Skip to content

Commit ec056c1

Browse files
committed
Merge branch 'matt/add-cert-to-env' into matt/fix-batch-get
2 parents 60c6715 + 4e0d084 commit ec056c1

5 files changed

Lines changed: 4 additions & 25 deletions

File tree

frontend/package.json

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,6 @@
33
"version": "1.0.0",
44
"description": "",
55
"main": "index.js",
6-
"proxy": "${REACT_APP_SERVER_URL}",
76
"dependencies": {
87
"@emotion/react": "^11.13.5",
98
"@emotion/styled": "^11.13.5",

frontend/src/components/AuthManager/AuthManager.tsx

Lines changed: 0 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -77,13 +77,8 @@ const AuthManager = () => {
7777

7878
// Common logic to complete login from a JWT issued by the backend
7979
const completeLoginFromToken = (serverJWT: string) => {
80-
// Store JWT in encrypted cookie (matching Google OAuth pattern)
8180
setCookie('jwt', serverJWT);
82-
83-
// Decode JWT to get user info
8481
const decoded: any = jwtDecode(serverJWT);
85-
86-
// Set auth state
8782
setId(decoded.id);
8883
localStorage.setItem('userId', decoded.id);
8984
localStorage.setItem('userType', decoded.userType);
@@ -122,8 +117,6 @@ const AuthManager = () => {
122117
}
123118
);
124119

125-
console.log('SSO callback response:', response);
126-
127120
if (!response.ok) {
128121
throw new Error('Failed to fetch SSO profile');
129122
}
@@ -193,8 +186,6 @@ const AuthManager = () => {
193186
}
194187

195188
if (authParam === 'sso_success') {
196-
// Prefer stateless flow if backend supplied a JWT in the URL. This avoids
197-
// relying on third-party cookies between Netlify (frontend) and Vercel (backend).
198189
if (tokenParam) {
199190
completeLoginFromToken(tokenParam);
200191
} else {

server/src/auth/passport-sso.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ interface SamlProfile extends Profile {
1010
email?: string;
1111
}
1212

13-
// Load IdP certificate, necessary to authenticate with Cornell's SSO/SAML system
13+
// Load IdP certificate, necessary to authenticate with Cornell's SSO/SAML system. Get from Cornell IT or ask a previous developer.
1414
const idpCertPath =
1515
process.env.SAML_IDP_CERT_PATH || './config/cornell-idp-test.crt';
1616
let idpCert = '';

server/src/auth/session.ts

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -24,11 +24,8 @@ export const sessionMiddleware = session({
2424
name: 'carriage.sid', // Custom session cookie name
2525
cookie: {
2626
httpOnly: true,
27-
secure: true, // HTTPS only in production
28-
// In production the frontend (Netlify) and backend (Vercel) are on different sites,
29-
// so we must allow the session cookie to be sent on cross-site XHR/fetch requests.
30-
// SameSite=Lax works for localhost (same-site) but *blocks* these requests in prod.
31-
sameSite: 'none',
27+
secure: process.env.NODE_ENV === 'production', // HTTPS only in production
28+
sameSite: process.env.NODE_ENV === 'production' ? 'none' : 'lax',
3229
maxAge: sessionTTL,
3330
},
3431
});

server/src/router/sso.ts

Lines changed: 1 addition & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -119,26 +119,18 @@ router.post(
119119
lastName: samlUser.lastName,
120120
};
121121
req.session.authMethod = 'sso';
122-
// CRITICAL: Store the validated userType in session for /profile endpoint
122+
// Store the validated userType in session for /profile endpoint
123123
req.session.userType = userType;
124-
console.log('[SSO Callback] Stored userType in session:', userType);
125124

126-
// Generate JWT with same payload format as Google OAuth
127125
const token = sign({ id: user.id, userType }, JWT_SECRET, {
128126
expiresIn: '7d',
129127
});
130-
console.log('[SSO Callback] Generated JWT for user ID:', user.id);
131128

132-
// Build redirect URL with auth + token parameters.
133-
// Avoid relying on Node's URL parsing; instead handle query separator manually
134-
// so this works whether or not redirectUri already has query params.
135129
const separator = redirectUri.includes('?') ? '&' : '?';
136130
const redirectWithToken = `${redirectUri}${separator}auth=sso_success&token=${encodeURIComponent(
137131
token
138132
)}`;
139133

140-
// Redirect back to frontend with JWT so it can complete login without relying on
141-
// server-side session cookies (which are third-party between Netlify and Vercel).
142134
res.redirect(redirectWithToken);
143135
} catch (err) {
144136
console.error('SSO callback error:', err);

0 commit comments

Comments
 (0)