Merge pull request #169 from PerimeterX/dev

Version 2.13.1 from dev

Author: AsafAklerPX

CHANGELOG.md

@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [2.13.1] - 2021-07-04
+
+### Added
+
+-   Bug fix: Cookie decryption fails on mobile sdk error
+
 ## [2.13.0] - 2021-06-08
 
 ### Added

README.md

@@ -6,7 +6,7 @@
 [PerimeterX](http://www.perimeterx.com) Shared base for NodeJS enforcers
 =============================================================
 
-> Latest stable version: [v2.13.0](https://www.npmjs.com/package/perimeterx-node-core)
+> Latest stable version: [v2.13.1](https://www.npmjs.com/package/perimeterx-node-core)
 
 This is a shared base implementation for PerimeterX Express enforcer and future NodeJS enforcers. For a fully functioning implementation example, see the [Node-Express enforcer](https://github.com/PerimeterX/perimeterx-node-express/) implementation.
 

lib/pxcontext.js

@@ -31,7 +31,7 @@ class PxContext {
             this.cookieOrigin = 'header';
             config.logger.debug('Mobile SDK token detected');
             this.originalToken = this.headers[mobileSdkOriginalTokenHeader];
-            const tokenObject = this.getTokenObject(mobileHeader);
+            const tokenObject = pxUtil.getTokenObject(mobileHeader);
             this.cookies[tokenObject.key] = tokenObject.value;
         } else {
             let cookies = req.cookies;
@@ -78,19 +78,6 @@ class PxContext {
         return false;
     }
 
-    getTokenObject(cookie, delimiter = ':') {
-        if (cookie.indexOf(delimiter) > -1) {
-            const [version, ...extractedCookie] = cookie.split(delimiter);
-            if (version === '3') {
-                return { key: '_px3', value: extractedCookie.join(delimiter) };
-            }
-            if (version === '1') {
-                return { key: '_px', value: extractedCookie.join(delimiter) };
-            }
-        }
-        return { key: '_px3', value: cookie };
-    }
-
     isMobile() {
         return this.cookieOrigin === 'header';
     }

lib/pxoriginaltoken.js

@@ -1,9 +1,10 @@
 const TokenV3 = require('./cookie/tokenV3');
 const TokenV1 = require('./cookie/tokenV1');
+const pxUtil = require('./pxutil');
 
 function evalCookie(ctx, config) {
     try {
-        const noVersionOriginalToken = ctx.originalToken;
+        const noVersionOriginalToken = pxUtil.getTokenObject(ctx.originalToken).value;
         const cookie = (ctx.cookies['_px3'] ? new TokenV3(ctx, config, noVersionOriginalToken) : new TokenV1(ctx, config, noVersionOriginalToken));
         config.logger.debug('Original token found, Evaluating');
 

lib/pxutil.js

@@ -249,6 +249,19 @@ function isReqInMonitorMode(pxConfig, pxCtx) {
     );
 }
 
+function getTokenObject(cookie, delimiter = ':') {
+    if (cookie.indexOf(delimiter) > -1) {
+        const [version, ...extractedCookie] = cookie.split(delimiter);
+        if (version === '3') {
+            return { key: '_px3', value: extractedCookie.join(delimiter) };
+        }
+        if (version === '1') {
+            return { key: '_px', value: extractedCookie.join(delimiter) };
+        }
+    }
+    return { key: '_px3', value: cookie };
+}
+
 module.exports = {
     formatHeaders,
     filterSensitiveHeaders,
@@ -266,4 +279,5 @@ module.exports = {
     isStringMatchWith,
     generateHMAC,
     isReqInMonitorMode,
+    getTokenObject,
 };

package-lock.json

@@ -1,6 +1,6 @@
 {
     "name": "perimeterx-node-core",
-    "version": "2.13.0",
+    "version": "2.13.1",
     "description": "PerimeterX NodeJS shared core for various applications to monitor and block traffic according to PerimeterX risk score",
     "main": "index.js",
     "scripts": {