From 0b4cdea9ddcd48300ab33d4d166997bbb6b69568 Mon Sep 17 00:00:00 2001
From: Nico Pfaff <pfaff@interconnect.de>
Date: Thu, 9 Nov 2023 16:15:53 +0100
Subject: [PATCH] Added functinality to declare custom login cookie expiration
 time.

Added login cookie expiration time. Added setting in user settings to declare custom cookie expiration time. Cookie expiration time overwrites default expiration time of 14 days (if not session timespan is used).
---
 Oqtane.Client/Modules/Admin/Users/Index.razor            | 9 +++++++++
 .../OqtaneSiteAuthenticationBuilderExtensions.cs         | 6 ++++++
 2 files changed, 15 insertions(+)

diff --git a/Oqtane.Client/Modules/Admin/Users/Index.razor b/Oqtane.Client/Modules/Admin/Users/Index.razor
index c7968ee3..5a8aada6 100644
--- a/Oqtane.Client/Modules/Admin/Users/Index.razor
+++ b/Oqtane.Client/Modules/Admin/Users/Index.razor
@@ -98,6 +98,12 @@ else
 								<input id="cookiename" class="form-control" @bind="@_cookiename" />
 							</div>
 						</div>
+						<div class="row mb-1 align-items-center">
+							<Label Class="col-sm-3" For="cookieexpiration" HelpText="You can choose to use a custom authentication cookie expiration timespan for each site (e.g. '08:00:00' for 8 hours). Default is 14 days if not declared." ResourceKey="CookieExpiration">Cookie Expiration Timespan:</Label>
+							<div class="col-sm-9">
+								<input id="cookieexpiration" class="form-control" @bind="@_cookieexpiration" />
+							</div>
+						</div>
 					}
 				</Section>
 				@if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Host))
@@ -387,6 +393,7 @@ else
     private string _allowsitelogin;
     private string _twofactor;
     private string _cookiename;
+    private string _cookieexpiration;
 
     private string _minimumlength;
     private string _uniquecharacters;
@@ -446,6 +453,7 @@ else
         {
             _twofactor = SettingService.GetSetting(settings, "LoginOptions:TwoFactor", "false");
             _cookiename = SettingService.GetSetting(settings, "LoginOptions:CookieName", ".AspNetCore.Identity.Application");
+            _cookieexpiration = SettingService.GetSetting(settings, "LoginOptions:CookieExpiration", "");
 
             _minimumlength = SettingService.GetSetting(settings, "IdentityOptions:Password:RequiredLength", "6");
             _uniquecharacters = SettingService.GetSetting(settings, "IdentityOptions:Password:RequiredUniqueChars", "1");
@@ -537,6 +545,7 @@ else
 			{
 				settings = SettingService.SetSetting(settings, "LoginOptions:TwoFactor", _twofactor, false);
 				settings = SettingService.SetSetting(settings, "LoginOptions:CookieName", _cookiename, true);
+				settings = SettingService.SetSetting(settings, "LoginOptions:CookieExpiration", _cookieexpiration, true);
 
 				settings = SettingService.SetSetting(settings, "IdentityOptions:Password:RequiredLength", _minimumlength, true);
 				settings = SettingService.SetSetting(settings, "IdentityOptions:Password:RequiredUniqueChars", _uniquecharacters, true);
diff --git a/Oqtane.Server/Extensions/OqtaneSiteAuthenticationBuilderExtensions.cs b/Oqtane.Server/Extensions/OqtaneSiteAuthenticationBuilderExtensions.cs
index a4b0ebaa..8ef2f7ad 100644
--- a/Oqtane.Server/Extensions/OqtaneSiteAuthenticationBuilderExtensions.cs
+++ b/Oqtane.Server/Extensions/OqtaneSiteAuthenticationBuilderExtensions.cs
@@ -31,6 +31,12 @@ namespace Oqtane.Extensions
             builder.AddSiteNamedOptions<CookieAuthenticationOptions>(Constants.AuthenticationScheme, (options, alias, sitesettings) =>
             {
                 options.Cookie.Name = sitesettings.GetValue("LoginOptions:CookieName", ".AspNetCore.Identity.Application");
+                string cookieExpStr = sitesettings.GetValue("LoginOptions:CookieExpiration", "");
+                if (!string.IsNullOrEmpty(cookieExpStr) && TimeSpan.TryParse(cookieExpStr, out TimeSpan cookieExpTS))
+                {
+                    options.Cookie.Expiration = cookieExpTS;
+                    options.ExpireTimeSpan = cookieExpTS;
+                }
             });
 
             // site OpenId Connect options