yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
refactor/StringExtensions
Umbraco-CMS/tests/Umbraco.Tests.Integration/ManagementApi/ManagementApiTest.cs

210 lines
8.9 KiB
C#
Raw Permalink Normal View History

V14: Add authorization policies to Management API controllers - p2 (#15211) * Making ProblemDetails details more generic * Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy * Adding method to get the GUID from claims * Adding service methods to check user group authz * Porting MustSatisfyRequirementAuthorizationHandler * Adding controllers authz * Fix return status code + produced response type * Moving to folder * Adding DenyLocalLogin policy scaffold * Implement a temp DenyLocalLoginHandler * Introducing a new Fobidden result * Fix comment * Introducing a helper class for authorizers * Changed nullability for GetCurrentUser * Changes from Attempt to Status + FIXME comments * Create a UserGroupAuthorizationStatus to be used in the future * Introduces a new authz status for checking media acess * Introducing a new permission service for media * Adding fixme * Adding more policy configurations * Adding Media policy requirement and handler * Adding media authorizer * Fix order of params * Adding duplicate code comment * Adding authz to media controllers * Migrating more logic from MediaPermissions.cs * Adding more MediaAuthorizationStatus-es * Handling of new authorization status * Fix comment * Adding NotFound case * Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled * Changed Forbid() to Forbidden() to get the correct status code * Remove policy that is applied on the base controller already * Implement and apply NewUmbracoFeatureEnabled policy * Renaming classes to add Permission in the name * Register permission services * Add FIXME * Introduce new IUserGroupPermissionService and refactor accordingly * Add single overload with default implementation * Adding user permission policy and related * Applying admin policy * Register all new policies * Better wording * Add default implementation for a single overload * Adding remarks to IContentPermissionService.cs * Supporting null as key in ContentPermissionService * Fix namespace * Reverting back to not supporting null as content key, but having dedicated implementation * Adding content authorizer with null values to represent root item * Removing null key support and adding dedicated implementation * Removing remarks * Adding content resource with null support * Removing null support * Adding requirement and status * Adding content authorizer + handlers * Applying policies to content controllers * Update comment * Handling of Authorization Statuses * More authz in controllers * Fix comments * New branch handler * Obsolete old implementation * Adding dedicated policies to root and bin * Adding a branch specific namespace * Bin specific requirement and namespace * Root specific requirement and namespace * Changing to new root policy * Refactoring * Save policies * Fix null check/reference * Add TODO comment * Create media root- and bin-specific policies, handlers, etc. * Apply correct policy in create and update media controllers * Apply root policy to move and sort controllers * Fix wording * Adding UserGroupAuthorizationStatusResult * Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus * Fixing Umbraco feature policy * Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute * Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword * Fix comment * Renaming performingUser to user and fixing comments * Rename helper method * Fix references * Re-add merge conflict deletion * Adding Backoffice requirement and relevant * Registering * Added a simple policy test * Fixed small test things and clean up * Temp solution * Added one more test and fix another static issue * Fix another merge conflict * Remove BackOfficePermissionRequirement and handler as they might not be necessary * Comment out again [AllowAnonymous] * Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary * Fix temp implementation * Fix reference to correct handler * Apply authz policy to new publish/unpublish controllers * Fix comments * Removing duplicate ProducesResponseTypes * Added swagger documentation about the 401 and 403 * Added Resources to Media, User and UserGroup * Handle root, recycle bin and branch in the same handler * Handle both parent and target when moving * Check Ids for all sort requests * Xml docs * Clean up * Clean up * Fix build * Cleanup * Remove TODO * Added missing overload * Use yield * Adding some keys to check --------- Co-authored-by: Bjarke Berg <mail@bergmania.dk> Co-authored-by: Andreas Zerbst <andr317c@live.dk>
2023-12-11 08:25:29 +01:00
using System.Linq.Expressions;
using System.Net;
using System.Net.Http.Headers;
using System.Net.Http.Json;
using System.Net.Mime;
using System.Security.Cryptography;
using System.Text;
using System.Text.Json.Serialization;
using System.Web;
using Microsoft.Extensions.DependencyInjection;
using NUnit.Framework;
using OpenIddict.Abstractions;
using Umbraco.Cms.Api.Management.Controllers;
using Umbraco.Cms.Api.Management.Controllers.Security;
using Umbraco.Cms.Api.Management.Security;
V14: login screen (#15932) * remove the temp login screen * set login build back to esm * convert razor entrypoint to show new login screen * enable loading a user defined stylesheet that can be overridden through RCL mechanics * remove unused file * for now, remove the call to the old `localizedtext` endpoint until a replacement has been built * add fallback font * remove login to the old backoffice * change models for twoFactorView * Send view that have to be used for 2fa. * get 2fa providers from the login call directly * Return 2fa providers * map enabledTwoFactorProviderNames to the view * use correct endpoints for 2fa * Send link * change key to id in querystring * improve localization * merge authUrl * Added flow query parameter * remove unused getter * remove debug info * fix fallback value * fallback value * Added invite url to email * Clean up * Added password configuration to the verify responses, so the client knows, and have confirmed the user is allwed to see it * allow reset password * Allow anonymous on invite create password * open api * check for invite * fix fallback text * validate invite token * try to extract the problem details object * add error logging * fix invite user parameters * Use correct id for performing user * Allow password reset on yourself without the old password, if you are currently invited * hardcode the authorize endpoint url for now * fix handlers and disable icons for now * import icons from backoffice client * add backoffice path to icons * fix handler for 2fa custom view * update image temporarily * remove old icon registry * convert login components to UmbLitElement * convert `UmbAuthContext` into a real context with a token * cleanup dependencies * optimise vite * remove lit * optimise external login component loader * use generated resources for reset password * use generated resources for all methods * import and register the main bundle * register localization * change localization keys * update all localization keys to new format * replace tokens * copy code * added danish translations * convert to lowercase * all languages should have same weight * added german translations * add missing variable * missing text * added dutch translations * added swedish translations * added norwegian translations * add temporary fix so the login app can be built * make sure BuildLogin is run only after BuildBellissima has been run to ensure the dependencies are present on disk * run the real login build in pipelines * set vite language to en-us * optimise msw warnings * wait a bit before rendering the form so we know everything has been loaded * Add external login endpoint + move models around * Allow FORM submissions to the external login endpoint * rename `IdentityProvider` back to `Provider` to avoid a breaking change from V13 * type in url for login-external manually (for now) since route attributes are no longer a thing * move GET back to POST for external forms * load in public manifests on boot of the login screen * Clean up * handle the case where an external login provider has disabled local login and show a message instead of the login form * remove external login providers from the server login screen * add more translations * use the friendly greeting for the error layout * show login form * add mock handler for public manifest endpoint * remove the external login layout * fix test * Added generic English localization as a fallback language. --------- Co-authored-by: Bjarke Berg <mail@bergmania.dk> Co-authored-by: kjac <kja@umbraco.dk> Co-authored-by: leekelleher <leekelleher@gmail.com>
2024-04-03 15:45:09 +02:00
using Umbraco.Cms.Api.Management.ViewModels.Security;
V14: Add authorization policies to Management API controllers - p2 (#15211) * Making ProblemDetails details more generic * Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy * Adding method to get the GUID from claims * Adding service methods to check user group authz * Porting MustSatisfyRequirementAuthorizationHandler * Adding controllers authz * Fix return status code + produced response type * Moving to folder * Adding DenyLocalLogin policy scaffold * Implement a temp DenyLocalLoginHandler * Introducing a new Fobidden result * Fix comment * Introducing a helper class for authorizers * Changed nullability for GetCurrentUser * Changes from Attempt to Status + FIXME comments * Create a UserGroupAuthorizationStatus to be used in the future * Introduces a new authz status for checking media acess * Introducing a new permission service for media * Adding fixme * Adding more policy configurations * Adding Media policy requirement and handler * Adding media authorizer * Fix order of params * Adding duplicate code comment * Adding authz to media controllers * Migrating more logic from MediaPermissions.cs * Adding more MediaAuthorizationStatus-es * Handling of new authorization status * Fix comment * Adding NotFound case * Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled * Changed Forbid() to Forbidden() to get the correct status code * Remove policy that is applied on the base controller already * Implement and apply NewUmbracoFeatureEnabled policy * Renaming classes to add Permission in the name * Register permission services * Add FIXME * Introduce new IUserGroupPermissionService and refactor accordingly * Add single overload with default implementation * Adding user permission policy and related * Applying admin policy * Register all new policies * Better wording * Add default implementation for a single overload * Adding remarks to IContentPermissionService.cs * Supporting null as key in ContentPermissionService * Fix namespace * Reverting back to not supporting null as content key, but having dedicated implementation * Adding content authorizer with null values to represent root item * Removing null key support and adding dedicated implementation * Removing remarks * Adding content resource with null support * Removing null support * Adding requirement and status * Adding content authorizer + handlers * Applying policies to content controllers * Update comment * Handling of Authorization Statuses * More authz in controllers * Fix comments * New branch handler * Obsolete old implementation * Adding dedicated policies to root and bin * Adding a branch specific namespace * Bin specific requirement and namespace * Root specific requirement and namespace * Changing to new root policy * Refactoring * Save policies * Fix null check/reference * Add TODO comment * Create media root- and bin-specific policies, handlers, etc. * Apply correct policy in create and update media controllers * Apply root policy to move and sort controllers * Fix wording * Adding UserGroupAuthorizationStatusResult * Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus * Fixing Umbraco feature policy * Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute * Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword * Fix comment * Renaming performingUser to user and fixing comments * Rename helper method * Fix references * Re-add merge conflict deletion * Adding Backoffice requirement and relevant * Registering * Added a simple policy test * Fixed small test things and clean up * Temp solution * Added one more test and fix another static issue * Fix another merge conflict * Remove BackOfficePermissionRequirement and handler as they might not be necessary * Comment out again [AllowAnonymous] * Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary * Fix temp implementation * Fix reference to correct handler * Apply authz policy to new publish/unpublish controllers * Fix comments * Removing duplicate ProducesResponseTypes * Added swagger documentation about the 401 and 403 * Added Resources to Media, User and UserGroup * Handle root, recycle bin and branch in the same handler * Handle both parent and target when moving * Check Ids for all sort requests * Xml docs * Clean up * Clean up * Fix build * Cleanup * Remove TODO * Added missing overload * Use yield * Adding some keys to check --------- Co-authored-by: Bjarke Berg <mail@bergmania.dk> Co-authored-by: Andreas Zerbst <andr317c@live.dk>
2023-12-11 08:25:29 +01:00
using Umbraco.Cms.Core;
Use an extension method for fetching a required user in a common way (#15953)
2024-04-02 11:20:05 +02:00
using Umbraco.Cms.Core.Extensions;
V14: Add authorization policies to Management API controllers - p2 (#15211) * Making ProblemDetails details more generic * Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy * Adding method to get the GUID from claims * Adding service methods to check user group authz * Porting MustSatisfyRequirementAuthorizationHandler * Adding controllers authz * Fix return status code + produced response type * Moving to folder * Adding DenyLocalLogin policy scaffold * Implement a temp DenyLocalLoginHandler * Introducing a new Fobidden result * Fix comment * Introducing a helper class for authorizers * Changed nullability for GetCurrentUser * Changes from Attempt to Status + FIXME comments * Create a UserGroupAuthorizationStatus to be used in the future * Introduces a new authz status for checking media acess * Introducing a new permission service for media * Adding fixme * Adding more policy configurations * Adding Media policy requirement and handler * Adding media authorizer * Fix order of params * Adding duplicate code comment * Adding authz to media controllers * Migrating more logic from MediaPermissions.cs * Adding more MediaAuthorizationStatus-es * Handling of new authorization status * Fix comment * Adding NotFound case * Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled * Changed Forbid() to Forbidden() to get the correct status code * Remove policy that is applied on the base controller already * Implement and apply NewUmbracoFeatureEnabled policy * Renaming classes to add Permission in the name * Register permission services * Add FIXME * Introduce new IUserGroupPermissionService and refactor accordingly * Add single overload with default implementation * Adding user permission policy and related * Applying admin policy * Register all new policies * Better wording * Add default implementation for a single overload * Adding remarks to IContentPermissionService.cs * Supporting null as key in ContentPermissionService * Fix namespace * Reverting back to not supporting null as content key, but having dedicated implementation * Adding content authorizer with null values to represent root item * Removing null key support and adding dedicated implementation * Removing remarks * Adding content resource with null support * Removing null support * Adding requirement and status * Adding content authorizer + handlers * Applying policies to content controllers * Update comment * Handling of Authorization Statuses * More authz in controllers * Fix comments * New branch handler * Obsolete old implementation * Adding dedicated policies to root and bin * Adding a branch specific namespace * Bin specific requirement and namespace * Root specific requirement and namespace * Changing to new root policy * Refactoring * Save policies * Fix null check/reference * Add TODO comment * Create media root- and bin-specific policies, handlers, etc. * Apply correct policy in create and update media controllers * Apply root policy to move and sort controllers * Fix wording * Adding UserGroupAuthorizationStatusResult * Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus * Fixing Umbraco feature policy * Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute * Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword * Fix comment * Renaming performingUser to user and fixing comments * Rename helper method * Fix references * Re-add merge conflict deletion * Adding Backoffice requirement and relevant * Registering * Added a simple policy test * Fixed small test things and clean up * Temp solution * Added one more test and fix another static issue * Fix another merge conflict * Remove BackOfficePermissionRequirement and handler as they might not be necessary * Comment out again [AllowAnonymous] * Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary * Fix temp implementation * Fix reference to correct handler * Apply authz policy to new publish/unpublish controllers * Fix comments * Removing duplicate ProducesResponseTypes * Added swagger documentation about the 401 and 403 * Added Resources to Media, User and UserGroup * Handle root, recycle bin and branch in the same handler * Handle both parent and target when moving * Check Ids for all sort requests * Xml docs * Clean up * Clean up * Fix build * Cleanup * Remove TODO * Added missing overload * Use yield * Adding some keys to check --------- Co-authored-by: Bjarke Berg <mail@bergmania.dk> Co-authored-by: Andreas Zerbst <andr317c@live.dk>
2023-12-11 08:25:29 +01:00
using Umbraco.Cms.Core.Models;
using Umbraco.Cms.Core.Models.Membership;
using Umbraco.Cms.Core.Scoping;
using Umbraco.Cms.Core.Security;
using Umbraco.Cms.Core.Services;
using Umbraco.Cms.Infrastructure.Security;
Auhorization: Cherrypicked integration tests from V15 (#20492) * V15 QA Added the authorization integration tests (#18419) * Added authorization integration tests * Removed unnecessary tests and update tests for preview controller * Updated to use the newest changes from v15/dev and added an override for the AuthenticateClientAsync to use the userGroupKey * Updated CompatibilitySuppressions to include changes from integration tests * Updated pipelines * Skips managementApi tests * Only run necessary tests * Added new schema per fixture to reduce test setup time * Fixed failing tests * Updated test setup * Updated test * Added suppression * Fixed failing tests * Updated addOnTeardown methods to protected * Added method for clearing the host * Added teardown * Updated model usage * Added a lot of cleanup for memory leak issues when running tests * Added CompatibilitySuppressions.xml * Updated tests * Cleaned up * Adjusted base classes * Updated pipeline * Updated CompatibilitySuppressions.xml * Updated test logging * Fixed reponse * Updated condition to skip tests * Updated tests, not done * Reworked test to expect correct responses with correct setup * Updated tests * More updates to tests * Updated tests * Cleaned up tests * Updated setup * Cleaned up tests to match setup * Cleaned up setup * Removed suppression * Fixed tests * Move order of checks * Fix naming * Formatting * Dispose of host * Keep track of if we're disposed * Compat suppression * Dont dispose * Fix failing tests * removed unused virtual * Updated CompatibilitySuppressions.xml --------- Co-authored-by: Andreas Zerbst <andr317c@live.dk> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com> # Conflicts: # tests/Umbraco.Tests.Integration/CompatibilitySuppressions.xml # tests/Umbraco.Tests.Integration/ManagementApi/ManagementApiTest.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/AllCultureControllerTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/CreateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/UpdateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EndPreviewTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EnterPreviewTests.cs # tests/Umbraco.Tests.Integration/TestServerTest/UmbracoTestServerTestBase.cs * Updated test * Updates * Removed unnessecary test --------- Co-authored-by: Nhu Dinh <150406148+nhudinh0309@users.noreply.github.com> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
2025-10-14 12:04:10 +02:00
using Umbraco.Cms.Tests.Common.Testing;
V14: Add authorization policies to Management API controllers - p2 (#15211) * Making ProblemDetails details more generic * Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy * Adding method to get the GUID from claims * Adding service methods to check user group authz * Porting MustSatisfyRequirementAuthorizationHandler * Adding controllers authz * Fix return status code + produced response type * Moving to folder * Adding DenyLocalLogin policy scaffold * Implement a temp DenyLocalLoginHandler * Introducing a new Fobidden result * Fix comment * Introducing a helper class for authorizers * Changed nullability for GetCurrentUser * Changes from Attempt to Status + FIXME comments * Create a UserGroupAuthorizationStatus to be used in the future * Introduces a new authz status for checking media acess * Introducing a new permission service for media * Adding fixme * Adding more policy configurations * Adding Media policy requirement and handler * Adding media authorizer * Fix order of params * Adding duplicate code comment * Adding authz to media controllers * Migrating more logic from MediaPermissions.cs * Adding more MediaAuthorizationStatus-es * Handling of new authorization status * Fix comment * Adding NotFound case * Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled * Changed Forbid() to Forbidden() to get the correct status code * Remove policy that is applied on the base controller already * Implement and apply NewUmbracoFeatureEnabled policy * Renaming classes to add Permission in the name * Register permission services * Add FIXME * Introduce new IUserGroupPermissionService and refactor accordingly * Add single overload with default implementation * Adding user permission policy and related * Applying admin policy * Register all new policies * Better wording * Add default implementation for a single overload * Adding remarks to IContentPermissionService.cs * Supporting null as key in ContentPermissionService * Fix namespace * Reverting back to not supporting null as content key, but having dedicated implementation * Adding content authorizer with null values to represent root item * Removing null key support and adding dedicated implementation * Removing remarks * Adding content resource with null support * Removing null support * Adding requirement and status * Adding content authorizer + handlers * Applying policies to content controllers * Update comment * Handling of Authorization Statuses * More authz in controllers * Fix comments * New branch handler * Obsolete old implementation * Adding dedicated policies to root and bin * Adding a branch specific namespace * Bin specific requirement and namespace * Root specific requirement and namespace * Changing to new root policy * Refactoring * Save policies * Fix null check/reference * Add TODO comment * Create media root- and bin-specific policies, handlers, etc. * Apply correct policy in create and update media controllers * Apply root policy to move and sort controllers * Fix wording * Adding UserGroupAuthorizationStatusResult * Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus * Fixing Umbraco feature policy * Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute * Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword * Fix comment * Renaming performingUser to user and fixing comments * Rename helper method * Fix references * Re-add merge conflict deletion * Adding Backoffice requirement and relevant * Registering * Added a simple policy test * Fixed small test things and clean up * Temp solution * Added one more test and fix another static issue * Fix another merge conflict * Remove BackOfficePermissionRequirement and handler as they might not be necessary * Comment out again [AllowAnonymous] * Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary * Fix temp implementation * Fix reference to correct handler * Apply authz policy to new publish/unpublish controllers * Fix comments * Removing duplicate ProducesResponseTypes * Added swagger documentation about the 401 and 403 * Added Resources to Media, User and UserGroup * Handle root, recycle bin and branch in the same handler * Handle both parent and target when moving * Check Ids for all sort requests * Xml docs * Clean up * Clean up * Fix build * Cleanup * Remove TODO * Added missing overload * Use yield * Adding some keys to check --------- Co-authored-by: Bjarke Berg <mail@bergmania.dk> Co-authored-by: Andreas Zerbst <andr317c@live.dk>
2023-12-11 08:25:29 +01:00
using Umbraco.Cms.Tests.Integration.TestServerTest;
namespace Umbraco.Cms.Tests.Integration.ManagementApi;
[TestFixture]
Auhorization: Cherrypicked integration tests from V15 (#20492) * V15 QA Added the authorization integration tests (#18419) * Added authorization integration tests * Removed unnecessary tests and update tests for preview controller * Updated to use the newest changes from v15/dev and added an override for the AuthenticateClientAsync to use the userGroupKey * Updated CompatibilitySuppressions to include changes from integration tests * Updated pipelines * Skips managementApi tests * Only run necessary tests * Added new schema per fixture to reduce test setup time * Fixed failing tests * Updated test setup * Updated test * Added suppression * Fixed failing tests * Updated addOnTeardown methods to protected * Added method for clearing the host * Added teardown * Updated model usage * Added a lot of cleanup for memory leak issues when running tests * Added CompatibilitySuppressions.xml * Updated tests * Cleaned up * Adjusted base classes * Updated pipeline * Updated CompatibilitySuppressions.xml * Updated test logging * Fixed reponse * Updated condition to skip tests * Updated tests, not done * Reworked test to expect correct responses with correct setup * Updated tests * More updates to tests * Updated tests * Cleaned up tests * Updated setup * Cleaned up tests to match setup * Cleaned up setup * Removed suppression * Fixed tests * Move order of checks * Fix naming * Formatting * Dispose of host * Keep track of if we're disposed * Compat suppression * Dont dispose * Fix failing tests * removed unused virtual * Updated CompatibilitySuppressions.xml --------- Co-authored-by: Andreas Zerbst <andr317c@live.dk> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com> # Conflicts: # tests/Umbraco.Tests.Integration/CompatibilitySuppressions.xml # tests/Umbraco.Tests.Integration/ManagementApi/ManagementApiTest.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/AllCultureControllerTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/CreateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/UpdateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EndPreviewTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EnterPreviewTests.cs # tests/Umbraco.Tests.Integration/TestServerTest/UmbracoTestServerTestBase.cs * Updated test * Updates * Removed unnessecary test --------- Co-authored-by: Nhu Dinh <150406148+nhudinh0309@users.noreply.github.com> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
2025-10-14 12:04:10 +02:00
[UmbracoTest(Database = UmbracoTestOptions.Database.NewSchemaPerFixture, Logger = UmbracoTestOptions.Logger.Console, Boot = true)]
V14: Add authorization policies to Management API controllers - p2 (#15211) * Making ProblemDetails details more generic * Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy * Adding method to get the GUID from claims * Adding service methods to check user group authz * Porting MustSatisfyRequirementAuthorizationHandler * Adding controllers authz * Fix return status code + produced response type * Moving to folder * Adding DenyLocalLogin policy scaffold * Implement a temp DenyLocalLoginHandler * Introducing a new Fobidden result * Fix comment * Introducing a helper class for authorizers * Changed nullability for GetCurrentUser * Changes from Attempt to Status + FIXME comments * Create a UserGroupAuthorizationStatus to be used in the future * Introduces a new authz status for checking media acess * Introducing a new permission service for media * Adding fixme * Adding more policy configurations * Adding Media policy requirement and handler * Adding media authorizer * Fix order of params * Adding duplicate code comment * Adding authz to media controllers * Migrating more logic from MediaPermissions.cs * Adding more MediaAuthorizationStatus-es * Handling of new authorization status * Fix comment * Adding NotFound case * Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled * Changed Forbid() to Forbidden() to get the correct status code * Remove policy that is applied on the base controller already * Implement and apply NewUmbracoFeatureEnabled policy * Renaming classes to add Permission in the name * Register permission services * Add FIXME * Introduce new IUserGroupPermissionService and refactor accordingly * Add single overload with default implementation * Adding user permission policy and related * Applying admin policy * Register all new policies * Better wording * Add default implementation for a single overload * Adding remarks to IContentPermissionService.cs * Supporting null as key in ContentPermissionService * Fix namespace * Reverting back to not supporting null as content key, but having dedicated implementation * Adding content authorizer with null values to represent root item * Removing null key support and adding dedicated implementation * Removing remarks * Adding content resource with null support * Removing null support * Adding requirement and status * Adding content authorizer + handlers * Applying policies to content controllers * Update comment * Handling of Authorization Statuses * More authz in controllers * Fix comments * New branch handler * Obsolete old implementation * Adding dedicated policies to root and bin * Adding a branch specific namespace * Bin specific requirement and namespace * Root specific requirement and namespace * Changing to new root policy * Refactoring * Save policies * Fix null check/reference * Add TODO comment * Create media root- and bin-specific policies, handlers, etc. * Apply correct policy in create and update media controllers * Apply root policy to move and sort controllers * Fix wording * Adding UserGroupAuthorizationStatusResult * Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus * Fixing Umbraco feature policy * Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute * Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword * Fix comment * Renaming performingUser to user and fixing comments * Rename helper method * Fix references * Re-add merge conflict deletion * Adding Backoffice requirement and relevant * Registering * Added a simple policy test * Fixed small test things and clean up * Temp solution * Added one more test and fix another static issue * Fix another merge conflict * Remove BackOfficePermissionRequirement and handler as they might not be necessary * Comment out again [AllowAnonymous] * Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary * Fix temp implementation * Fix reference to correct handler * Apply authz policy to new publish/unpublish controllers * Fix comments * Removing duplicate ProducesResponseTypes * Added swagger documentation about the 401 and 403 * Added Resources to Media, User and UserGroup * Handle root, recycle bin and branch in the same handler * Handle both parent and target when moving * Check Ids for all sort requests * Xml docs * Clean up * Clean up * Fix build * Cleanup * Remove TODO * Added missing overload * Use yield * Adding some keys to check --------- Co-authored-by: Bjarke Berg <mail@bergmania.dk> Co-authored-by: Andreas Zerbst <andr317c@live.dk>
2023-12-11 08:25:29 +01:00
public abstract class ManagementApiTest<T> : UmbracoTestServerTestBase
where T : ManagementApiControllerBase
{
Auhorization: Cherrypicked integration tests from V15 (#20492) * V15 QA Added the authorization integration tests (#18419) * Added authorization integration tests * Removed unnecessary tests and update tests for preview controller * Updated to use the newest changes from v15/dev and added an override for the AuthenticateClientAsync to use the userGroupKey * Updated CompatibilitySuppressions to include changes from integration tests * Updated pipelines * Skips managementApi tests * Only run necessary tests * Added new schema per fixture to reduce test setup time * Fixed failing tests * Updated test setup * Updated test * Added suppression * Fixed failing tests * Updated addOnTeardown methods to protected * Added method for clearing the host * Added teardown * Updated model usage * Added a lot of cleanup for memory leak issues when running tests * Added CompatibilitySuppressions.xml * Updated tests * Cleaned up * Adjusted base classes * Updated pipeline * Updated CompatibilitySuppressions.xml * Updated test logging * Fixed reponse * Updated condition to skip tests * Updated tests, not done * Reworked test to expect correct responses with correct setup * Updated tests * More updates to tests * Updated tests * Cleaned up tests * Updated setup * Cleaned up tests to match setup * Cleaned up setup * Removed suppression * Fixed tests * Move order of checks * Fix naming * Formatting * Dispose of host * Keep track of if we're disposed * Compat suppression * Dont dispose * Fix failing tests * removed unused virtual * Updated CompatibilitySuppressions.xml --------- Co-authored-by: Andreas Zerbst <andr317c@live.dk> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com> # Conflicts: # tests/Umbraco.Tests.Integration/CompatibilitySuppressions.xml # tests/Umbraco.Tests.Integration/ManagementApi/ManagementApiTest.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/AllCultureControllerTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/CreateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/UpdateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EndPreviewTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EnterPreviewTests.cs # tests/Umbraco.Tests.Integration/TestServerTest/UmbracoTestServerTestBase.cs * Updated test * Updates * Removed unnessecary test --------- Co-authored-by: Nhu Dinh <150406148+nhudinh0309@users.noreply.github.com> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
2025-10-14 12:04:10 +02:00
private static readonly Dictionary<string, TokenModel> _tokenCache = new();
private static readonly SHA256 _sha256 = SHA256.Create();
protected abstract Expression<Func<T, object>> MethodSelector { get; set; }
protected string Url => GetManagementApiUrl(MethodSelector);
V14: Add authorization policies to Management API controllers - p2 (#15211) * Making ProblemDetails details more generic * Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy * Adding method to get the GUID from claims * Adding service methods to check user group authz * Porting MustSatisfyRequirementAuthorizationHandler * Adding controllers authz * Fix return status code + produced response type * Moving to folder * Adding DenyLocalLogin policy scaffold * Implement a temp DenyLocalLoginHandler * Introducing a new Fobidden result * Fix comment * Introducing a helper class for authorizers * Changed nullability for GetCurrentUser * Changes from Attempt to Status + FIXME comments * Create a UserGroupAuthorizationStatus to be used in the future * Introduces a new authz status for checking media acess * Introducing a new permission service for media * Adding fixme * Adding more policy configurations * Adding Media policy requirement and handler * Adding media authorizer * Fix order of params * Adding duplicate code comment * Adding authz to media controllers * Migrating more logic from MediaPermissions.cs * Adding more MediaAuthorizationStatus-es * Handling of new authorization status * Fix comment * Adding NotFound case * Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled * Changed Forbid() to Forbidden() to get the correct status code * Remove policy that is applied on the base controller already * Implement and apply NewUmbracoFeatureEnabled policy * Renaming classes to add Permission in the name * Register permission services * Add FIXME * Introduce new IUserGroupPermissionService and refactor accordingly * Add single overload with default implementation * Adding user permission policy and related * Applying admin policy * Register all new policies * Better wording * Add default implementation for a single overload * Adding remarks to IContentPermissionService.cs * Supporting null as key in ContentPermissionService * Fix namespace * Reverting back to not supporting null as content key, but having dedicated implementation * Adding content authorizer with null values to represent root item * Removing null key support and adding dedicated implementation * Removing remarks * Adding content resource with null support * Removing null support * Adding requirement and status * Adding content authorizer + handlers * Applying policies to content controllers * Update comment * Handling of Authorization Statuses * More authz in controllers * Fix comments * New branch handler * Obsolete old implementation * Adding dedicated policies to root and bin * Adding a branch specific namespace * Bin specific requirement and namespace * Root specific requirement and namespace * Changing to new root policy * Refactoring * Save policies * Fix null check/reference * Add TODO comment * Create media root- and bin-specific policies, handlers, etc. * Apply correct policy in create and update media controllers * Apply root policy to move and sort controllers * Fix wording * Adding UserGroupAuthorizationStatusResult * Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus * Fixing Umbraco feature policy * Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute * Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword * Fix comment * Renaming performingUser to user and fixing comments * Rename helper method * Fix references * Re-add merge conflict deletion * Adding Backoffice requirement and relevant * Registering * Added a simple policy test * Fixed small test things and clean up * Temp solution * Added one more test and fix another static issue * Fix another merge conflict * Remove BackOfficePermissionRequirement and handler as they might not be necessary * Comment out again [AllowAnonymous] * Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary * Fix temp implementation * Fix reference to correct handler * Apply authz policy to new publish/unpublish controllers * Fix comments * Removing duplicate ProducesResponseTypes * Added swagger documentation about the 401 and 403 * Added Resources to Media, User and UserGroup * Handle root, recycle bin and branch in the same handler * Handle both parent and target when moving * Check Ids for all sort requests * Xml docs * Clean up * Clean up * Fix build * Cleanup * Remove TODO * Added missing overload * Use yield * Adding some keys to check --------- Co-authored-by: Bjarke Berg <mail@bergmania.dk> Co-authored-by: Andreas Zerbst <andr317c@live.dk>
2023-12-11 08:25:29 +01:00
[SetUp]
Auhorization: Cherrypicked integration tests from V15 (#20492) * V15 QA Added the authorization integration tests (#18419) * Added authorization integration tests * Removed unnecessary tests and update tests for preview controller * Updated to use the newest changes from v15/dev and added an override for the AuthenticateClientAsync to use the userGroupKey * Updated CompatibilitySuppressions to include changes from integration tests * Updated pipelines * Skips managementApi tests * Only run necessary tests * Added new schema per fixture to reduce test setup time * Fixed failing tests * Updated test setup * Updated test * Added suppression * Fixed failing tests * Updated addOnTeardown methods to protected * Added method for clearing the host * Added teardown * Updated model usage * Added a lot of cleanup for memory leak issues when running tests * Added CompatibilitySuppressions.xml * Updated tests * Cleaned up * Adjusted base classes * Updated pipeline * Updated CompatibilitySuppressions.xml * Updated test logging * Fixed reponse * Updated condition to skip tests * Updated tests, not done * Reworked test to expect correct responses with correct setup * Updated tests * More updates to tests * Updated tests * Cleaned up tests * Updated setup * Cleaned up tests to match setup * Cleaned up setup * Removed suppression * Fixed tests * Move order of checks * Fix naming * Formatting * Dispose of host * Keep track of if we're disposed * Compat suppression * Dont dispose * Fix failing tests * removed unused virtual * Updated CompatibilitySuppressions.xml --------- Co-authored-by: Andreas Zerbst <andr317c@live.dk> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com> # Conflicts: # tests/Umbraco.Tests.Integration/CompatibilitySuppressions.xml # tests/Umbraco.Tests.Integration/ManagementApi/ManagementApiTest.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/AllCultureControllerTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/CreateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/UpdateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EndPreviewTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EnterPreviewTests.cs # tests/Umbraco.Tests.Integration/TestServerTest/UmbracoTestServerTestBase.cs * Updated test * Updates * Removed unnessecary test --------- Co-authored-by: Nhu Dinh <150406148+nhudinh0309@users.noreply.github.com> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
2025-10-14 12:04:10 +02:00
public override void Setup()
V14: Add authorization policies to Management API controllers - p2 (#15211) * Making ProblemDetails details more generic * Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy * Adding method to get the GUID from claims * Adding service methods to check user group authz * Porting MustSatisfyRequirementAuthorizationHandler * Adding controllers authz * Fix return status code + produced response type * Moving to folder * Adding DenyLocalLogin policy scaffold * Implement a temp DenyLocalLoginHandler * Introducing a new Fobidden result * Fix comment * Introducing a helper class for authorizers * Changed nullability for GetCurrentUser * Changes from Attempt to Status + FIXME comments * Create a UserGroupAuthorizationStatus to be used in the future * Introduces a new authz status for checking media acess * Introducing a new permission service for media * Adding fixme * Adding more policy configurations * Adding Media policy requirement and handler * Adding media authorizer * Fix order of params * Adding duplicate code comment * Adding authz to media controllers * Migrating more logic from MediaPermissions.cs * Adding more MediaAuthorizationStatus-es * Handling of new authorization status * Fix comment * Adding NotFound case * Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled * Changed Forbid() to Forbidden() to get the correct status code * Remove policy that is applied on the base controller already * Implement and apply NewUmbracoFeatureEnabled policy * Renaming classes to add Permission in the name * Register permission services * Add FIXME * Introduce new IUserGroupPermissionService and refactor accordingly * Add single overload with default implementation * Adding user permission policy and related * Applying admin policy * Register all new policies * Better wording * Add default implementation for a single overload * Adding remarks to IContentPermissionService.cs * Supporting null as key in ContentPermissionService * Fix namespace * Reverting back to not supporting null as content key, but having dedicated implementation * Adding content authorizer with null values to represent root item * Removing null key support and adding dedicated implementation * Removing remarks * Adding content resource with null support * Removing null support * Adding requirement and status * Adding content authorizer + handlers * Applying policies to content controllers * Update comment * Handling of Authorization Statuses * More authz in controllers * Fix comments * New branch handler * Obsolete old implementation * Adding dedicated policies to root and bin * Adding a branch specific namespace * Bin specific requirement and namespace * Root specific requirement and namespace * Changing to new root policy * Refactoring * Save policies * Fix null check/reference * Add TODO comment * Create media root- and bin-specific policies, handlers, etc. * Apply correct policy in create and update media controllers * Apply root policy to move and sort controllers * Fix wording * Adding UserGroupAuthorizationStatusResult * Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus * Fixing Umbraco feature policy * Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute * Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword * Fix comment * Renaming performingUser to user and fixing comments * Rename helper method * Fix references * Re-add merge conflict deletion * Adding Backoffice requirement and relevant * Registering * Added a simple policy test * Fixed small test things and clean up * Temp solution * Added one more test and fix another static issue * Fix another merge conflict * Remove BackOfficePermissionRequirement and handler as they might not be necessary * Comment out again [AllowAnonymous] * Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary * Fix temp implementation * Fix reference to correct handler * Apply authz policy to new publish/unpublish controllers * Fix comments * Removing duplicate ProducesResponseTypes * Added swagger documentation about the 401 and 403 * Added Resources to Media, User and UserGroup * Handle root, recycle bin and branch in the same handler * Handle both parent and target when moving * Check Ids for all sort requests * Xml docs * Clean up * Clean up * Fix build * Cleanup * Remove TODO * Added missing overload * Use yield * Adding some keys to check --------- Co-authored-by: Bjarke Berg <mail@bergmania.dk> Co-authored-by: Andreas Zerbst <andr317c@live.dk>
2023-12-11 08:25:29 +01:00
{
Auhorization: Cherrypicked integration tests from V15 (#20492) * V15 QA Added the authorization integration tests (#18419) * Added authorization integration tests * Removed unnecessary tests and update tests for preview controller * Updated to use the newest changes from v15/dev and added an override for the AuthenticateClientAsync to use the userGroupKey * Updated CompatibilitySuppressions to include changes from integration tests * Updated pipelines * Skips managementApi tests * Only run necessary tests * Added new schema per fixture to reduce test setup time * Fixed failing tests * Updated test setup * Updated test * Added suppression * Fixed failing tests * Updated addOnTeardown methods to protected * Added method for clearing the host * Added teardown * Updated model usage * Added a lot of cleanup for memory leak issues when running tests * Added CompatibilitySuppressions.xml * Updated tests * Cleaned up * Adjusted base classes * Updated pipeline * Updated CompatibilitySuppressions.xml * Updated test logging * Fixed reponse * Updated condition to skip tests * Updated tests, not done * Reworked test to expect correct responses with correct setup * Updated tests * More updates to tests * Updated tests * Cleaned up tests * Updated setup * Cleaned up tests to match setup * Cleaned up setup * Removed suppression * Fixed tests * Move order of checks * Fix naming * Formatting * Dispose of host * Keep track of if we're disposed * Compat suppression * Dont dispose * Fix failing tests * removed unused virtual * Updated CompatibilitySuppressions.xml --------- Co-authored-by: Andreas Zerbst <andr317c@live.dk> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com> # Conflicts: # tests/Umbraco.Tests.Integration/CompatibilitySuppressions.xml # tests/Umbraco.Tests.Integration/ManagementApi/ManagementApiTest.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/AllCultureControllerTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/CreateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/UpdateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EndPreviewTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EnterPreviewTests.cs # tests/Umbraco.Tests.Integration/TestServerTest/UmbracoTestServerTestBase.cs * Updated test * Updates * Removed unnessecary test --------- Co-authored-by: Nhu Dinh <150406148+nhudinh0309@users.noreply.github.com> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
2025-10-14 12:04:10 +02:00
InMemoryConfiguration["Umbraco:CMS:ModelsBuilder:ModelsMode"] = "Nothing";
base.Setup();
Client.DefaultRequestHeaders.Accept.Clear();
Client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue(MediaTypeNames.Application.Json));
V14: Add authorization policies to Management API controllers - p2 (#15211) * Making ProblemDetails details more generic * Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy * Adding method to get the GUID from claims * Adding service methods to check user group authz * Porting MustSatisfyRequirementAuthorizationHandler * Adding controllers authz * Fix return status code + produced response type * Moving to folder * Adding DenyLocalLogin policy scaffold * Implement a temp DenyLocalLoginHandler * Introducing a new Fobidden result * Fix comment * Introducing a helper class for authorizers * Changed nullability for GetCurrentUser * Changes from Attempt to Status + FIXME comments * Create a UserGroupAuthorizationStatus to be used in the future * Introduces a new authz status for checking media acess * Introducing a new permission service for media * Adding fixme * Adding more policy configurations * Adding Media policy requirement and handler * Adding media authorizer * Fix order of params * Adding duplicate code comment * Adding authz to media controllers * Migrating more logic from MediaPermissions.cs * Adding more MediaAuthorizationStatus-es * Handling of new authorization status * Fix comment * Adding NotFound case * Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled * Changed Forbid() to Forbidden() to get the correct status code * Remove policy that is applied on the base controller already * Implement and apply NewUmbracoFeatureEnabled policy * Renaming classes to add Permission in the name * Register permission services * Add FIXME * Introduce new IUserGroupPermissionService and refactor accordingly * Add single overload with default implementation * Adding user permission policy and related * Applying admin policy * Register all new policies * Better wording * Add default implementation for a single overload * Adding remarks to IContentPermissionService.cs * Supporting null as key in ContentPermissionService * Fix namespace * Reverting back to not supporting null as content key, but having dedicated implementation * Adding content authorizer with null values to represent root item * Removing null key support and adding dedicated implementation * Removing remarks * Adding content resource with null support * Removing null support * Adding requirement and status * Adding content authorizer + handlers * Applying policies to content controllers * Update comment * Handling of Authorization Statuses * More authz in controllers * Fix comments * New branch handler * Obsolete old implementation * Adding dedicated policies to root and bin * Adding a branch specific namespace * Bin specific requirement and namespace * Root specific requirement and namespace * Changing to new root policy * Refactoring * Save policies * Fix null check/reference * Add TODO comment * Create media root- and bin-specific policies, handlers, etc. * Apply correct policy in create and update media controllers * Apply root policy to move and sort controllers * Fix wording * Adding UserGroupAuthorizationStatusResult * Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus * Fixing Umbraco feature policy * Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute * Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword * Fix comment * Renaming performingUser to user and fixing comments * Rename helper method * Fix references * Re-add merge conflict deletion * Adding Backoffice requirement and relevant * Registering * Added a simple policy test * Fixed small test things and clean up * Temp solution * Added one more test and fix another static issue * Fix another merge conflict * Remove BackOfficePermissionRequirement and handler as they might not be necessary * Comment out again [AllowAnonymous] * Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary * Fix temp implementation * Fix reference to correct handler * Apply authz policy to new publish/unpublish controllers * Fix comments * Removing duplicate ProducesResponseTypes * Added swagger documentation about the 401 and 403 * Added Resources to Media, User and UserGroup * Handle root, recycle bin and branch in the same handler * Handle both parent and target when moving * Check Ids for all sort requests * Xml docs * Clean up * Clean up * Fix build * Cleanup * Remove TODO * Added missing overload * Use yield * Adding some keys to check --------- Co-authored-by: Bjarke Berg <mail@bergmania.dk> Co-authored-by: Andreas Zerbst <andr317c@live.dk>
2023-12-11 08:25:29 +01:00
}
Auhorization: Cherrypicked integration tests from V15 (#20492) * V15 QA Added the authorization integration tests (#18419) * Added authorization integration tests * Removed unnecessary tests and update tests for preview controller * Updated to use the newest changes from v15/dev and added an override for the AuthenticateClientAsync to use the userGroupKey * Updated CompatibilitySuppressions to include changes from integration tests * Updated pipelines * Skips managementApi tests * Only run necessary tests * Added new schema per fixture to reduce test setup time * Fixed failing tests * Updated test setup * Updated test * Added suppression * Fixed failing tests * Updated addOnTeardown methods to protected * Added method for clearing the host * Added teardown * Updated model usage * Added a lot of cleanup for memory leak issues when running tests * Added CompatibilitySuppressions.xml * Updated tests * Cleaned up * Adjusted base classes * Updated pipeline * Updated CompatibilitySuppressions.xml * Updated test logging * Fixed reponse * Updated condition to skip tests * Updated tests, not done * Reworked test to expect correct responses with correct setup * Updated tests * More updates to tests * Updated tests * Cleaned up tests * Updated setup * Cleaned up tests to match setup * Cleaned up setup * Removed suppression * Fixed tests * Move order of checks * Fix naming * Formatting * Dispose of host * Keep track of if we're disposed * Compat suppression * Dont dispose * Fix failing tests * removed unused virtual * Updated CompatibilitySuppressions.xml --------- Co-authored-by: Andreas Zerbst <andr317c@live.dk> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com> # Conflicts: # tests/Umbraco.Tests.Integration/CompatibilitySuppressions.xml # tests/Umbraco.Tests.Integration/ManagementApi/ManagementApiTest.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/AllCultureControllerTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/CreateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/UpdateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EndPreviewTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EnterPreviewTests.cs # tests/Umbraco.Tests.Integration/TestServerTest/UmbracoTestServerTestBase.cs * Updated test * Updates * Removed unnessecary test --------- Co-authored-by: Nhu Dinh <150406148+nhudinh0309@users.noreply.github.com> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
2025-10-14 12:04:10 +02:00
[SetUp]
public override void SetUp_Logging() =>
TestContext.Out.Write($"Start test {TestCount++}: {TestContext.CurrentContext.Test.FullName}");
[OneTimeTearDown]
public void ClearCache() => _tokenCache.Clear();
V14: Add authorization policies to Management API controllers - p2 (#15211) * Making ProblemDetails details more generic * Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy * Adding method to get the GUID from claims * Adding service methods to check user group authz * Porting MustSatisfyRequirementAuthorizationHandler * Adding controllers authz * Fix return status code + produced response type * Moving to folder * Adding DenyLocalLogin policy scaffold * Implement a temp DenyLocalLoginHandler * Introducing a new Fobidden result * Fix comment * Introducing a helper class for authorizers * Changed nullability for GetCurrentUser * Changes from Attempt to Status + FIXME comments * Create a UserGroupAuthorizationStatus to be used in the future * Introduces a new authz status for checking media acess * Introducing a new permission service for media * Adding fixme * Adding more policy configurations * Adding Media policy requirement and handler * Adding media authorizer * Fix order of params * Adding duplicate code comment * Adding authz to media controllers * Migrating more logic from MediaPermissions.cs * Adding more MediaAuthorizationStatus-es * Handling of new authorization status * Fix comment * Adding NotFound case * Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled * Changed Forbid() to Forbidden() to get the correct status code * Remove policy that is applied on the base controller already * Implement and apply NewUmbracoFeatureEnabled policy * Renaming classes to add Permission in the name * Register permission services * Add FIXME * Introduce new IUserGroupPermissionService and refactor accordingly * Add single overload with default implementation * Adding user permission policy and related * Applying admin policy * Register all new policies * Better wording * Add default implementation for a single overload * Adding remarks to IContentPermissionService.cs * Supporting null as key in ContentPermissionService * Fix namespace * Reverting back to not supporting null as content key, but having dedicated implementation * Adding content authorizer with null values to represent root item * Removing null key support and adding dedicated implementation * Removing remarks * Adding content resource with null support * Removing null support * Adding requirement and status * Adding content authorizer + handlers * Applying policies to content controllers * Update comment * Handling of Authorization Statuses * More authz in controllers * Fix comments * New branch handler * Obsolete old implementation * Adding dedicated policies to root and bin * Adding a branch specific namespace * Bin specific requirement and namespace * Root specific requirement and namespace * Changing to new root policy * Refactoring * Save policies * Fix null check/reference * Add TODO comment * Create media root- and bin-specific policies, handlers, etc. * Apply correct policy in create and update media controllers * Apply root policy to move and sort controllers * Fix wording * Adding UserGroupAuthorizationStatusResult * Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus * Fixing Umbraco feature policy * Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute * Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword * Fix comment * Renaming performingUser to user and fixing comments * Rename helper method * Fix references * Re-add merge conflict deletion * Adding Backoffice requirement and relevant * Registering * Added a simple policy test * Fixed small test things and clean up * Temp solution * Added one more test and fix another static issue * Fix another merge conflict * Remove BackOfficePermissionRequirement and handler as they might not be necessary * Comment out again [AllowAnonymous] * Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary * Fix temp implementation * Fix reference to correct handler * Apply authz policy to new publish/unpublish controllers * Fix comments * Removing duplicate ProducesResponseTypes * Added swagger documentation about the 401 and 403 * Added Resources to Media, User and UserGroup * Handle root, recycle bin and branch in the same handler * Handle both parent and target when moving * Check Ids for all sort requests * Xml docs * Clean up * Clean up * Fix build * Cleanup * Remove TODO * Added missing overload * Use yield * Adding some keys to check --------- Co-authored-by: Bjarke Berg <mail@bergmania.dk> Co-authored-by: Andreas Zerbst <andr317c@live.dk>
2023-12-11 08:25:29 +01:00
protected override void CustomTestAuthSetup(IServiceCollection services)
{
// We do not wanna fake anything, and thereby have protection
}
V15: Add authorization to saves (#18111) * Re-add authorization * Add test plumbing * Add test helper * Add happy path test * Remove usage of negation * Minor DRYup of test code. --------- Co-authored-by: Andy Butland <abutland73@gmail.com>
2025-01-24 13:45:56 +01:00
protected async Task AuthenticateClientAsync(HttpClient client, string username, string password, bool isAdmin) =>
await AuthenticateClientAsync(client,
async userService =>
{
IUser user;
if (isAdmin)
{
user = await userService.GetRequiredUserAsync(Constants.Security.SuperUserKey);
user.Username = user.Email = username;
userService.Save(user);
}
else
{
user = (await userService.CreateAsync(
Constants.Security.SuperUserKey,
new UserCreateModel
{
Email = username,
Name = username,
UserName = username,
UserGroupKeys = new HashSet<Guid>(new[] { Constants.Security.EditorGroupKey })
},
true)).Result.CreatedUser;
}
return (user, password);
Auhorization: Cherrypicked integration tests from V15 (#20492) * V15 QA Added the authorization integration tests (#18419) * Added authorization integration tests * Removed unnecessary tests and update tests for preview controller * Updated to use the newest changes from v15/dev and added an override for the AuthenticateClientAsync to use the userGroupKey * Updated CompatibilitySuppressions to include changes from integration tests * Updated pipelines * Skips managementApi tests * Only run necessary tests * Added new schema per fixture to reduce test setup time * Fixed failing tests * Updated test setup * Updated test * Added suppression * Fixed failing tests * Updated addOnTeardown methods to protected * Added method for clearing the host * Added teardown * Updated model usage * Added a lot of cleanup for memory leak issues when running tests * Added CompatibilitySuppressions.xml * Updated tests * Cleaned up * Adjusted base classes * Updated pipeline * Updated CompatibilitySuppressions.xml * Updated test logging * Fixed reponse * Updated condition to skip tests * Updated tests, not done * Reworked test to expect correct responses with correct setup * Updated tests * More updates to tests * Updated tests * Cleaned up tests * Updated setup * Cleaned up tests to match setup * Cleaned up setup * Removed suppression * Fixed tests * Move order of checks * Fix naming * Formatting * Dispose of host * Keep track of if we're disposed * Compat suppression * Dont dispose * Fix failing tests * removed unused virtual * Updated CompatibilitySuppressions.xml --------- Co-authored-by: Andreas Zerbst <andr317c@live.dk> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com> # Conflicts: # tests/Umbraco.Tests.Integration/CompatibilitySuppressions.xml # tests/Umbraco.Tests.Integration/ManagementApi/ManagementApiTest.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/AllCultureControllerTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/CreateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/UpdateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EndPreviewTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EnterPreviewTests.cs # tests/Umbraco.Tests.Integration/TestServerTest/UmbracoTestServerTestBase.cs * Updated test * Updates * Removed unnessecary test --------- Co-authored-by: Nhu Dinh <150406148+nhudinh0309@users.noreply.github.com> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
2025-10-14 12:04:10 +02:00
}, $"{username}:{isAdmin}");
V15: Add authorization to saves (#18111) * Re-add authorization * Add test plumbing * Add test helper * Add happy path test * Remove usage of negation * Minor DRYup of test code. --------- Co-authored-by: Andy Butland <abutland73@gmail.com>
2025-01-24 13:45:56 +01:00
Auhorization: Cherrypicked integration tests from V15 (#20492) * V15 QA Added the authorization integration tests (#18419) * Added authorization integration tests * Removed unnecessary tests and update tests for preview controller * Updated to use the newest changes from v15/dev and added an override for the AuthenticateClientAsync to use the userGroupKey * Updated CompatibilitySuppressions to include changes from integration tests * Updated pipelines * Skips managementApi tests * Only run necessary tests * Added new schema per fixture to reduce test setup time * Fixed failing tests * Updated test setup * Updated test * Added suppression * Fixed failing tests * Updated addOnTeardown methods to protected * Added method for clearing the host * Added teardown * Updated model usage * Added a lot of cleanup for memory leak issues when running tests * Added CompatibilitySuppressions.xml * Updated tests * Cleaned up * Adjusted base classes * Updated pipeline * Updated CompatibilitySuppressions.xml * Updated test logging * Fixed reponse * Updated condition to skip tests * Updated tests, not done * Reworked test to expect correct responses with correct setup * Updated tests * More updates to tests * Updated tests * Cleaned up tests * Updated setup * Cleaned up tests to match setup * Cleaned up setup * Removed suppression * Fixed tests * Move order of checks * Fix naming * Formatting * Dispose of host * Keep track of if we're disposed * Compat suppression * Dont dispose * Fix failing tests * removed unused virtual * Updated CompatibilitySuppressions.xml --------- Co-authored-by: Andreas Zerbst <andr317c@live.dk> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com> # Conflicts: # tests/Umbraco.Tests.Integration/CompatibilitySuppressions.xml # tests/Umbraco.Tests.Integration/ManagementApi/ManagementApiTest.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/AllCultureControllerTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/CreateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/UpdateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EndPreviewTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EnterPreviewTests.cs # tests/Umbraco.Tests.Integration/TestServerTest/UmbracoTestServerTestBase.cs * Updated test * Updates * Removed unnessecary test --------- Co-authored-by: Nhu Dinh <150406148+nhudinh0309@users.noreply.github.com> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
2025-10-14 12:04:10 +02:00
protected async Task AuthenticateClientAsync(HttpClient client, string username, string password, Guid userGroupKey) =>
await AuthenticateClientAsync(client,
async userService =>
{
IUser user;
if (userGroupKey == Constants.Security.AdminGroupKey)
{
user = await userService.GetRequiredUserAsync(Constants.Security.SuperUserKey);
user.Username = user.Email = username;
userService.Save(user);
}
else
{
user = (await userService.CreateAsync(
Constants.Security.SuperUserKey,
new UserCreateModel
{
Email = username,
Name = username,
UserName = username,
UserGroupKeys = new HashSet<Guid>([userGroupKey]),
},
true)).Result.CreatedUser;
}
V15: Add authorization to saves (#18111) * Re-add authorization * Add test plumbing * Add test helper * Add happy path test * Remove usage of negation * Minor DRYup of test code. --------- Co-authored-by: Andy Butland <abutland73@gmail.com>
2025-01-24 13:45:56 +01:00
Auhorization: Cherrypicked integration tests from V15 (#20492) * V15 QA Added the authorization integration tests (#18419) * Added authorization integration tests * Removed unnecessary tests and update tests for preview controller * Updated to use the newest changes from v15/dev and added an override for the AuthenticateClientAsync to use the userGroupKey * Updated CompatibilitySuppressions to include changes from integration tests * Updated pipelines * Skips managementApi tests * Only run necessary tests * Added new schema per fixture to reduce test setup time * Fixed failing tests * Updated test setup * Updated test * Added suppression * Fixed failing tests * Updated addOnTeardown methods to protected * Added method for clearing the host * Added teardown * Updated model usage * Added a lot of cleanup for memory leak issues when running tests * Added CompatibilitySuppressions.xml * Updated tests * Cleaned up * Adjusted base classes * Updated pipeline * Updated CompatibilitySuppressions.xml * Updated test logging * Fixed reponse * Updated condition to skip tests * Updated tests, not done * Reworked test to expect correct responses with correct setup * Updated tests * More updates to tests * Updated tests * Cleaned up tests * Updated setup * Cleaned up tests to match setup * Cleaned up setup * Removed suppression * Fixed tests * Move order of checks * Fix naming * Formatting * Dispose of host * Keep track of if we're disposed * Compat suppression * Dont dispose * Fix failing tests * removed unused virtual * Updated CompatibilitySuppressions.xml --------- Co-authored-by: Andreas Zerbst <andr317c@live.dk> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com> # Conflicts: # tests/Umbraco.Tests.Integration/CompatibilitySuppressions.xml # tests/Umbraco.Tests.Integration/ManagementApi/ManagementApiTest.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/AllCultureControllerTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/CreateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/UpdateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EndPreviewTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EnterPreviewTests.cs # tests/Umbraco.Tests.Integration/TestServerTest/UmbracoTestServerTestBase.cs * Updated test * Updates * Removed unnessecary test --------- Co-authored-by: Nhu Dinh <150406148+nhudinh0309@users.noreply.github.com> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
2025-10-14 12:04:10 +02:00
return (user, password);
}, $"{username}:{userGroupKey}");
protected async Task AuthenticateClientAsync(HttpClient client, Func<IUserService, Task<(IUser User, string Password)>> createUser, string cacheKey = null)
V14: Add authorization policies to Management API controllers - p2 (#15211) * Making ProblemDetails details more generic * Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy * Adding method to get the GUID from claims * Adding service methods to check user group authz * Porting MustSatisfyRequirementAuthorizationHandler * Adding controllers authz * Fix return status code + produced response type * Moving to folder * Adding DenyLocalLogin policy scaffold * Implement a temp DenyLocalLoginHandler * Introducing a new Fobidden result * Fix comment * Introducing a helper class for authorizers * Changed nullability for GetCurrentUser * Changes from Attempt to Status + FIXME comments * Create a UserGroupAuthorizationStatus to be used in the future * Introduces a new authz status for checking media acess * Introducing a new permission service for media * Adding fixme * Adding more policy configurations * Adding Media policy requirement and handler * Adding media authorizer * Fix order of params * Adding duplicate code comment * Adding authz to media controllers * Migrating more logic from MediaPermissions.cs * Adding more MediaAuthorizationStatus-es * Handling of new authorization status * Fix comment * Adding NotFound case * Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled * Changed Forbid() to Forbidden() to get the correct status code * Remove policy that is applied on the base controller already * Implement and apply NewUmbracoFeatureEnabled policy * Renaming classes to add Permission in the name * Register permission services * Add FIXME * Introduce new IUserGroupPermissionService and refactor accordingly * Add single overload with default implementation * Adding user permission policy and related * Applying admin policy * Register all new policies * Better wording * Add default implementation for a single overload * Adding remarks to IContentPermissionService.cs * Supporting null as key in ContentPermissionService * Fix namespace * Reverting back to not supporting null as content key, but having dedicated implementation * Adding content authorizer with null values to represent root item * Removing null key support and adding dedicated implementation * Removing remarks * Adding content resource with null support * Removing null support * Adding requirement and status * Adding content authorizer + handlers * Applying policies to content controllers * Update comment * Handling of Authorization Statuses * More authz in controllers * Fix comments * New branch handler * Obsolete old implementation * Adding dedicated policies to root and bin * Adding a branch specific namespace * Bin specific requirement and namespace * Root specific requirement and namespace * Changing to new root policy * Refactoring * Save policies * Fix null check/reference * Add TODO comment * Create media root- and bin-specific policies, handlers, etc. * Apply correct policy in create and update media controllers * Apply root policy to move and sort controllers * Fix wording * Adding UserGroupAuthorizationStatusResult * Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus * Fixing Umbraco feature policy * Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute * Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword * Fix comment * Renaming performingUser to user and fixing comments * Rename helper method * Fix references * Re-add merge conflict deletion * Adding Backoffice requirement and relevant * Registering * Added a simple policy test * Fixed small test things and clean up * Temp solution * Added one more test and fix another static issue * Fix another merge conflict * Remove BackOfficePermissionRequirement and handler as they might not be necessary * Comment out again [AllowAnonymous] * Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary * Fix temp implementation * Fix reference to correct handler * Apply authz policy to new publish/unpublish controllers * Fix comments * Removing duplicate ProducesResponseTypes * Added swagger documentation about the 401 and 403 * Added Resources to Media, User and UserGroup * Handle root, recycle bin and branch in the same handler * Handle both parent and target when moving * Check Ids for all sort requests * Xml docs * Clean up * Clean up * Fix build * Cleanup * Remove TODO * Added missing overload * Use yield * Adding some keys to check --------- Co-authored-by: Bjarke Berg <mail@bergmania.dk> Co-authored-by: Andreas Zerbst <andr317c@live.dk>
2023-12-11 08:25:29 +01:00
{
Auhorization: Cherrypicked integration tests from V15 (#20492) * V15 QA Added the authorization integration tests (#18419) * Added authorization integration tests * Removed unnecessary tests and update tests for preview controller * Updated to use the newest changes from v15/dev and added an override for the AuthenticateClientAsync to use the userGroupKey * Updated CompatibilitySuppressions to include changes from integration tests * Updated pipelines * Skips managementApi tests * Only run necessary tests * Added new schema per fixture to reduce test setup time * Fixed failing tests * Updated test setup * Updated test * Added suppression * Fixed failing tests * Updated addOnTeardown methods to protected * Added method for clearing the host * Added teardown * Updated model usage * Added a lot of cleanup for memory leak issues when running tests * Added CompatibilitySuppressions.xml * Updated tests * Cleaned up * Adjusted base classes * Updated pipeline * Updated CompatibilitySuppressions.xml * Updated test logging * Fixed reponse * Updated condition to skip tests * Updated tests, not done * Reworked test to expect correct responses with correct setup * Updated tests * More updates to tests * Updated tests * Cleaned up tests * Updated setup * Cleaned up tests to match setup * Cleaned up setup * Removed suppression * Fixed tests * Move order of checks * Fix naming * Formatting * Dispose of host * Keep track of if we're disposed * Compat suppression * Dont dispose * Fix failing tests * removed unused virtual * Updated CompatibilitySuppressions.xml --------- Co-authored-by: Andreas Zerbst <andr317c@live.dk> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com> # Conflicts: # tests/Umbraco.Tests.Integration/CompatibilitySuppressions.xml # tests/Umbraco.Tests.Integration/ManagementApi/ManagementApiTest.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/AllCultureControllerTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/CreateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/UpdateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EndPreviewTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EnterPreviewTests.cs # tests/Umbraco.Tests.Integration/TestServerTest/UmbracoTestServerTestBase.cs * Updated test * Updates * Removed unnessecary test --------- Co-authored-by: Nhu Dinh <150406148+nhudinh0309@users.noreply.github.com> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
2025-10-14 12:04:10 +02:00
// Check cache first
if (!string.IsNullOrEmpty(cacheKey) && _tokenCache.TryGetValue(cacheKey, out var cachedToken))
{
client.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue("Bearer", cachedToken.AccessToken);
return;
}
V15: Add authorization to saves (#18111) * Re-add authorization * Add test plumbing * Add test helper * Add happy path test * Remove usage of negation * Minor DRYup of test code. --------- Co-authored-by: Andy Butland <abutland73@gmail.com>
2025-01-24 13:45:56 +01:00
V14: Add authorization policies to Management API controllers - p2 (#15211) * Making ProblemDetails details more generic * Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy * Adding method to get the GUID from claims * Adding service methods to check user group authz * Porting MustSatisfyRequirementAuthorizationHandler * Adding controllers authz * Fix return status code + produced response type * Moving to folder * Adding DenyLocalLogin policy scaffold * Implement a temp DenyLocalLoginHandler * Introducing a new Fobidden result * Fix comment * Introducing a helper class for authorizers * Changed nullability for GetCurrentUser * Changes from Attempt to Status + FIXME comments * Create a UserGroupAuthorizationStatus to be used in the future * Introduces a new authz status for checking media acess * Introducing a new permission service for media * Adding fixme * Adding more policy configurations * Adding Media policy requirement and handler * Adding media authorizer * Fix order of params * Adding duplicate code comment * Adding authz to media controllers * Migrating more logic from MediaPermissions.cs * Adding more MediaAuthorizationStatus-es * Handling of new authorization status * Fix comment * Adding NotFound case * Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled * Changed Forbid() to Forbidden() to get the correct status code * Remove policy that is applied on the base controller already * Implement and apply NewUmbracoFeatureEnabled policy * Renaming classes to add Permission in the name * Register permission services * Add FIXME * Introduce new IUserGroupPermissionService and refactor accordingly * Add single overload with default implementation * Adding user permission policy and related * Applying admin policy * Register all new policies * Better wording * Add default implementation for a single overload * Adding remarks to IContentPermissionService.cs * Supporting null as key in ContentPermissionService * Fix namespace * Reverting back to not supporting null as content key, but having dedicated implementation * Adding content authorizer with null values to represent root item * Removing null key support and adding dedicated implementation * Removing remarks * Adding content resource with null support * Removing null support * Adding requirement and status * Adding content authorizer + handlers * Applying policies to content controllers * Update comment * Handling of Authorization Statuses * More authz in controllers * Fix comments * New branch handler * Obsolete old implementation * Adding dedicated policies to root and bin * Adding a branch specific namespace * Bin specific requirement and namespace * Root specific requirement and namespace * Changing to new root policy * Refactoring * Save policies * Fix null check/reference * Add TODO comment * Create media root- and bin-specific policies, handlers, etc. * Apply correct policy in create and update media controllers * Apply root policy to move and sort controllers * Fix wording * Adding UserGroupAuthorizationStatusResult * Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus * Fixing Umbraco feature policy * Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute * Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword * Fix comment * Renaming performingUser to user and fixing comments * Rename helper method * Fix references * Re-add merge conflict deletion * Adding Backoffice requirement and relevant * Registering * Added a simple policy test * Fixed small test things and clean up * Temp solution * Added one more test and fix another static issue * Fix another merge conflict * Remove BackOfficePermissionRequirement and handler as they might not be necessary * Comment out again [AllowAnonymous] * Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary * Fix temp implementation * Fix reference to correct handler * Apply authz policy to new publish/unpublish controllers * Fix comments * Removing duplicate ProducesResponseTypes * Added swagger documentation about the 401 and 403 * Added Resources to Media, User and UserGroup * Handle root, recycle bin and branch in the same handler * Handle both parent and target when moving * Check Ids for all sort requests * Xml docs * Clean up * Clean up * Fix build * Cleanup * Remove TODO * Added missing overload * Use yield * Adding some keys to check --------- Co-authored-by: Bjarke Berg <mail@bergmania.dk> Co-authored-by: Andreas Zerbst <andr317c@live.dk>
2023-12-11 08:25:29 +01:00
OpenIddictApplicationDescriptor backofficeOpenIddictApplicationDescriptor;
var scopeProvider = GetRequiredService<ICoreScopeProvider>();
V15: Add authorization to saves (#18111) * Re-add authorization * Add test plumbing * Add test helper * Add happy path test * Remove usage of negation * Minor DRYup of test code. --------- Co-authored-by: Andy Butland <abutland73@gmail.com>
2025-01-24 13:45:56 +01:00
Auhorization: Cherrypicked integration tests from V15 (#20492) * V15 QA Added the authorization integration tests (#18419) * Added authorization integration tests * Removed unnecessary tests and update tests for preview controller * Updated to use the newest changes from v15/dev and added an override for the AuthenticateClientAsync to use the userGroupKey * Updated CompatibilitySuppressions to include changes from integration tests * Updated pipelines * Skips managementApi tests * Only run necessary tests * Added new schema per fixture to reduce test setup time * Fixed failing tests * Updated test setup * Updated test * Added suppression * Fixed failing tests * Updated addOnTeardown methods to protected * Added method for clearing the host * Added teardown * Updated model usage * Added a lot of cleanup for memory leak issues when running tests * Added CompatibilitySuppressions.xml * Updated tests * Cleaned up * Adjusted base classes * Updated pipeline * Updated CompatibilitySuppressions.xml * Updated test logging * Fixed reponse * Updated condition to skip tests * Updated tests, not done * Reworked test to expect correct responses with correct setup * Updated tests * More updates to tests * Updated tests * Cleaned up tests * Updated setup * Cleaned up tests to match setup * Cleaned up setup * Removed suppression * Fixed tests * Move order of checks * Fix naming * Formatting * Dispose of host * Keep track of if we're disposed * Compat suppression * Dont dispose * Fix failing tests * removed unused virtual * Updated CompatibilitySuppressions.xml --------- Co-authored-by: Andreas Zerbst <andr317c@live.dk> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com> # Conflicts: # tests/Umbraco.Tests.Integration/CompatibilitySuppressions.xml # tests/Umbraco.Tests.Integration/ManagementApi/ManagementApiTest.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/AllCultureControllerTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/CreateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/UpdateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EndPreviewTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EnterPreviewTests.cs # tests/Umbraco.Tests.Integration/TestServerTest/UmbracoTestServerTestBase.cs * Updated test * Updates * Removed unnessecary test --------- Co-authored-by: Nhu Dinh <150406148+nhudinh0309@users.noreply.github.com> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
2025-10-14 12:04:10 +02:00
string username;
string password;
V15: Add authorization to saves (#18111) * Re-add authorization * Add test plumbing * Add test helper * Add happy path test * Remove usage of negation * Minor DRYup of test code. --------- Co-authored-by: Andy Butland <abutland73@gmail.com>
2025-01-24 13:45:56 +01:00
V14: Add authorization policies to Management API controllers - p2 (#15211) * Making ProblemDetails details more generic * Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy * Adding method to get the GUID from claims * Adding service methods to check user group authz * Porting MustSatisfyRequirementAuthorizationHandler * Adding controllers authz * Fix return status code + produced response type * Moving to folder * Adding DenyLocalLogin policy scaffold * Implement a temp DenyLocalLoginHandler * Introducing a new Fobidden result * Fix comment * Introducing a helper class for authorizers * Changed nullability for GetCurrentUser * Changes from Attempt to Status + FIXME comments * Create a UserGroupAuthorizationStatus to be used in the future * Introduces a new authz status for checking media acess * Introducing a new permission service for media * Adding fixme * Adding more policy configurations * Adding Media policy requirement and handler * Adding media authorizer * Fix order of params * Adding duplicate code comment * Adding authz to media controllers * Migrating more logic from MediaPermissions.cs * Adding more MediaAuthorizationStatus-es * Handling of new authorization status * Fix comment * Adding NotFound case * Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled * Changed Forbid() to Forbidden() to get the correct status code * Remove policy that is applied on the base controller already * Implement and apply NewUmbracoFeatureEnabled policy * Renaming classes to add Permission in the name * Register permission services * Add FIXME * Introduce new IUserGroupPermissionService and refactor accordingly * Add single overload with default implementation * Adding user permission policy and related * Applying admin policy * Register all new policies * Better wording * Add default implementation for a single overload * Adding remarks to IContentPermissionService.cs * Supporting null as key in ContentPermissionService * Fix namespace * Reverting back to not supporting null as content key, but having dedicated implementation * Adding content authorizer with null values to represent root item * Removing null key support and adding dedicated implementation * Removing remarks * Adding content resource with null support * Removing null support * Adding requirement and status * Adding content authorizer + handlers * Applying policies to content controllers * Update comment * Handling of Authorization Statuses * More authz in controllers * Fix comments * New branch handler * Obsolete old implementation * Adding dedicated policies to root and bin * Adding a branch specific namespace * Bin specific requirement and namespace * Root specific requirement and namespace * Changing to new root policy * Refactoring * Save policies * Fix null check/reference * Add TODO comment * Create media root- and bin-specific policies, handlers, etc. * Apply correct policy in create and update media controllers * Apply root policy to move and sort controllers * Fix wording * Adding UserGroupAuthorizationStatusResult * Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus * Fixing Umbraco feature policy * Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute * Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword * Fix comment * Renaming performingUser to user and fixing comments * Rename helper method * Fix references * Re-add merge conflict deletion * Adding Backoffice requirement and relevant * Registering * Added a simple policy test * Fixed small test things and clean up * Temp solution * Added one more test and fix another static issue * Fix another merge conflict * Remove BackOfficePermissionRequirement and handler as they might not be necessary * Comment out again [AllowAnonymous] * Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary * Fix temp implementation * Fix reference to correct handler * Apply authz policy to new publish/unpublish controllers * Fix comments * Removing duplicate ProducesResponseTypes * Added swagger documentation about the 401 and 403 * Added Resources to Media, User and UserGroup * Handle root, recycle bin and branch in the same handler * Handle both parent and target when moving * Check Ids for all sort requests * Xml docs * Clean up * Clean up * Fix build * Cleanup * Remove TODO * Added missing overload * Use yield * Adding some keys to check --------- Co-authored-by: Bjarke Berg <mail@bergmania.dk> Co-authored-by: Andreas Zerbst <andr317c@live.dk>
2023-12-11 08:25:29 +01:00
using (var scope = scopeProvider.CreateCoreScope())
{
var userService = GetRequiredService<IUserService>();
using var serviceScope = GetRequiredService<IServiceScopeFactory>().CreateScope();
var userManager = serviceScope.ServiceProvider.GetRequiredService<ICoreBackOfficeUserManager>();
V15: Add authorization to saves (#18111) * Re-add authorization * Add test plumbing * Add test helper * Add happy path test * Remove usage of negation * Minor DRYup of test code. --------- Co-authored-by: Andy Butland <abutland73@gmail.com>
2025-01-24 13:45:56 +01:00
var userCreationResult = await createUser(userService);
Auhorization: Cherrypicked integration tests from V15 (#20492) * V15 QA Added the authorization integration tests (#18419) * Added authorization integration tests * Removed unnecessary tests and update tests for preview controller * Updated to use the newest changes from v15/dev and added an override for the AuthenticateClientAsync to use the userGroupKey * Updated CompatibilitySuppressions to include changes from integration tests * Updated pipelines * Skips managementApi tests * Only run necessary tests * Added new schema per fixture to reduce test setup time * Fixed failing tests * Updated test setup * Updated test * Added suppression * Fixed failing tests * Updated addOnTeardown methods to protected * Added method for clearing the host * Added teardown * Updated model usage * Added a lot of cleanup for memory leak issues when running tests * Added CompatibilitySuppressions.xml * Updated tests * Cleaned up * Adjusted base classes * Updated pipeline * Updated CompatibilitySuppressions.xml * Updated test logging * Fixed reponse * Updated condition to skip tests * Updated tests, not done * Reworked test to expect correct responses with correct setup * Updated tests * More updates to tests * Updated tests * Cleaned up tests * Updated setup * Cleaned up tests to match setup * Cleaned up setup * Removed suppression * Fixed tests * Move order of checks * Fix naming * Formatting * Dispose of host * Keep track of if we're disposed * Compat suppression * Dont dispose * Fix failing tests * removed unused virtual * Updated CompatibilitySuppressions.xml --------- Co-authored-by: Andreas Zerbst <andr317c@live.dk> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com> # Conflicts: # tests/Umbraco.Tests.Integration/CompatibilitySuppressions.xml # tests/Umbraco.Tests.Integration/ManagementApi/ManagementApiTest.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/AllCultureControllerTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/CreateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/UpdateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EndPreviewTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EnterPreviewTests.cs # tests/Umbraco.Tests.Integration/TestServerTest/UmbracoTestServerTestBase.cs * Updated test * Updates * Removed unnessecary test --------- Co-authored-by: Nhu Dinh <150406148+nhudinh0309@users.noreply.github.com> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
2025-10-14 12:04:10 +02:00
username = userCreationResult.User.Username;
V15: Add authorization to saves (#18111) * Re-add authorization * Add test plumbing * Add test helper * Add happy path test * Remove usage of negation * Minor DRYup of test code. --------- Co-authored-by: Andy Butland <abutland73@gmail.com>
2025-01-24 13:45:56 +01:00
password = userCreationResult.Password;
Auhorization: Cherrypicked integration tests from V15 (#20492) * V15 QA Added the authorization integration tests (#18419) * Added authorization integration tests * Removed unnecessary tests and update tests for preview controller * Updated to use the newest changes from v15/dev and added an override for the AuthenticateClientAsync to use the userGroupKey * Updated CompatibilitySuppressions to include changes from integration tests * Updated pipelines * Skips managementApi tests * Only run necessary tests * Added new schema per fixture to reduce test setup time * Fixed failing tests * Updated test setup * Updated test * Added suppression * Fixed failing tests * Updated addOnTeardown methods to protected * Added method for clearing the host * Added teardown * Updated model usage * Added a lot of cleanup for memory leak issues when running tests * Added CompatibilitySuppressions.xml * Updated tests * Cleaned up * Adjusted base classes * Updated pipeline * Updated CompatibilitySuppressions.xml * Updated test logging * Fixed reponse * Updated condition to skip tests * Updated tests, not done * Reworked test to expect correct responses with correct setup * Updated tests * More updates to tests * Updated tests * Cleaned up tests * Updated setup * Cleaned up tests to match setup * Cleaned up setup * Removed suppression * Fixed tests * Move order of checks * Fix naming * Formatting * Dispose of host * Keep track of if we're disposed * Compat suppression * Dont dispose * Fix failing tests * removed unused virtual * Updated CompatibilitySuppressions.xml --------- Co-authored-by: Andreas Zerbst <andr317c@live.dk> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com> # Conflicts: # tests/Umbraco.Tests.Integration/CompatibilitySuppressions.xml # tests/Umbraco.Tests.Integration/ManagementApi/ManagementApiTest.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/AllCultureControllerTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/CreateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/UpdateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EndPreviewTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EnterPreviewTests.cs # tests/Umbraco.Tests.Integration/TestServerTest/UmbracoTestServerTestBase.cs * Updated test * Updates * Removed unnessecary test --------- Co-authored-by: Nhu Dinh <150406148+nhudinh0309@users.noreply.github.com> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
2025-10-14 12:04:10 +02:00
var userKey = userCreationResult.User.Key;
V14: Add authorization policies to Management API controllers - p2 (#15211) * Making ProblemDetails details more generic * Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy * Adding method to get the GUID from claims * Adding service methods to check user group authz * Porting MustSatisfyRequirementAuthorizationHandler * Adding controllers authz * Fix return status code + produced response type * Moving to folder * Adding DenyLocalLogin policy scaffold * Implement a temp DenyLocalLoginHandler * Introducing a new Fobidden result * Fix comment * Introducing a helper class for authorizers * Changed nullability for GetCurrentUser * Changes from Attempt to Status + FIXME comments * Create a UserGroupAuthorizationStatus to be used in the future * Introduces a new authz status for checking media acess * Introducing a new permission service for media * Adding fixme * Adding more policy configurations * Adding Media policy requirement and handler * Adding media authorizer * Fix order of params * Adding duplicate code comment * Adding authz to media controllers * Migrating more logic from MediaPermissions.cs * Adding more MediaAuthorizationStatus-es * Handling of new authorization status * Fix comment * Adding NotFound case * Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled * Changed Forbid() to Forbidden() to get the correct status code * Remove policy that is applied on the base controller already * Implement and apply NewUmbracoFeatureEnabled policy * Renaming classes to add Permission in the name * Register permission services * Add FIXME * Introduce new IUserGroupPermissionService and refactor accordingly * Add single overload with default implementation * Adding user permission policy and related * Applying admin policy * Register all new policies * Better wording * Add default implementation for a single overload * Adding remarks to IContentPermissionService.cs * Supporting null as key in ContentPermissionService * Fix namespace * Reverting back to not supporting null as content key, but having dedicated implementation * Adding content authorizer with null values to represent root item * Removing null key support and adding dedicated implementation * Removing remarks * Adding content resource with null support * Removing null support * Adding requirement and status * Adding content authorizer + handlers * Applying policies to content controllers * Update comment * Handling of Authorization Statuses * More authz in controllers * Fix comments * New branch handler * Obsolete old implementation * Adding dedicated policies to root and bin * Adding a branch specific namespace * Bin specific requirement and namespace * Root specific requirement and namespace * Changing to new root policy * Refactoring * Save policies * Fix null check/reference * Add TODO comment * Create media root- and bin-specific policies, handlers, etc. * Apply correct policy in create and update media controllers * Apply root policy to move and sort controllers * Fix wording * Adding UserGroupAuthorizationStatusResult * Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus * Fixing Umbraco feature policy * Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute * Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword * Fix comment * Renaming performingUser to user and fixing comments * Rename helper method * Fix references * Re-add merge conflict deletion * Adding Backoffice requirement and relevant * Registering * Added a simple policy test * Fixed small test things and clean up * Temp solution * Added one more test and fix another static issue * Fix another merge conflict * Remove BackOfficePermissionRequirement and handler as they might not be necessary * Comment out again [AllowAnonymous] * Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary * Fix temp implementation * Fix reference to correct handler * Apply authz policy to new publish/unpublish controllers * Fix comments * Removing duplicate ProducesResponseTypes * Added swagger documentation about the 401 and 403 * Added Resources to Media, User and UserGroup * Handle root, recycle bin and branch in the same handler * Handle both parent and target when moving * Check Ids for all sort requests * Xml docs * Clean up * Clean up * Fix build * Cleanup * Remove TODO * Added missing overload * Use yield * Adding some keys to check --------- Co-authored-by: Bjarke Berg <mail@bergmania.dk> Co-authored-by: Andreas Zerbst <andr317c@live.dk>
2023-12-11 08:25:29 +01:00
Auhorization: Cherrypicked integration tests from V15 (#20492) * V15 QA Added the authorization integration tests (#18419) * Added authorization integration tests * Removed unnecessary tests and update tests for preview controller * Updated to use the newest changes from v15/dev and added an override for the AuthenticateClientAsync to use the userGroupKey * Updated CompatibilitySuppressions to include changes from integration tests * Updated pipelines * Skips managementApi tests * Only run necessary tests * Added new schema per fixture to reduce test setup time * Fixed failing tests * Updated test setup * Updated test * Added suppression * Fixed failing tests * Updated addOnTeardown methods to protected * Added method for clearing the host * Added teardown * Updated model usage * Added a lot of cleanup for memory leak issues when running tests * Added CompatibilitySuppressions.xml * Updated tests * Cleaned up * Adjusted base classes * Updated pipeline * Updated CompatibilitySuppressions.xml * Updated test logging * Fixed reponse * Updated condition to skip tests * Updated tests, not done * Reworked test to expect correct responses with correct setup * Updated tests * More updates to tests * Updated tests * Cleaned up tests * Updated setup * Cleaned up tests to match setup * Cleaned up setup * Removed suppression * Fixed tests * Move order of checks * Fix naming * Formatting * Dispose of host * Keep track of if we're disposed * Compat suppression * Dont dispose * Fix failing tests * removed unused virtual * Updated CompatibilitySuppressions.xml --------- Co-authored-by: Andreas Zerbst <andr317c@live.dk> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com> # Conflicts: # tests/Umbraco.Tests.Integration/CompatibilitySuppressions.xml # tests/Umbraco.Tests.Integration/ManagementApi/ManagementApiTest.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/AllCultureControllerTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/CreateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/UpdateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EndPreviewTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EnterPreviewTests.cs # tests/Umbraco.Tests.Integration/TestServerTest/UmbracoTestServerTestBase.cs * Updated test * Updates * Removed unnessecary test --------- Co-authored-by: Nhu Dinh <150406148+nhudinh0309@users.noreply.github.com> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
2025-10-14 12:04:10 +02:00
var token = await userManager.GeneratePasswordResetTokenAsync(userCreationResult.User);
V14: Add authorization policies to Management API controllers - p2 (#15211) * Making ProblemDetails details more generic * Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy * Adding method to get the GUID from claims * Adding service methods to check user group authz * Porting MustSatisfyRequirementAuthorizationHandler * Adding controllers authz * Fix return status code + produced response type * Moving to folder * Adding DenyLocalLogin policy scaffold * Implement a temp DenyLocalLoginHandler * Introducing a new Fobidden result * Fix comment * Introducing a helper class for authorizers * Changed nullability for GetCurrentUser * Changes from Attempt to Status + FIXME comments * Create a UserGroupAuthorizationStatus to be used in the future * Introduces a new authz status for checking media acess * Introducing a new permission service for media * Adding fixme * Adding more policy configurations * Adding Media policy requirement and handler * Adding media authorizer * Fix order of params * Adding duplicate code comment * Adding authz to media controllers * Migrating more logic from MediaPermissions.cs * Adding more MediaAuthorizationStatus-es * Handling of new authorization status * Fix comment * Adding NotFound case * Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled * Changed Forbid() to Forbidden() to get the correct status code * Remove policy that is applied on the base controller already * Implement and apply NewUmbracoFeatureEnabled policy * Renaming classes to add Permission in the name * Register permission services * Add FIXME * Introduce new IUserGroupPermissionService and refactor accordingly * Add single overload with default implementation * Adding user permission policy and related * Applying admin policy * Register all new policies * Better wording * Add default implementation for a single overload * Adding remarks to IContentPermissionService.cs * Supporting null as key in ContentPermissionService * Fix namespace * Reverting back to not supporting null as content key, but having dedicated implementation * Adding content authorizer with null values to represent root item * Removing null key support and adding dedicated implementation * Removing remarks * Adding content resource with null support * Removing null support * Adding requirement and status * Adding content authorizer + handlers * Applying policies to content controllers * Update comment * Handling of Authorization Statuses * More authz in controllers * Fix comments * New branch handler * Obsolete old implementation * Adding dedicated policies to root and bin * Adding a branch specific namespace * Bin specific requirement and namespace * Root specific requirement and namespace * Changing to new root policy * Refactoring * Save policies * Fix null check/reference * Add TODO comment * Create media root- and bin-specific policies, handlers, etc. * Apply correct policy in create and update media controllers * Apply root policy to move and sort controllers * Fix wording * Adding UserGroupAuthorizationStatusResult * Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus * Fixing Umbraco feature policy * Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute * Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword * Fix comment * Renaming performingUser to user and fixing comments * Rename helper method * Fix references * Re-add merge conflict deletion * Adding Backoffice requirement and relevant * Registering * Added a simple policy test * Fixed small test things and clean up * Temp solution * Added one more test and fix another static issue * Fix another merge conflict * Remove BackOfficePermissionRequirement and handler as they might not be necessary * Comment out again [AllowAnonymous] * Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary * Fix temp implementation * Fix reference to correct handler * Apply authz policy to new publish/unpublish controllers * Fix comments * Removing duplicate ProducesResponseTypes * Added swagger documentation about the 401 and 403 * Added Resources to Media, User and UserGroup * Handle root, recycle bin and branch in the same handler * Handle both parent and target when moving * Check Ids for all sort requests * Xml docs * Clean up * Clean up * Fix build * Cleanup * Remove TODO * Added missing overload * Use yield * Adding some keys to check --------- Co-authored-by: Bjarke Berg <mail@bergmania.dk> Co-authored-by: Andreas Zerbst <andr317c@live.dk>
2023-12-11 08:25:29 +01:00
var changePasswordAttempt = await userService.ChangePasswordAsync(userKey,
new ChangeUserPasswordModel
{
Auhorization: Cherrypicked integration tests from V15 (#20492) * V15 QA Added the authorization integration tests (#18419) * Added authorization integration tests * Removed unnecessary tests and update tests for preview controller * Updated to use the newest changes from v15/dev and added an override for the AuthenticateClientAsync to use the userGroupKey * Updated CompatibilitySuppressions to include changes from integration tests * Updated pipelines * Skips managementApi tests * Only run necessary tests * Added new schema per fixture to reduce test setup time * Fixed failing tests * Updated test setup * Updated test * Added suppression * Fixed failing tests * Updated addOnTeardown methods to protected * Added method for clearing the host * Added teardown * Updated model usage * Added a lot of cleanup for memory leak issues when running tests * Added CompatibilitySuppressions.xml * Updated tests * Cleaned up * Adjusted base classes * Updated pipeline * Updated CompatibilitySuppressions.xml * Updated test logging * Fixed reponse * Updated condition to skip tests * Updated tests, not done * Reworked test to expect correct responses with correct setup * Updated tests * More updates to tests * Updated tests * Cleaned up tests * Updated setup * Cleaned up tests to match setup * Cleaned up setup * Removed suppression * Fixed tests * Move order of checks * Fix naming * Formatting * Dispose of host * Keep track of if we're disposed * Compat suppression * Dont dispose * Fix failing tests * removed unused virtual * Updated CompatibilitySuppressions.xml --------- Co-authored-by: Andreas Zerbst <andr317c@live.dk> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com> # Conflicts: # tests/Umbraco.Tests.Integration/CompatibilitySuppressions.xml # tests/Umbraco.Tests.Integration/ManagementApi/ManagementApiTest.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/AllCultureControllerTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/CreateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/UpdateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EndPreviewTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EnterPreviewTests.cs # tests/Umbraco.Tests.Integration/TestServerTest/UmbracoTestServerTestBase.cs * Updated test * Updates * Removed unnessecary test --------- Co-authored-by: Nhu Dinh <150406148+nhudinh0309@users.noreply.github.com> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
2025-10-14 12:04:10 +02:00
NewPassword = password, ResetPasswordToken = token.Result.ToUrlBase64(), UserKey = userKey,
V14: Add authorization policies to Management API controllers - p2 (#15211) * Making ProblemDetails details more generic * Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy * Adding method to get the GUID from claims * Adding service methods to check user group authz * Porting MustSatisfyRequirementAuthorizationHandler * Adding controllers authz * Fix return status code + produced response type * Moving to folder * Adding DenyLocalLogin policy scaffold * Implement a temp DenyLocalLoginHandler * Introducing a new Fobidden result * Fix comment * Introducing a helper class for authorizers * Changed nullability for GetCurrentUser * Changes from Attempt to Status + FIXME comments * Create a UserGroupAuthorizationStatus to be used in the future * Introduces a new authz status for checking media acess * Introducing a new permission service for media * Adding fixme * Adding more policy configurations * Adding Media policy requirement and handler * Adding media authorizer * Fix order of params * Adding duplicate code comment * Adding authz to media controllers * Migrating more logic from MediaPermissions.cs * Adding more MediaAuthorizationStatus-es * Handling of new authorization status * Fix comment * Adding NotFound case * Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled * Changed Forbid() to Forbidden() to get the correct status code * Remove policy that is applied on the base controller already * Implement and apply NewUmbracoFeatureEnabled policy * Renaming classes to add Permission in the name * Register permission services * Add FIXME * Introduce new IUserGroupPermissionService and refactor accordingly * Add single overload with default implementation * Adding user permission policy and related * Applying admin policy * Register all new policies * Better wording * Add default implementation for a single overload * Adding remarks to IContentPermissionService.cs * Supporting null as key in ContentPermissionService * Fix namespace * Reverting back to not supporting null as content key, but having dedicated implementation * Adding content authorizer with null values to represent root item * Removing null key support and adding dedicated implementation * Removing remarks * Adding content resource with null support * Removing null support * Adding requirement and status * Adding content authorizer + handlers * Applying policies to content controllers * Update comment * Handling of Authorization Statuses * More authz in controllers * Fix comments * New branch handler * Obsolete old implementation * Adding dedicated policies to root and bin * Adding a branch specific namespace * Bin specific requirement and namespace * Root specific requirement and namespace * Changing to new root policy * Refactoring * Save policies * Fix null check/reference * Add TODO comment * Create media root- and bin-specific policies, handlers, etc. * Apply correct policy in create and update media controllers * Apply root policy to move and sort controllers * Fix wording * Adding UserGroupAuthorizationStatusResult * Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus * Fixing Umbraco feature policy * Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute * Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword * Fix comment * Renaming performingUser to user and fixing comments * Rename helper method * Fix references * Re-add merge conflict deletion * Adding Backoffice requirement and relevant * Registering * Added a simple policy test * Fixed small test things and clean up * Temp solution * Added one more test and fix another static issue * Fix another merge conflict * Remove BackOfficePermissionRequirement and handler as they might not be necessary * Comment out again [AllowAnonymous] * Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary * Fix temp implementation * Fix reference to correct handler * Apply authz policy to new publish/unpublish controllers * Fix comments * Removing duplicate ProducesResponseTypes * Added swagger documentation about the 401 and 403 * Added Resources to Media, User and UserGroup * Handle root, recycle bin and branch in the same handler * Handle both parent and target when moving * Check Ids for all sort requests * Xml docs * Clean up * Clean up * Fix build * Cleanup * Remove TODO * Added missing overload * Use yield * Adding some keys to check --------- Co-authored-by: Bjarke Berg <mail@bergmania.dk> Co-authored-by: Andreas Zerbst <andr317c@live.dk>
2023-12-11 08:25:29 +01:00
});
Assert.IsTrue(changePasswordAttempt.Success);
var backOfficeApplicationManager =
serviceScope.ServiceProvider.GetRequiredService<IBackOfficeApplicationManager>() as
BackOfficeApplicationManager;
backofficeOpenIddictApplicationDescriptor =
Auhorization: Cherrypicked integration tests from V15 (#20492) * V15 QA Added the authorization integration tests (#18419) * Added authorization integration tests * Removed unnecessary tests and update tests for preview controller * Updated to use the newest changes from v15/dev and added an override for the AuthenticateClientAsync to use the userGroupKey * Updated CompatibilitySuppressions to include changes from integration tests * Updated pipelines * Skips managementApi tests * Only run necessary tests * Added new schema per fixture to reduce test setup time * Fixed failing tests * Updated test setup * Updated test * Added suppression * Fixed failing tests * Updated addOnTeardown methods to protected * Added method for clearing the host * Added teardown * Updated model usage * Added a lot of cleanup for memory leak issues when running tests * Added CompatibilitySuppressions.xml * Updated tests * Cleaned up * Adjusted base classes * Updated pipeline * Updated CompatibilitySuppressions.xml * Updated test logging * Fixed reponse * Updated condition to skip tests * Updated tests, not done * Reworked test to expect correct responses with correct setup * Updated tests * More updates to tests * Updated tests * Cleaned up tests * Updated setup * Cleaned up tests to match setup * Cleaned up setup * Removed suppression * Fixed tests * Move order of checks * Fix naming * Formatting * Dispose of host * Keep track of if we're disposed * Compat suppression * Dont dispose * Fix failing tests * removed unused virtual * Updated CompatibilitySuppressions.xml --------- Co-authored-by: Andreas Zerbst <andr317c@live.dk> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com> # Conflicts: # tests/Umbraco.Tests.Integration/CompatibilitySuppressions.xml # tests/Umbraco.Tests.Integration/ManagementApi/ManagementApiTest.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/AllCultureControllerTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/CreateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/UpdateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EndPreviewTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EnterPreviewTests.cs # tests/Umbraco.Tests.Integration/TestServerTest/UmbracoTestServerTestBase.cs * Updated test * Updates * Removed unnessecary test --------- Co-authored-by: Nhu Dinh <150406148+nhudinh0309@users.noreply.github.com> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
2025-10-14 12:04:10 +02:00
backOfficeApplicationManager.BackofficeOpenIddictApplicationDescriptor(client.BaseAddress);
V14: Add authorization policies to Management API controllers - p2 (#15211) * Making ProblemDetails details more generic * Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy * Adding method to get the GUID from claims * Adding service methods to check user group authz * Porting MustSatisfyRequirementAuthorizationHandler * Adding controllers authz * Fix return status code + produced response type * Moving to folder * Adding DenyLocalLogin policy scaffold * Implement a temp DenyLocalLoginHandler * Introducing a new Fobidden result * Fix comment * Introducing a helper class for authorizers * Changed nullability for GetCurrentUser * Changes from Attempt to Status + FIXME comments * Create a UserGroupAuthorizationStatus to be used in the future * Introduces a new authz status for checking media acess * Introducing a new permission service for media * Adding fixme * Adding more policy configurations * Adding Media policy requirement and handler * Adding media authorizer * Fix order of params * Adding duplicate code comment * Adding authz to media controllers * Migrating more logic from MediaPermissions.cs * Adding more MediaAuthorizationStatus-es * Handling of new authorization status * Fix comment * Adding NotFound case * Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled * Changed Forbid() to Forbidden() to get the correct status code * Remove policy that is applied on the base controller already * Implement and apply NewUmbracoFeatureEnabled policy * Renaming classes to add Permission in the name * Register permission services * Add FIXME * Introduce new IUserGroupPermissionService and refactor accordingly * Add single overload with default implementation * Adding user permission policy and related * Applying admin policy * Register all new policies * Better wording * Add default implementation for a single overload * Adding remarks to IContentPermissionService.cs * Supporting null as key in ContentPermissionService * Fix namespace * Reverting back to not supporting null as content key, but having dedicated implementation * Adding content authorizer with null values to represent root item * Removing null key support and adding dedicated implementation * Removing remarks * Adding content resource with null support * Removing null support * Adding requirement and status * Adding content authorizer + handlers * Applying policies to content controllers * Update comment * Handling of Authorization Statuses * More authz in controllers * Fix comments * New branch handler * Obsolete old implementation * Adding dedicated policies to root and bin * Adding a branch specific namespace * Bin specific requirement and namespace * Root specific requirement and namespace * Changing to new root policy * Refactoring * Save policies * Fix null check/reference * Add TODO comment * Create media root- and bin-specific policies, handlers, etc. * Apply correct policy in create and update media controllers * Apply root policy to move and sort controllers * Fix wording * Adding UserGroupAuthorizationStatusResult * Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus * Fixing Umbraco feature policy * Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute * Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword * Fix comment * Renaming performingUser to user and fixing comments * Rename helper method * Fix references * Re-add merge conflict deletion * Adding Backoffice requirement and relevant * Registering * Added a simple policy test * Fixed small test things and clean up * Temp solution * Added one more test and fix another static issue * Fix another merge conflict * Remove BackOfficePermissionRequirement and handler as they might not be necessary * Comment out again [AllowAnonymous] * Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary * Fix temp implementation * Fix reference to correct handler * Apply authz policy to new publish/unpublish controllers * Fix comments * Removing duplicate ProducesResponseTypes * Added swagger documentation about the 401 and 403 * Added Resources to Media, User and UserGroup * Handle root, recycle bin and branch in the same handler * Handle both parent and target when moving * Check Ids for all sort requests * Xml docs * Clean up * Clean up * Fix build * Cleanup * Remove TODO * Added missing overload * Use yield * Adding some keys to check --------- Co-authored-by: Bjarke Berg <mail@bergmania.dk> Co-authored-by: Andreas Zerbst <andr317c@live.dk>
2023-12-11 08:25:29 +01:00
scope.Complete();
}
V14: login screen (#15932) * remove the temp login screen * set login build back to esm * convert razor entrypoint to show new login screen * enable loading a user defined stylesheet that can be overridden through RCL mechanics * remove unused file * for now, remove the call to the old `localizedtext` endpoint until a replacement has been built * add fallback font * remove login to the old backoffice * change models for twoFactorView * Send view that have to be used for 2fa. * get 2fa providers from the login call directly * Return 2fa providers * map enabledTwoFactorProviderNames to the view * use correct endpoints for 2fa * Send link * change key to id in querystring * improve localization * merge authUrl * Added flow query parameter * remove unused getter * remove debug info * fix fallback value * fallback value * Added invite url to email * Clean up * Added password configuration to the verify responses, so the client knows, and have confirmed the user is allwed to see it * allow reset password * Allow anonymous on invite create password * open api * check for invite * fix fallback text * validate invite token * try to extract the problem details object * add error logging * fix invite user parameters * Use correct id for performing user * Allow password reset on yourself without the old password, if you are currently invited * hardcode the authorize endpoint url for now * fix handlers and disable icons for now * import icons from backoffice client * add backoffice path to icons * fix handler for 2fa custom view * update image temporarily * remove old icon registry * convert login components to UmbLitElement * convert `UmbAuthContext` into a real context with a token * cleanup dependencies * optimise vite * remove lit * optimise external login component loader * use generated resources for reset password * use generated resources for all methods * import and register the main bundle * register localization * change localization keys * update all localization keys to new format * replace tokens * copy code * added danish translations * convert to lowercase * all languages should have same weight * added german translations * add missing variable * missing text * added dutch translations * added swedish translations * added norwegian translations * add temporary fix so the login app can be built * make sure BuildLogin is run only after BuildBellissima has been run to ensure the dependencies are present on disk * run the real login build in pipelines * set vite language to en-us * optimise msw warnings * wait a bit before rendering the form so we know everything has been loaded * Add external login endpoint + move models around * Allow FORM submissions to the external login endpoint * rename `IdentityProvider` back to `Provider` to avoid a breaking change from V13 * type in url for login-external manually (for now) since route attributes are no longer a thing * move GET back to POST for external forms * load in public manifests on boot of the login screen * Clean up * handle the case where an external login provider has disabled local login and show a message instead of the login form * remove external login providers from the server login screen * add more translations * use the friendly greeting for the error layout * show login form * add mock handler for public manifest endpoint * remove the external login layout * fix test * Added generic English localization as a fallback language. --------- Co-authored-by: Bjarke Berg <mail@bergmania.dk> Co-authored-by: kjac <kja@umbraco.dk> Co-authored-by: leekelleher <leekelleher@gmail.com>
2024-04-03 15:45:09 +02:00
var loginModel = new LoginRequestModel { Username = username, Password = password };
V14: Add authorization policies to Management API controllers - p2 (#15211) * Making ProblemDetails details more generic * Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy * Adding method to get the GUID from claims * Adding service methods to check user group authz * Porting MustSatisfyRequirementAuthorizationHandler * Adding controllers authz * Fix return status code + produced response type * Moving to folder * Adding DenyLocalLogin policy scaffold * Implement a temp DenyLocalLoginHandler * Introducing a new Fobidden result * Fix comment * Introducing a helper class for authorizers * Changed nullability for GetCurrentUser * Changes from Attempt to Status + FIXME comments * Create a UserGroupAuthorizationStatus to be used in the future * Introduces a new authz status for checking media acess * Introducing a new permission service for media * Adding fixme * Adding more policy configurations * Adding Media policy requirement and handler * Adding media authorizer * Fix order of params * Adding duplicate code comment * Adding authz to media controllers * Migrating more logic from MediaPermissions.cs * Adding more MediaAuthorizationStatus-es * Handling of new authorization status * Fix comment * Adding NotFound case * Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled * Changed Forbid() to Forbidden() to get the correct status code * Remove policy that is applied on the base controller already * Implement and apply NewUmbracoFeatureEnabled policy * Renaming classes to add Permission in the name * Register permission services * Add FIXME * Introduce new IUserGroupPermissionService and refactor accordingly * Add single overload with default implementation * Adding user permission policy and related * Applying admin policy * Register all new policies * Better wording * Add default implementation for a single overload * Adding remarks to IContentPermissionService.cs * Supporting null as key in ContentPermissionService * Fix namespace * Reverting back to not supporting null as content key, but having dedicated implementation * Adding content authorizer with null values to represent root item * Removing null key support and adding dedicated implementation * Removing remarks * Adding content resource with null support * Removing null support * Adding requirement and status * Adding content authorizer + handlers * Applying policies to content controllers * Update comment * Handling of Authorization Statuses * More authz in controllers * Fix comments * New branch handler * Obsolete old implementation * Adding dedicated policies to root and bin * Adding a branch specific namespace * Bin specific requirement and namespace * Root specific requirement and namespace * Changing to new root policy * Refactoring * Save policies * Fix null check/reference * Add TODO comment * Create media root- and bin-specific policies, handlers, etc. * Apply correct policy in create and update media controllers * Apply root policy to move and sort controllers * Fix wording * Adding UserGroupAuthorizationStatusResult * Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus * Fixing Umbraco feature policy * Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute * Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword * Fix comment * Renaming performingUser to user and fixing comments * Rename helper method * Fix references * Re-add merge conflict deletion * Adding Backoffice requirement and relevant * Registering * Added a simple policy test * Fixed small test things and clean up * Temp solution * Added one more test and fix another static issue * Fix another merge conflict * Remove BackOfficePermissionRequirement and handler as they might not be necessary * Comment out again [AllowAnonymous] * Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary * Fix temp implementation * Fix reference to correct handler * Apply authz policy to new publish/unpublish controllers * Fix comments * Removing duplicate ProducesResponseTypes * Added swagger documentation about the 401 and 403 * Added Resources to Media, User and UserGroup * Handle root, recycle bin and branch in the same handler * Handle both parent and target when moving * Check Ids for all sort requests * Xml docs * Clean up * Clean up * Fix build * Cleanup * Remove TODO * Added missing overload * Use yield * Adding some keys to check --------- Co-authored-by: Bjarke Berg <mail@bergmania.dk> Co-authored-by: Andreas Zerbst <andr317c@live.dk>
2023-12-11 08:25:29 +01:00
// Login to ensure the cookie is set (used in next request)
var loginResponse = await client.PostAsync(
V14: Add cancellation tokens to all endpoints (#15984) * Add CancellationToken to controllers * Fix GetManagementApiUrl * Forgotten Item and Tree controllers * Document Blueprint and Version endpoints * Fix merge conflict * Cleanup --------- Co-authored-by: Elitsa <elm@umbraco.dk>
2024-04-09 08:18:45 +02:00
GetManagementApiUrl<BackOfficeController>(x => x.Login(CancellationToken.None, null)), JsonContent.Create(loginModel));
V14: Add authorization policies to Management API controllers - p2 (#15211) * Making ProblemDetails details more generic * Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy * Adding method to get the GUID from claims * Adding service methods to check user group authz * Porting MustSatisfyRequirementAuthorizationHandler * Adding controllers authz * Fix return status code + produced response type * Moving to folder * Adding DenyLocalLogin policy scaffold * Implement a temp DenyLocalLoginHandler * Introducing a new Fobidden result * Fix comment * Introducing a helper class for authorizers * Changed nullability for GetCurrentUser * Changes from Attempt to Status + FIXME comments * Create a UserGroupAuthorizationStatus to be used in the future * Introduces a new authz status for checking media acess * Introducing a new permission service for media * Adding fixme * Adding more policy configurations * Adding Media policy requirement and handler * Adding media authorizer * Fix order of params * Adding duplicate code comment * Adding authz to media controllers * Migrating more logic from MediaPermissions.cs * Adding more MediaAuthorizationStatus-es * Handling of new authorization status * Fix comment * Adding NotFound case * Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled * Changed Forbid() to Forbidden() to get the correct status code * Remove policy that is applied on the base controller already * Implement and apply NewUmbracoFeatureEnabled policy * Renaming classes to add Permission in the name * Register permission services * Add FIXME * Introduce new IUserGroupPermissionService and refactor accordingly * Add single overload with default implementation * Adding user permission policy and related * Applying admin policy * Register all new policies * Better wording * Add default implementation for a single overload * Adding remarks to IContentPermissionService.cs * Supporting null as key in ContentPermissionService * Fix namespace * Reverting back to not supporting null as content key, but having dedicated implementation * Adding content authorizer with null values to represent root item * Removing null key support and adding dedicated implementation * Removing remarks * Adding content resource with null support * Removing null support * Adding requirement and status * Adding content authorizer + handlers * Applying policies to content controllers * Update comment * Handling of Authorization Statuses * More authz in controllers * Fix comments * New branch handler * Obsolete old implementation * Adding dedicated policies to root and bin * Adding a branch specific namespace * Bin specific requirement and namespace * Root specific requirement and namespace * Changing to new root policy * Refactoring * Save policies * Fix null check/reference * Add TODO comment * Create media root- and bin-specific policies, handlers, etc. * Apply correct policy in create and update media controllers * Apply root policy to move and sort controllers * Fix wording * Adding UserGroupAuthorizationStatusResult * Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus * Fixing Umbraco feature policy * Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute * Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword * Fix comment * Renaming performingUser to user and fixing comments * Rename helper method * Fix references * Re-add merge conflict deletion * Adding Backoffice requirement and relevant * Registering * Added a simple policy test * Fixed small test things and clean up * Temp solution * Added one more test and fix another static issue * Fix another merge conflict * Remove BackOfficePermissionRequirement and handler as they might not be necessary * Comment out again [AllowAnonymous] * Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary * Fix temp implementation * Fix reference to correct handler * Apply authz policy to new publish/unpublish controllers * Fix comments * Removing duplicate ProducesResponseTypes * Added swagger documentation about the 401 and 403 * Added Resources to Media, User and UserGroup * Handle root, recycle bin and branch in the same handler * Handle both parent and target when moving * Check Ids for all sort requests * Xml docs * Clean up * Clean up * Fix build * Cleanup * Remove TODO * Added missing overload * Use yield * Adding some keys to check --------- Co-authored-by: Bjarke Berg <mail@bergmania.dk> Co-authored-by: Andreas Zerbst <andr317c@live.dk>
2023-12-11 08:25:29 +01:00
Assert.AreEqual(HttpStatusCode.OK, loginResponse.StatusCode, await loginResponse.Content.ReadAsStringAsync());
Auhorization: Cherrypicked integration tests from V15 (#20492) * V15 QA Added the authorization integration tests (#18419) * Added authorization integration tests * Removed unnecessary tests and update tests for preview controller * Updated to use the newest changes from v15/dev and added an override for the AuthenticateClientAsync to use the userGroupKey * Updated CompatibilitySuppressions to include changes from integration tests * Updated pipelines * Skips managementApi tests * Only run necessary tests * Added new schema per fixture to reduce test setup time * Fixed failing tests * Updated test setup * Updated test * Added suppression * Fixed failing tests * Updated addOnTeardown methods to protected * Added method for clearing the host * Added teardown * Updated model usage * Added a lot of cleanup for memory leak issues when running tests * Added CompatibilitySuppressions.xml * Updated tests * Cleaned up * Adjusted base classes * Updated pipeline * Updated CompatibilitySuppressions.xml * Updated test logging * Fixed reponse * Updated condition to skip tests * Updated tests, not done * Reworked test to expect correct responses with correct setup * Updated tests * More updates to tests * Updated tests * Cleaned up tests * Updated setup * Cleaned up tests to match setup * Cleaned up setup * Removed suppression * Fixed tests * Move order of checks * Fix naming * Formatting * Dispose of host * Keep track of if we're disposed * Compat suppression * Dont dispose * Fix failing tests * removed unused virtual * Updated CompatibilitySuppressions.xml --------- Co-authored-by: Andreas Zerbst <andr317c@live.dk> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com> # Conflicts: # tests/Umbraco.Tests.Integration/CompatibilitySuppressions.xml # tests/Umbraco.Tests.Integration/ManagementApi/ManagementApiTest.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/AllCultureControllerTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/CreateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/UpdateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EndPreviewTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EnterPreviewTests.cs # tests/Umbraco.Tests.Integration/TestServerTest/UmbracoTestServerTestBase.cs * Updated test * Updates * Removed unnessecary test --------- Co-authored-by: Nhu Dinh <150406148+nhudinh0309@users.noreply.github.com> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
2025-10-14 12:04:10 +02:00
const string codeVerifier = "12345"; // Just a dummy value we use in tests
var codeChallenge = Convert.ToBase64String(_sha256.ComputeHash(Encoding.UTF8.GetBytes(codeVerifier)))
Rename extension methods back
2024-11-13 09:27:29 +01:00
.TrimEnd("=");
V14: Add authorization policies to Management API controllers - p2 (#15211) * Making ProblemDetails details more generic * Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy * Adding method to get the GUID from claims * Adding service methods to check user group authz * Porting MustSatisfyRequirementAuthorizationHandler * Adding controllers authz * Fix return status code + produced response type * Moving to folder * Adding DenyLocalLogin policy scaffold * Implement a temp DenyLocalLoginHandler * Introducing a new Fobidden result * Fix comment * Introducing a helper class for authorizers * Changed nullability for GetCurrentUser * Changes from Attempt to Status + FIXME comments * Create a UserGroupAuthorizationStatus to be used in the future * Introduces a new authz status for checking media acess * Introducing a new permission service for media * Adding fixme * Adding more policy configurations * Adding Media policy requirement and handler * Adding media authorizer * Fix order of params * Adding duplicate code comment * Adding authz to media controllers * Migrating more logic from MediaPermissions.cs * Adding more MediaAuthorizationStatus-es * Handling of new authorization status * Fix comment * Adding NotFound case * Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled * Changed Forbid() to Forbidden() to get the correct status code * Remove policy that is applied on the base controller already * Implement and apply NewUmbracoFeatureEnabled policy * Renaming classes to add Permission in the name * Register permission services * Add FIXME * Introduce new IUserGroupPermissionService and refactor accordingly * Add single overload with default implementation * Adding user permission policy and related * Applying admin policy * Register all new policies * Better wording * Add default implementation for a single overload * Adding remarks to IContentPermissionService.cs * Supporting null as key in ContentPermissionService * Fix namespace * Reverting back to not supporting null as content key, but having dedicated implementation * Adding content authorizer with null values to represent root item * Removing null key support and adding dedicated implementation * Removing remarks * Adding content resource with null support * Removing null support * Adding requirement and status * Adding content authorizer + handlers * Applying policies to content controllers * Update comment * Handling of Authorization Statuses * More authz in controllers * Fix comments * New branch handler * Obsolete old implementation * Adding dedicated policies to root and bin * Adding a branch specific namespace * Bin specific requirement and namespace * Root specific requirement and namespace * Changing to new root policy * Refactoring * Save policies * Fix null check/reference * Add TODO comment * Create media root- and bin-specific policies, handlers, etc. * Apply correct policy in create and update media controllers * Apply root policy to move and sort controllers * Fix wording * Adding UserGroupAuthorizationStatusResult * Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus * Fixing Umbraco feature policy * Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute * Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword * Fix comment * Renaming performingUser to user and fixing comments * Rename helper method * Fix references * Re-add merge conflict deletion * Adding Backoffice requirement and relevant * Registering * Added a simple policy test * Fixed small test things and clean up * Temp solution * Added one more test and fix another static issue * Fix another merge conflict * Remove BackOfficePermissionRequirement and handler as they might not be necessary * Comment out again [AllowAnonymous] * Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary * Fix temp implementation * Fix reference to correct handler * Apply authz policy to new publish/unpublish controllers * Fix comments * Removing duplicate ProducesResponseTypes * Added swagger documentation about the 401 and 403 * Added Resources to Media, User and UserGroup * Handle root, recycle bin and branch in the same handler * Handle both parent and target when moving * Check Ids for all sort requests * Xml docs * Clean up * Clean up * Fix build * Cleanup * Remove TODO * Added missing overload * Use yield * Adding some keys to check --------- Co-authored-by: Bjarke Berg <mail@bergmania.dk> Co-authored-by: Andreas Zerbst <andr317c@live.dk>
2023-12-11 08:25:29 +01:00
Auhorization: Cherrypicked integration tests from V15 (#20492) * V15 QA Added the authorization integration tests (#18419) * Added authorization integration tests * Removed unnecessary tests and update tests for preview controller * Updated to use the newest changes from v15/dev and added an override for the AuthenticateClientAsync to use the userGroupKey * Updated CompatibilitySuppressions to include changes from integration tests * Updated pipelines * Skips managementApi tests * Only run necessary tests * Added new schema per fixture to reduce test setup time * Fixed failing tests * Updated test setup * Updated test * Added suppression * Fixed failing tests * Updated addOnTeardown methods to protected * Added method for clearing the host * Added teardown * Updated model usage * Added a lot of cleanup for memory leak issues when running tests * Added CompatibilitySuppressions.xml * Updated tests * Cleaned up * Adjusted base classes * Updated pipeline * Updated CompatibilitySuppressions.xml * Updated test logging * Fixed reponse * Updated condition to skip tests * Updated tests, not done * Reworked test to expect correct responses with correct setup * Updated tests * More updates to tests * Updated tests * Cleaned up tests * Updated setup * Cleaned up tests to match setup * Cleaned up setup * Removed suppression * Fixed tests * Move order of checks * Fix naming * Formatting * Dispose of host * Keep track of if we're disposed * Compat suppression * Dont dispose * Fix failing tests * removed unused virtual * Updated CompatibilitySuppressions.xml --------- Co-authored-by: Andreas Zerbst <andr317c@live.dk> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com> # Conflicts: # tests/Umbraco.Tests.Integration/CompatibilitySuppressions.xml # tests/Umbraco.Tests.Integration/ManagementApi/ManagementApiTest.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/AllCultureControllerTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/CreateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/UpdateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EndPreviewTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EnterPreviewTests.cs # tests/Umbraco.Tests.Integration/TestServerTest/UmbracoTestServerTestBase.cs * Updated test * Updates * Removed unnessecary test --------- Co-authored-by: Nhu Dinh <150406148+nhudinh0309@users.noreply.github.com> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
2025-10-14 12:04:10 +02:00
var authorizationUrl = GetManagementApiUrl<BackOfficeController>(x => x.Authorize(CancellationToken.None)) + $"?client_id={backofficeOpenIddictApplicationDescriptor.ClientId}&response_type=code&redirect_uri={WebUtility.UrlEncode(backofficeOpenIddictApplicationDescriptor.RedirectUris.FirstOrDefault()?.AbsoluteUri)}&code_challenge_method=S256&code_challenge={codeChallenge}";
V14: Add cancellation tokens to all endpoints (#15984) * Add CancellationToken to controllers * Fix GetManagementApiUrl * Forgotten Item and Tree controllers * Document Blueprint and Version endpoints * Fix merge conflict * Cleanup --------- Co-authored-by: Elitsa <elm@umbraco.dk>
2024-04-09 08:18:45 +02:00
var authorizeResponse = await client.GetAsync(authorizationUrl);
V14: Add authorization policies to Management API controllers - p2 (#15211) * Making ProblemDetails details more generic * Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy * Adding method to get the GUID from claims * Adding service methods to check user group authz * Porting MustSatisfyRequirementAuthorizationHandler * Adding controllers authz * Fix return status code + produced response type * Moving to folder * Adding DenyLocalLogin policy scaffold * Implement a temp DenyLocalLoginHandler * Introducing a new Fobidden result * Fix comment * Introducing a helper class for authorizers * Changed nullability for GetCurrentUser * Changes from Attempt to Status + FIXME comments * Create a UserGroupAuthorizationStatus to be used in the future * Introduces a new authz status for checking media acess * Introducing a new permission service for media * Adding fixme * Adding more policy configurations * Adding Media policy requirement and handler * Adding media authorizer * Fix order of params * Adding duplicate code comment * Adding authz to media controllers * Migrating more logic from MediaPermissions.cs * Adding more MediaAuthorizationStatus-es * Handling of new authorization status * Fix comment * Adding NotFound case * Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled * Changed Forbid() to Forbidden() to get the correct status code * Remove policy that is applied on the base controller already * Implement and apply NewUmbracoFeatureEnabled policy * Renaming classes to add Permission in the name * Register permission services * Add FIXME * Introduce new IUserGroupPermissionService and refactor accordingly * Add single overload with default implementation * Adding user permission policy and related * Applying admin policy * Register all new policies * Better wording * Add default implementation for a single overload * Adding remarks to IContentPermissionService.cs * Supporting null as key in ContentPermissionService * Fix namespace * Reverting back to not supporting null as content key, but having dedicated implementation * Adding content authorizer with null values to represent root item * Removing null key support and adding dedicated implementation * Removing remarks * Adding content resource with null support * Removing null support * Adding requirement and status * Adding content authorizer + handlers * Applying policies to content controllers * Update comment * Handling of Authorization Statuses * More authz in controllers * Fix comments * New branch handler * Obsolete old implementation * Adding dedicated policies to root and bin * Adding a branch specific namespace * Bin specific requirement and namespace * Root specific requirement and namespace * Changing to new root policy * Refactoring * Save policies * Fix null check/reference * Add TODO comment * Create media root- and bin-specific policies, handlers, etc. * Apply correct policy in create and update media controllers * Apply root policy to move and sort controllers * Fix wording * Adding UserGroupAuthorizationStatusResult * Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus * Fixing Umbraco feature policy * Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute * Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword * Fix comment * Renaming performingUser to user and fixing comments * Rename helper method * Fix references * Re-add merge conflict deletion * Adding Backoffice requirement and relevant * Registering * Added a simple policy test * Fixed small test things and clean up * Temp solution * Added one more test and fix another static issue * Fix another merge conflict * Remove BackOfficePermissionRequirement and handler as they might not be necessary * Comment out again [AllowAnonymous] * Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary * Fix temp implementation * Fix reference to correct handler * Apply authz policy to new publish/unpublish controllers * Fix comments * Removing duplicate ProducesResponseTypes * Added swagger documentation about the 401 and 403 * Added Resources to Media, User and UserGroup * Handle root, recycle bin and branch in the same handler * Handle both parent and target when moving * Check Ids for all sort requests * Xml docs * Clean up * Clean up * Fix build * Cleanup * Remove TODO * Added missing overload * Use yield * Adding some keys to check --------- Co-authored-by: Bjarke Berg <mail@bergmania.dk> Co-authored-by: Andreas Zerbst <andr317c@live.dk>
2023-12-11 08:25:29 +01:00
Assert.AreEqual(HttpStatusCode.Found, authorizeResponse.StatusCode, await authorizeResponse.Content.ReadAsStringAsync());
var tokenResponse = await client.PostAsync("/umbraco/management/api/v1/security/back-office/token",
new FormUrlEncodedContent(new Dictionary<string, string>
{
["grant_type"] = "authorization_code",
["code_verifier"] = codeVerifier,
["client_id"] = backofficeOpenIddictApplicationDescriptor.ClientId,
["code"] = HttpUtility.ParseQueryString(authorizeResponse.Headers.Location.Query).Get("code"),
["redirect_uri"] =
Auhorization: Cherrypicked integration tests from V15 (#20492) * V15 QA Added the authorization integration tests (#18419) * Added authorization integration tests * Removed unnecessary tests and update tests for preview controller * Updated to use the newest changes from v15/dev and added an override for the AuthenticateClientAsync to use the userGroupKey * Updated CompatibilitySuppressions to include changes from integration tests * Updated pipelines * Skips managementApi tests * Only run necessary tests * Added new schema per fixture to reduce test setup time * Fixed failing tests * Updated test setup * Updated test * Added suppression * Fixed failing tests * Updated addOnTeardown methods to protected * Added method for clearing the host * Added teardown * Updated model usage * Added a lot of cleanup for memory leak issues when running tests * Added CompatibilitySuppressions.xml * Updated tests * Cleaned up * Adjusted base classes * Updated pipeline * Updated CompatibilitySuppressions.xml * Updated test logging * Fixed reponse * Updated condition to skip tests * Updated tests, not done * Reworked test to expect correct responses with correct setup * Updated tests * More updates to tests * Updated tests * Cleaned up tests * Updated setup * Cleaned up tests to match setup * Cleaned up setup * Removed suppression * Fixed tests * Move order of checks * Fix naming * Formatting * Dispose of host * Keep track of if we're disposed * Compat suppression * Dont dispose * Fix failing tests * removed unused virtual * Updated CompatibilitySuppressions.xml --------- Co-authored-by: Andreas Zerbst <andr317c@live.dk> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com> # Conflicts: # tests/Umbraco.Tests.Integration/CompatibilitySuppressions.xml # tests/Umbraco.Tests.Integration/ManagementApi/ManagementApiTest.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/AllCultureControllerTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/CreateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/UpdateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EndPreviewTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EnterPreviewTests.cs # tests/Umbraco.Tests.Integration/TestServerTest/UmbracoTestServerTestBase.cs * Updated test * Updates * Removed unnessecary test --------- Co-authored-by: Nhu Dinh <150406148+nhudinh0309@users.noreply.github.com> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
2025-10-14 12:04:10 +02:00
backofficeOpenIddictApplicationDescriptor.RedirectUris.FirstOrDefault().AbsoluteUri,
V14: Add authorization policies to Management API controllers - p2 (#15211) * Making ProblemDetails details more generic * Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy * Adding method to get the GUID from claims * Adding service methods to check user group authz * Porting MustSatisfyRequirementAuthorizationHandler * Adding controllers authz * Fix return status code + produced response type * Moving to folder * Adding DenyLocalLogin policy scaffold * Implement a temp DenyLocalLoginHandler * Introducing a new Fobidden result * Fix comment * Introducing a helper class for authorizers * Changed nullability for GetCurrentUser * Changes from Attempt to Status + FIXME comments * Create a UserGroupAuthorizationStatus to be used in the future * Introduces a new authz status for checking media acess * Introducing a new permission service for media * Adding fixme * Adding more policy configurations * Adding Media policy requirement and handler * Adding media authorizer * Fix order of params * Adding duplicate code comment * Adding authz to media controllers * Migrating more logic from MediaPermissions.cs * Adding more MediaAuthorizationStatus-es * Handling of new authorization status * Fix comment * Adding NotFound case * Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled * Changed Forbid() to Forbidden() to get the correct status code * Remove policy that is applied on the base controller already * Implement and apply NewUmbracoFeatureEnabled policy * Renaming classes to add Permission in the name * Register permission services * Add FIXME * Introduce new IUserGroupPermissionService and refactor accordingly * Add single overload with default implementation * Adding user permission policy and related * Applying admin policy * Register all new policies * Better wording * Add default implementation for a single overload * Adding remarks to IContentPermissionService.cs * Supporting null as key in ContentPermissionService * Fix namespace * Reverting back to not supporting null as content key, but having dedicated implementation * Adding content authorizer with null values to represent root item * Removing null key support and adding dedicated implementation * Removing remarks * Adding content resource with null support * Removing null support * Adding requirement and status * Adding content authorizer + handlers * Applying policies to content controllers * Update comment * Handling of Authorization Statuses * More authz in controllers * Fix comments * New branch handler * Obsolete old implementation * Adding dedicated policies to root and bin * Adding a branch specific namespace * Bin specific requirement and namespace * Root specific requirement and namespace * Changing to new root policy * Refactoring * Save policies * Fix null check/reference * Add TODO comment * Create media root- and bin-specific policies, handlers, etc. * Apply correct policy in create and update media controllers * Apply root policy to move and sort controllers * Fix wording * Adding UserGroupAuthorizationStatusResult * Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus * Fixing Umbraco feature policy * Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute * Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword * Fix comment * Renaming performingUser to user and fixing comments * Rename helper method * Fix references * Re-add merge conflict deletion * Adding Backoffice requirement and relevant * Registering * Added a simple policy test * Fixed small test things and clean up * Temp solution * Added one more test and fix another static issue * Fix another merge conflict * Remove BackOfficePermissionRequirement and handler as they might not be necessary * Comment out again [AllowAnonymous] * Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary * Fix temp implementation * Fix reference to correct handler * Apply authz policy to new publish/unpublish controllers * Fix comments * Removing duplicate ProducesResponseTypes * Added swagger documentation about the 401 and 403 * Added Resources to Media, User and UserGroup * Handle root, recycle bin and branch in the same handler * Handle both parent and target when moving * Check Ids for all sort requests * Xml docs * Clean up * Clean up * Fix build * Cleanup * Remove TODO * Added missing overload * Use yield * Adding some keys to check --------- Co-authored-by: Bjarke Berg <mail@bergmania.dk> Co-authored-by: Andreas Zerbst <andr317c@live.dk>
2023-12-11 08:25:29 +01:00
}));
var tokenModel = await tokenResponse.Content.ReadFromJsonAsync<TokenModel>();
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokenModel.AccessToken);
Auhorization: Cherrypicked integration tests from V15 (#20492) * V15 QA Added the authorization integration tests (#18419) * Added authorization integration tests * Removed unnecessary tests and update tests for preview controller * Updated to use the newest changes from v15/dev and added an override for the AuthenticateClientAsync to use the userGroupKey * Updated CompatibilitySuppressions to include changes from integration tests * Updated pipelines * Skips managementApi tests * Only run necessary tests * Added new schema per fixture to reduce test setup time * Fixed failing tests * Updated test setup * Updated test * Added suppression * Fixed failing tests * Updated addOnTeardown methods to protected * Added method for clearing the host * Added teardown * Updated model usage * Added a lot of cleanup for memory leak issues when running tests * Added CompatibilitySuppressions.xml * Updated tests * Cleaned up * Adjusted base classes * Updated pipeline * Updated CompatibilitySuppressions.xml * Updated test logging * Fixed reponse * Updated condition to skip tests * Updated tests, not done * Reworked test to expect correct responses with correct setup * Updated tests * More updates to tests * Updated tests * Cleaned up tests * Updated setup * Cleaned up tests to match setup * Cleaned up setup * Removed suppression * Fixed tests * Move order of checks * Fix naming * Formatting * Dispose of host * Keep track of if we're disposed * Compat suppression * Dont dispose * Fix failing tests * removed unused virtual * Updated CompatibilitySuppressions.xml --------- Co-authored-by: Andreas Zerbst <andr317c@live.dk> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com> # Conflicts: # tests/Umbraco.Tests.Integration/CompatibilitySuppressions.xml # tests/Umbraco.Tests.Integration/ManagementApi/ManagementApiTest.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/AllCultureControllerTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/CreateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Policies/UpdateDocumentTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EndPreviewTests.cs # tests/Umbraco.Tests.Integration/ManagementApi/Preview/EnterPreviewTests.cs # tests/Umbraco.Tests.Integration/TestServerTest/UmbracoTestServerTestBase.cs * Updated test * Updates * Removed unnessecary test --------- Co-authored-by: Nhu Dinh <150406148+nhudinh0309@users.noreply.github.com> Co-authored-by: Zeegaan <skrivdetud@gmail.com> Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
2025-10-14 12:04:10 +02:00
// Cache the token if cache key provided
if (!string.IsNullOrEmpty(cacheKey))
{
_tokenCache[cacheKey] = tokenModel;
}
V14: Add authorization policies to Management API controllers - p2 (#15211) * Making ProblemDetails details more generic * Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy * Adding method to get the GUID from claims * Adding service methods to check user group authz * Porting MustSatisfyRequirementAuthorizationHandler * Adding controllers authz * Fix return status code + produced response type * Moving to folder * Adding DenyLocalLogin policy scaffold * Implement a temp DenyLocalLoginHandler * Introducing a new Fobidden result * Fix comment * Introducing a helper class for authorizers * Changed nullability for GetCurrentUser * Changes from Attempt to Status + FIXME comments * Create a UserGroupAuthorizationStatus to be used in the future * Introduces a new authz status for checking media acess * Introducing a new permission service for media * Adding fixme * Adding more policy configurations * Adding Media policy requirement and handler * Adding media authorizer * Fix order of params * Adding duplicate code comment * Adding authz to media controllers * Migrating more logic from MediaPermissions.cs * Adding more MediaAuthorizationStatus-es * Handling of new authorization status * Fix comment * Adding NotFound case * Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled * Changed Forbid() to Forbidden() to get the correct status code * Remove policy that is applied on the base controller already * Implement and apply NewUmbracoFeatureEnabled policy * Renaming classes to add Permission in the name * Register permission services * Add FIXME * Introduce new IUserGroupPermissionService and refactor accordingly * Add single overload with default implementation * Adding user permission policy and related * Applying admin policy * Register all new policies * Better wording * Add default implementation for a single overload * Adding remarks to IContentPermissionService.cs * Supporting null as key in ContentPermissionService * Fix namespace * Reverting back to not supporting null as content key, but having dedicated implementation * Adding content authorizer with null values to represent root item * Removing null key support and adding dedicated implementation * Removing remarks * Adding content resource with null support * Removing null support * Adding requirement and status * Adding content authorizer + handlers * Applying policies to content controllers * Update comment * Handling of Authorization Statuses * More authz in controllers * Fix comments * New branch handler * Obsolete old implementation * Adding dedicated policies to root and bin * Adding a branch specific namespace * Bin specific requirement and namespace * Root specific requirement and namespace * Changing to new root policy * Refactoring * Save policies * Fix null check/reference * Add TODO comment * Create media root- and bin-specific policies, handlers, etc. * Apply correct policy in create and update media controllers * Apply root policy to move and sort controllers * Fix wording * Adding UserGroupAuthorizationStatusResult * Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus * Fixing Umbraco feature policy * Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute * Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword * Fix comment * Renaming performingUser to user and fixing comments * Rename helper method * Fix references * Re-add merge conflict deletion * Adding Backoffice requirement and relevant * Registering * Added a simple policy test * Fixed small test things and clean up * Temp solution * Added one more test and fix another static issue * Fix another merge conflict * Remove BackOfficePermissionRequirement and handler as they might not be necessary * Comment out again [AllowAnonymous] * Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary * Fix temp implementation * Fix reference to correct handler * Apply authz policy to new publish/unpublish controllers * Fix comments * Removing duplicate ProducesResponseTypes * Added swagger documentation about the 401 and 403 * Added Resources to Media, User and UserGroup * Handle root, recycle bin and branch in the same handler * Handle both parent and target when moving * Check Ids for all sort requests * Xml docs * Clean up * Clean up * Fix build * Cleanup * Remove TODO * Added missing overload * Use yield * Adding some keys to check --------- Co-authored-by: Bjarke Berg <mail@bergmania.dk> Co-authored-by: Andreas Zerbst <andr317c@live.dk>
2023-12-11 08:25:29 +01:00
}
private class TokenModel
{
[JsonPropertyName("access_token")] public string AccessToken { get; set; }
}
}
Reference in New Issue Copy Permalink