Session scope fix (#70)

* code and test changes * versino changes
supertokens · May 8, 2024 · 563b9ef · 563b9ef
1 parent b6b830d
commit 563b9ef
Show file tree

Hide file tree

Showing 6 changed files with 240 additions and 201 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.4.0] - 2024-04-08
+
+### Breaking changes
+
+The `shouldDoInterceptionBasedOnUrl` function now returns true: 
+- If `sessionTokenBackendDomain` is a valid subdomain of the URL's domain. This aligns with the behavior of browsers when sending cookies to subdomains.
+- Even if the ports of the URL you are querying are different compared to the `apiDomain`'s port ot the `sessionTokenBackendDomain` port (as long as the hostname is the same, or a subdomain of the `sessionTokenBackendDomain`): https://github.com/supertokens/supertokens-website/issues/217
+
+
 ## [0.3.6] - 2024-03-14
 
 - New FDI version support: 1.19

diff --git a/app/build.gradle b/app/build.gradle
@@ -1,6 +1,6 @@
 apply plugin: 'com.android.library'
 apply plugin: 'maven-publish'
-def publishVersionID = "0.3.6"
+def publishVersionID = "0.4.0"
 
 android {
     compileSdkVersion 32

diff --git a/app/src/main/java/com/supertokens/session/Utils.java b/app/src/main/java/com/supertokens/session/Utils.java
@@ -28,9 +28,11 @@
 import java.net.URI;
 import java.net.URL;
 import java.util.AbstractCollection;
+import java.util.Arrays;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Iterator;
+import java.util.Locale;
 import java.util.Map;
 
 import okhttp3.Response;
@@ -119,11 +121,6 @@ static String sessionScopeHelper(String sessionScope) throws MalformedURLExcepti
                 URI urlObj = new URI(trimmedSessionScope);
                 trimmedSessionScope = urlObj.getHost();
 
-                // remove leading dot
-                if (trimmedSessionScope.startsWith(".")) {
-                    trimmedSessionScope = trimmedSessionScope.substring(1);
-                }
-
                 return trimmedSessionScope;
             } catch (Exception e) {
                 throw new MalformedURLException("Please provide a valid sessionScope");
@@ -136,6 +133,7 @@ public static String normaliseSessionScopeOrThrowErrorForTests(String sessionSco
         }
 
         private static String normaliseSessionScopeOrThrowError(String sessionScope) throws MalformedURLException {
+            sessionScope = sessionScope.trim().toLowerCase();
             String noDotNormalised = sessionScopeHelper(sessionScope);
 
             if (noDotNormalised.equals("localhost") || NormalisedURLDomain.isAnIpAddress(noDotNormalised)) {
@@ -412,29 +410,38 @@ public static boolean shouldDoInterceptionBasedOnUrl(String toCheckUrl, String a
         URL url = new URL(_toCheckUrl);
         String domain = url.getHost();
 
-        if (cookieDomain == null) {
-            domain = url.getPort() == -1 ? domain : domain + ":" + url.getPort();
+        boolean apiDomainAndInputDomainMatch = false;
+        if (!apiDomain.equals("")) {
             String _apiDomain = new NormalisedURLDomain(apiDomain).getAsStringDangerous();
-            URL apiDomainUrl = new URL(_apiDomain);
-            return domain.equals((apiDomainUrl.getPort() == -1 ? apiDomainUrl.getHost() : apiDomainUrl.getHost() + ":" + apiDomainUrl.getPort()));
+            apiDomainAndInputDomainMatch = _apiDomain.equals(domain);
+        }
+
+        if (cookieDomain == null || apiDomainAndInputDomainMatch) {
+            return apiDomainAndInputDomainMatch;
         } else {
             String normalisedCookieDomain = NormalisedInputType.normaliseSessionScopeOrThrowError(cookieDomain);
 
-            if (cookieDomain.split(":").length > 1) {
-                // means port may be provided
-                String portString = cookieDomain.split((":"))[cookieDomain.split(":").length - 1];
-                if (isNumeric(portString)) {
-                    normalisedCookieDomain += ":" + portString;
-                    domain = url.getPort() == -1 ? domain : domain + ":" + url.getPort();
+            return matchesDomainOrSubdomain(domain, normalisedCookieDomain);
+        }
+    }
+
+    private static boolean matchesDomainOrSubdomain(String hostname, String str) {
+        String[] parts = hostname.split("\\.");
+
+        for (int i = 0; i < parts.length; i++) {
+            StringBuilder subdomainCandidate = new StringBuilder();
+            for (int j = i; j < parts.length; j++) {
+                subdomainCandidate.append(parts[j]);
+                if (j < parts.length - 1) {
+                    subdomainCandidate.append(".");
                 }
             }
-
-            if (cookieDomain.startsWith(".")) {
-                return ("." + domain).endsWith(normalisedCookieDomain);
-            } else {
-                return domain.equals(normalisedCookieDomain);
+            if (subdomainCandidate.toString().equals(str) || ("." + subdomainCandidate.toString()).equals(str)) {
+                return true;
             }
         }
+
+        return false;
     }
 
     static SharedPreferences getSharedPreferences(Context context) {

diff --git a/examples/with-thirdparty/README.md b/examples/with-thirdparty/README.md
@@ -23,7 +23,7 @@ dependencyResolutionManagement {
 Add the folliwing to your app level `build.gradle`
 
 ```gradle
-implementation("com.github.supertokens:supertokens-android:0.3.6")
+implementation("com.github.supertokens:supertokens-android:0.4.0")
 implementation ("com.google.android.gms:play-services-auth:20.7.0")
 implementation("com.squareup.retrofit2:retrofit:2.9.0")
 implementation("net.openid:appauth:0.11.1")

diff --git a/examples/with-thirdparty/app/build.gradle.kts b/examples/with-thirdparty/app/build.gradle.kts
@@ -41,7 +41,7 @@ dependencies {
     implementation("androidx.appcompat:appcompat:1.6.1")
     implementation("com.google.android.material:material:1.8.0")
     implementation("androidx.constraintlayout:constraintlayout:2.1.4")
-    implementation("com.github.supertokens:supertokens-android:0.3.6")
+    implementation("com.github.supertokens:supertokens-android:0.4.0")
     implementation ("com.google.android.gms:play-services-auth:20.7.0")
     implementation("com.squareup.retrofit2:retrofit:2.9.0")
     implementation("net.openid:appauth:0.11.1")