Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F2896118
D9291.id33719.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
3 KB
Referenced Files
None
Subscribers
None
D9291.id33719.diff
View Options
diff --git a/keyserver/src/session/cookies.js b/keyserver/src/session/cookies.js
--- a/keyserver/src/session/cookies.js
+++ b/keyserver/src/session/cookies.js
@@ -9,7 +9,6 @@
import { hasMinCodeVersion } from 'lib/shared/version-utils.js';
import type { Shape } from 'lib/types/core.js';
import type { SignedIdentityKeysBlob } from 'lib/types/crypto-types.js';
-import { isWebPlatform } from 'lib/types/device-types.js';
import type { Platform, PlatformDetails } from 'lib/types/device-types.js';
import type { CalendarQuery } from 'lib/types/entry-types.js';
import {
@@ -290,51 +289,6 @@
};
}
-// This function is meant to consume a cookie that has already been processed.
-// That means it doesn't have any logic to handle an invalid cookie, and it
-// doesn't update the cookie's last_used timestamp.
-async function fetchViewerFromCookieData(
- req: $Request,
- sessionParameterInfo: SessionParameterInfo,
-): Promise<FetchViewerResult> {
- let viewerResult;
- const { user, anonymous } = req.cookies;
- if (user) {
- viewerResult = await fetchUserViewer(
- user,
- cookieSources.HEADER,
- sessionParameterInfo,
- );
- } else if (anonymous) {
- viewerResult = await fetchAnonymousViewer(
- anonymous,
- cookieSources.HEADER,
- sessionParameterInfo,
- );
- } else {
- return {
- type: 'nonexistant',
- cookieName: null,
- cookieSource: null,
- sessionParameterInfo,
- };
- }
-
- // We protect against CSRF attacks by making sure that on web,
- // non-GET requests cannot use a bare cookie for session identification
- if (viewerResult.type === 'valid') {
- const { viewer } = viewerResult;
- invariant(
- req.method === 'GET' ||
- viewer.sessionIdentifierType !== sessionIdentifierTypes.COOKIE_ID ||
- !isWebPlatform(viewer.platform),
- 'non-GET request from web using sessionIdentifierTypes.COOKIE_ID',
- );
- }
-
- return viewerResult;
-}
-
async function fetchViewerFromRequestBody(
body: mixed,
sessionParameterInfo: SessionParameterInfo,
@@ -425,24 +379,13 @@
async function fetchViewerForJSONRequest(req: $Request): Promise<Viewer> {
assertSecureRequest(req);
const sessionParameterInfo = getSessionParameterInfoFromRequestBody(req);
- let result = await fetchViewerFromRequestBody(req.body, sessionParameterInfo);
- if (
- result.type === 'nonexistant' &&
- (result.cookieSource === null || result.cookieSource === undefined)
- ) {
- result = await fetchViewerFromCookieData(req, sessionParameterInfo);
- }
+ const result = await fetchViewerFromRequestBody(
+ req.body,
+ sessionParameterInfo,
+ );
return await handleFetchViewerResult(result);
}
-const webPlatformDetails = { platform: 'web' };
-async function fetchViewerForHomeRequest(req: $Request): Promise<Viewer> {
- assertSecureRequest(req);
- const sessionParameterInfo = getSessionParameterInfoFromRequestBody(req);
- const result = await fetchViewerFromCookieData(req, sessionParameterInfo);
- return await handleFetchViewerResult(result, webPlatformDetails);
-}
-
async function fetchViewerForSocket(
req: $Request,
clientMessage: InitialClientSocketMessage,
@@ -461,16 +404,10 @@
userAgent: req.get('User-Agent'),
};
- let result = await fetchViewerFromRequestBody(
+ const result = await fetchViewerFromRequestBody(
clientMessage.payload.sessionIdentification,
sessionParameterInfo,
);
- if (
- result.type === 'nonexistant' &&
- (result.cookieSource === null || result.cookieSource === undefined)
- ) {
- result = await fetchViewerFromCookieData(req, sessionParameterInfo);
- }
if (result.type === 'valid') {
return result.viewer;
}
@@ -879,7 +816,6 @@
export {
fetchViewerForJSONRequest,
- fetchViewerForHomeRequest,
fetchViewerForSocket,
createNewAnonymousCookie,
createNewUserCookie,
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Sat, Oct 5, 7:22 PM (21 h, 53 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2245848
Default Alt Text
D9291.id33719.diff (3 KB)
Attached To
Mode
D9291: [keyserver] Stop accepting http cookies
Attached
Detach File
Event Timeline
Log In to Comment