Teknikode
/
Teknik
3
17
Fork 5
Code Issues 39 Pull Requests 1 Releases 2 Wiki Activity
Browse Source

Fixed pastes, user logout endpoint, and auth cookie

pull/111/head
Teknikode 3 years ago
parent
73e5e084a5
commit
f15fb73094
4 changed files with 22 additions and 10 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 7
      IdentityServer/Startup.cs
  2. 14
      Teknik/Areas/Paste/Controllers/PasteController.cs
  3. 1
      Teknik/Areas/User/Controllers/UserController.cs
  4. 10
      Teknik/Startup.cs

7
IdentityServer/Startup.cs
Unescape View File

@ -59,10 +59,13 @@ namespace Teknik.IdentityServer @@ -59,10 +59,13 @@ namespace Teknik.IdentityServer
{
Environment.EnvironmentName = EnvironmentName.Development;
}
else
{
Environment.EnvironmentName = EnvironmentName.Production;
}
services.ConfigureApplicationCookie(options =>
{
options.Cookie.Domain = CookieHelper.GenerateCookieDomain(config.UserConfig.IdentityServerConfig.Host, false, Environment.IsDevelopment());
options.Cookie.Name = "TeknikAuth";
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict;
@ -88,7 +91,6 @@ namespace Teknik.IdentityServer @@ -88,7 +91,6 @@ namespace Teknik.IdentityServer
// Set the anti-forgery cookie name
services.AddAntiforgery(options =>
{
options.Cookie.Domain = CookieHelper.GenerateCookieDomain(config.UserConfig.IdentityServerConfig.Host, false, Environment.IsDevelopment());
options.Cookie.Name = "TeknikAuthAntiForgery";
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict;
@ -178,7 +180,6 @@ namespace Teknik.IdentityServer @@ -178,7 +180,6 @@ namespace Teknik.IdentityServer
IdleTimeout = TimeSpan.FromMinutes(30),
Cookie = new CookieBuilder()
{
Domain = CookieHelper.GenerateCookieDomain(config.UserConfig.IdentityServerConfig.Host, false, Environment.IsDevelopment()),
Name = "TeknikAuthSession",
SecurePolicy = CookieSecurePolicy.Always,
SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict

14
Teknik/Areas/Paste/Controllers/PasteController.cs
Unescape View File

@ -115,6 +115,8 @@ namespace Teknik.Areas.Paste.Controllers @@ -115,6 +115,8 @@ namespace Teknik.Areas.Paste.Controllers
CachePassword(url, password);
// Read in the file
if (string.IsNullOrEmpty(paste.FileName))
return new StatusCodeResult(StatusCodes.Status404NotFound);
string subDir = paste.FileName[0].ToString();
string filePath = Path.Combine(_config.PasteConfig.PasteDirectory, subDir, paste.FileName);
if (!System.IO.File.Exists(filePath))
@ -227,8 +229,8 @@ namespace Teknik.Areas.Paste.Controllers @@ -227,8 +229,8 @@ namespace Teknik.Areas.Paste.Controllers
model.DatePosted = paste.DatePosted;
model.Username = paste.User?.Username;
byte[] ivBytes = Encoding.Unicode.GetBytes(paste.IV);
byte[] keyBytes = AesCounterManaged.CreateKey(paste.Key, ivBytes, paste.KeySize);
byte[] ivBytes = (string.IsNullOrEmpty(paste.IV)) ? new byte[paste.BlockSize] : Encoding.Unicode.GetBytes(paste.IV);
byte[] keyBytes = (string.IsNullOrEmpty(paste.Key)) ? new byte[paste.KeySize] : AesCounterManaged.CreateKey(paste.Key, ivBytes, paste.KeySize);
// The paste has a password set
if (!string.IsNullOrEmpty(paste.HashedPassword))
@ -265,6 +267,8 @@ namespace Teknik.Areas.Paste.Controllers @@ -265,6 +267,8 @@ namespace Teknik.Areas.Paste.Controllers
CachePassword(url, password);
// Read in the file
if (string.IsNullOrEmpty(paste.FileName))
return new StatusCodeResult(StatusCodes.Status404NotFound);
string subDir = paste.FileName[0].ToString();
string filePath = Path.Combine(_config.PasteConfig.PasteDirectory, subDir, paste.FileName);
if (!System.IO.File.Exists(filePath))
@ -394,15 +398,15 @@ namespace Teknik.Areas.Paste.Controllers @@ -394,15 +398,15 @@ namespace Teknik.Areas.Paste.Controllers
private void CachePassword(string url, string password)
{
if (HttpContext != null)
if (HttpContext != null && HttpContext.Session != null)
{
HttpContext.Session.Set("PastePassword_" + url, password);
HttpContext.Session?.Set("PastePassword_" + url, password);
}
}
private string GetCachedPassword(string url)
{
if (HttpContext != null)
if (HttpContext != null && HttpContext.Session != null)
{
return HttpContext.Session.Get<string>("PastePassword_" + url);
}

1
Teknik/Areas/User/Controllers/UserController.cs
Unescape View File

@ -58,6 +58,7 @@ namespace Teknik.Areas.Users.Controllers @@ -58,6 +58,7 @@ namespace Teknik.Areas.Users.Controllers
}
[HttpGet]
[AllowAnonymous]
public IActionResult Index()
{
return Redirect(Url.SubRouteUrl("www", "Home.Index"));

10
Teknik/Startup.cs
Unescape View File

@ -81,6 +81,10 @@ namespace Teknik @@ -81,6 +81,10 @@ namespace Teknik
{
Environment.EnvironmentName = EnvironmentName.Development;
}
else
{
Environment.EnvironmentName = EnvironmentName.Production;
}
services.AddHttpsRedirection(options =>
{
@ -169,7 +173,10 @@ namespace Teknik @@ -169,7 +173,10 @@ namespace Teknik
})
.AddCookie(options =>
{
options.ExpireTimeSpan = TimeSpan.FromMinutes(60);
options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict;
options.Cookie.Expiration = TimeSpan.FromDays(30);
options.ExpireTimeSpan = TimeSpan.FromDays(30);
options.Cookie.Name = "TeknikWebAuth";
options.Cookie.Domain = CookieHelper.GenerateCookieDomain(config.Host, false, Environment.IsDevelopment());
@ -191,7 +198,6 @@ namespace Teknik @@ -191,7 +198,6 @@ namespace Teknik
options.Scope.Add("openid");
options.Scope.Add("role");
options.Scope.Add("account-info");
options.Scope.Add("security-info");
options.Scope.Add("teknik-api.read");
options.Scope.Add("teknik-api.write");
options.Scope.Add("offline_access");

Write Preview
Loading…
Cancel
Save