From d1366115188433d9959a7d74c085bc15553a01f4 Mon Sep 17 00:00:00 2001 From: zivchen Date: Mon, 23 Jan 2023 09:59:22 +0200 Subject: [PATCH 1/5] Fix maxAge bug. Added maxAge config for cookie session, cookieMaxAge --- Parse-Dashboard/Authentication.js | 5 ++--- Parse-Dashboard/app.js | 2 +- Parse-Dashboard/index.js | 2 ++ Parse-Dashboard/server.js | 3 ++- 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/Parse-Dashboard/Authentication.js b/Parse-Dashboard/Authentication.js index 0a6beee442..ecd8246e13 100644 --- a/Parse-Dashboard/Authentication.js +++ b/Parse-Dashboard/Authentication.js @@ -54,14 +54,13 @@ function initialize(app, options) { }); var cookieSessionSecret = options.cookieSessionSecret || require('crypto').randomBytes(64).toString('hex'); + const cookieMaxAge = options.cookieMaxAge; app.use(require('connect-flash')()); app.use(require('body-parser').urlencoded({ extended: true })); app.use(require('cookie-session')({ key : 'parse_dash', secret : cookieSessionSecret, - cookie : { - maxAge: (2 * 7 * 24 * 60 * 60 * 1000) // 2 weeks - } + maxAge : cookieMaxAge })); app.use(passport.initialize()); app.use(passport.session()); diff --git a/Parse-Dashboard/app.js b/Parse-Dashboard/app.js index 0149b8c634..e8eac262ef 100644 --- a/Parse-Dashboard/app.js +++ b/Parse-Dashboard/app.js @@ -68,7 +68,7 @@ module.exports = function(config, options) { const users = config.users; const useEncryptedPasswords = config.useEncryptedPasswords ? true : false; const authInstance = new Authentication(users, useEncryptedPasswords, mountPath); - authInstance.initialize(app, { cookieSessionSecret: options.cookieSessionSecret }); + authInstance.initialize(app, { cookieSessionSecret: options.cookieSessionSecret, cookieMaxAge: options.cookieMaxAge }); // CSRF error handler app.use(function (err, req, res, next) { diff --git a/Parse-Dashboard/index.js b/Parse-Dashboard/index.js index d4694d7a42..3bf5204b01 100644 --- a/Parse-Dashboard/index.js +++ b/Parse-Dashboard/index.js @@ -28,6 +28,8 @@ program.option('--trustProxy [trustProxy]', 'set this flag when you are behind a program.option('--cookieSessionSecret [cookieSessionSecret]', 'set the cookie session secret, defaults to a random string. You should set that value if you want sessions to work across multiple server, or across restarts'); program.option('--createUser', 'helper tool to allow you to generate secure user passwords and secrets. Use this on trusted devices only.'); program.option('--createMFA', 'helper tool to allow you to generate multi-factor authentication secrets.'); +program.option('--cookieMaxAge [cookieMaxAge]', 'set the cookie maxAge, defaults to session'); + program.action(async (options) => { for (const key in options) { const func = CLIHelper[key]; diff --git a/Parse-Dashboard/server.js b/Parse-Dashboard/server.js index 2d21d8a6ba..a9ed0b127d 100644 --- a/Parse-Dashboard/server.js +++ b/Parse-Dashboard/server.js @@ -19,6 +19,7 @@ module.exports = (options) => { const allowInsecureHTTP = options.allowInsecureHTTP || process.env.PARSE_DASHBOARD_ALLOW_INSECURE_HTTP; const cookieSessionSecret = options.cookieSessionSecret || process.env.PARSE_DASHBOARD_COOKIE_SESSION_SECRET; const trustProxy = options.trustProxy || process.env.PARSE_DASHBOARD_TRUST_PROXY; + const cookieMaxAge = options.cookieMaxAge || process.env.PARSE_DASHBOARD_COOKIE_MAX_AGE; const dev = options.dev; if (trustProxy && allowInsecureHTTP) { @@ -145,7 +146,7 @@ module.exports = (options) => { if (allowInsecureHTTP || trustProxy || dev) app.enable('trust proxy'); config.data.trustProxy = trustProxy; - let dashboardOptions = { allowInsecureHTTP, cookieSessionSecret, dev }; + let dashboardOptions = { allowInsecureHTTP, cookieSessionSecret, dev, cookieMaxAge }; app.use(mountPath, parseDashboard(config.data, dashboardOptions)); let server; if(!configSSLKey || !configSSLCert){ From d618170bc2f15badaabbcbd1fb49c09fdadd58a7 Mon Sep 17 00:00:00 2001 From: zivchen Date: Tue, 24 Jan 2023 18:11:30 +0200 Subject: [PATCH 2/5] changed cookieMaxAge to cookieSessionMaxAge --- Parse-Dashboard/Authentication.js | 4 ++-- Parse-Dashboard/app.js | 2 +- Parse-Dashboard/index.js | 2 +- Parse-Dashboard/server.js | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Parse-Dashboard/Authentication.js b/Parse-Dashboard/Authentication.js index ecd8246e13..2f003c3c49 100644 --- a/Parse-Dashboard/Authentication.js +++ b/Parse-Dashboard/Authentication.js @@ -54,13 +54,13 @@ function initialize(app, options) { }); var cookieSessionSecret = options.cookieSessionSecret || require('crypto').randomBytes(64).toString('hex'); - const cookieMaxAge = options.cookieMaxAge; + const cookieSessionMaxAge = options.cookieSessionMaxAge; app.use(require('connect-flash')()); app.use(require('body-parser').urlencoded({ extended: true })); app.use(require('cookie-session')({ key : 'parse_dash', secret : cookieSessionSecret, - maxAge : cookieMaxAge + maxAge : cookieSessionMaxAge })); app.use(passport.initialize()); app.use(passport.session()); diff --git a/Parse-Dashboard/app.js b/Parse-Dashboard/app.js index e8eac262ef..ed03d51f70 100644 --- a/Parse-Dashboard/app.js +++ b/Parse-Dashboard/app.js @@ -68,7 +68,7 @@ module.exports = function(config, options) { const users = config.users; const useEncryptedPasswords = config.useEncryptedPasswords ? true : false; const authInstance = new Authentication(users, useEncryptedPasswords, mountPath); - authInstance.initialize(app, { cookieSessionSecret: options.cookieSessionSecret, cookieMaxAge: options.cookieMaxAge }); + authInstance.initialize(app, { cookieSessionSecret: options.cookieSessionSecret, cookieSessionMaxAge: options.cookieSessionMaxAge }); // CSRF error handler app.use(function (err, req, res, next) { diff --git a/Parse-Dashboard/index.js b/Parse-Dashboard/index.js index 3bf5204b01..c1140638f5 100644 --- a/Parse-Dashboard/index.js +++ b/Parse-Dashboard/index.js @@ -28,7 +28,7 @@ program.option('--trustProxy [trustProxy]', 'set this flag when you are behind a program.option('--cookieSessionSecret [cookieSessionSecret]', 'set the cookie session secret, defaults to a random string. You should set that value if you want sessions to work across multiple server, or across restarts'); program.option('--createUser', 'helper tool to allow you to generate secure user passwords and secrets. Use this on trusted devices only.'); program.option('--createMFA', 'helper tool to allow you to generate multi-factor authentication secrets.'); -program.option('--cookieMaxAge [cookieMaxAge]', 'set the cookie maxAge, defaults to session'); +program.option('--cookieSessionMaxAge [cookieSessionMaxAge]', 'set the cookie maxAge, defaults to session'); program.action(async (options) => { for (const key in options) { diff --git a/Parse-Dashboard/server.js b/Parse-Dashboard/server.js index a9ed0b127d..9bf2b55620 100644 --- a/Parse-Dashboard/server.js +++ b/Parse-Dashboard/server.js @@ -19,7 +19,7 @@ module.exports = (options) => { const allowInsecureHTTP = options.allowInsecureHTTP || process.env.PARSE_DASHBOARD_ALLOW_INSECURE_HTTP; const cookieSessionSecret = options.cookieSessionSecret || process.env.PARSE_DASHBOARD_COOKIE_SESSION_SECRET; const trustProxy = options.trustProxy || process.env.PARSE_DASHBOARD_TRUST_PROXY; - const cookieMaxAge = options.cookieMaxAge || process.env.PARSE_DASHBOARD_COOKIE_MAX_AGE; + const cookieSessionMaxAge = options.cookieSessionMaxAge || process.env.PARSE_DASHBOARD_COOKIE_MAX_AGE; const dev = options.dev; if (trustProxy && allowInsecureHTTP) { @@ -146,7 +146,7 @@ module.exports = (options) => { if (allowInsecureHTTP || trustProxy || dev) app.enable('trust proxy'); config.data.trustProxy = trustProxy; - let dashboardOptions = { allowInsecureHTTP, cookieSessionSecret, dev, cookieMaxAge }; + let dashboardOptions = { allowInsecureHTTP, cookieSessionSecret, dev, cookieSessionMaxAge }; app.use(mountPath, parseDashboard(config.data, dashboardOptions)); let server; if(!configSSLKey || !configSSLCert){ From 4466771d4c7359662579c734fd99f5dc0a8a2fc6 Mon Sep 17 00:00:00 2001 From: Manuel <5673677+mtrezza@users.noreply.github.com> Date: Tue, 24 Jan 2023 23:09:49 +0100 Subject: [PATCH 3/5] improve docs wording --- Parse-Dashboard/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Parse-Dashboard/index.js b/Parse-Dashboard/index.js index c1140638f5..01dedfd99c 100644 --- a/Parse-Dashboard/index.js +++ b/Parse-Dashboard/index.js @@ -28,7 +28,7 @@ program.option('--trustProxy [trustProxy]', 'set this flag when you are behind a program.option('--cookieSessionSecret [cookieSessionSecret]', 'set the cookie session secret, defaults to a random string. You should set that value if you want sessions to work across multiple server, or across restarts'); program.option('--createUser', 'helper tool to allow you to generate secure user passwords and secrets. Use this on trusted devices only.'); program.option('--createMFA', 'helper tool to allow you to generate multi-factor authentication secrets.'); -program.option('--cookieSessionMaxAge [cookieSessionMaxAge]', 'set the cookie maxAge, defaults to session'); +program.option('--cookieSessionMaxAge [cookieSessionMaxAge]', '(Optional) Sets the time in seconds for when the session cookie will be deleted and the dashboard user has to re-login; defaults to `undefined` which means the cookie will be deleted when the browser session ends.'); program.action(async (options) => { for (const key in options) { From 282c8f8a12d6f1c04d743608869682720d822a3d Mon Sep 17 00:00:00 2001 From: Manuel <5673677+mtrezza@users.noreply.github.com> Date: Tue, 24 Jan 2023 23:10:39 +0100 Subject: [PATCH 4/5] improve docs --- Parse-Dashboard/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Parse-Dashboard/index.js b/Parse-Dashboard/index.js index 01dedfd99c..6217df3e95 100644 --- a/Parse-Dashboard/index.js +++ b/Parse-Dashboard/index.js @@ -28,7 +28,7 @@ program.option('--trustProxy [trustProxy]', 'set this flag when you are behind a program.option('--cookieSessionSecret [cookieSessionSecret]', 'set the cookie session secret, defaults to a random string. You should set that value if you want sessions to work across multiple server, or across restarts'); program.option('--createUser', 'helper tool to allow you to generate secure user passwords and secrets. Use this on trusted devices only.'); program.option('--createMFA', 'helper tool to allow you to generate multi-factor authentication secrets.'); -program.option('--cookieSessionMaxAge [cookieSessionMaxAge]', '(Optional) Sets the time in seconds for when the session cookie will be deleted and the dashboard user has to re-login; defaults to `undefined` which means the cookie will be deleted when the browser session ends.'); +program.option('--cookieSessionMaxAge [cookieSessionMaxAge]', '(Optional) Sets the time in seconds for when the session cookie will be deleted and the dashboard user has to re-login; if no value is set then the cookie will be deleted when the browser session ends.'); program.action(async (options) => { for (const key in options) { From 32b3a10b29b030c029629070e1ef927c3bd0d59d Mon Sep 17 00:00:00 2001 From: Manuel <5673677+mtrezza@users.noreply.github.com> Date: Tue, 24 Jan 2023 23:11:34 +0100 Subject: [PATCH 5/5] change env var --- Parse-Dashboard/server.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Parse-Dashboard/server.js b/Parse-Dashboard/server.js index 9bf2b55620..76ac4bc398 100644 --- a/Parse-Dashboard/server.js +++ b/Parse-Dashboard/server.js @@ -19,7 +19,7 @@ module.exports = (options) => { const allowInsecureHTTP = options.allowInsecureHTTP || process.env.PARSE_DASHBOARD_ALLOW_INSECURE_HTTP; const cookieSessionSecret = options.cookieSessionSecret || process.env.PARSE_DASHBOARD_COOKIE_SESSION_SECRET; const trustProxy = options.trustProxy || process.env.PARSE_DASHBOARD_TRUST_PROXY; - const cookieSessionMaxAge = options.cookieSessionMaxAge || process.env.PARSE_DASHBOARD_COOKIE_MAX_AGE; + const cookieSessionMaxAge = options.cookieSessionMaxAge || process.env.PARSE_DASHBOARD_COOKIE_SESSION_MAX_AGE; const dev = options.dev; if (trustProxy && allowInsecureHTTP) {