2020-12-03 19:36:38 +11:00
using System ;
2020-05-14 22:21:19 +01:00
using System.Collections.Generic ;
2021-02-17 11:50:19 +01:00
using System.Security.Claims ;
2020-05-21 16:33:24 +10:00
using System.Security.Principal ;
2020-05-14 22:21:19 +01:00
using System.Threading.Tasks ;
2020-12-01 17:24:23 +11:00
using Microsoft.AspNetCore.Http ;
2020-05-14 22:21:19 +01:00
using Microsoft.AspNetCore.Identity ;
using Microsoft.Extensions.Logging ;
using Microsoft.Extensions.Options ;
2021-02-09 10:22:42 +01:00
using Umbraco.Cms.Core.Configuration.Models ;
2021-02-26 16:37:34 +01:00
using Umbraco.Cms.Core.Events ;
2021-02-09 10:22:42 +01:00
using Umbraco.Cms.Core.Net ;
2021-05-11 14:33:49 +02:00
using Umbraco.Cms.Core.Notifications ;
2021-02-09 10:22:42 +01:00
using Umbraco.Cms.Core.Security ;
2021-02-26 16:37:34 +01:00
using Umbraco.Cms.Infrastructure.Security ;
2020-05-21 16:33:24 +10:00
using Umbraco.Extensions ;
2020-05-14 22:21:19 +01:00
2021-02-10 11:42:04 +01:00
namespace Umbraco.Cms.Web.Common.Security
2020-05-14 22:21:19 +01:00
{
2020-12-04 02:21:21 +11:00
public class BackOfficeUserManager : UmbracoUserManager < BackOfficeIdentityUser , UserPasswordConfigurationSettings > , IBackOfficeUserManager
2020-05-14 22:21:19 +01:00
{
2020-12-04 01:38:36 +11:00
private readonly IHttpContextAccessor _httpContextAccessor ;
2021-02-26 16:37:34 +01:00
private readonly IEventAggregator _eventAggregator ;
Member password roll forward (#10138)
* Getting new netcore PublicAccessChecker in place
* Adds full test coverage for PublicAccessChecker
* remove PublicAccessComposer
* adjust namespaces, ensure RoleManager works, separate public access controller, reduce content controller
* Implements the required methods on IMemberManager, removes old migrated code
* Updates routing to be able to re-route, Fixes middleware ordering ensuring endpoints are last, refactors pipeline options, adds public access middleware, ensures public access follows all hops
* adds note
* adds note
* Cleans up ext methods, ensures that members identity is added on both front-end and back ends. updates how UmbracoApplicationBuilder works in that it explicitly starts endpoints at the time of calling.
* Changes name to IUmbracoEndpointBuilder
* adds note
* Fixing tests, fixing error describers so there's 2x one for back office, one for members, fixes TryConvertTo, fixes login redirect
* fixing build
* Updates user manager to correctly validate password hashing and injects the IBackOfficeUserPasswordChecker
* Merges PR
* Fixes up build and notes
* Fixes keepalive, fixes PublicAccessMiddleware to not throw, updates startup code to be more clear and removes magic that registers middleware.
* adds note
* removes unused filter, fixes build
* fixes WebPath and tests
* Looks up entities in one query
* remove usings
* Fix test, remove stylesheet
* Set status code before we write to response to avoid error
* Ensures that users and members are validated when logging in. Shares more code between users and members.
* Fixes RepositoryCacheKeys to ensure the keys are normalized
* oops didn't mean to commit this
* Fix casing issues with caching, stop boxing value types for all cache operations, stop re-creating string keys in DefaultRepositoryCachePolicy
* oops didn't mean to comit this
* bah, far out this keeps getting recommitted. sorry
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
2021-04-20 15:45:35 +10:00
private readonly IBackOfficeUserPasswordChecker _backOfficeUserPasswordChecker ;
2020-12-04 01:38:36 +11:00
2020-05-21 15:43:33 +10:00
public BackOfficeUserManager (
IIpResolver ipResolver ,
IUserStore < BackOfficeIdentityUser > store ,
IOptions < BackOfficeIdentityOptions > optionsAccessor ,
IPasswordHasher < BackOfficeIdentityUser > passwordHasher ,
IEnumerable < IUserValidator < BackOfficeIdentityUser > > userValidators ,
IEnumerable < IPasswordValidator < BackOfficeIdentityUser > > passwordValidators ,
Implements Public Access in netcore (#10137)
* Getting new netcore PublicAccessChecker in place
* Adds full test coverage for PublicAccessChecker
* remove PublicAccessComposer
* adjust namespaces, ensure RoleManager works, separate public access controller, reduce content controller
* Implements the required methods on IMemberManager, removes old migrated code
* Updates routing to be able to re-route, Fixes middleware ordering ensuring endpoints are last, refactors pipeline options, adds public access middleware, ensures public access follows all hops
* adds note
* adds note
* Cleans up ext methods, ensures that members identity is added on both front-end and back ends. updates how UmbracoApplicationBuilder works in that it explicitly starts endpoints at the time of calling.
* Changes name to IUmbracoEndpointBuilder
* adds note
* Fixing tests, fixing error describers so there's 2x one for back office, one for members, fixes TryConvertTo, fixes login redirect
* fixing build
* Fixes keepalive, fixes PublicAccessMiddleware to not throw, updates startup code to be more clear and removes magic that registers middleware.
* adds note
* removes unused filter, fixes build
* fixes WebPath and tests
* Looks up entities in one query
* remove usings
* Fix test, remove stylesheet
* Set status code before we write to response to avoid error
* Ensures that users and members are validated when logging in. Shares more code between users and members.
* Fixes RepositoryCacheKeys to ensure the keys are normalized
* oops didn't mean to commit this
* Fix casing issues with caching, stop boxing value types for all cache operations, stop re-creating string keys in DefaultRepositoryCachePolicy
* bah, far out this keeps getting recommitted. sorry
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
2021-04-20 15:11:45 +10:00
BackOfficeErrorDescriber errors ,
2020-05-21 15:43:33 +10:00
IServiceProvider services ,
2020-12-01 17:24:23 +11:00
IHttpContextAccessor httpContextAccessor ,
2020-06-22 10:08:08 +02:00
ILogger < UserManager < BackOfficeIdentityUser > > logger ,
2021-02-26 16:37:34 +01:00
IOptions < UserPasswordConfigurationSettings > passwordConfiguration ,
Member password roll forward (#10138)
* Getting new netcore PublicAccessChecker in place
* Adds full test coverage for PublicAccessChecker
* remove PublicAccessComposer
* adjust namespaces, ensure RoleManager works, separate public access controller, reduce content controller
* Implements the required methods on IMemberManager, removes old migrated code
* Updates routing to be able to re-route, Fixes middleware ordering ensuring endpoints are last, refactors pipeline options, adds public access middleware, ensures public access follows all hops
* adds note
* adds note
* Cleans up ext methods, ensures that members identity is added on both front-end and back ends. updates how UmbracoApplicationBuilder works in that it explicitly starts endpoints at the time of calling.
* Changes name to IUmbracoEndpointBuilder
* adds note
* Fixing tests, fixing error describers so there's 2x one for back office, one for members, fixes TryConvertTo, fixes login redirect
* fixing build
* Updates user manager to correctly validate password hashing and injects the IBackOfficeUserPasswordChecker
* Merges PR
* Fixes up build and notes
* Fixes keepalive, fixes PublicAccessMiddleware to not throw, updates startup code to be more clear and removes magic that registers middleware.
* adds note
* removes unused filter, fixes build
* fixes WebPath and tests
* Looks up entities in one query
* remove usings
* Fix test, remove stylesheet
* Set status code before we write to response to avoid error
* Ensures that users and members are validated when logging in. Shares more code between users and members.
* Fixes RepositoryCacheKeys to ensure the keys are normalized
* oops didn't mean to commit this
* Fix casing issues with caching, stop boxing value types for all cache operations, stop re-creating string keys in DefaultRepositoryCachePolicy
* oops didn't mean to comit this
* bah, far out this keeps getting recommitted. sorry
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
2021-04-20 15:45:35 +10:00
IEventAggregator eventAggregator ,
IBackOfficeUserPasswordChecker backOfficeUserPasswordChecker )
2021-01-11 14:24:49 +00:00
: base ( ipResolver , store , optionsAccessor , passwordHasher , userValidators , passwordValidators , errors , services , logger , passwordConfiguration )
2020-05-14 22:21:19 +01:00
{
2020-12-01 17:24:23 +11:00
_httpContextAccessor = httpContextAccessor ;
2021-02-26 16:37:34 +01:00
_eventAggregator = eventAggregator ;
Member password roll forward (#10138)
* Getting new netcore PublicAccessChecker in place
* Adds full test coverage for PublicAccessChecker
* remove PublicAccessComposer
* adjust namespaces, ensure RoleManager works, separate public access controller, reduce content controller
* Implements the required methods on IMemberManager, removes old migrated code
* Updates routing to be able to re-route, Fixes middleware ordering ensuring endpoints are last, refactors pipeline options, adds public access middleware, ensures public access follows all hops
* adds note
* adds note
* Cleans up ext methods, ensures that members identity is added on both front-end and back ends. updates how UmbracoApplicationBuilder works in that it explicitly starts endpoints at the time of calling.
* Changes name to IUmbracoEndpointBuilder
* adds note
* Fixing tests, fixing error describers so there's 2x one for back office, one for members, fixes TryConvertTo, fixes login redirect
* fixing build
* Updates user manager to correctly validate password hashing and injects the IBackOfficeUserPasswordChecker
* Merges PR
* Fixes up build and notes
* Fixes keepalive, fixes PublicAccessMiddleware to not throw, updates startup code to be more clear and removes magic that registers middleware.
* adds note
* removes unused filter, fixes build
* fixes WebPath and tests
* Looks up entities in one query
* remove usings
* Fix test, remove stylesheet
* Set status code before we write to response to avoid error
* Ensures that users and members are validated when logging in. Shares more code between users and members.
* Fixes RepositoryCacheKeys to ensure the keys are normalized
* oops didn't mean to commit this
* Fix casing issues with caching, stop boxing value types for all cache operations, stop re-creating string keys in DefaultRepositoryCachePolicy
* oops didn't mean to comit this
* bah, far out this keeps getting recommitted. sorry
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
2021-04-20 15:45:35 +10:00
_backOfficeUserPasswordChecker = backOfficeUserPasswordChecker ;
2020-05-14 22:21:19 +01:00
}
2020-12-04 02:21:21 +11:00
/// <summary>
Member password roll forward (#10138)
* Getting new netcore PublicAccessChecker in place
* Adds full test coverage for PublicAccessChecker
* remove PublicAccessComposer
* adjust namespaces, ensure RoleManager works, separate public access controller, reduce content controller
* Implements the required methods on IMemberManager, removes old migrated code
* Updates routing to be able to re-route, Fixes middleware ordering ensuring endpoints are last, refactors pipeline options, adds public access middleware, ensures public access follows all hops
* adds note
* adds note
* Cleans up ext methods, ensures that members identity is added on both front-end and back ends. updates how UmbracoApplicationBuilder works in that it explicitly starts endpoints at the time of calling.
* Changes name to IUmbracoEndpointBuilder
* adds note
* Fixing tests, fixing error describers so there's 2x one for back office, one for members, fixes TryConvertTo, fixes login redirect
* fixing build
* Updates user manager to correctly validate password hashing and injects the IBackOfficeUserPasswordChecker
* Merges PR
* Fixes up build and notes
* Fixes keepalive, fixes PublicAccessMiddleware to not throw, updates startup code to be more clear and removes magic that registers middleware.
* adds note
* removes unused filter, fixes build
* fixes WebPath and tests
* Looks up entities in one query
* remove usings
* Fix test, remove stylesheet
* Set status code before we write to response to avoid error
* Ensures that users and members are validated when logging in. Shares more code between users and members.
* Fixes RepositoryCacheKeys to ensure the keys are normalized
* oops didn't mean to commit this
* Fix casing issues with caching, stop boxing value types for all cache operations, stop re-creating string keys in DefaultRepositoryCachePolicy
* oops didn't mean to comit this
* bah, far out this keeps getting recommitted. sorry
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
2021-04-20 15:45:35 +10:00
/// Override to allow checking the password via the <see cref="IBackOfficeUserPasswordChecker"/> if one is configured
2020-12-04 02:21:21 +11:00
/// </summary>
Member password roll forward (#10138)
* Getting new netcore PublicAccessChecker in place
* Adds full test coverage for PublicAccessChecker
* remove PublicAccessComposer
* adjust namespaces, ensure RoleManager works, separate public access controller, reduce content controller
* Implements the required methods on IMemberManager, removes old migrated code
* Updates routing to be able to re-route, Fixes middleware ordering ensuring endpoints are last, refactors pipeline options, adds public access middleware, ensures public access follows all hops
* adds note
* adds note
* Cleans up ext methods, ensures that members identity is added on both front-end and back ends. updates how UmbracoApplicationBuilder works in that it explicitly starts endpoints at the time of calling.
* Changes name to IUmbracoEndpointBuilder
* adds note
* Fixing tests, fixing error describers so there's 2x one for back office, one for members, fixes TryConvertTo, fixes login redirect
* fixing build
* Updates user manager to correctly validate password hashing and injects the IBackOfficeUserPasswordChecker
* Merges PR
* Fixes up build and notes
* Fixes keepalive, fixes PublicAccessMiddleware to not throw, updates startup code to be more clear and removes magic that registers middleware.
* adds note
* removes unused filter, fixes build
* fixes WebPath and tests
* Looks up entities in one query
* remove usings
* Fix test, remove stylesheet
* Set status code before we write to response to avoid error
* Ensures that users and members are validated when logging in. Shares more code between users and members.
* Fixes RepositoryCacheKeys to ensure the keys are normalized
* oops didn't mean to commit this
* Fix casing issues with caching, stop boxing value types for all cache operations, stop re-creating string keys in DefaultRepositoryCachePolicy
* oops didn't mean to comit this
* bah, far out this keeps getting recommitted. sorry
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
2021-04-20 15:45:35 +10:00
/// <param name="store"></param>
/// <param name="user"></param>
/// <param name="password"></param>
/// <returns></returns>
protected override async Task < PasswordVerificationResult > VerifyPasswordAsync (
IUserPasswordStore < BackOfficeIdentityUser > store ,
BackOfficeIdentityUser user ,
string password )
2020-05-14 22:21:19 +01:00
{
Member password roll forward (#10138)
* Getting new netcore PublicAccessChecker in place
* Adds full test coverage for PublicAccessChecker
* remove PublicAccessComposer
* adjust namespaces, ensure RoleManager works, separate public access controller, reduce content controller
* Implements the required methods on IMemberManager, removes old migrated code
* Updates routing to be able to re-route, Fixes middleware ordering ensuring endpoints are last, refactors pipeline options, adds public access middleware, ensures public access follows all hops
* adds note
* adds note
* Cleans up ext methods, ensures that members identity is added on both front-end and back ends. updates how UmbracoApplicationBuilder works in that it explicitly starts endpoints at the time of calling.
* Changes name to IUmbracoEndpointBuilder
* adds note
* Fixing tests, fixing error describers so there's 2x one for back office, one for members, fixes TryConvertTo, fixes login redirect
* fixing build
* Updates user manager to correctly validate password hashing and injects the IBackOfficeUserPasswordChecker
* Merges PR
* Fixes up build and notes
* Fixes keepalive, fixes PublicAccessMiddleware to not throw, updates startup code to be more clear and removes magic that registers middleware.
* adds note
* removes unused filter, fixes build
* fixes WebPath and tests
* Looks up entities in one query
* remove usings
* Fix test, remove stylesheet
* Set status code before we write to response to avoid error
* Ensures that users and members are validated when logging in. Shares more code between users and members.
* Fixes RepositoryCacheKeys to ensure the keys are normalized
* oops didn't mean to commit this
* Fix casing issues with caching, stop boxing value types for all cache operations, stop re-creating string keys in DefaultRepositoryCachePolicy
* oops didn't mean to comit this
* bah, far out this keeps getting recommitted. sorry
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
2021-04-20 15:45:35 +10:00
if ( user . HasIdentity = = false )
{
return PasswordVerificationResult . Failed ;
}
BackOfficeUserPasswordCheckerResult result = await _backOfficeUserPasswordChecker . CheckPasswordAsync ( user , password ) ;
// if the result indicates to not fallback to the default, then return true if the credentials are valid
if ( result ! = BackOfficeUserPasswordCheckerResult . FallbackToDefaultChecker )
2020-05-14 22:21:19 +01:00
{
Member password roll forward (#10138)
* Getting new netcore PublicAccessChecker in place
* Adds full test coverage for PublicAccessChecker
* remove PublicAccessComposer
* adjust namespaces, ensure RoleManager works, separate public access controller, reduce content controller
* Implements the required methods on IMemberManager, removes old migrated code
* Updates routing to be able to re-route, Fixes middleware ordering ensuring endpoints are last, refactors pipeline options, adds public access middleware, ensures public access follows all hops
* adds note
* adds note
* Cleans up ext methods, ensures that members identity is added on both front-end and back ends. updates how UmbracoApplicationBuilder works in that it explicitly starts endpoints at the time of calling.
* Changes name to IUmbracoEndpointBuilder
* adds note
* Fixing tests, fixing error describers so there's 2x one for back office, one for members, fixes TryConvertTo, fixes login redirect
* fixing build
* Updates user manager to correctly validate password hashing and injects the IBackOfficeUserPasswordChecker
* Merges PR
* Fixes up build and notes
* Fixes keepalive, fixes PublicAccessMiddleware to not throw, updates startup code to be more clear and removes magic that registers middleware.
* adds note
* removes unused filter, fixes build
* fixes WebPath and tests
* Looks up entities in one query
* remove usings
* Fix test, remove stylesheet
* Set status code before we write to response to avoid error
* Ensures that users and members are validated when logging in. Shares more code between users and members.
* Fixes RepositoryCacheKeys to ensure the keys are normalized
* oops didn't mean to commit this
* Fix casing issues with caching, stop boxing value types for all cache operations, stop re-creating string keys in DefaultRepositoryCachePolicy
* oops didn't mean to comit this
* bah, far out this keeps getting recommitted. sorry
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
2021-04-20 15:45:35 +10:00
return result = = BackOfficeUserPasswordCheckerResult . ValidCredentials
? PasswordVerificationResult . Success
: PasswordVerificationResult . Failed ;
2020-05-14 22:21:19 +01:00
}
Member password roll forward (#10138)
* Getting new netcore PublicAccessChecker in place
* Adds full test coverage for PublicAccessChecker
* remove PublicAccessComposer
* adjust namespaces, ensure RoleManager works, separate public access controller, reduce content controller
* Implements the required methods on IMemberManager, removes old migrated code
* Updates routing to be able to re-route, Fixes middleware ordering ensuring endpoints are last, refactors pipeline options, adds public access middleware, ensures public access follows all hops
* adds note
* adds note
* Cleans up ext methods, ensures that members identity is added on both front-end and back ends. updates how UmbracoApplicationBuilder works in that it explicitly starts endpoints at the time of calling.
* Changes name to IUmbracoEndpointBuilder
* adds note
* Fixing tests, fixing error describers so there's 2x one for back office, one for members, fixes TryConvertTo, fixes login redirect
* fixing build
* Updates user manager to correctly validate password hashing and injects the IBackOfficeUserPasswordChecker
* Merges PR
* Fixes up build and notes
* Fixes keepalive, fixes PublicAccessMiddleware to not throw, updates startup code to be more clear and removes magic that registers middleware.
* adds note
* removes unused filter, fixes build
* fixes WebPath and tests
* Looks up entities in one query
* remove usings
* Fix test, remove stylesheet
* Set status code before we write to response to avoid error
* Ensures that users and members are validated when logging in. Shares more code between users and members.
* Fixes RepositoryCacheKeys to ensure the keys are normalized
* oops didn't mean to commit this
* Fix casing issues with caching, stop boxing value types for all cache operations, stop re-creating string keys in DefaultRepositoryCachePolicy
* oops didn't mean to comit this
* bah, far out this keeps getting recommitted. sorry
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
2021-04-20 15:45:35 +10:00
return await base . VerifyPasswordAsync ( store , user , password ) ;
2020-05-14 22:21:19 +01:00
}
2020-06-22 10:08:08 +02:00
2022-04-19 08:33:03 +02:00
2020-05-14 22:21:19 +01:00
/// <summary>
2020-12-04 01:38:36 +11:00
/// Override to check the user approval value as well as the user lock out date, by default this only checks the user's locked out date
2020-05-14 22:21:19 +01:00
/// </summary>
2020-12-04 01:38:36 +11:00
/// <param name="user">The user</param>
/// <returns>True if the user is locked out, else false</returns>
2020-05-14 22:21:19 +01:00
/// <remarks>
2020-12-04 01:38:36 +11:00
/// In the ASP.NET Identity world, there is only one value for being locked out, in Umbraco we have 2 so when checking this for Umbraco we need to check both values
2020-05-14 22:21:19 +01:00
/// </remarks>
2020-12-04 01:38:36 +11:00
public override async Task < bool > IsLockedOutAsync ( BackOfficeIdentityUser user )
2020-05-14 22:21:19 +01:00
{
2020-12-03 20:30:35 +11:00
if ( user = = null )
{
2020-12-04 01:38:36 +11:00
throw new ArgumentNullException ( nameof ( user ) ) ;
2020-12-03 20:30:35 +11:00
}
2020-05-14 22:21:19 +01:00
2020-12-04 01:38:36 +11:00
if ( user . IsApproved = = false )
2020-12-01 17:24:23 +11:00
{
2020-12-04 01:38:36 +11:00
return true ;
2020-12-01 17:24:23 +11:00
}
2020-12-03 20:30:35 +11:00
2020-12-04 01:38:36 +11:00
return await base . IsLockedOutAsync ( user ) ;
2020-05-14 22:21:19 +01:00
}
2020-06-22 10:08:08 +02:00
2020-12-04 01:38:36 +11:00
public override async Task < IdentityResult > AccessFailedAsync ( BackOfficeIdentityUser user )
2020-05-14 22:21:19 +01:00
{
2020-12-04 01:38:36 +11:00
IdentityResult result = await base . AccessFailedAsync ( user ) ;
2020-05-14 22:21:19 +01:00
2020-12-04 01:38:36 +11:00
// Slightly confusing: this will return a Success if we successfully update the AccessFailed count
if ( result . Succeeded )
2020-12-03 20:30:35 +11:00
{
2021-02-26 16:37:34 +01:00
NotifyLoginFailed ( _httpContextAccessor . HttpContext ? . User , user . Id ) ;
2020-12-03 20:30:35 +11:00
}
2020-05-14 22:21:19 +01:00
2020-12-04 01:38:36 +11:00
return result ;
2020-05-14 22:21:19 +01:00
}
2020-12-04 12:44:27 +11:00
public override async Task < IdentityResult > ChangePasswordWithResetAsync ( string userId , string token , string newPassword )
2020-05-14 22:21:19 +01:00
{
2020-12-04 01:38:36 +11:00
IdentityResult result = await base . ChangePasswordWithResetAsync ( userId , token , newPassword ) ;
if ( result . Succeeded )
2020-12-03 20:30:35 +11:00
{
2021-03-01 20:31:04 +01:00
NotifyPasswordReset ( _httpContextAccessor . HttpContext ? . User , userId ) ;
2020-12-03 20:30:35 +11:00
}
2020-12-04 01:38:36 +11:00
return result ;
2020-05-14 22:21:19 +01:00
}
2020-12-04 01:38:36 +11:00
public override async Task < IdentityResult > ChangePasswordAsync ( BackOfficeIdentityUser user , string currentPassword , string newPassword )
2020-05-14 22:21:19 +01:00
{
2020-12-04 01:38:36 +11:00
IdentityResult result = await base . ChangePasswordAsync ( user , currentPassword , newPassword ) ;
if ( result . Succeeded )
2020-12-03 20:30:35 +11:00
{
2021-02-26 16:37:34 +01:00
NotifyPasswordChanged ( _httpContextAccessor . HttpContext ? . User , user . Id ) ;
2020-12-03 20:30:35 +11:00
}
2020-12-04 01:38:36 +11:00
return result ;
2020-05-14 22:21:19 +01:00
}
Member password roll forward (#10138)
* Getting new netcore PublicAccessChecker in place
* Adds full test coverage for PublicAccessChecker
* remove PublicAccessComposer
* adjust namespaces, ensure RoleManager works, separate public access controller, reduce content controller
* Implements the required methods on IMemberManager, removes old migrated code
* Updates routing to be able to re-route, Fixes middleware ordering ensuring endpoints are last, refactors pipeline options, adds public access middleware, ensures public access follows all hops
* adds note
* adds note
* Cleans up ext methods, ensures that members identity is added on both front-end and back ends. updates how UmbracoApplicationBuilder works in that it explicitly starts endpoints at the time of calling.
* Changes name to IUmbracoEndpointBuilder
* adds note
* Fixing tests, fixing error describers so there's 2x one for back office, one for members, fixes TryConvertTo, fixes login redirect
* fixing build
* Updates user manager to correctly validate password hashing and injects the IBackOfficeUserPasswordChecker
* Merges PR
* Fixes up build and notes
* Fixes keepalive, fixes PublicAccessMiddleware to not throw, updates startup code to be more clear and removes magic that registers middleware.
* adds note
* removes unused filter, fixes build
* fixes WebPath and tests
* Looks up entities in one query
* remove usings
* Fix test, remove stylesheet
* Set status code before we write to response to avoid error
* Ensures that users and members are validated when logging in. Shares more code between users and members.
* Fixes RepositoryCacheKeys to ensure the keys are normalized
* oops didn't mean to commit this
* Fix casing issues with caching, stop boxing value types for all cache operations, stop re-creating string keys in DefaultRepositoryCachePolicy
* oops didn't mean to comit this
* bah, far out this keeps getting recommitted. sorry
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
2021-04-20 15:45:35 +10:00
2020-12-03 20:30:35 +11:00
/// <inheritdoc/>
2020-12-04 01:38:36 +11:00
public override async Task < IdentityResult > SetLockoutEndDateAsync ( BackOfficeIdentityUser user , DateTimeOffset ? lockoutEnd )
2020-05-14 22:21:19 +01:00
{
2020-12-03 20:30:35 +11:00
if ( user = = null )
{
throw new ArgumentNullException ( nameof ( user ) ) ;
}
2020-05-14 22:21:19 +01:00
2020-12-03 20:30:35 +11:00
IdentityResult result = await base . SetLockoutEndDateAsync ( user , lockoutEnd ) ;
2020-05-14 22:21:19 +01:00
// The way we unlock is by setting the lockoutEnd date to the current datetime
2021-08-11 19:11:35 +02:00
if ( result . Succeeded & & lockoutEnd > DateTimeOffset . UtcNow )
2020-05-14 22:21:19 +01:00
{
2021-02-26 16:37:34 +01:00
NotifyAccountLocked ( _httpContextAccessor . HttpContext ? . User , user . Id ) ;
2020-05-14 22:21:19 +01:00
}
else
{
2021-02-26 16:37:34 +01:00
NotifyAccountUnlocked ( _httpContextAccessor . HttpContext ? . User , user . Id ) ;
2020-12-03 20:30:35 +11:00
// Resets the login attempt fails back to 0 when unlock is clicked
2020-05-14 22:21:19 +01:00
await ResetAccessFailedCountAsync ( user ) ;
}
return result ;
}
2020-12-03 20:30:35 +11:00
/// <inheritdoc/>
2020-12-04 01:38:36 +11:00
public override async Task < IdentityResult > ResetAccessFailedCountAsync ( BackOfficeIdentityUser user )
2020-05-14 22:21:19 +01:00
{
2020-12-04 01:38:36 +11:00
IdentityResult result = await base . ResetAccessFailedCountAsync ( user ) ;
2020-12-03 20:30:35 +11:00
2021-02-26 16:37:34 +01:00
// notify now that it's reset
NotifyResetAccessFailedCount ( _httpContextAccessor . HttpContext ? . User , user . Id ) ;
2020-05-14 22:21:19 +01:00
return result ;
}
2020-12-04 12:44:27 +11:00
private string GetCurrentUserId ( IPrincipal currentUser )
2020-05-14 22:21:19 +01:00
{
2021-02-17 11:50:19 +01:00
ClaimsIdentity umbIdentity = currentUser ? . GetUmbracoIdentity ( ) ;
2020-12-04 12:44:27 +11:00
var currentUserId = umbIdentity ? . GetUserId < string > ( ) ? ? Core . Constants . Security . SuperUserIdAsString ;
2020-10-23 14:18:53 +11:00
return currentUserId ;
}
2020-12-03 20:30:35 +11:00
2021-02-26 16:37:34 +01:00
public void NotifyAccountLocked ( IPrincipal currentUser , string userId ) = > Notify ( currentUser ,
( currentUserId , ip ) = > new UserLockedNotification ( ip , userId , currentUserId )
) ;
2020-05-14 22:21:19 +01:00
2021-02-26 16:37:34 +01:00
public void NotifyAccountUnlocked ( IPrincipal currentUser , string userId ) = > Notify ( currentUser ,
( currentUserId , ip ) = > new UserUnlockedNotification ( ip , userId , currentUserId )
) ;
2020-05-14 22:21:19 +01:00
2021-02-26 16:37:34 +01:00
public void NotifyForgotPasswordRequested ( IPrincipal currentUser , string userId ) = > Notify ( currentUser ,
( currentUserId , ip ) = > new UserForgotPasswordRequestedNotification ( ip , userId , currentUserId )
) ;
2020-05-14 22:21:19 +01:00
2021-02-26 16:37:34 +01:00
public void NotifyForgotPasswordChanged ( IPrincipal currentUser , string userId ) = > Notify ( currentUser ,
( currentUserId , ip ) = > new UserForgotPasswordChangedNotification ( ip , userId , currentUserId )
) ;
2020-05-14 22:21:19 +01:00
2021-02-26 16:37:34 +01:00
public void NotifyLoginFailed ( IPrincipal currentUser , string userId ) = > Notify ( currentUser ,
( currentUserId , ip ) = > new UserLoginFailedNotification ( ip , userId , currentUserId )
) ;
2020-05-14 22:21:19 +01:00
2021-02-26 16:37:34 +01:00
public void NotifyLoginRequiresVerification ( IPrincipal currentUser , string userId ) = > Notify ( currentUser ,
( currentUserId , ip ) = > new UserLoginRequiresVerificationNotification ( ip , userId , currentUserId )
) ;
2020-10-23 14:18:53 +11:00
2021-02-26 16:37:34 +01:00
public void NotifyLoginSuccess ( IPrincipal currentUser , string userId ) = > Notify ( currentUser ,
( currentUserId , ip ) = > new UserLoginSuccessNotification ( ip , userId , currentUserId )
) ;
2020-10-23 14:18:53 +11:00
2021-02-26 16:37:34 +01:00
public SignOutSuccessResult NotifyLogoutSuccess ( IPrincipal currentUser , string userId )
2020-10-23 10:10:02 +11:00
{
2021-02-26 16:37:34 +01:00
var notification = Notify ( currentUser ,
( currentUserId , ip ) = > new UserLogoutSuccessNotification ( ip , userId , currentUserId )
) ;
Member password roll forward (#10138)
* Getting new netcore PublicAccessChecker in place
* Adds full test coverage for PublicAccessChecker
* remove PublicAccessComposer
* adjust namespaces, ensure RoleManager works, separate public access controller, reduce content controller
* Implements the required methods on IMemberManager, removes old migrated code
* Updates routing to be able to re-route, Fixes middleware ordering ensuring endpoints are last, refactors pipeline options, adds public access middleware, ensures public access follows all hops
* adds note
* adds note
* Cleans up ext methods, ensures that members identity is added on both front-end and back ends. updates how UmbracoApplicationBuilder works in that it explicitly starts endpoints at the time of calling.
* Changes name to IUmbracoEndpointBuilder
* adds note
* Fixing tests, fixing error describers so there's 2x one for back office, one for members, fixes TryConvertTo, fixes login redirect
* fixing build
* Updates user manager to correctly validate password hashing and injects the IBackOfficeUserPasswordChecker
* Merges PR
* Fixes up build and notes
* Fixes keepalive, fixes PublicAccessMiddleware to not throw, updates startup code to be more clear and removes magic that registers middleware.
* adds note
* removes unused filter, fixes build
* fixes WebPath and tests
* Looks up entities in one query
* remove usings
* Fix test, remove stylesheet
* Set status code before we write to response to avoid error
* Ensures that users and members are validated when logging in. Shares more code between users and members.
* Fixes RepositoryCacheKeys to ensure the keys are normalized
* oops didn't mean to commit this
* Fix casing issues with caching, stop boxing value types for all cache operations, stop re-creating string keys in DefaultRepositoryCachePolicy
* oops didn't mean to comit this
* bah, far out this keeps getting recommitted. sorry
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
2021-04-20 15:45:35 +10:00
return new SignOutSuccessResult { SignOutRedirectUrl = notification . SignOutRedirectUrl } ;
2020-10-23 10:10:02 +11:00
}
2020-12-01 17:24:23 +11:00
2021-02-26 16:37:34 +01:00
public void NotifyPasswordChanged ( IPrincipal currentUser , string userId ) = > Notify ( currentUser ,
( currentUserId , ip ) = > new UserPasswordChangedNotification ( ip , userId , currentUserId )
) ;
2020-05-21 16:33:24 +10:00
2021-03-01 20:31:04 +01:00
public void NotifyPasswordReset ( IPrincipal currentUser , string userId ) = > Notify ( currentUser ,
( currentUserId , ip ) = > new UserPasswordResetNotification ( ip , userId , currentUserId )
) ;
2021-02-26 16:37:34 +01:00
public void NotifyResetAccessFailedCount ( IPrincipal currentUser , string userId ) = > Notify ( currentUser ,
( currentUserId , ip ) = > new UserResetAccessFailedCountNotification ( ip , userId , currentUserId )
) ;
2020-05-14 22:21:19 +01:00
2021-02-26 16:37:34 +01:00
private T Notify < T > ( IPrincipal currentUser , Func < string , string , T > createNotification ) where T : INotification
2020-10-23 14:18:53 +11:00
{
var currentUserId = GetCurrentUserId ( currentUser ) ;
var ip = IpResolver . GetCurrentRequestIpAddress ( ) ;
2020-05-14 22:21:19 +01:00
2021-02-26 16:37:34 +01:00
var notification = createNotification ( currentUserId , ip ) ;
_eventAggregator . Publish ( notification ) ;
return notification ;
}
2020-05-14 22:21:19 +01:00
}
}
