feat: replace default cookie events with custom EnvelopeCookieManager and introduce custom auth cookie name (env_auth)

2025-11-20 10:32:32 +01:00 · 2025-11-20 10:32:32 +01:00 · 8445757f34
commit 8445757f34
parent b088eb089f
1 changed files with 11 additions and 29 deletions
--- a/EnvelopeGenerator.Web/Program.cs
+++ b/EnvelopeGenerator.Web/Program.cs
@ -17,6 +17,7 @@ using EnvelopeGenerator.Web.Models.Annotation;
 using DigitalData.UserManager.DependencyInjection;
 using EnvelopeGenerator.Web.Middleware;
 using EnvelopeGenerator.Application.Common.Interfaces.Services;
+using EnvelopeGenerator.Web;

 var logger = LogManager.Setup().LoadConfigurationFromAppSettings().GetCurrentClassLogger();
 logger.Info("Logging initialized!");
@ -134,35 +135,16 @@ try
        options.ConsentCookie.Name = "cookie-consent-settings";
    });

+    var authCookieName = "env_auth";
    builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
    .AddCookie(options =>
    {
-        options.Cookie.HttpOnly = true;         // Makes the cookie inaccessible to client-side scripts for security
-        options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest; // Ensures cookies are sent over HTTPS only
-        options.Cookie.SameSite = SameSiteMode.Strict; // Protects against CSRF attacks by restricting how cookies are sent with requests from external sites
+        options.Cookie.Name = authCookieName;
+        options.CookieManager = new EnvelopeCookieManager(authCookieName);
+        options.Cookie.HttpOnly = true;
+        options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
+        options.Cookie.SameSite = SameSiteMode.Strict;
        options.ExpireTimeSpan = TimeSpan.FromMinutes(30);
-
-        options.Events = new CookieAuthenticationEvents
-        {
-            OnRedirectToLogin = context =>
-            {
-                // Dynamically calculate the redirection path, for example:
-                var envelopeReceiverId = context.HttpContext.Request.RouteValues["envelopeReceiverId"];
-                context.RedirectUri = $"/EnvelopeKey/{envelopeReceiverId}";
-
-                context.Response.Redirect(context.RedirectUri);
-                return Task.CompletedTask;
-            },
-            OnRedirectToLogout = context =>
-            {
-                // Apply a similar redirection logic for logout
-                var envelopeReceiverId = context.HttpContext.Request.RouteValues["envelopeReceiverId"];
-                context.RedirectUri = $"/EnvelopeKey/{envelopeReceiverId}";
-
-                context.Response.Redirect(context.RedirectUri);
-                return Task.CompletedTask;
-            }
-        }; 
    });

    builder.Services.AddSingleton(config.GetSection("ContactLink").Get<ContactLink>() ?? new());
@ -249,7 +231,7 @@ try
    app.UseAuthorization();

    var cultures = app.Services.GetRequiredService<Cultures>();
-    if(!cultures.Any())
+    if (!cultures.Any())
        throw new InvalidOperationException(@"Languages section is missing in the appsettings. Please configure like following.
            Language is both a name of the culture and the name of the resx file such as Resource.de-DE.resx
            FIClass is the css class (in wwwroot/lib/flag-icons-main) for the flag of country.
@ -264,7 +246,7 @@ try
            }
            ]");

-    if(!config.GetValue<bool>("DisableMultiLanguage"))
+    if (!config.GetValue<bool>("DisableMultiLanguage"))
        app.UseCookieBasedLocalizer(cultures.Languages.ToArray());

    app.UseCors("SameOriginPolicy");
@ -273,7 +255,7 @@ try
    app.MapFallbackToController("Error404", "Home");
    app.Run();
 }
-catch(Exception ex)
+catch (Exception ex)
 {
    logger.Error(ex, "Stopped program because of exception");
    throw;