fix: cookie handling (#654)

* feat: set cookie prefix and max age * cookie prefix on csrf cookie * fix: check user agent cookie in login * update oidc pkg * cleanup
2025-08-11 18:57:32 +00:00 · 2020-08-31 08:49:35 +02:00
parent 1089193faf
commit c1c85e632b
26 changed files with 262 additions and 205 deletions
--- a/internal/auth/repository/auth_request.go
+++ b/internal/auth/repository/auth_request.go
@@ -8,13 +8,13 @@ import (

 type AuthRequestRepository interface {
 	CreateAuthRequest(ctx context.Context, request *model.AuthRequest) (*model.AuthRequest, error)
-	AuthRequestByID(ctx context.Context, id string) (*model.AuthRequest, error)
-	AuthRequestByIDCheckLoggedIn(ctx context.Context, id string) (*model.AuthRequest, error)
+	AuthRequestByID(ctx context.Context, id, userAgentID string) (*model.AuthRequest, error)
+	AuthRequestByIDCheckLoggedIn(ctx context.Context, id, userAgentID string) (*model.AuthRequest, error)
 	AuthRequestByCode(ctx context.Context, code string) (*model.AuthRequest, error)
-	SaveAuthCode(ctx context.Context, id, code string) error
+	SaveAuthCode(ctx context.Context, id, code, userAgentID string) error
 	DeleteAuthRequest(ctx context.Context, id string) error
-	CheckLoginName(ctx context.Context, id, loginName string) error
-	SelectUser(ctx context.Context, id, userID string) error
-	VerifyPassword(ctx context.Context, id, userID, password string, info *model.BrowserInfo) error
-	VerifyMfaOTP(ctx context.Context, agentID, authRequestID string, code string, info *model.BrowserInfo) error
+	CheckLoginName(ctx context.Context, id, loginName, userAgentID string) error
+	SelectUser(ctx context.Context, id, userID, userAgentID string) error
+	VerifyPassword(ctx context.Context, id, userID, password, userAgentID string, info *model.BrowserInfo) error
+	VerifyMfaOTP(ctx context.Context, agentID, authRequestID, code, userAgentID string, info *model.BrowserInfo) error
 }