Fix safari sso header size (#1065)

* Safari SSO header size fix - in progress * Cleanup of memoryCacheTicketStore * Redis cache ticket store + registration * Revert some unecessary changes * temp - distributed cookie: idsrv.external * Ticket data cached storage added * OIDC working w/ substantially reduced cookie size * Added distributed cache cookie manager * Removed hybrid OIDC flow * Enable self-hosted folks to use Redis for SSO * Also allow self-hosted to use Redis cont...
2025-12-17 16:53:23 +00:00 · 2021-01-11 11:03:46 -05:00
parent 5aba9f7549
commit 99b95b5330
17 changed files with 398 additions and 36 deletions
--- a/src/Core/IdentityServer/DistributedCacheCookieManager.cs
+++ b/src/Core/IdentityServer/DistributedCacheCookieManager.cs
@@ -0,0 +1,70 @@
+using System;
+using System.Text;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Caching.Distributed;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace Bit.Core.IdentityServer
+{
+    public class DistributedCacheCookieManager : ICookieManager
+    {
+        private readonly ChunkingCookieManager _cookieManager;
+
+        public DistributedCacheCookieManager()
+        {
+            _cookieManager = new ChunkingCookieManager();
+        }
+
+        private string CacheKeyPrefix => "cookie-data";
+
+        public void AppendResponseCookie(HttpContext context, string key, string value, CookieOptions options)
+        {
+            var id = Guid.NewGuid().ToString();
+            var cacheKey = GetKey(key, id);
+            
+            var expiresUtc = options.Expires ?? DateTimeOffset.UtcNow.AddMinutes(15);
+            var cacheOptions = new DistributedCacheEntryOptions()
+                .SetAbsoluteExpiration(expiresUtc);
+
+            var data = Encoding.UTF8.GetBytes(value);
+
+            var cache = GetCache(context);
+            cache.Set(cacheKey, data, cacheOptions);
+
+            // Write the cookie with the identifier as the body
+            _cookieManager.AppendResponseCookie(context, key, id, options);
+        }
+
+        public void DeleteCookie(HttpContext context, string key, CookieOptions options)
+        {
+            _cookieManager.DeleteCookie(context, key, options);
+            var id = GetId(context, key);
+            if (!string.IsNullOrWhiteSpace(id))
+            {
+                var cacheKey = GetKey(key, id);
+                GetCache(context).Remove(cacheKey);
+            }
+        }
+
+        public string GetRequestCookie(HttpContext context, string key)
+        {
+            var id = GetId(context, key);
+            if (string.IsNullOrWhiteSpace(id))
+            {
+                return null;
+            }
+            var cacheKey = GetKey(key, id);
+            return GetCache(context).GetString(cacheKey);
+        }
+
+        private IDistributedCache GetCache(HttpContext context) =>
+            context.RequestServices.GetRequiredService<IDistributedCache>();
+
+        private string GetKey(string key, string id) => $"{CacheKeyPrefix}-{key}-{id}";
+
+        private string GetId(HttpContext context, string key) =>
+            context.Request.Cookies.ContainsKey(key) ?
+            context.Request.Cookies[key] : null;
+    }
+}