Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The lookupToken function doesn't seem to receive the cookie options. #319

Open
2 tasks done
chiptoma opened this issue Dec 14, 2023 · 4 comments
Open
2 tasks done

The lookupToken function doesn't seem to receive the cookie options. #319

chiptoma opened this issue Dec 14, 2023 · 4 comments

Comments

@chiptoma
Copy link

Prerequisites

  • I have written a descriptive issue title
  • I have searched existing issues to ensure the bug has not already been reported

Fastify version

4.24.3

Plugin version

No response

Node.js version

20.10

Operating system

macOS

Operating system version (i.e. 20.04, 11.3, 10)

16.2

Description

When setting the plugin to only look for the token in the cookies and with the cookieName specified it fails to look there.

While checking the lookupToken function it seems that there is the following test which will fail every time as the cookie variable is not defined.

else if (cookie) {
      if (request.cookies) {
        if (request.cookies[cookie.cookieName]) {
          const tokenValue = request.cookies[cookie.cookieName]

          token = cookie.signed ? request.unsignCookie(tokenValue).value : tokenValue
        } else {
          throw new NoAuthorizationInCookieError()
        }
      } else {
        throw new BadCookieRequestError()
      }

Steps to Reproduce

Try to define the options as below:

fastify.register(fastifyJwt, {
    secret: JWT_SECRET,
    cookie: {
      cookieName: JWT_COOKIE,
      signed: true,
    },
    sign: {
      expiresIn: JWT_EXPIRES_IN,
    },
    onlyCookie: true,
    messages: jwtMessages,

    ...opts.fastifyJwt,
  })

Expected Behavior

To find the token in the request.cookies[JWT_COOKIE].
@mcollina
Copy link
Member

Thanks for reporting!

Can you provide steps to reproduce? We often need a reproducible example, e.g. some code that allows someone else to recreate your problem by just copying and pasting it. If it involves more than a couple of different file, create a new repository on GitHub and add a link to that.

@CatfoodHeist
Copy link

I too am seeing this issue. I'm using @fastify/cookie with @fastify/jwt, and the cookies property is never initialized. I believe this is fallout from a change in @fastify/cookie #248

@gurgunday
Copy link
Member

gurgunday commented Jan 11, 2024
edited
Loading

I too am seeing this issue. I'm using @fastify/cookie with @fastify/jwt, and the cookies property is never initialized. I believe this is fallout from a change in @fastify/cookie #248

In that PR, there is no change to the behavior of the function

@eEQK
Copy link

eEQK commented Jan 19, 2025

workaround for now:

const SESSION_COOKIE_NAME = 'whatever';

export async function verifyJwt(
	this: FastifyInstance,
	req: FastifyRequest,
	rep: FastifyReply,
) {
	try {
		// biome-ignore lint/suspicious/noExplicitAny: workaround
		(req as any).cookies = {
			session: req.headers.cookie
				?.split('; ')
				.find((row) => row.startsWith(SESSION_COOKIE_NAME))
				?.split('=')[1],
		};
		await req.jwtVerify();
	} catch (err) {
		return rep.send(this.httpErrors.unauthorized('invalid token'));
	}
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@mcollina @eEQK @chiptoma @gurgunday @CatfoodHeist