feat: replace default cookie events with custom EnvelopeCookieManager and introduce custom auth cookie name (env_auth)

EnvelopeGenerator.Web/Program.cs

@@ -17,6 +17,7 @@ using EnvelopeGenerator.Web.Models.Annotation;
 using DigitalData.UserManager.DependencyInjection;
 using EnvelopeGenerator.Web.Middleware;
 using EnvelopeGenerator.Application.Common.Interfaces.Services;
+using EnvelopeGenerator.Web;
 
 var logger = LogManager.Setup().LoadConfigurationFromAppSettings().GetCurrentClassLogger();
 logger.Info("Logging initialized!");
@@ -134,41 +135,22 @@ try
         options.ConsentCookie.Name = "cookie-consent-settings";
     });
 
+    var authCookieName = "env_auth";
     builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
     .AddCookie(options =>
     {
-        options.Cookie.HttpOnly = true;         // Makes the cookie inaccessible to client-side scripts for security
+        options.Cookie.Name = authCookieName;
-        options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest; // Ensures cookies are sent over HTTPS only
+        options.CookieManager = new EnvelopeCookieManager(authCookieName);
-        options.Cookie.SameSite = SameSiteMode.Strict; // Protects against CSRF attacks by restricting how cookies are sent with requests from external sites
+        options.Cookie.HttpOnly = true;
+        options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
+        options.Cookie.SameSite = SameSiteMode.Strict;
         options.ExpireTimeSpan = TimeSpan.FromMinutes(30);
-
-        options.Events = new CookieAuthenticationEvents
-        {
-            OnRedirectToLogin = context =>
-            {
-                // Dynamically calculate the redirection path, for example:
-                var envelopeReceiverId = context.HttpContext.Request.RouteValues["envelopeReceiverId"];
-                context.RedirectUri = $"/EnvelopeKey/{envelopeReceiverId}";
-
-                context.Response.Redirect(context.RedirectUri);
-                return Task.CompletedTask;
-            },
-            OnRedirectToLogout = context =>
-            {
-                // Apply a similar redirection logic for logout
-                var envelopeReceiverId = context.HttpContext.Request.RouteValues["envelopeReceiverId"];
-                context.RedirectUri = $"/EnvelopeKey/{envelopeReceiverId}";
-
-                context.Response.Redirect(context.RedirectUri);
-                return Task.CompletedTask;
-            }
-        }; 
     });
 
     builder.Services.AddSingleton(config.GetSection("ContactLink").Get<ContactLink>() ?? new());
 
     builder.Services.AddCookieBasedLocalizer();
-    
+
     builder.Services.AddSingleton(HtmlEncoder.Default);
     builder.Services.AddSingleton(UrlEncoder.Default);
     builder.Services.AddSanitizer<HtmlSanitizer>();
@@ -249,7 +231,7 @@ try
     app.UseAuthorization();
 
     var cultures = app.Services.GetRequiredService<Cultures>();
-    if(!cultures.Any())
+    if (!cultures.Any())
         throw new InvalidOperationException(@"Languages section is missing in the appsettings. Please configure like following.
             Language is both a name of the culture and the name of the resx file such as Resource.de-DE.resx
             FIClass is the css class (in wwwroot/lib/flag-icons-main) for the flag of country.
@@ -264,7 +246,7 @@ try
             }
             ]");
 
-    if(!config.GetValue<bool>("DisableMultiLanguage"))
+    if (!config.GetValue<bool>("DisableMultiLanguage"))
         app.UseCookieBasedLocalizer(cultures.Languages.ToArray());
 
     app.UseCors("SameOriginPolicy");
@@ -273,7 +255,7 @@ try
     app.MapFallbackToController("Error404", "Home");
     app.Run();
 }
-catch(Exception ex)
+catch (Exception ex)
 {
     logger.Error(ex, "Stopped program because of exception");
     throw;