diff --git a/ydb/mvp/oidc_proxy/oidc_protected_page_nebius.cpp b/ydb/mvp/oidc_proxy/oidc_protected_page_nebius.cpp index d965ad91f66e..b4ea27d14749 100644 --- a/ydb/mvp/oidc_proxy/oidc_protected_page_nebius.cpp +++ b/ydb/mvp/oidc_proxy/oidc_protected_page_nebius.cpp @@ -1,6 +1,7 @@ #include #include #include +#include #include #include #include @@ -23,10 +24,16 @@ void THandlerSessionServiceCheckNebius::StartOidcProcess(const NActors::TActorCo LOG_DEBUG_S(ctx, EService::MVP, "Start OIDC process"); NHttp::TCookies cookies(headers.Get("Cookie")); + TString sessionCookieName = CreateNameSessionCookie(Settings.ClientId); + TStringBuf sessionCookieValue = cookies.Get(sessionCookieName); + if (!sessionCookieValue.Empty()) { + LOG_DEBUG_S(ctx, EService::MVP, "Using session cookie (" << sessionCookieName << ": " << NKikimr::MaskTicket(sessionCookieValue) << ")"); + } + TString sessionToken; try { - Base64StrictDecode(cookies.Get(CreateNameSessionCookie(Settings.ClientId)), sessionToken); + Base64StrictDecode(sessionCookieValue, sessionToken); } catch (std::exception& e) { LOG_DEBUG_S(ctx, EService::MVP, "Base64Decode session cookie: " << e.what()); sessionToken.clear(); diff --git a/ydb/mvp/oidc_proxy/oidc_proxy_ut.cpp b/ydb/mvp/oidc_proxy/oidc_proxy_ut.cpp index 0299a78b9d24..a052aab7944d 100644 --- a/ydb/mvp/oidc_proxy/oidc_proxy_ut.cpp +++ b/ydb/mvp/oidc_proxy/oidc_proxy_ut.cpp @@ -395,7 +395,7 @@ Y_UNIT_TEST_SUITE(Mvp) { EatWholeString(incomingRequest, "GET /" + allowedProxyHost + "/counters HTTP/1.1\r\n" "Host: oidcproxy.net\r\n" "Cookie: yc_session=allowed_session_cookie;" - + CreateSecureCookie(settings.ClientId, "session_cookie") + "\r\n\r\n"); + + CreateNameSessionCookie(settings.ClientId) + "=" + Base64Encode("session_cookie") + "\r\n\r\n"); runtime.Send(new IEventHandle(target, edge, new NHttp::TEvHttpProxy::TEvHttpIncomingRequest(incomingRequest))); TAutoPtr handle; diff --git a/ydb/mvp/oidc_proxy/oidc_session_create_nebius.cpp b/ydb/mvp/oidc_proxy/oidc_session_create_nebius.cpp index 3b2234d29580..964a602baacf 100644 --- a/ydb/mvp/oidc_proxy/oidc_session_create_nebius.cpp +++ b/ydb/mvp/oidc_proxy/oidc_session_create_nebius.cpp @@ -1,6 +1,8 @@ #include +#include #include "openid_connect.h" #include "oidc_session_create_nebius.h" +#include namespace NMVP { namespace NOIDC { @@ -33,8 +35,12 @@ void THandlerSessionCreateNebius::RequestSessionToken(const TString& code, const } void THandlerSessionCreateNebius::ProcessSessionToken(const TString& sessionToken, const NActors::TActorContext& ctx) { + TString sessionCookieName = CreateNameSessionCookie(Settings.ClientId); + TString sessionCookieValue = Base64Encode(sessionToken); + LOG_DEBUG_S(ctx, EService::MVP, "Set session cookie: (" << sessionCookieName << ": " << NKikimr::MaskTicket(sessionCookieValue) << ")"); + NHttp::THeadersBuilder responseHeaders; - responseHeaders.Set("Set-Cookie", CreateSecureCookie(Settings.ClientId, sessionToken)); + responseHeaders.Set("Set-Cookie", CreateSecureCookie(sessionCookieName, sessionCookieValue)); responseHeaders.Set("Location", Context.GetRequestedAddress()); NHttp::THttpOutgoingResponsePtr httpResponse; httpResponse = Request->CreateResponse("302", "Cookie set", responseHeaders); diff --git a/ydb/mvp/oidc_proxy/openid_connect.cpp b/ydb/mvp/oidc_proxy/openid_connect.cpp index dec1ab9aa070..fbc7714c5979 100644 --- a/ydb/mvp/oidc_proxy/openid_connect.cpp +++ b/ydb/mvp/oidc_proxy/openid_connect.cpp @@ -114,9 +114,9 @@ const TString& GetAuthCallbackUrl() { return callbackUrl; } -TString CreateSecureCookie(const TString& key, const TString& value) { +TString CreateSecureCookie(const TString& name, const TString& value) { TStringBuilder cookieBuilder; - cookieBuilder << CreateNameSessionCookie(key) << "=" << Base64Encode(value) + cookieBuilder << name << "=" << value << "; Path=/; Secure; HttpOnly; SameSite=None; Partitioned"; return cookieBuilder; }