add cookie storage

Author: Zonnex

src/ActiveLogin.Authentication.BankId.AspNetCore/Auth/AuthenticationBuilderBankIdExtensions.cs

@@ -73,7 +73,8 @@ private static void AddBankIdAuthDefaultServices(IBankIdAuthBuilder builder)
 
         BankIdCommonConfiguration.AddDefaultServices(services);
 
-        services.AddSingleton<IStateStorage, InMemoryStateStorage>();
+        // services.AddSingleton<IStateStorage, InMemoryStateStorage>();
+        services.AddSingleton<IStateStorage, CookieStateStorage>();
         services.AddTransient<IBankIdUiResultProtector, BankIdUiResultProtector>();
 
         builder.AddClaimsTransformer<BankIdDefaultClaimsTransformer>();

src/ActiveLogin.Authentication.BankId.AspNetCore/CookieStateStorage.cs

@@ -0,0 +1,76 @@
+using ActiveLogin.Authentication.BankId.Core;
+
+using Microsoft.AspNetCore.Http;
+
+using System.Diagnostics.CodeAnalysis;
+using System.Text.Json;
+using System.Text.Json.Serialization;
+
+namespace ActiveLogin.Authentication.BankId.AspNetCore;
+
+public class CookieStateStorage(
+    IHttpContextAccessor httpContextAccessor
+) : IStateStorage
+{
+    private readonly IHttpContextAccessor _httpContextAccessor = httpContextAccessor;
+    private readonly JsonSerializerOptions _jsonSerializerOptions = new()
+    {
+        PropertyNameCaseInsensitive = true,
+        Converters =
+        {
+            new JsonStringEnumConverter(JsonNamingPolicy.CamelCase)
+        }
+    };
+
+    private readonly CookieOptions _cookieOptions = new()
+    {
+        HttpOnly = true,
+        Secure = true,
+        SameSite = SameSiteMode.Strict,
+        Path = "/",
+        Expires = DateTimeOffset.UtcNow.AddMinutes(5) // Set expiration as needed
+    };
+
+    public Task<T?> GetAsync<T>(StateKey key)
+    {
+        var httpContext = _httpContextAccessor.HttpContext ?? throw new InvalidOperationException(BankIdConstants.ErrorMessages.CouldNotAccessHttpContext);
+        if (httpContext.Request.Cookies.TryGetValue(key, out var value))
+        {
+            // Deserialize the value from the cookie. The cookie value is a JSON string.
+            var deserializedValue = JsonSerializer.Deserialize<T>(value, _jsonSerializerOptions);
+            return Task.FromResult(deserializedValue);
+        }
+
+        return Task.FromResult<T?>(default);
+    }
+
+    public Task<bool> TryGetAsync<T>(StateKey key, [NotNullWhen(true)] out T? value)
+    {
+        var httpContext = _httpContextAccessor.HttpContext ?? throw new InvalidOperationException(BankIdConstants.ErrorMessages.CouldNotAccessHttpContext);
+        if (httpContext.Request.Cookies.TryGetValue(key, out var cookieValue))
+        {
+            value = JsonSerializer.Deserialize<T>(cookieValue, _jsonSerializerOptions);
+            return Task.FromResult(true);
+        }
+
+        value = default;
+        return Task.FromResult(false);
+    }
+
+    private Task<StateKey> Set<T>(StateKey key, T value)
+    {
+        var httpContext = _httpContextAccessor.HttpContext ?? throw new InvalidOperationException(BankIdConstants.ErrorMessages.CouldNotAccessHttpContext);
+        var serializedValue = JsonSerializer.Serialize(value, _jsonSerializerOptions);
+        httpContext.Response.Cookies.Append(key, serializedValue, _cookieOptions);
+
+        return Task.FromResult(key);
+    }
+
+    public Task<StateKey> SetAsync<T>(T value)
+    {
+        var key = Guid.NewGuid().ToString();
+        var stateKey = new StateKey(key);
+
+        return Set(stateKey, value);
+    }
+}

src/ActiveLogin.Authentication.BankId.AspNetCore/StateStorageExtensions.cs

@@ -14,7 +14,6 @@ public interface IStateStorage
     Task<T?> GetAsync<T>(StateKey key);
     Task<bool> TryGetAsync<T>(StateKey key, [NotNullWhen(true)] out T? value);
     Task<StateKey> SetAsync<T>(T value);
-    Task<StateKey> SetAsync<T>(T value, Action<StateKey, T> callback);
 }
 
 public static class BankIdBuilderStateStorageExtensions

src/ActiveLogin.Authentication.BankId.Core/IStateStorage.cs

@@ -4,7 +4,10 @@
 
 namespace ActiveLogin.Authentication.BankId.Core;
 
-public class InMemoryStateStorage(IMemoryCache cache, TimeSpan slidingExpiration) : IStateStorage
+public class InMemoryStateStorage(
+    IMemoryCache cache,
+    TimeSpan slidingExpiration
+) : IStateStorage
 {
     public InMemoryStateStorage(IMemoryCache cache) : this(cache, TimeSpan.FromMinutes(5)) { }
 
@@ -26,25 +29,12 @@ public Task<bool> TryGetAsync<T>(StateKey key, [NotNullWhen(true)] out T? value)
             ? Task.FromResult(true)
             : Task.FromResult(false);
     }
-    private Task<StateKey> Set<T>(T value, MemoryCacheEntryOptions options)
+
+    public Task<StateKey> SetAsync<T>(T value)
     {
         var key = Guid.NewGuid().ToString();
         var stateKey = new StateKey(key);
-        cache.Set(stateKey, value, options);
+        cache.Set(stateKey, value, _memoryCacheEntryOptions);
         return Task.FromResult(stateKey);
     }
-    public Task<StateKey> SetAsync<T>(T value) => Set(value, _memoryCacheEntryOptions);
-    public Task<StateKey> SetAsync<T>(T value, Action<StateKey, T> evictionCallback)
-    {
-        var options = new MemoryCacheEntryOptions()
-        {
-            SlidingExpiration = _memoryCacheEntryOptions.SlidingExpiration
-        };
-        options.RegisterPostEvictionCallback((key, value, reason, state) =>
-        {
-            evictionCallback((StateKey)key, (T)value!);
-        });
-
-        return Set(value, options);
-    }
 }

src/ActiveLogin.Authentication.BankId.Core/InMemoryStateStorage.cs

@@ -75,10 +75,7 @@ public async Task Eviction_Works()
         // Arrange
         var value = "testState";
         var start = DateTime.Now;
-        var key = await storage.SetAsync(value, (_, evictedValue) =>
-        {
-            Assert.Equal(value, evictedValue);
-        });
+        var key = await storage.SetAsync(value);
         if (!await storage.TryGetAsync<string>(key, out _))
         {
             Assert.Fail("Could not get value");