fix wrong cooke settings

GeneralTao2 · GeneralTao2 · commit ef191a9248f6 · 2025-11-29T22:49:23.000+02:00
diff --git a/artist-insight-service/src/main/kotlin/org/taonity/artistinsightservice/mvc/security/OAuth2AuthenticationFailureHandler.kt b/artist-insight-service/src/main/kotlin/org/taonity/artistinsightservice/mvc/security/OAuth2AuthenticationFailureHandler.kt
@@ -1,10 +1,10 @@
 package org.taonity.artistinsightservice.mvc.security
 
-import jakarta.servlet.http.Cookie
 import jakarta.servlet.http.HttpServletRequest
 import jakarta.servlet.http.HttpServletResponse
 import mu.KotlinLogging
 import org.springframework.beans.factory.annotation.Value
+import org.springframework.http.ResponseCookie
 import org.springframework.security.core.AuthenticationException
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
@@ -17,7 +17,8 @@ enum class AuthenticationErrorCode {
 
 @Component
 class OAuth2AuthenticationFailureHandler(
-    @Value("\${app.login-url}") private val loginUrl: String
+    @Value("\${app.login-url}") private val loginUrl: String,
+    @Value("\${server.servlet.session.cookie.domain}") private val cookieDomain: String
 ) : SimpleUrlAuthenticationFailureHandler() {
 
     companion object {
@@ -41,11 +42,15 @@ class OAuth2AuthenticationFailureHandler(
             }
         }
 
-        val cookie = Cookie(AUTH_ERROR_COOKIE_NAME, errorCode.name)
-        cookie.path = "/"
-        cookie.maxAge = 60
-        cookie.isHttpOnly = false
-        response.addCookie(cookie)
+        val cookie = ResponseCookie.from(AUTH_ERROR_COOKIE_NAME, errorCode.name)
+            .path("/")
+            .maxAge(60)
+            .httpOnly(false)
+            .secure(loginUrl.startsWith("https"))
+            .sameSite(if (loginUrl.startsWith("https")) "None" else "Lax")
+            .domain(cookieDomain)
+            .build()
+        response.addHeader("Set-Cookie", cookie.toString())
 
         redirectStrategy.sendRedirect(request, response, loginUrl)
     }
diff --git a/frontend/src/app/login/page.tsx b/frontend/src/app/login/page.tsx
@@ -7,6 +7,7 @@ import Image from 'next/image'
 import ErrorNotification from '../../components/ErrorNotification'
 import BackgroundPhrases from '../../components/BackgroundPhrases'
 import DevelopmentAccessNotification from '../../components/DevelopmentAccessNotification'
+import { logError, logDebug } from '@/utils/logger'
 
 const righteous = Righteous({ 
   weight: '400',
@@ -38,12 +39,15 @@ function LoginContent() {
   useEffect(() => {
     // Check for error code from OAuth2 authentication failure (stored in cookie)
     const authErrorCode = getCookie('auth_error')
+    logDebug('LoginPage', 'authErrorCode is ' + authErrorCode)
     if (authErrorCode) {
       deleteCookie('auth_error') // Remove cookie after reading
       
       if (authErrorCode === 'UNAUTHORIZED_SPOTIFY_ACCOUNT') {
+        logError('LoginPage', 'Unauthorized Spotify account')
         setShowAccessRequestForm(true)
       } else if (authErrorCode === 'AUTHENTICATION_FAILED') {
+        logError('LoginPage', 'Authentication failed')
         setErrorMessage('Authentication failed. Please try again.')
       }
       return
@@ -59,13 +63,18 @@ function LoginContent() {
             window.location.href = '/'
           }
         } else if (res.status === 504) {
+          logError('LoginPage', 'User fetch timed out with 504 status')
           setErrorMessage('Request timed out. Please try again.')
+        } else {
+          logError('LoginPage', 'User fetch failed with status: ' + res.status)
         }
       })
       .catch((err) => {
         if (err.name === 'AbortError') {
+          logError('LoginPage', 'User fetch aborted due to timeout')
           setErrorMessage('Request timed out. Please try again.')
         } else {
+          logError('LoginPage', 'User fetch network error', err)
           setErrorMessage('Unable to connect to the server. Please check your connection.')
         }
       })
@@ -90,15 +99,18 @@ function LoginContent() {
       const response = await fetch('/api/actuator/health/liveness', { signal: controller.signal })
       const data = await response.json()
       if (!response.ok || data.status !== 'UP') {
+        logError('LoginPage', 'Liveness check failed', { status: response.status, data })
         setErrorMessage('Backend server is currently unavailable. Please try again later.')
         setLivenessLoading(false)
         return
       }
       window.location.href = '/api/oauth2/authorization/spotify-artist-insight-service'
     } catch (err: any) {
       if (err.name === 'AbortError') {
+        logError('LoginPage', 'Liveness check timed out')
         setErrorMessage('Request timed out. Please try again.')
       } else {
+        logError('LoginPage', 'Liveness check network error', err)
         setErrorMessage('Unable to connect to the server. Please check your connection.')
       }
     } finally {
diff --git a/frontend/src/app/settings/page.tsx b/frontend/src/app/settings/page.tsx
@@ -5,16 +5,11 @@ import Header from '@/components/Header'
 import ErrorNotification from '@/components/ErrorNotification'
 import { useUser } from '@/hooks/useUser'
 import { getRuntimeConfig } from '@/lib/runtimeConfig'
+import { logError } from '@/utils/logger'
 
 const csrfErrorMessage = 'Unable to verify your request. Please refresh the page and try again.'
 const networkErrorMessage = 'Unable to connect to the server. Please check your connection.'
 
-function logError(message: string, error?: any) {
-  if (typeof window !== 'undefined' && localStorage.getItem('artist-insight-debug') === 'true') {
-    console.error(`[SettingsPage] ${message}`, error)
-  }
-}
-
 function getCookie(name: string) {
   if (typeof document === 'undefined') {
     return null
@@ -48,7 +43,7 @@ export default function SettingsPage() {
   const handleLogout = async () => {
     const xsrfToken = getCookie(csrfCookieName)
     if (!xsrfToken) {
-      logError('CSRF token not found for logout with CSRF_COOKIE_NAME=' + csrfCookieName)
+      logError('SettingsPage', 'CSRF token not found for logout with CSRF_COOKIE_NAME=' + csrfCookieName)
       setErrorMessage(csrfErrorMessage)
       return
     }
@@ -58,7 +53,7 @@ export default function SettingsPage() {
       await requestLogout(xsrfToken)
       window.location.href = '/login'
     } catch (err) {
-      logError('Logout failed', err)
+      logError('SettingsPage', 'Logout failed', err)
       setErrorMessage('Unable to log out. Please try again.')
     } finally {
       setIsProcessing(false)
@@ -72,7 +67,7 @@ export default function SettingsPage() {
 
     const xsrfToken = getCookie(csrfCookieName)
     if (!xsrfToken) {
-      logError('CSRF token not found for delete account with CSRF_COOKIE_NAME=' + csrfCookieName)
+      logError('SettingsPage', 'CSRF token not found for delete account with CSRF_COOKIE_NAME=' + csrfCookieName)
       setErrorMessage(csrfErrorMessage)
       return
     }
@@ -91,27 +86,27 @@ export default function SettingsPage() {
       }
 
       if (res.status === 403) {
-        logError('Delete account forbidden - CSRF validation failed')
+        logError('SettingsPage', 'Delete account forbidden - CSRF validation failed')
         setErrorMessage(csrfErrorMessage)
         return
       }
 
       if (!res.ok && res.status !== 204) {
-        logError('Delete account failed with status: ' + res.status)
+        logError('SettingsPage', 'Delete account failed with status: ' + res.status)
         setErrorMessage('Failed to delete your account. Please try again.')
         return
       }
 
       try {
         await requestLogout(xsrfToken)
       } catch (err) {
-        logError('Logout after delete account failed', err)
+        logError('SettingsPage', 'Logout after delete account failed', err)
         // Ignore logout failures here and continue redirecting the user.
       }
 
       window.location.href = '/login'
     } catch (err) {
-      logError('Delete account network error', err)
+      logError('SettingsPage', 'Delete account network error', err)
       setErrorMessage(networkErrorMessage)
     } finally {
       setIsProcessing(false)
diff --git a/frontend/src/utils/logger.ts b/frontend/src/utils/logger.ts
@@ -0,0 +1,20 @@
+/**
+ * Logs error messages to the console when debug mode is enabled.
+ * Debug mode is activated by setting 'artist-insight-debug' to 'true' in localStorage.
+ * 
+ * @param context - The context or component name where the error occurred
+ * @param message - The error message to log
+ * @param error - Optional error object or additional details
+ */
+export function logError(context: string, message: string, error?: any) {
+  if (typeof window !== 'undefined' && localStorage.getItem('artist-insight-debug') === 'true') {
+    console.error(`[${context}] ${message}`, error)
+  }
+}
+
+
+export function logDebug(context: string, message: string, error?: any) {
+  if (typeof window !== 'undefined' && localStorage.getItem('artist-insight-debug') === 'true') {
+    console.debug(`[${context}] ${message}`, error)
+  }
+}
diff --git a/templates/docker/.test-env b/templates/docker/.test-env
@@ -13,8 +13,10 @@ ADMIN_EMAIL=
 ORGANISATION_EMAIL=
 ORGANISATION_EMAIL_PASSWORD=
 DEFAULT_SUCCESS_URL=http://127.0.0.1:3002
+LOGIN_URL=http://127.0.0.1:3002/login
 SPRING_PROFILES_ACTIVE=postgres,prod-spotify,stub-openai,stub-kofi,local
 
 LOCAL_BACKEND_URL: http://app:9016
 PUBLIC_BACKEND_URL=http://127.0.0.1:9016
+NEXT_PUBLIC_CSRF_COOKIE_NAME=XSRF-TOKEN-LOCAL
 
