code changes

supertokens · May 8, 2024 · a915d7a · a915d7a
1 parent ce913f1
commit a915d7a
Show file tree

Hide file tree

Showing 5 changed files with 373 additions and 42 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.5.0] - 2024-05-08
+
+### Breaking changes
+
+The `shouldDoInterceptions` function now returns true: 
+- If `sessionTokenBackendDomain` is a valid subdomain of the URL's domain. This aligns with the behavior of browsers when sending cookies to subdomains.
+- Even if the ports of the URL you are querying are different compared to the `apiDomain`'s port ot the `sessionTokenBackendDomain` port (as long as the hostname is the same, or a subdomain of the `sessionTokenBackendDomain`): https://github.com/supertokens/supertokens-website/issues/217
+
+
 ## [0.4.0] - 2024-03-25
 - Relaxes dependency on `http` to be anything below `2.0.0`
 

diff --git a/lib/src/utilities.dart b/lib/src/utilities.dart
@@ -187,51 +187,33 @@ class Utils {
     }
 
     var domain = hostname;
+    var apiDomainAndInputDomainMatch = false;
 
-    if (cookieDomain == null) {
-      domain = [80, 443, 0].contains(urlObject.port)
-          ? domain.contains(urlObject.port.toString())
-              ? hostname + ":${urlObject.port}"
-              : hostname
-          : hostname + ":${urlObject.port}";
-
+    if (!apiDomain.isEmpty) {
       _apiDomain = NormalisedURLDomain(apiDomain).value;
-      Uri apiUrlObject;
-      String apiHostName;
-      try {
-        apiUrlObject = Uri.parse(_apiDomain);
-        apiHostName = apiUrlObject.host;
-      } catch (e) {
-        throw SuperTokensException(e.toString());
-      }
-
-      String temp = [80, 443, 0].contains(apiUrlObject.port)
-          ? apiHostName.contains(apiUrlObject.port.toString())
-              ? apiHostName + ":${apiUrlObject.port}"
-              : apiHostName
-          : apiHostName + ":${apiUrlObject.port}";
+      apiDomainAndInputDomainMatch = domain == _apiDomain;
+    }
 
-      return domain == temp;
+    if (cookieDomain == null || apiDomainAndInputDomainMatch) {
+      return apiDomainAndInputDomainMatch;
     } else {
       String normalisedCookieDomain =
           NormalisedInputType.normaliseSessionScopeOrThrowError(cookieDomain);
-      if (cookieDomain.split(":").length > 1) {
-        String portString =
-            cookieDomain.split(':')[cookieDomain.split(':').length - 1];
-        if (![80, 443, 0].contains(portString)) {
-          normalisedCookieDomain = normalisedCookieDomain + ':' + portString;
-          domain = urlObject.port == null
-              ? domain
-              : domain + ':' + urlObject.port.toString();
-        }
-      }
+      return matchesDomainOrSubdomain(domain, normalisedCookieDomain);
+    }
+  }
 
-      if (cookieDomain.startsWith('.')) {
-        return ("." + domain).endsWith(normalisedCookieDomain);
-      } else {
-        return domain == normalisedCookieDomain;
+  static bool matchesDomainOrSubdomain(String hostname, String str) {
+    List<String> parts = hostname.split(".");
+
+    for (int i = 0; i < parts.length; i++) {
+      String subdomainCandidate = parts.sublist(i).join(".");
+      if (subdomainCandidate == str || ".$subdomainCandidate" == str) {
+        return true;
       }
     }
+
+    return false;
   }
 
   static bool doesUrlHavePort(Uri uri) {
@@ -429,7 +411,7 @@ class NormalisedInputType {
   }
 
   static String sessionScopeHelper(String SessionScope) {
-    String trimmedSessionScope = SessionScope.trim();
+    String trimmedSessionScope = SessionScope.trim().toLowerCase();
     if (trimmedSessionScope.startsWith('.')) {
       trimmedSessionScope = trimmedSessionScope.substring(1);
     }
@@ -443,9 +425,6 @@ class NormalisedInputType {
       Uri url = Uri.parse(trimmedSessionScope);
       String host = url.host;
       trimmedSessionScope = host;
-      if (trimmedSessionScope.startsWith('.')) {
-        trimmedSessionScope = trimmedSessionScope.substring(1);
-      }
       return trimmedSessionScope;
     } catch (e) {
       throw SuperTokensException("Please provide a valid SessionScope");

diff --git a/lib/src/version.dart b/lib/src/version.dart
@@ -1,4 +1,4 @@
 class Version {
   static List<String> supported_fdi = ["1.16", "1.17", "1.18", "1.19"];
-  static String sdkVersion = "0.4.0";
+  static String sdkVersion = "0.5.0";
 }
diff --git a/pubspec.yaml b/pubspec.yaml
@@ -1,6 +1,6 @@
 name: supertokens_flutter
 description: SuperTokens SDK for Flutter apps
-version: 0.4.0
+version: 0.5.0
 homepage: https://supertokens.com/
 repository: https://github.com/supertokens/supertokens-flutter
 issue_tracker: https://github.com/supertokens/supertokens-flutter/issues