From 360ac2a233da3356efc553bd9b2db2a4143fb85d Mon Sep 17 00:00:00 2001 From: tshuli <63710093+tshuli@users.noreply.github.com> Date: Thu, 8 Jul 2021 09:56:20 +0800 Subject: [PATCH] feat: client to delete spcp cookie (#2328) * feat: client to delete cookie * chore: add env var for old domain name * doc: add comment * chore: add oldSpcpCookieDomain to environment * fix: undefined cookieName --- src/app/config/features/spcp-myinfo.config.ts | 8 ++++++++ src/app/loaders/express/locals.ts | 3 +++ .../modules/forms/services/spcp-session.client.factory.js | 8 +++++++- 3 files changed, 18 insertions(+), 1 deletion(-) diff --git a/src/app/config/features/spcp-myinfo.config.ts b/src/app/config/features/spcp-myinfo.config.ts index 9346b98779..bed662c9eb 100644 --- a/src/app/config/features/spcp-myinfo.config.ts +++ b/src/app/config/features/spcp-myinfo.config.ts @@ -11,6 +11,7 @@ type ISpcpConfig = { spCookieMaxAge: number spCookieMaxAgePreserved: number spcpCookieDomain: string + oldSpcpCookieDomain: string // TODO (#2329): To remove after old cookies have expired cpCookieMaxAge: number spIdpId: string cpIdpId: string @@ -76,6 +77,13 @@ const spcpMyInfoSchema: Schema = { default: '', env: 'SPCP_COOKIE_DOMAIN', }, + oldSpcpCookieDomain: { + // TODO (#2329): To remove after old cookies have expired + doc: 'Old domain name set on cookie that holds the SPCP jwt', + format: String, + default: '', + env: 'OLD_SPCP_COOKIE_DOMAIN', + }, cpCookieMaxAge: { doc: 'Max CorpPass cookie age', format: 'int', diff --git a/src/app/loaders/express/locals.ts b/src/app/loaders/express/locals.ts index cf01c5ddd3..2d1cb8addd 100644 --- a/src/app/loaders/express/locals.ts +++ b/src/app/loaders/express/locals.ts @@ -20,6 +20,7 @@ const frontendVars = { isCPMaintenance: spcpMyInfoConfig.isCPMaintenance, // Corppass maintenance message GATrackingID: googleAnalyticsConfig.GATrackingID, spcpCookieDomain: spcpMyInfoConfig.spcpCookieDomain, // Cookie domain used for removing spcp cookies + oldSpcpCookieDomain: spcpMyInfoConfig.oldSpcpCookieDomain, // Old cookie domain used for backward compatibility. TODO (#2329): Delete env var } const environment = ejs.render( ` @@ -42,6 +43,8 @@ const environment = ejs.render( var formsgSdkMode = "<%= formsgSdkMode%>" // SPCP Cookie var spcpCookieDomain = "<%= spcpCookieDomain%>" + // Old SPCP Cookie + var oldSpcpCookieDomain = "<%= oldSpcpCookieDomain%>" `, frontendVars, ) diff --git a/src/public/modules/forms/services/spcp-session.client.factory.js b/src/public/modules/forms/services/spcp-session.client.factory.js index d1cd36ee6d..7054f66a63 100644 --- a/src/public/modules/forms/services/spcp-session.client.factory.js +++ b/src/public/modules/forms/services/spcp-session.client.factory.js @@ -16,7 +16,6 @@ angular function SpcpSession($interval, $q, Toastr, $window, $cookies) { let session = { userName: null, - cookieName: null, rememberMe: null, issuedAt: null, cookieNames: { @@ -41,6 +40,13 @@ function SpcpSession($interval, $q, Toastr, $window, $cookies) { session.userName = undefined }, logout: function (authType) { + $cookies.remove( + // TODO (#2329): To remove after old cookies have expired + session.cookieNames[authType], + $window.oldSpcpCookieDomain + ? { domain: $window.oldSpcpCookieDomain } + : {}, + ) $q.when(PublicFormAuthService.logoutOfSpcpSession(authType)) .then(() => { $cookies.put('isJustLogOut', true)