Fix auth session not being accepted via cookie anymore

OpenShock · Dec 7, 2024 · a732e3e · a732e3e
1 parent 5068921
commit a732e3e
Show file tree

Hide file tree

Showing 6 changed files with 14 additions and 8 deletions.
diff --git a/API/Controller/Account/Logout.cs b/API/Controller/Account/Logout.cs
@@ -16,7 +16,7 @@ public async Task<IActionResult> Logout(
         [FromServices] ApiConfig apiConfig)
     {
         // Remove session if valid
-        if (HttpContext.TryGetUserSessionCookie(out var sessionCookie))
+        if (HttpContext.TryGetUserSession(out var sessionCookie))
         {
             await sessionService.DeleteSessionById(sessionCookie);
         }

diff --git a/Common/Authentication/AuthenticationHandlers/UserSessionAuthentication.cs b/Common/Authentication/AuthenticationHandlers/UserSessionAuthentication.cs
@@ -47,7 +47,7 @@ public UserSessionAuthentication(
 
     protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
     {
-        if (!Context.TryGetUserSessionCookie(out var sessionKey))
+        if (!Context.TryGetUserSession(out var sessionKey))
         {
             return AuthenticateResult.Fail(AuthResultError.CookieMissingOrInvalid.Type!);
         }

diff --git a/Common/Constants/AuthConstants.cs b/Common/Constants/AuthConstants.cs
@@ -3,7 +3,7 @@
 public static class AuthConstants
 {
     public const string UserSessionCookieName = "openShockSession";
-    public const string SessionHeaderName = "OpenShockSession";
+    public const string UserSessionHeaderName = "OpenShockSession";
     public const string ApiTokenHeaderName = "OpenShockToken";
     public const string HubTokenHeaderName = "DeviceToken";
 }
diff --git a/Common/Hubs/ShareLinkHub.cs b/Common/Hubs/ShareLinkHub.cs
@@ -45,7 +45,7 @@ public override async Task OnConnectedAsync()
 
         GenericIni? user = null;
 
-        if (httpContext.TryGetUserSessionCookie(out var sessionCookie))
+        if (httpContext.TryGetUserSession(out var sessionCookie))
         {
             user = await SessionAuth(sessionCookie);
             if (user == null)

diff --git a/Common/Utils/AuthUtils.cs b/Common/Utils/AuthUtils.cs
@@ -39,14 +39,20 @@ public static void RemoveSessionKeyCookie(this HttpContext context, string domai
         });
     }
 
-    public static bool TryGetUserSessionCookie(this HttpContext context, [NotNullWhen(true)] out string? sessionCookie)
+    public static bool TryGetUserSession(this HttpContext context, [NotNullWhen(true)] out string? sessionToken)
     {
-        if (context.Request.Cookies.TryGetValue(AuthConstants.UserSessionCookieName, out sessionCookie) && !string.IsNullOrEmpty(sessionCookie))
+        if (context.Request.Cookies.TryGetValue(AuthConstants.UserSessionCookieName, out sessionToken) && !string.IsNullOrEmpty(sessionToken))
         {
             return true;
         }
+
+        if(context.Request.Headers.TryGetValue(AuthConstants.UserSessionHeaderName, out var headerSessionCookie) && !string.IsNullOrEmpty(headerSessionCookie))
+        {
+            sessionToken = headerSessionCookie.ToString();
+            return true;
+        }
 
-        sessionCookie = null;
+        sessionToken = null;
 
         return false;
     }

diff --git a/Cron/DashboardAdminAuth.cs b/Cron/DashboardAdminAuth.cs
@@ -19,7 +19,7 @@ public async Task<bool> AuthorizeAsync(DashboardContext context)
         var userSessions = redis.RedisCollection<LoginSession>(false);
         var db = httpContext.RequestServices.GetRequiredService<OpenShockContext>();
 
-        if (httpContext.TryGetUserSessionCookie(out var userSessionCookie))
+        if (httpContext.TryGetUserSession(out var userSessionCookie))
         {
             if (await SessionAuthAdmin(userSessionCookie, userSessions, db))
             {