export function getSecurityCookieOptions()

in server/session/security_cookie.ts [42:74]

• 26 lines of code
• 9 McCabe index (conditional complexity)

export function getSecurityCookieOptions(
  config: SecurityPluginConfigType
): SessionStorageCookieOptions<SecuritySessionCookie> {
  return {
    name: config.cookie.name,
    encryptionKey: config.cookie.password,
    validate: (sessionStorage: SecuritySessionCookie | SecuritySessionCookie[]) => {
      sessionStorage = sessionStorage as SecuritySessionCookie;
      if (sessionStorage === undefined) {
        return { isValid: false, path: '/' };
      }

      // TODO: with setting redirect attributes to support OIDC and SAML,
      //       we need to do additonal cookie validatin in AuthenticationHandlers.
      // if SAML fields present
      if (sessionStorage.saml && sessionStorage.saml.requestId && sessionStorage.saml.nextUrl) {
        return { isValid: true, path: '/' };
      }

      // if OIDC fields present
      if (sessionStorage.oidc) {
        return { isValid: true, path: '/' };
      }

      if (sessionStorage.expiryTime === undefined || sessionStorage.expiryTime < Date.now()) {
        return { isValid: false, path: '/' };
      }
      return { isValid: true, path: '/' };
    },
    isSecure: config.cookie.secure,
    sameSite: config.cookie.isSameSite || undefined,
  };
}