Impliment the StayLoggedIn

ToDo.txt

@@ -22,3 +22,6 @@ Manage / Data tabs in Account settings
 
 Store Catalog
     Add to cart wraps text when screen is too small
+
+Program
+    Probably need to turn on cors at some point

src/MistoxWebsite.Server/Controllers/AuthenticationController.cs

@@ -48,12 +48,10 @@ namespace MistoxWebsite.Server.Controllers {
 
                             await HttpContext.SignInAsync(
                                 CookieAuthenticationDefaults.AuthenticationScheme,
-                                new ClaimsPrincipal( new ClaimsIdentity( claims, "serverAuth" ) ),
+                                new ClaimsPrincipal( new ClaimsIdentity( claims, "Auth" ) ),
                                 new AuthenticationProperties {
-                                    AllowRefresh = true,
+                                    ExpiresUtc = DateTime.UtcNow.AddYears(30),  // Add 30 years with sliding on
-                                    IssuedUtc = DateTime.UtcNow,
+                                    IsPersistent = request.EmailVerified,       // Is set from the StayLoggedIn
-                                    ExpiresUtc = DateTime.UtcNow.AddDays( 32 ),
-                                    IsPersistent = true,
                                 }
                             );
                             return test;

src/MistoxWebsite.Server/Program.cs

@@ -18,7 +18,7 @@ string dbUser = !string.IsNullOrEmpty(_dbuser) ? _dbuser : "root";
 string? _dbdatabase = Environment.GetEnvironmentVariable("MySQLDatabase");
 string dbdatabase = !string.IsNullOrEmpty(_dbdatabase) ? _dbdatabase : "mistox";
 string? _dbpass = Environment.GetEnvironmentVariable("MySQLPass");
-string dbPass = !string.IsNullOrEmpty(_dbpass) ? _dbpass : "oasv34$8gpv023dd";
+string dbPass = !string.IsNullOrEmpty(_dbpass) ? _dbpass : "";
 string connStr = "server=" + dbserver + ";user=" + dbUser + ";database=" + dbdatabase + ";password=" + dbPass + ";port=3306;";
 DatabaseService databaseService = new DatabaseService( connectionString: connStr );
 await ProductController.HotReload( databaseService );
@@ -26,11 +26,11 @@ builder.Services.Add( new ServiceDescriptor( typeof( DatabaseService ), database
 
 // Email Service
 string? _eServer = Environment.GetEnvironmentVariable("EmailServer");
-string EmailServer = !string.IsNullOrEmpty(_eServer) ? _eServer : "gmail.com";
+string EmailServer = !string.IsNullOrEmpty(_eServer) ? _eServer : "smtp.gmail.com";
 string? _ePort = Environment.GetEnvironmentVariable("EmailPort");
 int EmailPort = !string.IsNullOrEmpty(_ePort) ? Convert.ToInt32(_ePort) : 587;
 string? _eAddress = Environment.GetEnvironmentVariable("EmailAddress");
-string EmailAddress = !string.IsNullOrEmpty(_eAddress) ? _eAddress : "no-reply@mistox.com";
+string EmailAddress = !string.IsNullOrEmpty(_eAddress) ? _eAddress : "";
 string? _ePassword = Environment.GetEnvironmentVariable("EmailPassword");
 string EmailPassword = !string.IsNullOrEmpty(_ePassword) ? _ePassword : "";
 EmailService Emailservice = new EmailService( EmailServer, EmailPort, EmailAddress, EmailPassword );
@@ -43,10 +43,17 @@ StripeConfiguration.ApiKey = StripeKey;
 // Authentication Service
 builder.Services.AddAuthentication( options => {
     options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-} ).AddCookie();
+} ).AddCookie(options => {
+    options.Cookie.HttpOnly = true;
+    options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
+    options.Cookie.SameSite = SameSiteMode.Strict;
+    options.LoginPath = "/account/login";
+    options.LogoutPath = "/account/logout";
+    options.SlidingExpiration = true;
+});
 
 builder.Services.AddCors( o => o.AddDefaultPolicy( builder => {
-    builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader();
+    builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader();     // No CORS
 } ) );
 
 // Pages Service