Refactor: Centralize refresh token cookie name

Vadim Belov · Vadim Belov · commit 57625e2038c3 · 2025-12-03T14:48:43.000-08:00
Replaced hardcoded "refresh_token" strings with a constant
`CookieRefreshTokenName` in `BaseAuthController` to improve
maintainability and consistency. Updated all references to
use the new constant, including cookie retrieval and appending
operations in the `RefreshToken` method and various login
flows. This change simplifies future updates to the cookie
name and reduces the risk of inconsistencies.
diff --git a/Sources/EasyExtensions.AspNetCore.Authorization/Controllers/BaseAuthController.cs b/Sources/EasyExtensions.AspNetCore.Authorization/Controllers/BaseAuthController.cs
@@ -24,6 +24,8 @@ public abstract class BaseAuthController(
         IPasswordHashService _passwordHasher,
         ITokenProvider _tokenProvider) : ControllerBase
     {
+        private const string CookieRefreshTokenName = "ee_refresh_token";
+
         /// <summary>
         /// Gets the IP address from which the current request originated.
         /// </summary>
@@ -76,7 +78,7 @@ public async Task<IActionResult> RefreshToken([FromBody] RefreshTokenRequestDto?
             bool useCookie = string.IsNullOrWhiteSpace(request?.RefreshToken);
             if (useCookie)
             {
-                if (Request.Cookies.TryGetValue("refresh_token", out string? cookieRefreshToken))
+                if (Request.Cookies.TryGetValue(CookieRefreshTokenName, out string? cookieRefreshToken))
                 {
                     request = request is not null
                         ? request with { RefreshToken = cookieRefreshToken }
@@ -99,7 +101,7 @@ public async Task<IActionResult> RefreshToken([FromBody] RefreshTokenRequestDto?
             var roles = await GetUserRolesAsync(userId.Value);
             string accessToken = CreateAccessToken(userId.Value, roles);
             await SaveAndRevokeRefreshTokenAsync(userId.Value, request.RefreshToken, newRefreshToken, AuthType.Unknown);
-            Response.Cookies.Append("refresh_token", newRefreshToken, new()
+            Response.Cookies.Append(CookieRefreshTokenName, newRefreshToken, new()
             {
                 Secure = true,
                 HttpOnly = true,
@@ -155,7 +157,7 @@ public async Task<IActionResult> Login([FromBody] LoginRequestDto request)
             string refreshToken = StringHelpers.CreateRandomString(64);
             await SaveAndRevokeRefreshTokenAsync(userId.Value, string.Empty, refreshToken, AuthType.Credentials);
             await OnUserLoggingInAsync(userId.Value, AuthType.Credentials, AuthRejectionType.None);
-            Response.Cookies.Append("refresh_token", refreshToken, new()
+            Response.Cookies.Append(CookieRefreshTokenName, refreshToken, new()
             {
                 Secure = true,
                 HttpOnly = true,
@@ -211,7 +213,7 @@ public async Task<IActionResult> LoginWithGoogle([FromQuery] string token)
             string refreshToken = StringHelpers.CreateRandomString(64);
             await SaveAndRevokeRefreshTokenAsync(userId.Value, string.Empty, refreshToken, AuthType.Google);
             await OnUserLoggingInAsync(userId.Value, AuthType.Google, AuthRejectionType.None);
-            Response.Cookies.Append("refresh_token", refreshToken, new()
+            Response.Cookies.Append(CookieRefreshTokenName, refreshToken, new()
             {
                 Secure = true,
                 HttpOnly = true,
