Correct SSO breakage scenario

rtCamp · Oct 19, 2023 · 05edaf9 · 05edaf9
1 parent bca5f33
commit 05edaf9
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 14 deletions.
diff --git a/scenarios/single-sign-on/check-login-status.ejs b/scenarios/single-sign-on/check-login-status.ejs
@@ -0,0 +1,10 @@
+<% if (email) { %>
+<script>
+	window.onload = function() {
+		// If the user is logged in, send the email back to the parent frame
+		window.parent.postMessage({ action: 'loggedIn', email: '<%= email %>', test: 'testing' }, '*');
+	};
+</script>
+<% } else { %>
+Not logged in
+<% } %>
diff --git a/scenarios/single-sign-on/routes.js b/scenarios/single-sign-on/routes.js
@@ -3,7 +3,7 @@ const path = require('path');
 const router = express.Router();
 
 router.get('/', (req, res) => {
-	const email = req.cookies.email;
+	const email = req.cookies.localemail;
 
 	if (email) {
 		// User is 'logged in', redirect to profile page
@@ -15,7 +15,8 @@ router.get('/', (req, res) => {
 });
 
 router.get('/profile', (req, res) => {
-	const email = req.cookies.email;
+	// Stored for site's own login status
+	const email = req.cookies.localemail;
 	const domain = req.get('host');
 
 	if (email) {
@@ -27,7 +28,7 @@ router.get('/profile', (req, res) => {
 
 router.get('/logout', (req, res) => {
 	const domain = req.get('host');
-	res.clearCookie('email');
+	res.clearCookie('localemail');
 	res.render(path.join(__dirname, 'logout'), { title: 'Single Sign-On Demo for ' + domain });
 });
 
@@ -57,4 +58,10 @@ router.post('/validate', (req, res) => {
 	}
 });
 
+router.get('/check-login-status', (req, res) => {
+	const email = req.cookies.email;
+	res.render(path.join(__dirname, 'check-login-status'), { email: email });
+});
+
+
 module.exports = router;
diff --git a/scenarios/single-sign-on/signin.ejs b/scenarios/single-sign-on/signin.ejs
@@ -1,26 +1,33 @@
 <%- include(commonPath + '/header.ejs') %>
 
 <div class="container mx-auto py-8">
-    <h1 class="text-3xl font-bold mb-4 text-center">🚧 Single Sign-On Demo</h1>
-    <div class="text-center">
-        <button id="signInButton" class="bg-blue-500 text-white font-bold py-2 px-4 rounded-full inline-block">Sign In</button>
-    </div>
+	<h1 class="text-3xl font-bold mb-4 text-center">🚧 Single Sign-On Demo</h1>
+	<div class="text-center">
+		<button id="signInButton" class="bg-blue-500 text-white font-bold py-2 px-4 rounded-full inline-block">Sign In</button>
+	</div>
 </div>
 
 <script>
-	document.getElementById('signInButton').addEventListener('click', function() {
-		const win = window.open('<%= protocol %>://<%= domainC %>/single-sign-on/login', 'Login to SSO', 'width=500,height=500');
+	window.onload = function() {
 		window.addEventListener('message', function(event) {
+			// Ensure the postMessage is coming from domainC
 			if (event.origin !== '<%= protocol %>://<%= domainC %>') return;
-			// Expected structure of event.data: { action: 'login', email: '[email protected]' }
-			if (event.data.action === 'login') {
-				// Set the cookie for domainC here using fetch or other methods.
-				// Redirect to profile or another route as needed.
-				document.cookie = `email=${event.data.email}; max-age=900000`;
+
+			if (event.data.action === 'loggedIn') {
+				// Set the localemail cookie for domainA
+				document.cookie = `localemail=${event.data.email}; path=/; max-age=900000`;
 				window.location.href = '/single-sign-on/profile';
 			}
 		}, false);
+	}
+
+
+	document.getElementById('signInButton').addEventListener('click', function() {
+		const win = window.open('<%= protocol %>://<%= domainC %>/single-sign-on/login', 'Login to SSO', 'width=500,height=500');
 	});
 </script>
 
+<!-- Hidden iframe to check login status on domainC -->
+<iframe id="checkLoginFrame" src="<%= protocol %>://<%= domainC %>/single-sign-on/check-login-status" style="display:none;"></iframe>
+
 <%- include(commonPath + '/footer.ejs') %>