fix: remove cookies upon logging out

Author: amam-deriv

src/hooks/custom-hooks/useOAuth.ts

@@ -1,6 +1,6 @@
 import { useCallback } from 'react';
 import { getOauthUrl } from '@/constants';
-import { getCurrentRoute } from '@/utils';
+import { getCurrentRoute, removeCookies } from '@/utils';
 import { useAuthData } from '@deriv-com/api-hooks';
 import { TOAuth2EnabledAppList, useOAuth2 } from '@deriv-com/auth-client';
 import useGrowthbookGetFeatureValue from './useGrowthbookGetFeatureValue';
@@ -31,6 +31,7 @@ const useOAuth = (): UseOAuthReturn => {
 
     const WSLogoutAndRedirect = async () => {
         await logout();
+        removeCookies('affiliate_token', 'affiliate_tracking', 'utm_data', 'onfido_token');
         window.open(oauthUrl, '_self');
     };
     const { OAuth2Logout: oAuthLogout } = useOAuth2(oAuthGrowthbookConfig, WSLogoutAndRedirect);

src/utils/__tests__/storage.spec.ts

@@ -0,0 +1,37 @@
+import Cookies from 'js-cookie';
+import { removeCookies } from '../storage';
+
+jest.mock('js-cookie');
+
+describe('removeCookies', () => {
+    beforeEach(() => {
+        jest.clearAllMocks();
+        Object.defineProperty(window, 'location', {
+            value: { pathname: '/test' },
+            writable: true,
+        });
+        Object.defineProperty(document, 'domain', {
+            value: 'example.com',
+            writable: true,
+        });
+    });
+
+    it('should remove cookies from all specified domains and paths', () => {
+        removeCookies('cookie1', 'cookie2');
+
+        expect(Cookies.remove).toHaveBeenCalledWith('cookie1', { domain: '.example.com', path: '/' });
+        expect(Cookies.remove).toHaveBeenCalledWith('cookie1', { domain: '.example.com', path: '/' });
+        expect(Cookies.remove).toHaveBeenCalledWith('cookie1');
+        expect(Cookies.remove).toHaveBeenCalledWith('cookie2', { domain: '.example.com', path: '/' });
+        expect(Cookies.remove).toHaveBeenCalledWith('cookie2', { domain: '.example.com', path: '/' });
+        expect(Cookies.remove).toHaveBeenCalledWith('cookie2');
+    });
+
+    it('should not remove cookies from parent path if it does not exist', () => {
+        window.location.pathname = '/';
+        removeCookies('cookie1', 'cookie2');
+
+        expect(Cookies.remove).not.toHaveBeenCalledWith('cookie1', { domain: '.example.com', path: '/test' });
+        expect(Cookies.remove).not.toHaveBeenCalledWith('cookie2', { domain: '.example.com', path: '/test' });
+    });
+});

src/utils/index.ts

@@ -13,6 +13,7 @@ export * from './os';
 export * from './payment-methods';
 export * from './routes';
 export * from './setup-mocks';
+export * from './storage';
 export * from './string';
 export * from './time';
 export * from './types';

src/utils/storage.ts

@@ -0,0 +1,21 @@
+import Cookies from 'js-cookie';
+
+export const removeCookies = (...cookieNames: string[]) => {
+    const domains = [`.${document.domain.split('.').slice(-2).join('.')}`, `.${document.domain}`];
+
+    let parentPath = window.location.pathname.split('/', 2)[1];
+    if (parentPath !== '') {
+        parentPath = `/${parentPath}`;
+    }
+
+    cookieNames.forEach(c => {
+        Cookies.remove(c, { domain: domains[0], path: '/' });
+        Cookies.remove(c, { domain: domains[1], path: '/' });
+        Cookies.remove(c);
+        if (new RegExp(c).test(document.cookie) && parentPath) {
+            Cookies.remove(c, { domain: domains[0], path: parentPath });
+            Cookies.remove(c, { domain: domains[1], path: parentPath });
+            Cookies.remove(c, { path: parentPath });
+        }
+    });
+};