FIX: Correct OIDC cookie name mismatch across all auth endpoints
**Root Cause:** - Auth system was looking for 'keycloak-session' cookies - But actual OIDC system uses 'nuxt-oidc-auth' cookies - This caused authentication failures for file previews and other endpoints **Files Updated:** - server/utils/auth.ts: Updated to check 'nuxt-oidc-auth' cookie - server/api/auth/session.ts: Updated cookie name references - server/api/auth/logout.ts: Updated cookie deletion - server/api/auth/keycloak/callback.ts: Updated cookie creation **Result:** - File previews should now work for authenticated users - All authentication endpoints now use consistent cookie names - Both x-tag headers and OIDC sessions work correctly
This commit is contained in:
parent
6c1a1fa842
commit
7ca77e2dcf
|
|
@ -60,14 +60,14 @@ export default defineEventHandler(async (event) => {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Create a simple session using a secure cookie
|
// Create a simple session using a secure cookie
|
||||||
setCookie(event, 'keycloak-session', JSON.stringify(sessionData), {
|
setCookie(event, 'nuxt-oidc-auth', JSON.stringify(sessionData), {
|
||||||
httpOnly: true,
|
httpOnly: true,
|
||||||
secure: true,
|
secure: true,
|
||||||
sameSite: 'lax',
|
sameSite: 'lax',
|
||||||
maxAge: tokenResponse.expires_in
|
maxAge: tokenResponse.expires_in
|
||||||
})
|
})
|
||||||
|
|
||||||
console.log('[KEYCLOAK] Session cookie set, redirecting to dashboard')
|
console.log('[OIDC] Session cookie set, redirecting to dashboard')
|
||||||
|
|
||||||
// Redirect to dashboard
|
// Redirect to dashboard
|
||||||
await sendRedirect(event, '/dashboard')
|
await sendRedirect(event, '/dashboard')
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
export default defineEventHandler(async (event) => {
|
export default defineEventHandler(async (event) => {
|
||||||
try {
|
try {
|
||||||
// Clear the session cookie
|
// Clear the session cookie
|
||||||
deleteCookie(event, 'keycloak-session')
|
deleteCookie(event, 'nuxt-oidc-auth')
|
||||||
|
|
||||||
console.log('[KEYCLOAK] User logged out, session cleared')
|
console.log('[OIDC] User logged out, session cleared')
|
||||||
|
|
||||||
// Redirect to Keycloak logout to clear SSO session
|
// Redirect to Keycloak logout to clear SSO session
|
||||||
const logoutUrl = 'https://auth.portnimara.dev/realms/client-portal/protocol/openid-connect/logout?' +
|
const logoutUrl = 'https://auth.portnimara.dev/realms/client-portal/protocol/openid-connect/logout?' +
|
||||||
|
|
@ -13,7 +13,7 @@ export default defineEventHandler(async (event) => {
|
||||||
|
|
||||||
await sendRedirect(event, logoutUrl)
|
await sendRedirect(event, logoutUrl)
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
console.error('[KEYCLOAK] Logout error:', error)
|
console.error('[OIDC] Logout error:', error)
|
||||||
throw createError({
|
throw createError({
|
||||||
statusCode: 500,
|
statusCode: 500,
|
||||||
statusMessage: 'Logout failed'
|
statusMessage: 'Logout failed'
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
export default defineEventHandler(async (event) => {
|
export default defineEventHandler(async (event) => {
|
||||||
try {
|
try {
|
||||||
const sessionCookie = getCookie(event, 'keycloak-session')
|
const sessionCookie = getCookie(event, 'nuxt-oidc-auth')
|
||||||
|
|
||||||
if (!sessionCookie) {
|
if (!sessionCookie) {
|
||||||
return { user: null, authenticated: false }
|
return { user: null, authenticated: false }
|
||||||
|
|
@ -11,7 +11,7 @@ export default defineEventHandler(async (event) => {
|
||||||
// Check if session is still valid
|
// Check if session is still valid
|
||||||
if (sessionData.expiresAt && Date.now() > sessionData.expiresAt) {
|
if (sessionData.expiresAt && Date.now() > sessionData.expiresAt) {
|
||||||
// Session expired, clear cookie
|
// Session expired, clear cookie
|
||||||
deleteCookie(event, 'keycloak-session')
|
deleteCookie(event, 'nuxt-oidc-auth')
|
||||||
return { user: null, authenticated: false }
|
return { user: null, authenticated: false }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -25,9 +25,9 @@ export default defineEventHandler(async (event) => {
|
||||||
authenticated: true
|
authenticated: true
|
||||||
}
|
}
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
console.error('[KEYCLOAK] Session check error:', error)
|
console.error('[OIDC] Session check error:', error)
|
||||||
// Clear invalid session
|
// Clear invalid session
|
||||||
deleteCookie(event, 'keycloak-session')
|
deleteCookie(event, 'nuxt-oidc-auth')
|
||||||
return { user: null, authenticated: false }
|
return { user: null, authenticated: false }
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
|
||||||
|
|
@ -11,15 +11,15 @@ export const isAuthenticated = async (event: any): Promise<boolean> => {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check Keycloak session authentication
|
// Check OIDC session authentication
|
||||||
try {
|
try {
|
||||||
const keycloakSession = getCookie(event, 'keycloak-session');
|
const oidcSession = getCookie(event, 'nuxt-oidc-auth');
|
||||||
if (keycloakSession) {
|
if (oidcSession) {
|
||||||
console.log('[auth] Authenticated via Keycloak session');
|
console.log('[auth] Authenticated via OIDC session');
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
console.log('[auth] Keycloak session check failed:', error);
|
console.log('[auth] OIDC session check failed:', error);
|
||||||
}
|
}
|
||||||
|
|
||||||
console.log('[auth] No valid authentication found');
|
console.log('[auth] No valid authentication found');
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue