From e37bb182c3bf48af2598beabd361567564c1dd11 Mon Sep 17 00:00:00 2001
From: Saad Jutt <ihsan.distranger@gmail.com>
Date: Thu, 4 Aug 2022 05:04:43 +0500
Subject: [PATCH 1/2] fix(server): csrf cookie is created explicitly

---
 src/auth/AuthManager.ts      | 12 ++++++++++--
 src/request/RequestClient.ts | 10 +++++++++-
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/src/auth/AuthManager.ts b/src/auth/AuthManager.ts
index c5bb188..a9dce8a 100644
--- a/src/auth/AuthManager.ts
+++ b/src/auth/AuthManager.ts
@@ -223,9 +223,17 @@ export class AuthManager {
 
   private async getNewLoginForm() {
     if (this.serverType === ServerType.Sasjs) {
-      // server will be sending CSRF cookie,
+      // server will be sending CSRF token in response,
+      // need to save in cookie so that,
       // http client will use it automatically
-      return this.requestClient.get('/', undefined)
+      return this.requestClient.get('/', undefined).then(({ result }) => {
+        const cookie =
+          /<script>document.cookie = '(XSRF-TOKEN=.*; Max-Age=86400; SameSite=Strict; Path=\/;)'<\/script>/.exec(
+            result as string
+          )?.[1]
+
+        if (cookie) document.cookie = cookie
+      })
     }
 
     const { result: formResponse } = await this.requestClient.get<string>(
diff --git a/src/request/RequestClient.ts b/src/request/RequestClient.ts
index 1a096a4..c1753ba 100644
--- a/src/request/RequestClient.ts
+++ b/src/request/RequestClient.ts
@@ -500,11 +500,19 @@ export class RequestClient implements HttpClient {
     }
 
     if (e instanceof InvalidCsrfError) {
-      // Fetching root will inject CSRF token in cookie
+      // Fetching root and creating CSRF cookie
       await this.httpClient
         .get('/', {
           withCredentials: true
         })
+        .then((response) => {
+          const cookie =
+            /<script>document.cookie = '(XSRF-TOKEN=.*; Max-Age=86400; SameSite=Strict; Path=\/;)'<\/script>/.exec(
+              response.data
+            )?.[1]
+
+          if (cookie) document.cookie = cookie
+        })
         .catch((err) => {
           throw prefixMessage(err, 'Error while re-fetching CSRF token.')
         })

From f58f2eba975b72fbd47b9547c4ecd982fb4340bc Mon Sep 17 00:00:00 2001
From: Saad Jutt <ihsan.distranger@gmail.com>
Date: Thu, 4 Aug 2022 05:59:39 +0500
Subject: [PATCH 2/2] chore: error needs to be more specific

---
 src/request/RequestClient.ts              | 6 +++---
 src/types/errors/InvalidCsrfError.ts      | 9 ---------
 src/types/errors/InvalidSASjsCsrfError.ts | 9 +++++++++
 3 files changed, 12 insertions(+), 12 deletions(-)
 delete mode 100644 src/types/errors/InvalidCsrfError.ts
 create mode 100644 src/types/errors/InvalidSASjsCsrfError.ts

diff --git a/src/request/RequestClient.ts b/src/request/RequestClient.ts
index c1753ba..3ab2b83 100644
--- a/src/request/RequestClient.ts
+++ b/src/request/RequestClient.ts
@@ -19,7 +19,7 @@ import {
   parseSourceCode,
   createAxiosInstance
 } from '../utils'
-import { InvalidCsrfError } from '../types/errors/InvalidCsrfError'
+import { InvalidSASjsCsrfError } from '../types/errors/InvalidSASjsCsrfError'
 
 export interface HttpClient {
   get<T>(
@@ -499,7 +499,7 @@ export class RequestClient implements HttpClient {
       throw e
     }
 
-    if (e instanceof InvalidCsrfError) {
+    if (e instanceof InvalidSASjsCsrfError) {
       // Fetching root and creating CSRF cookie
       await this.httpClient
         .get('/', {
@@ -623,7 +623,7 @@ export const throwIfError = (response: AxiosResponse) => {
         typeof response.data === 'string' &&
         response.data.toLowerCase() === 'invalid csrf token!'
       ) {
-        throw new InvalidCsrfError()
+        throw new InvalidSASjsCsrfError()
       }
       break
     case 401:
diff --git a/src/types/errors/InvalidCsrfError.ts b/src/types/errors/InvalidCsrfError.ts
deleted file mode 100644
index cf174ab..0000000
--- a/src/types/errors/InvalidCsrfError.ts
+++ /dev/null
@@ -1,9 +0,0 @@
-export class InvalidCsrfError extends Error {
-  constructor() {
-    const message = 'Invalid CSRF token!'
-
-    super(`Auth error: ${message}`)
-    this.name = 'InvalidCsrfError'
-    Object.setPrototypeOf(this, InvalidCsrfError.prototype)
-  }
-}
diff --git a/src/types/errors/InvalidSASjsCsrfError.ts b/src/types/errors/InvalidSASjsCsrfError.ts
new file mode 100644
index 0000000..d785795
--- /dev/null
+++ b/src/types/errors/InvalidSASjsCsrfError.ts
@@ -0,0 +1,9 @@
+export class InvalidSASjsCsrfError extends Error {
+  constructor() {
+    const message = 'Invalid CSRF token!'
+
+    super(`Auth error: ${message}`)
+    this.name = 'InvalidSASjsCsrfError'
+    Object.setPrototypeOf(this, InvalidSASjsCsrfError.prototype)
+  }
+}