diff --git a/Femto.Api/Auth/CookieSettings.cs b/Femto.Api/Auth/CookieSettings.cs index 449a2cf..79f32a3 100644 --- a/Femto.Api/Auth/CookieSettings.cs +++ b/Femto.Api/Auth/CookieSettings.cs @@ -2,6 +2,5 @@ namespace Femto.Api.Auth; public class CookieSettings { - public bool SameSite { get; set; } public bool Secure { get; set; } } \ No newline at end of file diff --git a/Femto.Api/Auth/SessionAuthenticationHandler.cs b/Femto.Api/Auth/SessionAuthenticationHandler.cs index 01ec20e..d019808 100644 --- a/Femto.Api/Auth/SessionAuthenticationHandler.cs +++ b/Femto.Api/Auth/SessionAuthenticationHandler.cs @@ -44,7 +44,7 @@ internal class SessionAuthenticationHandler( var identity = new ClaimsIdentity(claims, this.Scheme.Name); var principal = new ClaimsPrincipal(identity); - this.Context.SetSession(result.Session, result.User, cookieOptions.Value); + this.Context.SetSession(result.Session, result.User); currentUserContext.CurrentUser = new CurrentUser( result.User.Id, result.User.Username, diff --git a/Femto.Api/Controllers/Auth/AuthController.cs b/Femto.Api/Controllers/Auth/AuthController.cs index 953926d..cf17500 100644 --- a/Femto.Api/Controllers/Auth/AuthController.cs +++ b/Femto.Api/Controllers/Auth/AuthController.cs @@ -28,7 +28,7 @@ public class AuthController( { var result = await authModule.Command(new LoginCommand(request.Username, request.Password)); - HttpContext.SetSession(result.Session, result.User, cookieSettings.Value); + HttpContext.SetSession(result.Session, result.User); return new LoginResponse( result.User.Id, @@ -44,7 +44,7 @@ public class AuthController( new RegisterCommand(request.Username, request.Password, request.SignupCode) ); - HttpContext.SetSession(result.Session, result.User, cookieSettings.Value); + HttpContext.SetSession(result.Session, result.User); return new RegisterResponse( result.User.Id, diff --git a/Femto.Api/Sessions/HttpContextSessionExtensions.cs b/Femto.Api/Sessions/HttpContextSessionExtensions.cs index 865467e..b0a9b6e 100644 --- a/Femto.Api/Sessions/HttpContextSessionExtensions.cs +++ b/Femto.Api/Sessions/HttpContextSessionExtensions.cs @@ -2,6 +2,7 @@ using System.Text.Json; using System.Text.Json.Serialization; using Femto.Api.Auth; using Femto.Modules.Auth.Application.Dto; +using Microsoft.Extensions.Options; namespace Femto.Api.Sessions; @@ -10,12 +11,12 @@ internal static class HttpContextSessionExtensions public static void SetSession( this HttpContext httpContext, Session session, - UserInfo user, - CookieSettings cookieSettings + UserInfo user ) { - var secure = cookieSettings.Secure; - var sameSite = cookieSettings.SameSite ? SameSiteMode.Strict : SameSiteMode.Unspecified; + var cookieSettings = httpContext.RequestServices.GetService>(); + var secure = cookieSettings?.Value.Secure ?? true; + var sameSite = secure ? SameSiteMode.None : SameSiteMode.Unspecified; var expires = session.Expires; httpContext.Response.Cookies.Append( @@ -42,8 +43,8 @@ internal static class HttpContextSessionExtensions ), new CookieOptions { - Secure = cookieSettings.Secure, - SameSite = cookieSettings.SameSite ? SameSiteMode.Strict : SameSiteMode.Unspecified, + Secure = secure, + SameSite = sameSite, Expires = session.Expires, } );