fix: SameSite=Lax for auth cookie + bidirectional identity linking
- Change cookie auth SameSite from Strict to Lax so Discord OAuth callback can see existing Telegram auth session and perform linking instead of creating a new standalone Discord session (root cause of broken linking). - Add linking logic to /auth/telegram endpoint for Discord→Telegram linking. - Add Telegram Login Widget in Profile.razor for Discord users. - Add CookieAuthOptionsTests to verify Lax SameSite configuration. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -1,8 +1,11 @@
|
||||
@page "/profile"
|
||||
@using Microsoft.AspNetCore.Authorization
|
||||
@using Microsoft.AspNetCore.Components.Authorization
|
||||
@using Microsoft.Extensions.Configuration
|
||||
@attribute [Authorize]
|
||||
@inject ISessionStore SessionStore
|
||||
@inject IConfiguration Configuration
|
||||
@inject NavigationManager Navigation
|
||||
|
||||
<PageTitle>Профиль — GM-Relay</PageTitle>
|
||||
|
||||
@@ -61,6 +64,19 @@
|
||||
{
|
||||
<p class="muted-text">Discord уже привязан.</p>
|
||||
}
|
||||
|
||||
@if (currentPlatform == "Discord" && !HasLinkedPlatform("Telegram"))
|
||||
{
|
||||
var botUsername = Configuration["Telegram__BotUsername"] ?? Configuration["Telegram:BotUsername"];
|
||||
if (!string.IsNullOrWhiteSpace(botUsername))
|
||||
{
|
||||
var authUrl = new Uri(new Uri(Navigation.BaseUri), "auth/telegram").ToString();
|
||||
var widgetHtml = $"<script async src=\"https://telegram.org/js/telegram-widget.js?22\" data-telegram-login=\"{botUsername}\" data-size=\"large\" data-auth-url=\"{authUrl}\" data-request-access=\"write\"></script>";
|
||||
<div class="telegram-widget-wrapper">
|
||||
@((MarkupString)widgetHtml)
|
||||
</div>
|
||||
}
|
||||
}
|
||||
</div>
|
||||
|
||||
@if (!string.IsNullOrWhiteSpace(errorMessage))
|
||||
|
||||
Reference in New Issue
Block a user