fix: cookie handling after electron and cypress upgrade

After the upgrades to Electron and Cypress we need to fix our cookie
handling.

* Electron seems to have changed their cookie handling without notice.
  We now have to set the `SameSite=None` attribute for cookies which
  also requires the `Secure` attribute. Fixes #1197.

* Cypress now has stricter cookie parsing when using `cy.setCookie()`.
  This means we have to properly extract the cookie value and ignore the
  attributes.

* The session endpoint was not guarded properly with the authentication
  token. We fixed that.

Signed-off-by: Thomas Scholtes <geigerzaehler@axiom.fm>

cypress/plugins/nodeManager/plugin.ts

@@ -13,6 +13,7 @@ import fetch from "node-fetch";
 import waitOn from "wait-on";
 import * as fs from "fs-extra";
 import execa from "execa";
+import * as cookie from "cookie";
 
 import type {
   ConnectNodeOptions,
@@ -222,19 +223,13 @@ class Node {
       throw new Error("No response from keystore request");
     }
 
-    const cookie = keystoreResponse.headers.get("set-cookie");
-    if (!cookie) {
+    const cookieData = keystoreResponse.headers.get("set-cookie");
+    const cookies = cookie.parse(cookieData || "");
+    const authToken = cookies["auth-token"];
+    if (!authToken) {
       throw new Error("Response did not contain an auth cookie");
     }
 
-    const match = cookie.match(/auth-token=(.*);/);
-    let authToken;
-    if (match && match[1]) {
-      authToken = match[1];
-    } else {
-      throw new Error("Auth cookie does not match the expected shape");
-    }
-
     // We have to wait here because proxy restarts its internal machinery
     // after the keystore endpoint is queried.
     await sleep(500);

package.json

@@ -140,6 +140,7 @@
     "@ethersproject/cli": "^5.4.0",
     "@tsconfig/svelte": "^2.0.1",
     "@types/big.js": "^6.1.2",
+    "@types/cookie": "^0.4.1",
     "@types/jest": "^27.0.2",
     "@types/lodash": "^4.14.173",
     "@types/lru-cache": "^5.1.1",
@@ -157,6 +158,7 @@
     "@typescript-eslint/eslint-plugin": "^4.31.2",
     "@typescript-eslint/parser": "^4.31.2",
     "chokidar": "^3.5.2",
+    "cookie": "^0.4.1",
     "cross-env": "^7.0.3",
     "cypress": "^8.4.1",
     "electron": "^15.0.0",

proxy/api/src/http/keystore.rs

@@ -92,5 +92,5 @@ pub struct CreateInput {
 
 /// Format the cookie header attributes.
 fn format_cookie_header(token: &str) -> String {
-    format!("auth-token={}; Path=/", token)
+    format!("auth-token={}; Path=/; SameSite=None; Secure", token)
 }

yarn.lock

@@ -1598,6 +1598,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@types/cookie@npm:^0.4.1":
+  version: 0.4.1
+  resolution: "@types/cookie@npm:0.4.1"
+  checksum: 3275534ed69a76c68eb1a77d547d75f99fedc80befb75a3d1d03662fb08d697e6f8b1274e12af1a74c6896071b11510631ba891f64d30c78528d0ec45a9c1a18
+  languageName: node
+  linkType: hard
+
 "@types/debug@npm:^4.1.6":
   version: 4.1.7
   resolution: "@types/debug@npm:4.1.7"
@@ -4265,6 +4272,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"cookie@npm:^0.4.1":
+  version: 0.4.1
+  resolution: "cookie@npm:0.4.1"
+  checksum: bd7c47f5d94ab70ccdfe8210cde7d725880d2fcda06d8e375afbdd82de0c8d3b73541996e9ce57d35f67f672c4ee6d60208adec06b3c5fc94cebb85196084cf8
+  languageName: node
+  linkType: hard
+
 "core-js@npm:^3.6.5":
   version: 3.18.0
   resolution: "core-js@npm:3.18.0"
@@ -9983,6 +9997,7 @@ __metadata:
     "@gnosis.pm/safe-service-client": ^0.1.1
     "@tsconfig/svelte": ^2.0.1
     "@types/big.js": ^6.1.2
+    "@types/cookie": ^0.4.1
     "@types/jest": ^27.0.2
     "@types/lodash": ^4.14.173
     "@types/lru-cache": ^5.1.1
@@ -10006,6 +10021,7 @@ __metadata:
     big.js: ^6.1.1
     buffer: ^6.0.3
     chokidar: ^3.5.2
+    cookie: ^0.4.1
     cross-env: ^7.0.3
     crypto-browserify: ^3.12.0
     cypress: ^8.4.1