Fix auth session not being accepted via cookie anymore

LucHeart · LucHeart · commit a732e3ea3c57 · 2024-12-07T22:49:52.000+01:00
diff --git a/API/Controller/Account/Logout.cs b/API/Controller/Account/Logout.cs
@@ -16,7 +16,7 @@ public async Task<IActionResult> Logout(
         [FromServices] ApiConfig apiConfig)
     {
         // Remove session if valid
-        if (HttpContext.TryGetUserSessionCookie(out var sessionCookie))
+        if (HttpContext.TryGetUserSession(out var sessionCookie))
         {
             await sessionService.DeleteSessionById(sessionCookie);
         }
diff --git a/Common/Authentication/AuthenticationHandlers/UserSessionAuthentication.cs b/Common/Authentication/AuthenticationHandlers/UserSessionAuthentication.cs
@@ -47,7 +47,7 @@ public UserSessionAuthentication(
 
     protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
     {
-        if (!Context.TryGetUserSessionCookie(out var sessionKey))
+        if (!Context.TryGetUserSession(out var sessionKey))
         {
             return AuthenticateResult.Fail(AuthResultError.CookieMissingOrInvalid.Type!);
         }
diff --git a/Common/Constants/AuthConstants.cs b/Common/Constants/AuthConstants.cs
@@ -3,7 +3,7 @@
 public static class AuthConstants
 {
     public const string UserSessionCookieName = "openShockSession";
-    public const string SessionHeaderName = "OpenShockSession";
+    public const string UserSessionHeaderName = "OpenShockSession";
     public const string ApiTokenHeaderName = "OpenShockToken";
     public const string HubTokenHeaderName = "DeviceToken";
 }
diff --git a/Common/Hubs/ShareLinkHub.cs b/Common/Hubs/ShareLinkHub.cs
@@ -45,7 +45,7 @@ public override async Task OnConnectedAsync()
         
         GenericIni? user = null;
 
-        if (httpContext.TryGetUserSessionCookie(out var sessionCookie))
+        if (httpContext.TryGetUserSession(out var sessionCookie))
         {
             user = await SessionAuth(sessionCookie);
             if (user == null)
diff --git a/Common/Utils/AuthUtils.cs b/Common/Utils/AuthUtils.cs
@@ -39,14 +39,20 @@ public static void RemoveSessionKeyCookie(this HttpContext context, string domai
         });
     }
 
-    public static bool TryGetUserSessionCookie(this HttpContext context, [NotNullWhen(true)] out string? sessionCookie)
+    public static bool TryGetUserSession(this HttpContext context, [NotNullWhen(true)] out string? sessionToken)
     {
-        if (context.Request.Cookies.TryGetValue(AuthConstants.UserSessionCookieName, out sessionCookie) && !string.IsNullOrEmpty(sessionCookie))
+        if (context.Request.Cookies.TryGetValue(AuthConstants.UserSessionCookieName, out sessionToken) && !string.IsNullOrEmpty(sessionToken))
         {
             return true;
         }
+        
+        if(context.Request.Headers.TryGetValue(AuthConstants.UserSessionHeaderName, out var headerSessionCookie) && !string.IsNullOrEmpty(headerSessionCookie))
+        {
+            sessionToken = headerSessionCookie.ToString();
+            return true;
+        }
 
-        sessionCookie = null;
+        sessionToken = null;
 
         return false;
     }
diff --git a/Cron/DashboardAdminAuth.cs b/Cron/DashboardAdminAuth.cs
@@ -19,7 +19,7 @@ public async Task<bool> AuthorizeAsync(DashboardContext context)
         var userSessions = redis.RedisCollection<LoginSession>(false);
         var db = httpContext.RequestServices.GetRequiredService<OpenShockContext>();
 
-        if (httpContext.TryGetUserSessionCookie(out var userSessionCookie))
+        if (httpContext.TryGetUserSession(out var userSessionCookie))
         {
             if (await SessionAuthAdmin(userSessionCookie, userSessions, db))
             {

Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,7 @@ public async Task<IActionResult> Logout(`
`16`	`16`	`[FromServices] ApiConfig apiConfig)`
`17`	`17`	`{`
`18`	`18`	`// Remove session if valid`
`19`		`- if (HttpContext.TryGetUserSessionCookie(out var sessionCookie))`
	`19`	`+ if (HttpContext.TryGetUserSession(out var sessionCookie))`
`20`	`20`	`{`
`21`	`21`	`await sessionService.DeleteSessionById(sessionCookie);`
`22`	`22`	`}`
Original file line number	Diff line number	Diff line change
`@@ -47,7 +47,7 @@ public UserSessionAuthentication(`
`47`	`47`
`48`	`48`	`protected override async Task<AuthenticateResult> HandleAuthenticateAsync()`
`49`	`49`	`{`
`50`		`- if (!Context.TryGetUserSessionCookie(out var sessionKey))`
	`50`	`+ if (!Context.TryGetUserSession(out var sessionKey))`
`51`	`51`	`{`
`52`	`52`	`return AuthenticateResult.Fail(AuthResultError.CookieMissingOrInvalid.Type!);`
`53`	`53`	`}`
Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@`
`3`	`3`	`public static class AuthConstants`
`4`	`4`	`{`
`5`	`5`	`public const string UserSessionCookieName = "openShockSession";`
`6`		`- public const string SessionHeaderName = "OpenShockSession";`
	`6`	`+ public const string UserSessionHeaderName = "OpenShockSession";`
`7`	`7`	`public const string ApiTokenHeaderName = "OpenShockToken";`
`8`	`8`	`public const string HubTokenHeaderName = "DeviceToken";`
`9`	`9`	`}`
Original file line number	Diff line number	Diff line change
`@@ -45,7 +45,7 @@ public override async Task OnConnectedAsync()`
`45`	`45`
`46`	`46`	`GenericIni? user = null;`
`47`	`47`
`48`		`- if (httpContext.TryGetUserSessionCookie(out var sessionCookie))`
	`48`	`+ if (httpContext.TryGetUserSession(out var sessionCookie))`
`49`	`49`	`{`
`50`	`50`	`user = await SessionAuth(sessionCookie);`
`51`	`51`	`if (user == null)`
Original file line number	Diff line number	Diff line change
`@@ -39,14 +39,20 @@ public static void RemoveSessionKeyCookie(this HttpContext context, string domai`
`39`	`39`	`});`
`40`	`40`	`}`
`41`	`41`
`42`		`- public static bool TryGetUserSessionCookie(this HttpContext context, [NotNullWhen(true)] out string? sessionCookie)`
	`42`	`+ public static bool TryGetUserSession(this HttpContext context, [NotNullWhen(true)] out string? sessionToken)`
`43`	`43`	`{`
`44`		`- if (context.Request.Cookies.TryGetValue(AuthConstants.UserSessionCookieName, out sessionCookie) && !string.IsNullOrEmpty(sessionCookie))`
	`44`	`+ if (context.Request.Cookies.TryGetValue(AuthConstants.UserSessionCookieName, out sessionToken) && !string.IsNullOrEmpty(sessionToken))`
`45`	`45`	`{`
`46`	`46`	`return true;`
`47`	`47`	`}`
	`48`	`+`
	`49`	`+ if(context.Request.Headers.TryGetValue(AuthConstants.UserSessionHeaderName, out var headerSessionCookie) && !string.IsNullOrEmpty(headerSessionCookie))`
	`50`	`+ {`
	`51`	`+ sessionToken = headerSessionCookie.ToString();`
	`52`	`+ return true;`
	`53`	`+ }`
`48`	`54`
`49`		`- sessionCookie = null;`
	`55`	`+ sessionToken = null;`
`50`	`56`
`51`	`57`	`return false;`
`52`	`58`	`}`
Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ public async Task<bool> AuthorizeAsync(DashboardContext context)`
`19`	`19`	`var userSessions = redis.RedisCollection<LoginSession>(false);`
`20`	`20`	`var db = httpContext.RequestServices.GetRequiredService<OpenShockContext>();`
`21`	`21`
`22`		`- if (httpContext.TryGetUserSessionCookie(out var userSessionCookie))`
	`22`	`+ if (httpContext.TryGetUserSession(out var userSessionCookie))`
`23`	`23`	`{`
`24`	`24`	`if (await SessionAuthAdmin(userSessionCookie, userSessions, db))`
`25`	`25`	`{`