diff --git a/ToDo.txt b/ToDo.txt index 77e9048..a7eb16d 100755 --- a/ToDo.txt +++ b/ToDo.txt @@ -21,4 +21,7 @@ Manage / Data tabs in Account settings frame that comes up isnt themed either Store Catalog - Add to cart wraps text when screen is too small \ No newline at end of file + Add to cart wraps text when screen is too small + +Program + Probably need to turn on cors at some point \ No newline at end of file diff --git a/src/MistoxWebsite.Server/Controllers/AuthenticationController.cs b/src/MistoxWebsite.Server/Controllers/AuthenticationController.cs index 22c28eb..3d2f724 100755 --- a/src/MistoxWebsite.Server/Controllers/AuthenticationController.cs +++ b/src/MistoxWebsite.Server/Controllers/AuthenticationController.cs @@ -48,12 +48,10 @@ namespace MistoxWebsite.Server.Controllers { await HttpContext.SignInAsync( CookieAuthenticationDefaults.AuthenticationScheme, - new ClaimsPrincipal( new ClaimsIdentity( claims, "serverAuth" ) ), + new ClaimsPrincipal( new ClaimsIdentity( claims, "Auth" ) ), new AuthenticationProperties { - AllowRefresh = true, - IssuedUtc = DateTime.UtcNow, - ExpiresUtc = DateTime.UtcNow.AddDays( 32 ), - IsPersistent = true, + ExpiresUtc = DateTime.UtcNow.AddYears(30), // Add 30 years with sliding on + IsPersistent = request.EmailVerified, // Is set from the StayLoggedIn } ); return test; diff --git a/src/MistoxWebsite.Server/Program.cs b/src/MistoxWebsite.Server/Program.cs index 39e2edc..2075e85 100755 --- a/src/MistoxWebsite.Server/Program.cs +++ b/src/MistoxWebsite.Server/Program.cs @@ -18,7 +18,7 @@ string dbUser = !string.IsNullOrEmpty(_dbuser) ? _dbuser : "root"; string? _dbdatabase = Environment.GetEnvironmentVariable("MySQLDatabase"); string dbdatabase = !string.IsNullOrEmpty(_dbdatabase) ? _dbdatabase : "mistox"; string? _dbpass = Environment.GetEnvironmentVariable("MySQLPass"); -string dbPass = !string.IsNullOrEmpty(_dbpass) ? _dbpass : "oasv34$8gpv023dd"; +string dbPass = !string.IsNullOrEmpty(_dbpass) ? _dbpass : ""; string connStr = "server=" + dbserver + ";user=" + dbUser + ";database=" + dbdatabase + ";password=" + dbPass + ";port=3306;"; DatabaseService databaseService = new DatabaseService( connectionString: connStr ); await ProductController.HotReload( databaseService ); @@ -26,11 +26,11 @@ builder.Services.Add( new ServiceDescriptor( typeof( DatabaseService ), database // Email Service string? _eServer = Environment.GetEnvironmentVariable("EmailServer"); -string EmailServer = !string.IsNullOrEmpty(_eServer) ? _eServer : "gmail.com"; +string EmailServer = !string.IsNullOrEmpty(_eServer) ? _eServer : "smtp.gmail.com"; string? _ePort = Environment.GetEnvironmentVariable("EmailPort"); int EmailPort = !string.IsNullOrEmpty(_ePort) ? Convert.ToInt32(_ePort) : 587; string? _eAddress = Environment.GetEnvironmentVariable("EmailAddress"); -string EmailAddress = !string.IsNullOrEmpty(_eAddress) ? _eAddress : "no-reply@mistox.com"; +string EmailAddress = !string.IsNullOrEmpty(_eAddress) ? _eAddress : ""; string? _ePassword = Environment.GetEnvironmentVariable("EmailPassword"); string EmailPassword = !string.IsNullOrEmpty(_ePassword) ? _ePassword : ""; EmailService Emailservice = new EmailService( EmailServer, EmailPort, EmailAddress, EmailPassword ); @@ -43,10 +43,17 @@ StripeConfiguration.ApiKey = StripeKey; // Authentication Service builder.Services.AddAuthentication( options => { options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; -} ).AddCookie(); +} ).AddCookie(options => { + options.Cookie.HttpOnly = true; + options.Cookie.SecurePolicy = CookieSecurePolicy.Always; + options.Cookie.SameSite = SameSiteMode.Strict; + options.LoginPath = "/account/login"; + options.LogoutPath = "/account/logout"; + options.SlidingExpiration = true; +}); builder.Services.AddCors( o => o.AddDefaultPolicy( builder => { - builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader(); + builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader(); // No CORS } ) ); // Pages Service