feat: client to delete spcp cookie (#2328)

* feat: client to delete cookie * chore: add env var for old domain name * doc: add comment * chore: add oldSpcpCookieDomain to environment * fix: undefined cookieName
opengovsg · Jul 8, 2021 · 360ac2a · 360ac2a
1 parent a5e719f
commit 360ac2a
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 1 deletion.
diff --git a/src/app/config/features/spcp-myinfo.config.ts b/src/app/config/features/spcp-myinfo.config.ts
@@ -11,6 +11,7 @@ type ISpcpConfig = {
   spCookieMaxAge: number
   spCookieMaxAgePreserved: number
   spcpCookieDomain: string
+  oldSpcpCookieDomain: string // TODO (#2329): To remove after old cookies have expired
   cpCookieMaxAge: number
   spIdpId: string
   cpIdpId: string
@@ -76,6 +77,13 @@ const spcpMyInfoSchema: Schema<ISpcpMyInfo> = {
     default: '',
     env: 'SPCP_COOKIE_DOMAIN',
   },
+  oldSpcpCookieDomain: {
+    // TODO (#2329): To remove after old cookies have expired
+    doc: 'Old domain name set on cookie that holds the SPCP jwt',
+    format: String,
+    default: '',
+    env: 'OLD_SPCP_COOKIE_DOMAIN',
+  },
   cpCookieMaxAge: {
     doc: 'Max CorpPass cookie age',
     format: 'int',

diff --git a/src/app/loaders/express/locals.ts b/src/app/loaders/express/locals.ts
@@ -20,6 +20,7 @@ const frontendVars = {
   isCPMaintenance: spcpMyInfoConfig.isCPMaintenance, // Corppass maintenance message
   GATrackingID: googleAnalyticsConfig.GATrackingID,
   spcpCookieDomain: spcpMyInfoConfig.spcpCookieDomain, // Cookie domain used for removing spcp cookies
+  oldSpcpCookieDomain: spcpMyInfoConfig.oldSpcpCookieDomain, // Old cookie domain used for backward compatibility. TODO (#2329): Delete env var
 }
 const environment = ejs.render(
   `
@@ -42,6 +43,8 @@ const environment = ejs.render(
     var formsgSdkMode = "<%= formsgSdkMode%>"
     // SPCP Cookie
     var spcpCookieDomain = "<%= spcpCookieDomain%>"
+    // Old SPCP Cookie
+    var oldSpcpCookieDomain = "<%= oldSpcpCookieDomain%>"
   `,
   frontendVars,
 )

diff --git a/src/public/modules/forms/services/spcp-session.client.factory.js b/src/public/modules/forms/services/spcp-session.client.factory.js
@@ -16,7 +16,6 @@ angular
 function SpcpSession($interval, $q, Toastr, $window, $cookies) {
   let session = {
     userName: null,
-    cookieName: null,
     rememberMe: null,
     issuedAt: null,
     cookieNames: {
@@ -41,6 +40,13 @@ function SpcpSession($interval, $q, Toastr, $window, $cookies) {
       session.userName = undefined
     },
     logout: function (authType) {
+      $cookies.remove(
+        // TODO (#2329): To remove after old cookies have expired
+        session.cookieNames[authType],
+        $window.oldSpcpCookieDomain
+          ? { domain: $window.oldSpcpCookieDomain }
+          : {},
+      )
       $q.when(PublicFormAuthService.logoutOfSpcpSession(authType))
         .then(() => {
           $cookies.put('isJustLogOut', true)