2020-12-04 00:20:48 +11:00
|
|
|
using System;
|
2015-02-09 17:37:21 +11:00
|
|
|
using System.Collections.Generic;
|
|
|
|
|
using System.Linq;
|
2020-09-17 09:42:55 +02:00
|
|
|
using Microsoft.Extensions.Logging;
|
2016-04-12 15:11:07 +02:00
|
|
|
using NPoco;
|
2021-08-11 19:11:35 +02:00
|
|
|
using Umbraco.Cms.Core;
|
2021-02-09 10:22:42 +01:00
|
|
|
using Umbraco.Cms.Core.Cache;
|
|
|
|
|
using Umbraco.Cms.Core.Models.Entities;
|
2021-03-11 19:35:43 +11:00
|
|
|
using Umbraco.Cms.Core.Persistence;
|
2021-02-09 10:22:42 +01:00
|
|
|
using Umbraco.Cms.Core.Persistence.Querying;
|
|
|
|
|
using Umbraco.Cms.Core.Persistence.Repositories;
|
2021-02-15 11:41:12 +01:00
|
|
|
using Umbraco.Cms.Core.Scoping;
|
Implements Public Access in netcore (#10137)
* Getting new netcore PublicAccessChecker in place
* Adds full test coverage for PublicAccessChecker
* remove PublicAccessComposer
* adjust namespaces, ensure RoleManager works, separate public access controller, reduce content controller
* Implements the required methods on IMemberManager, removes old migrated code
* Updates routing to be able to re-route, Fixes middleware ordering ensuring endpoints are last, refactors pipeline options, adds public access middleware, ensures public access follows all hops
* adds note
* adds note
* Cleans up ext methods, ensures that members identity is added on both front-end and back ends. updates how UmbracoApplicationBuilder works in that it explicitly starts endpoints at the time of calling.
* Changes name to IUmbracoEndpointBuilder
* adds note
* Fixing tests, fixing error describers so there's 2x one for back office, one for members, fixes TryConvertTo, fixes login redirect
* fixing build
* Fixes keepalive, fixes PublicAccessMiddleware to not throw, updates startup code to be more clear and removes magic that registers middleware.
* adds note
* removes unused filter, fixes build
* fixes WebPath and tests
* Looks up entities in one query
* remove usings
* Fix test, remove stylesheet
* Set status code before we write to response to avoid error
* Ensures that users and members are validated when logging in. Shares more code between users and members.
* Fixes RepositoryCacheKeys to ensure the keys are normalized
* oops didn't mean to commit this
* Fix casing issues with caching, stop boxing value types for all cache operations, stop re-creating string keys in DefaultRepositoryCachePolicy
* bah, far out this keeps getting recommitted. sorry
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
2021-04-20 15:11:45 +10:00
|
|
|
using Umbraco.Cms.Core.Security;
|
2021-02-12 13:36:50 +01:00
|
|
|
using Umbraco.Cms.Infrastructure.Persistence.Dtos;
|
|
|
|
|
using Umbraco.Cms.Infrastructure.Persistence.Factories;
|
|
|
|
|
using Umbraco.Cms.Infrastructure.Persistence.Querying;
|
2021-02-09 11:26:22 +01:00
|
|
|
using Umbraco.Extensions;
|
2015-02-09 17:37:21 +11:00
|
|
|
|
2021-02-12 13:36:50 +01:00
|
|
|
namespace Umbraco.Cms.Infrastructure.Persistence.Repositories.Implement
|
2015-02-09 17:37:21 +11:00
|
|
|
{
|
2020-12-04 00:20:48 +11:00
|
|
|
// TODO: We should update this to support both users and members. It means we would remove referential integrity from users
|
|
|
|
|
// and the user/member key would be a GUID (we also need to add a GUID to users)
|
2020-12-22 10:30:16 +11:00
|
|
|
internal class ExternalLoginRepository : EntityRepositoryBase<int, IIdentityUserLogin>, IExternalLoginRepository
|
2015-02-09 17:37:21 +11:00
|
|
|
{
|
2020-09-17 09:42:55 +02:00
|
|
|
public ExternalLoginRepository(IScopeAccessor scopeAccessor, AppCaches cache, ILogger<ExternalLoginRepository> logger)
|
2017-12-14 17:04:44 +01:00
|
|
|
: base(scopeAccessor, cache, logger)
|
2017-12-12 15:04:13 +01:00
|
|
|
{ }
|
2015-02-09 17:37:21 +11:00
|
|
|
|
2021-03-11 19:35:43 +11:00
|
|
|
public void DeleteUserLogins(int memberId) => Database.Delete<ExternalLoginDto>("WHERE userId=@userId", new { userId = memberId });
|
2015-02-09 17:37:21 +11:00
|
|
|
|
2020-10-23 10:10:02 +11:00
|
|
|
public void Save(int userId, IEnumerable<IExternalLogin> logins)
|
2015-02-09 17:37:21 +11:00
|
|
|
{
|
2020-10-23 10:10:02 +11:00
|
|
|
var sql = Sql()
|
|
|
|
|
.Select<ExternalLoginDto>()
|
|
|
|
|
.From<ExternalLoginDto>()
|
|
|
|
|
.Where<ExternalLoginDto>(x => x.UserId == userId)
|
|
|
|
|
.ForUpdate();
|
|
|
|
|
|
|
|
|
|
// deduplicate the logins
|
2021-11-18 15:35:42 +01:00
|
|
|
logins = logins.LegacyDistinctBy(x => x.ProviderKey + x.LoginProvider).ToList();
|
2020-10-23 10:10:02 +11:00
|
|
|
|
|
|
|
|
var toUpdate = new Dictionary<int, IExternalLogin>();
|
|
|
|
|
var toDelete = new List<int>();
|
|
|
|
|
var toInsert = new List<IExternalLogin>(logins);
|
2015-02-09 17:37:21 +11:00
|
|
|
|
2021-03-12 13:24:35 +11:00
|
|
|
var existingLogins = Database.Fetch<ExternalLoginDto>(sql);
|
2021-08-11 19:11:35 +02:00
|
|
|
|
2020-10-23 10:10:02 +11:00
|
|
|
foreach (var existing in existingLogins)
|
2016-05-30 19:47:49 +02:00
|
|
|
{
|
2021-03-11 19:35:43 +11:00
|
|
|
var found = logins.FirstOrDefault(x =>
|
|
|
|
|
x.LoginProvider.Equals(existing.LoginProvider, StringComparison.InvariantCultureIgnoreCase)
|
|
|
|
|
&& x.ProviderKey.Equals(existing.ProviderKey, StringComparison.InvariantCultureIgnoreCase));
|
|
|
|
|
|
|
|
|
|
if (found != null)
|
2020-10-23 10:10:02 +11:00
|
|
|
{
|
2021-03-11 19:35:43 +11:00
|
|
|
toUpdate.Add(existing.Id, found);
|
|
|
|
|
// if it's an update then it's not an insert
|
|
|
|
|
toInsert.RemoveAll(x => x.ProviderKey == found.ProviderKey && x.LoginProvider == found.LoginProvider);
|
2020-10-23 10:10:02 +11:00
|
|
|
}
|
|
|
|
|
else
|
2015-02-09 17:37:21 +11:00
|
|
|
{
|
2021-03-11 19:35:43 +11:00
|
|
|
toDelete.Add(existing.Id);
|
2020-10-23 10:10:02 +11:00
|
|
|
}
|
2015-02-09 17:37:21 +11:00
|
|
|
}
|
2020-10-23 10:10:02 +11:00
|
|
|
|
|
|
|
|
// do the deletes, updates and inserts
|
|
|
|
|
if (toDelete.Count > 0)
|
2021-03-11 19:35:43 +11:00
|
|
|
{
|
2020-10-23 10:10:02 +11:00
|
|
|
Database.DeleteMany<ExternalLoginDto>().Where(x => toDelete.Contains(x.Id)).Execute();
|
2021-03-11 19:35:43 +11:00
|
|
|
}
|
|
|
|
|
|
2020-10-23 10:10:02 +11:00
|
|
|
foreach (var u in toUpdate)
|
2021-03-11 19:35:43 +11:00
|
|
|
{
|
2020-10-23 10:10:02 +11:00
|
|
|
Database.Update(ExternalLoginFactory.BuildDto(userId, u.Value, u.Key));
|
2021-03-11 19:35:43 +11:00
|
|
|
}
|
|
|
|
|
|
2020-10-23 10:10:02 +11:00
|
|
|
Database.InsertBulk(toInsert.Select(i => ExternalLoginFactory.BuildDto(userId, i)));
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-09 17:37:21 +11:00
|
|
|
protected override IIdentityUserLogin PerformGet(int id)
|
|
|
|
|
{
|
|
|
|
|
var sql = GetBaseQuery(false);
|
2019-04-02 23:00:08 -04:00
|
|
|
sql.Where(GetBaseWhereClause(), new { id = id });
|
2015-02-09 17:37:21 +11:00
|
|
|
|
2016-08-02 12:11:35 +02:00
|
|
|
var dto = Database.Fetch<ExternalLoginDto>(SqlSyntax.SelectTop(sql, 1)).FirstOrDefault();
|
|
|
|
|
if (dto == null)
|
2015-02-09 17:37:21 +11:00
|
|
|
return null;
|
|
|
|
|
|
2018-06-29 11:48:47 +01:00
|
|
|
var entity = ExternalLoginFactory.BuildEntity(dto);
|
2015-02-09 17:37:21 +11:00
|
|
|
|
2017-11-10 11:27:12 +01:00
|
|
|
// reset dirty initial properties (U4-1946)
|
2015-11-10 16:14:03 +01:00
|
|
|
entity.ResetDirtyProperties(false);
|
2015-02-09 17:37:21 +11:00
|
|
|
|
|
|
|
|
return entity;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
protected override IEnumerable<IIdentityUserLogin> PerformGetAll(params int[] ids)
|
|
|
|
|
{
|
|
|
|
|
if (ids.Any())
|
|
|
|
|
{
|
|
|
|
|
return PerformGetAllOnIds(ids);
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-23 10:10:02 +11:00
|
|
|
var sql = GetBaseQuery(false).OrderByDescending<ExternalLoginDto>(x => x.CreateDate);
|
2015-02-09 17:37:21 +11:00
|
|
|
|
|
|
|
|
return ConvertFromDtos(Database.Fetch<ExternalLoginDto>(sql))
|
|
|
|
|
.ToArray();// we don't want to re-iterate again!
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private IEnumerable<IIdentityUserLogin> PerformGetAllOnIds(params int[] ids)
|
|
|
|
|
{
|
|
|
|
|
if (ids.Any() == false) yield break;
|
|
|
|
|
foreach (var id in ids)
|
|
|
|
|
{
|
|
|
|
|
yield return Get(id);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private IEnumerable<IIdentityUserLogin> ConvertFromDtos(IEnumerable<ExternalLoginDto> dtos)
|
|
|
|
|
{
|
2018-06-29 11:48:47 +01:00
|
|
|
foreach (var entity in dtos.Select(ExternalLoginFactory.BuildEntity))
|
2015-02-09 17:37:21 +11:00
|
|
|
{
|
2017-11-10 11:27:12 +01:00
|
|
|
// reset dirty initial properties (U4-1946)
|
2018-01-10 12:48:51 +01:00
|
|
|
((BeingDirtyBase)entity).ResetDirtyProperties(false);
|
2015-02-09 17:37:21 +11:00
|
|
|
|
|
|
|
|
yield return entity;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
protected override IEnumerable<IIdentityUserLogin> PerformGetByQuery(IQuery<IIdentityUserLogin> query)
|
|
|
|
|
{
|
|
|
|
|
var sqlClause = GetBaseQuery(false);
|
|
|
|
|
var translator = new SqlTranslator<IIdentityUserLogin>(sqlClause, query);
|
|
|
|
|
var sql = translator.Translate();
|
|
|
|
|
|
|
|
|
|
var dtos = Database.Fetch<ExternalLoginDto>(sql);
|
|
|
|
|
|
|
|
|
|
foreach (var dto in dtos)
|
|
|
|
|
{
|
2020-10-23 10:10:02 +11:00
|
|
|
yield return ExternalLoginFactory.BuildEntity(dto);
|
2015-02-09 17:37:21 +11:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-22 18:48:58 +02:00
|
|
|
protected override Sql<ISqlContext> GetBaseQuery(bool isCount)
|
2015-02-09 17:37:21 +11:00
|
|
|
{
|
2016-04-12 15:11:07 +02:00
|
|
|
var sql = Sql();
|
2015-02-09 17:37:21 +11:00
|
|
|
if (isCount)
|
2016-04-12 15:11:07 +02:00
|
|
|
sql.SelectCount();
|
2015-02-09 17:37:21 +11:00
|
|
|
else
|
2016-04-12 15:11:07 +02:00
|
|
|
sql.SelectAll();
|
|
|
|
|
sql.From<ExternalLoginDto>();
|
2015-02-09 17:37:21 +11:00
|
|
|
return sql;
|
|
|
|
|
}
|
|
|
|
|
|
2021-08-11 19:11:35 +02:00
|
|
|
protected override string GetBaseWhereClause() => $"{Constants.DatabaseSchema.Tables.ExternalLogin}.id = @id";
|
2015-02-09 17:37:21 +11:00
|
|
|
|
|
|
|
|
protected override IEnumerable<string> GetDeleteClauses()
|
|
|
|
|
{
|
|
|
|
|
var list = new List<string>
|
|
|
|
|
{
|
2017-11-10 11:27:12 +01:00
|
|
|
"DELETE FROM umbracoExternalLogin WHERE id = @id"
|
2015-02-09 17:37:21 +11:00
|
|
|
};
|
|
|
|
|
return list;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
protected override void PersistNewItem(IIdentityUserLogin entity)
|
|
|
|
|
{
|
2019-06-28 09:19:11 +02:00
|
|
|
entity.AddingEntity();
|
2015-02-09 17:37:21 +11:00
|
|
|
|
2018-06-29 11:48:47 +01:00
|
|
|
var dto = ExternalLoginFactory.BuildDto(entity);
|
2015-02-09 17:37:21 +11:00
|
|
|
|
|
|
|
|
var id = Convert.ToInt32(Database.Insert(dto));
|
|
|
|
|
entity.Id = id;
|
|
|
|
|
|
|
|
|
|
entity.ResetDirtyProperties();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
protected override void PersistUpdatedItem(IIdentityUserLogin entity)
|
|
|
|
|
{
|
2019-06-28 09:19:11 +02:00
|
|
|
entity.UpdatingEntity();
|
2019-12-17 16:30:26 +01:00
|
|
|
|
2018-06-29 11:48:47 +01:00
|
|
|
var dto = ExternalLoginFactory.BuildDto(entity);
|
2015-02-09 17:37:21 +11:00
|
|
|
|
2017-07-20 11:21:28 +02:00
|
|
|
Database.Update(dto);
|
2015-02-09 17:37:21 +11:00
|
|
|
|
|
|
|
|
entity.ResetDirtyProperties();
|
|
|
|
|
}
|
2021-03-11 19:35:43 +11:00
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
|
|
/// Query for user tokens
|
|
|
|
|
/// </summary>
|
|
|
|
|
/// <param name="query"></param>
|
|
|
|
|
/// <returns></returns>
|
|
|
|
|
public IEnumerable<IIdentityUserToken> Get(IQuery<IIdentityUserToken> query)
|
|
|
|
|
{
|
|
|
|
|
Sql<ISqlContext> sqlClause = GetBaseTokenQuery(false);
|
|
|
|
|
|
|
|
|
|
var translator = new SqlTranslator<IIdentityUserToken>(sqlClause, query);
|
|
|
|
|
Sql<ISqlContext> sql = translator.Translate();
|
|
|
|
|
|
|
|
|
|
List<ExternalLoginTokenDto> dtos = Database.Fetch<ExternalLoginTokenDto>(sql);
|
|
|
|
|
|
|
|
|
|
foreach (ExternalLoginTokenDto dto in dtos)
|
|
|
|
|
{
|
|
|
|
|
yield return ExternalLoginFactory.BuildEntity(dto);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
|
|
/// Count for user tokens
|
|
|
|
|
/// </summary>
|
|
|
|
|
/// <param name="query"></param>
|
|
|
|
|
/// <returns></returns>
|
|
|
|
|
public int Count(IQuery<IIdentityUserToken> query)
|
|
|
|
|
{
|
|
|
|
|
Sql<ISqlContext> sql = Sql().SelectCount().From<ExternalLoginDto>();
|
|
|
|
|
return Database.ExecuteScalar<int>(sql);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public void Save(int userId, IEnumerable<IExternalLoginToken> tokens)
|
|
|
|
|
{
|
|
|
|
|
// get the existing logins (provider + id)
|
|
|
|
|
var existingUserLogins = Database
|
|
|
|
|
.Fetch<ExternalLoginDto>(GetBaseQuery(false).Where<ExternalLoginDto>(x => x.UserId == userId))
|
|
|
|
|
.ToDictionary(x => x.LoginProvider, x => x.Id);
|
|
|
|
|
|
|
|
|
|
// deduplicate the tokens
|
2021-11-18 15:35:42 +01:00
|
|
|
tokens = tokens.LegacyDistinctBy(x => x.LoginProvider + x.Name).ToList();
|
2021-03-11 19:35:43 +11:00
|
|
|
|
|
|
|
|
var providers = tokens.Select(x => x.LoginProvider).Distinct().ToList();
|
|
|
|
|
|
|
|
|
|
Sql<ISqlContext> sql = GetBaseTokenQuery(true)
|
|
|
|
|
.WhereIn<ExternalLoginDto>(x => x.LoginProvider, providers)
|
|
|
|
|
.Where<ExternalLoginDto>(x => x.UserId == userId);
|
|
|
|
|
|
|
|
|
|
var toUpdate = new Dictionary<int, (IExternalLoginToken externalLoginToken, int externalLoginId)>();
|
|
|
|
|
var toDelete = new List<int>();
|
|
|
|
|
var toInsert = new List<IExternalLoginToken>(tokens);
|
|
|
|
|
|
2021-03-12 13:24:35 +11:00
|
|
|
var existingTokens = Database.Fetch<ExternalLoginTokenDto>(sql);
|
2021-08-11 19:11:35 +02:00
|
|
|
|
2021-03-11 19:35:43 +11:00
|
|
|
foreach (ExternalLoginTokenDto existing in existingTokens)
|
|
|
|
|
{
|
|
|
|
|
IExternalLoginToken found = tokens.FirstOrDefault(x =>
|
|
|
|
|
x.LoginProvider.InvariantEquals(existing.ExternalLoginDto.LoginProvider)
|
|
|
|
|
&& x.Name.InvariantEquals(existing.Name));
|
|
|
|
|
|
|
|
|
|
if (found != null)
|
|
|
|
|
{
|
|
|
|
|
toUpdate.Add(existing.Id, (found, existing.ExternalLoginId));
|
|
|
|
|
// if it's an update then it's not an insert
|
|
|
|
|
toInsert.RemoveAll(x => x.LoginProvider.InvariantEquals(found.LoginProvider) && x.Name.InvariantEquals(found.Name));
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
toDelete.Add(existing.Id);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// do the deletes, updates and inserts
|
|
|
|
|
if (toDelete.Count > 0)
|
|
|
|
|
{
|
|
|
|
|
Database.DeleteMany<ExternalLoginTokenDto>().Where(x => toDelete.Contains(x.Id)).Execute();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
foreach (KeyValuePair<int, (IExternalLoginToken externalLoginToken, int externalLoginId)> u in toUpdate)
|
|
|
|
|
{
|
|
|
|
|
Database.Update(ExternalLoginFactory.BuildDto(u.Value.externalLoginId, u.Value.externalLoginToken, u.Key));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var insertDtos = new List<ExternalLoginTokenDto>();
|
|
|
|
|
foreach(IExternalLoginToken t in toInsert)
|
|
|
|
|
{
|
|
|
|
|
if (!existingUserLogins.TryGetValue(t.LoginProvider, out int externalLoginId))
|
|
|
|
|
{
|
|
|
|
|
throw new InvalidOperationException($"A token was attempted to be saved for login provider {t.LoginProvider} which is not assigned to this user");
|
|
|
|
|
}
|
|
|
|
|
insertDtos.Add(ExternalLoginFactory.BuildDto(externalLoginId, t));
|
2021-08-11 19:11:35 +02:00
|
|
|
}
|
2021-03-11 19:35:43 +11:00
|
|
|
Database.InsertBulk(insertDtos);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private Sql<ISqlContext> GetBaseTokenQuery(bool forUpdate)
|
|
|
|
|
=> forUpdate ? Sql()
|
2021-08-11 19:11:35 +02:00
|
|
|
.Select<ExternalLoginTokenDto>(r => r.Select(x => x.ExternalLoginDto))
|
2021-03-11 19:35:43 +11:00
|
|
|
.From<ExternalLoginTokenDto>()
|
|
|
|
|
.Append(" WITH (UPDLOCK)") // ensure these table values are locked for updates, the ForUpdate ext method does not work here
|
|
|
|
|
.InnerJoin<ExternalLoginDto>()
|
|
|
|
|
.On<ExternalLoginTokenDto, ExternalLoginDto>(x => x.ExternalLoginId, x => x.Id)
|
|
|
|
|
: Sql()
|
|
|
|
|
.Select<ExternalLoginTokenDto>()
|
|
|
|
|
.AndSelect<ExternalLoginDto>(x => x.LoginProvider, x => x.UserId)
|
|
|
|
|
.From<ExternalLoginTokenDto>()
|
|
|
|
|
.InnerJoin<ExternalLoginDto>()
|
|
|
|
|
.On<ExternalLoginTokenDto, ExternalLoginDto>(x => x.ExternalLoginId, x => x.Id);
|
2015-02-09 17:37:21 +11:00
|
|
|
}
|
2017-07-20 11:21:28 +02:00
|
|
|
}
|