From ceb1489eda42fd3c596d81e3a0d2f15159936b45 Mon Sep 17 00:00:00 2001
From: chris <cwer542@gmail.com>
Date: Tue, 21 Oct 2025 01:25:00 +0200
Subject: [PATCH] Update AuthController to adjust cookie settings and remove
 unused endpoint; change BaseUrl in development settings

---
 .../Controllers/AuthController.cs             | 19 ++-----------------
 .../appsettings.Development.json              |  2 +-
 2 files changed, 3 insertions(+), 18 deletions(-)

diff --git a/src/dotnet/Suspectus.Gandalf.Mithrandir.Api/Controllers/AuthController.cs b/src/dotnet/Suspectus.Gandalf.Mithrandir.Api/Controllers/AuthController.cs
index 0d173e7..22babca 100644
--- a/src/dotnet/Suspectus.Gandalf.Mithrandir.Api/Controllers/AuthController.cs
+++ b/src/dotnet/Suspectus.Gandalf.Mithrandir.Api/Controllers/AuthController.cs
@@ -87,9 +87,9 @@ public class AuthController : ControllerBase
 
         Response.Cookies.Append("MithrandirSession", tokenRequestResponse.SubjectId, new CookieOptions
         {
-            Secure = true,
+            Secure = false, // TODO set to true in production
             HttpOnly = true,
-            SameSite = SameSiteMode.None,
+            SameSite = SameSiteMode.Lax,
             Expires = tokenRequestResponse.RefreshTokenExpiresAt.AddSeconds(-10)
         });
 
@@ -110,21 +110,6 @@ public class AuthController : ControllerBase
         return Ok(true);
     }
 
-    [HttpGet("[action]")]
-    public async Task<IActionResult> Me()
-    {
-        var sessionExists = Request.Cookies.ContainsKey("MithrandirSession");
-
-        if (!sessionExists)
-        {
-            return Unauthorized("Session expired.");
-        }
-        
-        
-        
-        return Ok(sessionExists);
-    }
-
     private string GetCacheKey(string subjectId, string appId, string tokenType)
     {
         return $"{subjectId}:{appId}:{tokenType}";
diff --git a/src/dotnet/Suspectus.Gandalf.Palantir.Api/appsettings.Development.json b/src/dotnet/Suspectus.Gandalf.Palantir.Api/appsettings.Development.json
index f1b3795..c26bea0 100644
--- a/src/dotnet/Suspectus.Gandalf.Palantir.Api/appsettings.Development.json
+++ b/src/dotnet/Suspectus.Gandalf.Palantir.Api/appsettings.Development.json
@@ -10,5 +10,5 @@
   },
   "HashIdSalt": "RD7MTWZsTm2DVF9WAksbpzp`Daccgk&4w~Qk^v99W~LtpXefUt2b5~~o52#7q^MzRC`3U^@%SLAp%QF$xr@fZ$TgA@vrD5qkwovv%9Rb`MEUEr4TSNLuXq7P9yQTH~dRvk`x~ueEPvup^c7w`wfo7EoQWJa99dSe%wLy`R7iyz~kZ$JR$QhqwM4pcHFtxLtSf^QdtLhssZipKi9T#J%EP#9jQR&NC$q5Pt4J7oyYq~WyfbAYZxMMc~s4Qoonnyyh",
   "JwtSecret": "sPKw4qrxSDrVAPMkpfXRmrmY#%f`@im&nrzhTYJSbg7jDEePaoobzvTx$q@Dt3`^xEVquT&XW%evc`7rR`^j%2MnHrHrxAteC5CADguRDQHN5HfS%^2PJ7VWJwn~YV2c~aSe`T@wPPLwnwbpSk~E%wxMfUbDDm#XZh7Z@9t24uiT9nxQpt^ZKcSc#CEeW4^#hc^vaLkeYT73RcC#&vSZMdr5e$Z~i&f$73%z@^yyAoFutLPmtgjosDW3mPb4z~h^",
-  "BaseUrl": "https://localhost:7269"
+  "BaseUrl": "http://localhost:5035"
 }