From a732e3ea3c573ff9b188e15749189a6ad2f3ccba Mon Sep 17 00:00:00 2001 From: Luca Date: Sat, 7 Dec 2024 22:49:52 +0100 Subject: [PATCH] Fix auth session not being accepted via cookie anymore --- API/Controller/Account/Logout.cs | 2 +- .../UserSessionAuthentication.cs | 2 +- Common/Constants/AuthConstants.cs | 2 +- Common/Hubs/ShareLinkHub.cs | 2 +- Common/Utils/AuthUtils.cs | 12 +++++++++--- Cron/DashboardAdminAuth.cs | 2 +- 6 files changed, 14 insertions(+), 8 deletions(-) diff --git a/API/Controller/Account/Logout.cs b/API/Controller/Account/Logout.cs index bf99803..f3d07d4 100644 --- a/API/Controller/Account/Logout.cs +++ b/API/Controller/Account/Logout.cs @@ -16,7 +16,7 @@ public async Task Logout( [FromServices] ApiConfig apiConfig) { // Remove session if valid - if (HttpContext.TryGetUserSessionCookie(out var sessionCookie)) + if (HttpContext.TryGetUserSession(out var sessionCookie)) { await sessionService.DeleteSessionById(sessionCookie); } diff --git a/Common/Authentication/AuthenticationHandlers/UserSessionAuthentication.cs b/Common/Authentication/AuthenticationHandlers/UserSessionAuthentication.cs index ec69aeb..610dd51 100644 --- a/Common/Authentication/AuthenticationHandlers/UserSessionAuthentication.cs +++ b/Common/Authentication/AuthenticationHandlers/UserSessionAuthentication.cs @@ -47,7 +47,7 @@ public UserSessionAuthentication( protected override async Task HandleAuthenticateAsync() { - if (!Context.TryGetUserSessionCookie(out var sessionKey)) + if (!Context.TryGetUserSession(out var sessionKey)) { return AuthenticateResult.Fail(AuthResultError.CookieMissingOrInvalid.Type!); } diff --git a/Common/Constants/AuthConstants.cs b/Common/Constants/AuthConstants.cs index 653c7a6..e8cb134 100644 --- a/Common/Constants/AuthConstants.cs +++ b/Common/Constants/AuthConstants.cs @@ -3,7 +3,7 @@ public static class AuthConstants { public const string UserSessionCookieName = "openShockSession"; - public const string SessionHeaderName = "OpenShockSession"; + public const string UserSessionHeaderName = "OpenShockSession"; public const string ApiTokenHeaderName = "OpenShockToken"; public const string HubTokenHeaderName = "DeviceToken"; } diff --git a/Common/Hubs/ShareLinkHub.cs b/Common/Hubs/ShareLinkHub.cs index 0b975fe..964c208 100644 --- a/Common/Hubs/ShareLinkHub.cs +++ b/Common/Hubs/ShareLinkHub.cs @@ -45,7 +45,7 @@ public override async Task OnConnectedAsync() GenericIni? user = null; - if (httpContext.TryGetUserSessionCookie(out var sessionCookie)) + if (httpContext.TryGetUserSession(out var sessionCookie)) { user = await SessionAuth(sessionCookie); if (user == null) diff --git a/Common/Utils/AuthUtils.cs b/Common/Utils/AuthUtils.cs index 6a662a7..5086ee6 100644 --- a/Common/Utils/AuthUtils.cs +++ b/Common/Utils/AuthUtils.cs @@ -39,14 +39,20 @@ public static void RemoveSessionKeyCookie(this HttpContext context, string domai }); } - public static bool TryGetUserSessionCookie(this HttpContext context, [NotNullWhen(true)] out string? sessionCookie) + public static bool TryGetUserSession(this HttpContext context, [NotNullWhen(true)] out string? sessionToken) { - if (context.Request.Cookies.TryGetValue(AuthConstants.UserSessionCookieName, out sessionCookie) && !string.IsNullOrEmpty(sessionCookie)) + if (context.Request.Cookies.TryGetValue(AuthConstants.UserSessionCookieName, out sessionToken) && !string.IsNullOrEmpty(sessionToken)) { return true; } + + if(context.Request.Headers.TryGetValue(AuthConstants.UserSessionHeaderName, out var headerSessionCookie) && !string.IsNullOrEmpty(headerSessionCookie)) + { + sessionToken = headerSessionCookie.ToString(); + return true; + } - sessionCookie = null; + sessionToken = null; return false; } diff --git a/Cron/DashboardAdminAuth.cs b/Cron/DashboardAdminAuth.cs index 48fb1a4..03e8d13 100644 --- a/Cron/DashboardAdminAuth.cs +++ b/Cron/DashboardAdminAuth.cs @@ -19,7 +19,7 @@ public async Task AuthorizeAsync(DashboardContext context) var userSessions = redis.RedisCollection(false); var db = httpContext.RequestServices.GetRequiredService(); - if (httpContext.TryGetUserSessionCookie(out var userSessionCookie)) + if (httpContext.TryGetUserSession(out var userSessionCookie)) { if (await SessionAuthAdmin(userSessionCookie, userSessions, db)) {