[Unticketed] fix auth bug - allow non ssl cookies in non-prod (#3507)

Only set the "secure" parameter on the session cookie to "true" in prod for now
HHS · Jan 13, 2025 · 67d5df0 · 67d5df0
1 parent f29151a
commit 67d5df0
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 4 deletions.
diff --git a/frontend/package.json b/frontend/package.json
@@ -6,7 +6,7 @@
     "node": ">=22.13.0"
   },
   "scripts": {
-    "all-checks": "npm run lint && npm run ts:check && npm run test && npm run build",
+    "all-checks": "npm run lint && npm run ts:check && npm run test && npm run build -- --no-lint",
     "build": "next build",
     "dev": "NEW_RELIC_ENABLED=false next dev",
     "dev:nr": "NODE_OPTIONS='-r @newrelic/next' next dev",

diff --git a/frontend/src/services/auth/session.ts b/frontend/src/services/auth/session.ts
@@ -63,7 +63,7 @@ export const createSession = async (token: string) => {
   const session = await encrypt(token, expiresAt, clientJwtKey);
   cookies().set("session", session, {
     httpOnly: true,
-    secure: true,
+    secure: environment.ENVIRONMENT === "prod",
     expires: expiresAt,
     sameSite: "lax",
     path: "/",

diff --git a/frontend/src/services/auth/sessionUtils.ts b/frontend/src/services/auth/sessionUtils.ts
@@ -22,7 +22,7 @@ export const decrypt = async (
     });
     return payload;
   } catch (error) {
-    console.error("Failed to decrypt session cookie", error);
+    console.error(`Failed to decrypt session cookie with ${algorithm}`, error);
     return null;
   }
 };

diff --git a/frontend/tests/services/auth/session.test.ts b/frontend/tests/services/auth/session.test.ts
@@ -115,7 +115,7 @@ describe("createSession", () => {
       "encrypted session",
       {
         httpOnly: true,
-        secure: true,
+        secure: false, // true only in prod for now
         expires: new Date(0),
         sameSite: "lax",
         path: "/",