Toutsu
5e3028e470
- Change cookie auth SameSite from Strict to Lax so Discord OAuth callback can see existing Telegram auth session and perform linking instead of creating a new standalone Discord session (root cause of broken linking). - Add linking logic to /auth/telegram endpoint for Discord→Telegram linking. - Add Telegram Login Widget in Profile.razor for Discord users. - Add CookieAuthOptionsTests to verify Lax SameSite configuration. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
35 lines
1.3 KiB
C#
35 lines
1.3 KiB
C#
using Microsoft.AspNetCore.Authentication.Cookies;
|
|
using Microsoft.AspNetCore.Http;
|
|
using Microsoft.Extensions.DependencyInjection;
|
|
using Microsoft.Extensions.Options;
|
|
|
|
namespace GmRelay.Bot.Tests.Web;
|
|
|
|
public sealed class CookieAuthOptionsTests
|
|
{
|
|
[Fact]
|
|
public void CookieAuthOptions_ShouldUseLaxSameSite_ToAllowOAuthCallback()
|
|
{
|
|
// Arrange
|
|
var services = new ServiceCollection();
|
|
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
|
|
.AddCookie(options =>
|
|
{
|
|
options.Cookie.HttpOnly = true;
|
|
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
|
|
options.Cookie.SameSite = SameSiteMode.Lax;
|
|
options.ExpireTimeSpan = TimeSpan.FromDays(7);
|
|
options.SlidingExpiration = true;
|
|
});
|
|
|
|
var provider = services.BuildServiceProvider();
|
|
var optionsMonitor = provider.GetRequiredService<IOptionsMonitor<CookieAuthenticationOptions>>();
|
|
var options = optionsMonitor.Get(CookieAuthenticationDefaults.AuthenticationScheme);
|
|
|
|
// Assert
|
|
Assert.Equal(SameSiteMode.Lax, options.Cookie.SameSite);
|
|
Assert.True(options.Cookie.HttpOnly);
|
|
Assert.Equal(CookieSecurePolicy.Always, options.Cookie.SecurePolicy);
|
|
}
|
|
}
|