2023-09-26 09:22:45 +02:00
|
|
|
|
using Microsoft.Extensions.DependencyInjection;
|
|
|
|
|
|
using Microsoft.Extensions.Options;
|
|
|
|
|
|
using Microsoft.OpenApi.Models;
|
|
|
|
|
|
using Swashbuckle.AspNetCore.SwaggerGen;
|
|
|
|
|
|
using Umbraco.Cms.Api.Common.Security;
|
|
|
|
|
|
using Umbraco.Cms.Api.Delivery.Controllers.Content;
|
|
|
|
|
|
using Umbraco.Cms.Api.Delivery.Filters;
|
|
|
|
|
|
|
|
|
|
|
|
namespace Umbraco.Cms.Api.Delivery.Configuration;
|
|
|
|
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
|
|
|
/// This configures member authentication for the Delivery API in Swagger. Consult the docs for
|
|
|
|
|
|
/// member authentication within the Delivery API for instructions on how to use this.
|
|
|
|
|
|
/// </summary>
|
|
|
|
|
|
/// <remarks>
|
|
|
|
|
|
/// This class is not used by the core CMS due to the required installation dependencies (local login page among other things).
|
|
|
|
|
|
/// </remarks>
|
|
|
|
|
|
public class ConfigureUmbracoMemberAuthenticationDeliveryApiSwaggerGenOptions : IConfigureOptions<SwaggerGenOptions>
|
|
|
|
|
|
{
|
2024-11-04 14:07:18 +01:00
|
|
|
|
private const string AuthSchemeName = "UmbracoMember";
|
2023-09-26 09:22:45 +02:00
|
|
|
|
|
|
|
|
|
|
public void Configure(SwaggerGenOptions options)
|
|
|
|
|
|
{
|
|
|
|
|
|
// add security requirements for content API operations
|
2024-11-04 14:07:18 +01:00
|
|
|
|
options.DocumentFilter<DeliveryApiSecurityFilter>();
|
2023-09-26 09:22:45 +02:00
|
|
|
|
options.OperationFilter<DeliveryApiSecurityFilter>();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2025-07-21 08:32:54 +02:00
|
|
|
|
private sealed class DeliveryApiSecurityFilter : SwaggerFilterBase<ContentApiControllerBase>, IOperationFilter, IDocumentFilter
|
2023-09-26 09:22:45 +02:00
|
|
|
|
{
|
|
|
|
|
|
public void Apply(OpenApiOperation operation, OperationFilterContext context)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (CanApply(context) is false)
|
|
|
|
|
|
{
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
operation.Security = new List<OpenApiSecurityRequirement>
|
|
|
|
|
|
{
|
|
|
|
|
|
new OpenApiSecurityRequirement
|
|
|
|
|
|
{
|
|
|
|
|
|
{
|
|
|
|
|
|
new OpenApiSecurityScheme
|
|
|
|
|
|
{
|
|
|
|
|
|
Reference = new OpenApiReference
|
|
|
|
|
|
{
|
|
|
|
|
|
Type = ReferenceType.SecurityScheme,
|
|
|
|
|
|
Id = AuthSchemeName,
|
|
|
|
|
|
}
|
|
|
|
|
|
},
|
Merge branch 'v15/dev' into v16/dev (#18971)
* Only prevent the unpublish or delete of a related item when configured to do so if it is related as a child, not as a parent (#18886)
* Only prevent the unpubkish or delete of a related item when configured to do so if it is related as a child, not as a parent.
* Fixed incorect parameter names.
* Fixed failing integration tests.
* Use using variable instead to reduce nesting
* Applied suggestions from code review.
* Used simple using statement throughout RelationService for consistency.
* Applied XML header comments consistently.
---------
Co-authored-by: mole <nikolajlauridsen@protonmail.ch>
* Feature: highlight invariant doc with variant blocks is unsupported (#18806)
* mark variant blocks in invariant docs as invalid
* implement RTE Blocks
* Fix pagination for users restricted by start nodes (#18907)
* Fix pagination for users restricted by start nodes
* Default implementation to avoid breakage
* Review comments
* Fix failing test
* Add media start node tests
* Fix issue preventing blueprint derived values from being scaffolded (#18917)
* Fix issue preventing blueprint derived values from being scaffolded.
* fix manipulating frooen array
* compare with variantId as well
---------
Co-authored-by: Niels Lyngsø <niels.lyngso@gmail.com>
* ci: add Azure Static Web Apps workflow file
on-behalf-of: @Azure opensource@microsoft.com
* ci: add Azure Static Web Apps workflow file
on-behalf-of: @Azure opensource@microsoft.com
* ci: add Azure Static Web Apps workflow file
on-behalf-of: @Azure opensource@microsoft.com
* Remove admin permission on user configuration, allowing users with user section access only to manaage users and groups. (#18848)
* Tiptap RTE: Style Menu extension kind (#18918)
* Adds 'styleMenu' Tiptap toolbar extension kind
* Adds icons for `<h4>` and `<p>` tags
* Adds commands to HTML Global Attributes extension
for setting the `class` and `id` attributes.
* Renamed "default-tiptap-toolbar-element.api.ts" file
The "element" part was confusing.
* Toolbar Menu: uses correct `item` value
* Cascading Menu: adds localization for the label
* Adds `label` attribute to UUI components
for accessibility.
* Toolbar Menu: uses correct `appearance` value
* Removed unrequired `api` from Style Select
* Destructs the `item.data` object
* Ensure has children reflects only items with folder children when folders only are queried. (#18790)
* Ensure has children reflects only items with folder children when folders only are queried.
* Added supression for change to integration test public code.
---------
Co-authored-by: Migaroez <geusens@gmail.com>
* Only apply validation on content update to variant cultures where the editor has permission for the culture (#18778)
* Only apply validation on content update to variant cultures where the editor has permission for the culture.
* Remove inadvertent comment updates.
* Fixed failing integration test.
* Adds ancestor ID details on document tree and collection responses (#18909)
* Populate ancestor keys on document tree response items.
* Populate ancestor keys on document collection response items.
* Update OpenApi.json
* Use array of objects rather than Ids for the ancestor collection.
* Update OpenApi.json.
* Move publish with descendants to a background task with polling (#18497)
* Use background queue for database cache rebuild and track rebuilding status.
* Updated OpenApi.json and client-side types.
* Updated client to poll for completion of database rebuild.
* Move IBackgroundTaskQueue to core and prepare publish branch to run as background task.
* Endpoints for retrieval of status and result from branch publish operations.
* Poll and retrieve result for publish with descendants.
* Handled issues from testing.
* Rework to single controller for status and result.
* Updated client side sdk.
* OpenApi post dev merge gen
---------
Co-authored-by: Migaroez <geusens@gmail.com>
* Clear roots before rebuilding navigation dictionary (#18766)
* Clear roots before rebuilding navigation dictionary.
* Added tests to verify fix.
* Correct test implementation.
* Convert integration tests with method overloads into test cases.
* Integration test compatibility supressions.
* Fixes save of empty, invariant block list on variant content. (#18932)
* remove unnecessary code (#18927)
* V15/bugfix/fix route issue from 18859 (#18931)
* unique check
* unique for workspace empty path
* more unique routes
* Bump vite from 6.2.3 to 6.2.4 in /src/Umbraco.Web.UI.Client
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 6.2.3 to 6.2.4.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v6.2.4/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v6.2.4/packages/vite)
---
updated-dependencies:
- dependency-name: vite
dependency-version: 6.2.4
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
* removes autogenerated workflows
* make getHasUnpersistedChanges public (#18929)
* Added management API endpoint, service and repository for retrieval of references from the recycle bin (#18882)
* Added management API endpoint, service and repository for retrieval of references from the recycle bin.
* Update src/Umbraco.Cms.Api.Management/Controllers/Document/RecycleBin/ReferencedByDocumentRecycleBinController.cs
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Removed unused code.
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Updated management API endpoint and model for data type references to align with that used for documents, media etc. (#18905)
* Updated management API endpoint and model for data type references to align with that used for documents, media etc.
* Refactoring.
* Update src/Umbraco.Core/Constants-ReferenceTypes.cs
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Fixed typos.
* Added id to tracked reference content type response.
* Updated OpenApi.json.
* Added missing updates.
* Renamed model and constants from code review feedback.
* Fix typo
* Fix multiple enumeration
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: mole <nikolajlauridsen@protonmail.ch>
* Skip lock tests
* Look-up redirect in content finder for multi-lingual sites using path and legacy route prefixed with the integer ID of the node with domains defined (#18763)
* Look-up redirect in content finder for multi-lingual sites using path and legacy route prefixed with the integer ID of the node with domains defined.
* Added tests to verify functionality.
* Added reference to previous PR.
* Referenced second PR.
* Assemble URLs for all cultures, not just the default.
* Revert previous update.
* Display an original URL if we have one.
* Bump vite from 6.2.4 to 6.2.5 in /src/Umbraco.Web.UI.Client
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 6.2.4 to 6.2.5.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v6.2.5/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v6.2.5/packages/vite)
---
updated-dependencies:
- dependency-name: vite
dependency-version: 6.2.5
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
* Add raw value validation to multiple text strings property editor (#18936)
* Add raw value validation to multiple text strings property editor
* Added additional assert on unit test and comment on validation logic.
* Don't remove items to obtain a valid value
---------
Co-authored-by: Andy Butland <abutland73@gmail.com>
* Integration tests for content publishing with ancestor unpublished (#18941)
* Resolved warnings in test class.
* Refactor regions into partial classes.
* Aligned test names.
* Variable name refactoring.
* Added tests for unpublished paths.
* Adjust tests to verify current behaviour.
* Cleaned up project file.
* fix circular icon import (#18952)
* remove segment toggle for elements (#18949)
* Fix modal route registration circular import (#18953)
* fix modal route registration circular import
* Update modal-route-registration.controller.ts
* V15/fix/18595 (#18925)
* fix for #18595
* updates the en.ts
* Avoid unneeded Dictionary operations (#18890)
* Avoid some heap allocations
* Remove unneeded double seek
* Avoid allocating new empty arrays, reuse existing empty array
* Avoid allocating strings for parsing comma separated int values (#18199)
* Data type References UI: Workspace + Delete (#18914)
* Updated management API endpoint and model for data type references to align with that used for documents, media etc.
* Refactoring.
* Update src/Umbraco.Core/Constants-ReferenceTypes.cs
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Fixed typos.
* generate server models
* add extension slot
* register data type reference info app
* add reference data mappers
* Added id to tracked reference content type response.
* Updated OpenApi.json.
* Added missing updates.
* generate new models
* update models
* register ref item
* remove debugger
* render types
* register member type property type ref
* register media type property type ref
* Renamed model and constants from code review feedback.
* register reference workspace info app kind
* use kind for document references
* use kind for media references
* use kind for member references
* use deleteWithRelation kind when deleting data types
* fix manifest types
* fix types
* Update types.gen.ts
* update code to fit new server models
---------
Co-authored-by: Andy Butland <abutland73@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Feature: discard changes for block workspace (#18930)
* make getHasUnpersistedChanges public
* Discard changes impl for Block Workspace
* fix 18367 (#18956)
* Merge commit from fork
* Prevent path traveral vulnerability with upload of temporary files.
* Used BadRequest instead of NotFound for invalid file name response.
* V15 QA Fixing the failing media acceptance tests (#18881)
* Fixed the function name due to test helper changes
* Updated assertion steps due to UI changes
* Added more waits
* Bumped version
* Increase timeout
* Reverted
---------
Co-authored-by: Andreas Zerbst <73799582+andr317c@users.noreply.github.com>
* V15 QA added clipboard test for not being able to copy to root when block is not allowed at root (#18937)
* Added clipboard test
* Bumped version
* Updated to use the name
* Run all tests on the pipeline
* Reverted command
* build: adjusts circular ref number to 4
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Andy Butland <abutland73@gmail.com>
Co-authored-by: mole <nikolajlauridsen@protonmail.ch>
Co-authored-by: Niels Lyngsø <nsl@umbraco.dk>
Co-authored-by: Niels Lyngsø <niels.lyngso@gmail.com>
Co-authored-by: Jacob Overgaard <752371+iOvergaard@users.noreply.github.com>
Co-authored-by: Lee Kelleher <leekelleher@users.noreply.github.com>
Co-authored-by: Migaroez <geusens@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
Co-authored-by: Mads Rasmussen <madsr@hey.com>
Co-authored-by: Jacob Welander Jensen <64834767+Welander1994@users.noreply.github.com>
Co-authored-by: Henrik <hg@impact.dk>
Co-authored-by: Sebastiaan Janssen <sebastiaan@umbraco.com>
Co-authored-by: Nhu Dinh <150406148+nhudinh0309@users.noreply.github.com>
Co-authored-by: Andreas Zerbst <73799582+andr317c@users.noreply.github.com>
2025-04-09 09:58:01 +02:00
|
|
|
|
[]
|
2023-09-26 09:22:45 +02:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
};
|
|
|
|
|
|
}
|
2024-11-04 14:07:18 +01:00
|
|
|
|
|
|
|
|
|
|
public void Apply(OpenApiDocument swaggerDoc, DocumentFilterContext context)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (context.DocumentName != DeliveryApiConfiguration.ApiName)
|
|
|
|
|
|
{
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
swaggerDoc.Components.SecuritySchemes.Add(
|
|
|
|
|
|
AuthSchemeName,
|
|
|
|
|
|
new OpenApiSecurityScheme
|
|
|
|
|
|
{
|
|
|
|
|
|
In = ParameterLocation.Header,
|
|
|
|
|
|
Name = AuthSchemeName,
|
|
|
|
|
|
Type = SecuritySchemeType.OAuth2,
|
|
|
|
|
|
Description = "Umbraco Member Authentication",
|
|
|
|
|
|
Flows = new OpenApiOAuthFlows
|
|
|
|
|
|
{
|
|
|
|
|
|
AuthorizationCode = new OpenApiOAuthFlow
|
|
|
|
|
|
{
|
|
|
|
|
|
AuthorizationUrl = new Uri(Paths.MemberApi.AuthorizationEndpoint, UriKind.Relative),
|
|
|
|
|
|
TokenUrl = new Uri(Paths.MemberApi.TokenEndpoint, UriKind.Relative)
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
});
|
|
|
|
|
|
}
|
2023-09-26 09:22:45 +02:00
|
|
|
|
}
|
|
|
|
|
|
}
|