

Hide file tree

Showing 6 changed files with 196 additions and 31 deletions.
diff --git a/Jenkinsfile_CNP b/Jenkinsfile_CNP
@@ -59,6 +59,7 @@ withPipeline(type, product, component) {
     disableCleanupOfHelmReleaseOnFailure()
     enableSlackNotifications(channel)
     loadVaultSecrets(secrets)
+    enableFortifyScan('rpx-aat')
     enableAksStagingDeployment()
     syncBranchesWithMaster(branchesToSync)
 
@@ -197,5 +198,5 @@ withPipeline(type, product, component) {
             reportName           : 'AAT Functional Test'
         ])
     }
-    
+
 }
diff --git a/api/auth/index.ts b/api/auth/index.ts
@@ -1,5 +1,5 @@
 import { AUTH, AuthOptions, xuiNode } from '@hmcts/rpx-xui-node-lib';
-import { NextFunction, Request, Response } from 'express';
+import { CookieOptions, NextFunction, Request, Response } from 'express';
 import { getConfigValue, showFeature } from '../configuration';
 import {
   COOKIE_TOKEN,
@@ -37,8 +37,12 @@ export const successCallback = async (req: EnhancedRequest, res: Response, next:
   const { userinfo } = req.session.passport.user;
 
   logger.info('Setting session and cookies');
+  const cookieOptions: CookieOptions = {
+    sameSite: 'none',
+    secure: true
+  };
   // set browser cookie
-  res.cookie(getConfigValue(COOKIE_TOKEN), accessToken);
+  res.cookie(getConfigValue(COOKIE_TOKEN), accessToken, cookieOptions);
 
   if (!req.session.auth) {
     const auth = {
@@ -124,7 +128,9 @@ export const getXuiNodeMiddleware = () => {
     cookie: {
       httpOnly: true,
       maxAge: 1800000,
-      secure: showFeature(FEATURE_SECURE_COOKIE_ENABLED)
+      secure: showFeature(FEATURE_SECURE_COOKIE_ENABLED),
+      // set as 'lax' as problems with logging in when set to 'none'
+      sameSite: 'lax'
     },
     name: 'xui-mo-webapp',
     resave: false,

diff --git a/package.json b/package.json
@@ -83,7 +83,7 @@
     "@hmcts/nodejs-healthcheck": "1.7.0",
     "@hmcts/properties-volume": "0.0.13",
     "@hmcts/rpx-xui-common-lib": "2.0.31",
-    "@hmcts/rpx-xui-node-lib": "2.29.1",
+    "@hmcts/rpx-xui-node-lib": "2.29.7",
     "@ng-idle/core": "^14.0.0",
     "@ng-idle/keepalive": "^14.0.0",
     "@ngrx/effects": "^17.2.0",

diff --git a/test/java/build.gradle b/test/java/build.gradle
@@ -4,7 +4,7 @@ plugins {
 }
 
 sourceCompatibility = 11
-targetCompatibility = 11
+targetCompatibility = 17
 
 // tag::repositories[]
 repositories {

diff --git a/yarn-audit-known-issues b/yarn-audit-known-issues