From 22944bcea70f790e21761c93ff9fca9e898a591a Mon Sep 17 00:00:00 2001 From: Stefan Hauke Date: Fri, 18 Aug 2023 17:42:48 +0200 Subject: [PATCH] fix: make use of new cookies.service defaults when setting cookies (#1485) --- .../core/utils/api-token/api-token.service.ts | 3 +-- src/app/core/utils/cookies/cookies.service.ts | 1 - .../punchout-identity-provider.spec.ts | 8 ++++---- .../punchout-identity-provider.ts | 20 ++++--------------- 4 files changed, 9 insertions(+), 23 deletions(-) diff --git a/src/app/core/utils/api-token/api-token.service.ts b/src/app/core/utils/api-token/api-token.service.ts index 71e379bbe9..b5c3c72e42 100644 --- a/src/app/core/utils/api-token/api-token.service.ts +++ b/src/app/core/utils/api-token/api-token.service.ts @@ -88,8 +88,7 @@ export class ApiTokenService { if (cookieContent) { this.cookiesService.put('apiToken', cookieContent, { expires: this.cookieOptions?.expires ?? new Date(Date.now() + DEFAULT_EXPIRY_TIME), - secure: this.cookieOptions?.secure ?? true, - sameSite: 'Strict', + secure: this.cookieOptions?.secure, path: '/', }); } diff --git a/src/app/core/utils/cookies/cookies.service.ts b/src/app/core/utils/cookies/cookies.service.ts index 5236deaea2..03178e548a 100644 --- a/src/app/core/utils/cookies/cookies.service.ts +++ b/src/app/core/utils/cookies/cookies.service.ts @@ -57,7 +57,6 @@ export class CookiesService { this.deleteAllCookies(); this.put('cookieConsent', JSON.stringify({ enabledOptions: options, version: cookieConsentVersion }), { expires: new Date(new Date().setFullYear(new Date().getFullYear() + 1)), - sameSite: 'Strict', }); window.location.reload(); } diff --git a/src/app/extensions/punchout/identity-provider/punchout-identity-provider.spec.ts b/src/app/extensions/punchout/identity-provider/punchout-identity-provider.spec.ts index f767cf911c..bb5cb1e2ad 100644 --- a/src/app/extensions/punchout/identity-provider/punchout-identity-provider.spec.ts +++ b/src/app/extensions/punchout/identity-provider/punchout-identity-provider.spec.ts @@ -192,9 +192,9 @@ describe('Punchout Identity Provider', () => { boolean | UrlTree >; login$.subscribe(() => { - verify(cookiesService.put('punchout_SID', 'sid', anything())).once(); - verify(cookiesService.put('punchout_ReturnURL', 'home', anything())).once(); - verify(cookiesService.put('punchout_BasketID', 'basket-id', anything())).once(); + verify(cookiesService.put('punchout_SID', 'sid')).once(); + verify(cookiesService.put('punchout_ReturnURL', 'home')).once(); + verify(cookiesService.put('punchout_BasketID', 'basket-id')).once(); }); tick(500); @@ -213,7 +213,7 @@ describe('Punchout Identity Provider', () => { boolean | UrlTree >; login$.subscribe(() => { - verify(cookiesService.put('punchout_HookURL', 'url', anything())).once(); + verify(cookiesService.put('punchout_HookURL', 'url')).once(); verify(checkoutFacade.createBasket()).once(); expect(routerSpy).toHaveBeenCalledWith('/home'); done(); diff --git a/src/app/extensions/punchout/identity-provider/punchout-identity-provider.ts b/src/app/extensions/punchout/identity-provider/punchout-identity-provider.ts index 3a97aa6bde..e37da1821d 100644 --- a/src/app/extensions/punchout/identity-provider/punchout-identity-provider.ts +++ b/src/app/extensions/punchout/identity-provider/punchout-identity-provider.ts @@ -149,18 +149,9 @@ export class PunchoutIdentityProvider implements IdentityProvider { return this.punchoutService.getCxmlPunchoutSession(route.queryParamMap.get('sid')).pipe( // persist cXML session information (sid, returnURL, basketId) in cookies for later basket transfer tap(data => { - this.cookiesService.put('punchout_SID', route.queryParamMap.get('sid'), { - sameSite: 'None', - secure: true, - }); - this.cookiesService.put('punchout_ReturnURL', data.returnURL, { - sameSite: 'None', - secure: true, - }); - this.cookiesService.put('punchout_BasketID', data.basketId, { - sameSite: 'None', - secure: true, - }); + this.cookiesService.put('punchout_SID', route.queryParamMap.get('sid')); + this.cookiesService.put('punchout_ReturnURL', data.returnURL); + this.cookiesService.put('punchout_BasketID', data.basketId); }), // use the basketId basket for the current PWA session (instead of default current basket) // TODO: if load basket error (currently no error page) -> logout and do not use default 'current' basket @@ -173,10 +164,7 @@ export class PunchoutIdentityProvider implements IdentityProvider { private handleOciPunchoutLogin(route: ActivatedRouteSnapshot) { // save HOOK_URL to cookie for later basket transfer - this.cookiesService.put('punchout_HookURL', route.queryParamMap.get('HOOK_URL'), { - sameSite: 'None', - secure: true, - }); + this.cookiesService.put('punchout_HookURL', route.queryParamMap.get('HOOK_URL')); const basketId = window.sessionStorage.getItem('basket-id'); if (!basketId) {