Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add __enableImpersonation flag to enable impersonation again #689

Merged
merged 4 commits into from
Mar 9, 2018
Merged

Add __enableImpersonation flag to enable impersonation again #689

merged 4 commits into from
Mar 9, 2018

Conversation

luisrudge
Copy link
Contributor

@luisrudge luisrudge commented Mar 2, 2018
edited
Loading

fix #683

@luisrudge luisrudge added this to the v9.3.3 milestone Mar 2, 2018
@luisrudge luisrudge mentioned this pull request Mar 5, 2018
Closed
@luisrudge luisrudge changed the title Add __disableStateCheck flag to enable impersonation again Add __enableImpersonation flag to enable impersonation again Mar 5, 2018
lbalmaceda
lbalmaceda reviewed Mar 8, 2018
View reviewed changes
src/web-auth/index.js
var transactionStateMatchesState = transactionState === state;
if (!state || !transactionStateMatchesState) {
var shouldBypassStateChecking = !state && !transactionState && options.__enableImpersonation;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

state and transactionState are missing for every impersonation call?
Also I don't know how this boolean checks works on JS but probably options. __enableImpersonation will be false 99% of the cases, so I'd move that check to the beginning of the line.

Copy link
Contributor Author

@luisrudge luisrudge Mar 8, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • state might be present if you used the advanced fields in the page:
    image

  • var transactionState = options.state || (transaction && transaction.state) || null;
    transactionState will be either provided by the developer (options.state) or empty when you're trying to impersonate

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So if the user provides a value in that field (image you shared). Where does that end up being added, options.state (transaction state) or the request state?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the value from the screen will be inside parsedHash.state. Then it's up to the developer to call parseHash({state: 'previously-set-state'}) (this behavior wasn't altered)

src/web-auth/index.js
@@ -182,8 +182,11 @@ WebAuth.prototype.validateAuthenticationResponse = function(options, parsedHash,
var state = parsedHash.state;
var transaction = this.transactionManager.getStoredTransaction(state);
var transactionState = options.state || (transaction && transaction.state) || null;

var transactionStateMatchesState = transactionState === state;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Won't this be true for both values of null? e.g. null === null -> transactionStateMatchesState=true?

lbalmaceda
lbalmaceda approved these changes Mar 8, 2018
View reviewed changes
Copy link
Contributor

@lbalmaceda lbalmaceda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I thought about all the combinations possible and it looks fine. Might need a second pair of eyes here @cocojoe

cocojoe
cocojoe approved these changes Mar 9, 2018
View reviewed changes
Copy link
Member

@cocojoe cocojoe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Discussed internally.

@luisrudge luisrudge merged commit 6c7cf67 into master Mar 9, 2018
@luisrudge luisrudge deleted the fix-state-checking-impersonation branch March 9, 2018 17:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lbalmaceda lbalmaceda lbalmaceda approved these changes

@cocojoe cocojoe cocojoe approved these changes

Assignees
No one assigned
Labels
CH: Added
Projects
None yet
Milestone
v9.3.3
Development

Successfully merging this pull request may close these issues.

cannot impersonate (sign in as)
3 participants
@luisrudge @cocojoe @lbalmaceda