New: Use instance name in forms authentication cookie name

Closes #10416
2024-11-20 01:42:35 +01:00 · 2024-09-14 12:47:42 -07:00 · 2024-09-14 12:47:42 -07:00 · 5757fa797f
commit 5757fa797f
parent 2fc32189d8
1 changed files with 16 additions and 7 deletions
--- a/src/Radarr.Http/Authentication/AuthenticationBuilderExtensions.cs
+++ b/src/Radarr.Http/Authentication/AuthenticationBuilderExtensions.cs
@ -1,7 +1,10 @@
 using System;
+using System.Web;
 using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.Extensions.DependencyInjection;
 using NzbDrone.Core.Authentication;
+using NzbDrone.Core.Configuration;

 namespace Radarr.Http.Authentication
 {
@ -29,19 +32,25 @@ public static AuthenticationBuilder AddExternal(this AuthenticationBuilder authe

        public static AuthenticationBuilder AddAppAuthentication(this IServiceCollection services)
        {
-            return services.AddAuthentication()
-                .AddNone(AuthenticationType.None.ToString())
-                .AddExternal(AuthenticationType.External.ToString())
-                .AddBasic(AuthenticationType.Basic.ToString())
-                .AddCookie(AuthenticationType.Forms.ToString(), options =>
+            services.AddOptions<CookieAuthenticationOptions>(AuthenticationType.Forms.ToString())
+                .Configure<IConfigFileProvider>((options, configFileProvider) =>
                {
-                    options.Cookie.Name = "RadarrAuth";
+                    // Url Encode the cookie name to account for spaces or other invalid characters in the configured instance name
+                    var instanceName = HttpUtility.UrlEncode(configFileProvider.InstanceName);
+
+                    options.Cookie.Name = $"{instanceName}Auth";
                    options.AccessDeniedPath = "/login?loginFailed=true";
                    options.LoginPath = "/login";
                    options.ExpireTimeSpan = TimeSpan.FromDays(7);
                    options.SlidingExpiration = true;
                    options.ReturnUrlParameter = "returnUrl";
-                })
+                });
+
+            return services.AddAuthentication()
+                .AddNone(AuthenticationType.None.ToString())
+                .AddExternal(AuthenticationType.External.ToString())
+                .AddBasic(AuthenticationType.Basic.ToString())
+                .AddCookie(AuthenticationType.Forms.ToString())
                .AddApiKey("API", options =>
                {
                    options.HeaderName = "X-Api-Key";