2020-05-21 15:43:33 +10:00
|
|
|
using System.Security.Claims;
|
2023-02-10 10:56:55 +01:00
|
|
|
using Microsoft.Extensions.DependencyInjection;
|
2020-05-21 15:43:33 +10:00
|
|
|
using Microsoft.Extensions.Options;
|
2022-06-20 08:37:17 +02:00
|
|
|
using Umbraco.Cms.Core;
|
2021-02-09 10:22:42 +01:00
|
|
|
using Umbraco.Cms.Core.Configuration.Models;
|
2021-02-15 12:01:12 +01:00
|
|
|
using Umbraco.Cms.Core.Security;
|
2023-02-10 10:56:55 +01:00
|
|
|
using Umbraco.Cms.Web.Common.DependencyInjection;
|
Implements Public Access in netcore (#10137)
* Getting new netcore PublicAccessChecker in place
* Adds full test coverage for PublicAccessChecker
* remove PublicAccessComposer
* adjust namespaces, ensure RoleManager works, separate public access controller, reduce content controller
* Implements the required methods on IMemberManager, removes old migrated code
* Updates routing to be able to re-route, Fixes middleware ordering ensuring endpoints are last, refactors pipeline options, adds public access middleware, ensures public access follows all hops
* adds note
* adds note
* Cleans up ext methods, ensures that members identity is added on both front-end and back ends. updates how UmbracoApplicationBuilder works in that it explicitly starts endpoints at the time of calling.
* Changes name to IUmbracoEndpointBuilder
* adds note
* Fixing tests, fixing error describers so there's 2x one for back office, one for members, fixes TryConvertTo, fixes login redirect
* fixing build
* Fixes keepalive, fixes PublicAccessMiddleware to not throw, updates startup code to be more clear and removes magic that registers middleware.
* adds note
* removes unused filter, fixes build
* fixes WebPath and tests
* Looks up entities in one query
* remove usings
* Fix test, remove stylesheet
* Set status code before we write to response to avoid error
* Ensures that users and members are validated when logging in. Shares more code between users and members.
* Fixes RepositoryCacheKeys to ensure the keys are normalized
* oops didn't mean to commit this
* Fix casing issues with caching, stop boxing value types for all cache operations, stop re-creating string keys in DefaultRepositoryCachePolicy
* bah, far out this keeps getting recommitted. sorry
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
2021-04-20 15:11:45 +10:00
|
|
|
using Umbraco.Extensions;
|
2020-05-21 15:43:33 +10:00
|
|
|
|
2022-06-20 08:37:17 +02:00
|
|
|
namespace Umbraco.Cms.Web.BackOffice.Security;
|
2020-05-21 15:43:33 +10:00
|
|
|
|
2022-06-20 08:37:17 +02:00
|
|
|
/// <summary>
|
|
|
|
|
/// Used to configure <see cref="BackOfficeIdentityOptions" /> for the Umbraco Back office
|
|
|
|
|
/// </summary>
|
|
|
|
|
public sealed class ConfigureBackOfficeIdentityOptions : IConfigureOptions<BackOfficeIdentityOptions>
|
|
|
|
|
{
|
|
|
|
|
private readonly UserPasswordConfigurationSettings _userPasswordConfiguration;
|
2023-02-10 10:56:55 +01:00
|
|
|
private readonly SecuritySettings _securitySettings;
|
2020-05-21 15:43:33 +10:00
|
|
|
|
2023-02-10 10:56:55 +01:00
|
|
|
[Obsolete("Use the constructor that accepts SecuritySettings. Will be removed in V13.")]
|
|
|
|
|
public ConfigureBackOfficeIdentityOptions(IOptions<UserPasswordConfigurationSettings> userPasswordConfiguration)
|
|
|
|
|
: this(userPasswordConfiguration, StaticServiceProvider.Instance.GetRequiredService<IOptions<SecuritySettings>>())
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public ConfigureBackOfficeIdentityOptions(
|
|
|
|
|
IOptions<UserPasswordConfigurationSettings> userPasswordConfiguration,
|
|
|
|
|
IOptions<SecuritySettings> securitySettings)
|
|
|
|
|
{
|
2022-06-20 08:37:17 +02:00
|
|
|
_userPasswordConfiguration = userPasswordConfiguration.Value;
|
2023-02-10 10:56:55 +01:00
|
|
|
_securitySettings = securitySettings.Value;
|
|
|
|
|
}
|
Implements Public Access in netcore (#10137)
* Getting new netcore PublicAccessChecker in place
* Adds full test coverage for PublicAccessChecker
* remove PublicAccessComposer
* adjust namespaces, ensure RoleManager works, separate public access controller, reduce content controller
* Implements the required methods on IMemberManager, removes old migrated code
* Updates routing to be able to re-route, Fixes middleware ordering ensuring endpoints are last, refactors pipeline options, adds public access middleware, ensures public access follows all hops
* adds note
* adds note
* Cleans up ext methods, ensures that members identity is added on both front-end and back ends. updates how UmbracoApplicationBuilder works in that it explicitly starts endpoints at the time of calling.
* Changes name to IUmbracoEndpointBuilder
* adds note
* Fixing tests, fixing error describers so there's 2x one for back office, one for members, fixes TryConvertTo, fixes login redirect
* fixing build
* Fixes keepalive, fixes PublicAccessMiddleware to not throw, updates startup code to be more clear and removes magic that registers middleware.
* adds note
* removes unused filter, fixes build
* fixes WebPath and tests
* Looks up entities in one query
* remove usings
* Fix test, remove stylesheet
* Set status code before we write to response to avoid error
* Ensures that users and members are validated when logging in. Shares more code between users and members.
* Fixes RepositoryCacheKeys to ensure the keys are normalized
* oops didn't mean to commit this
* Fix casing issues with caching, stop boxing value types for all cache operations, stop re-creating string keys in DefaultRepositoryCachePolicy
* bah, far out this keeps getting recommitted. sorry
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
2021-04-20 15:11:45 +10:00
|
|
|
|
2022-06-20 08:37:17 +02:00
|
|
|
public void Configure(BackOfficeIdentityOptions options)
|
|
|
|
|
{
|
|
|
|
|
options.SignIn.RequireConfirmedAccount = true; // uses our custom IUserConfirmation
|
|
|
|
|
options.SignIn.RequireConfirmedEmail = false; // not implemented
|
|
|
|
|
options.SignIn.RequireConfirmedPhoneNumber = false; // not implemented
|
Implements Public Access in netcore (#10137)
* Getting new netcore PublicAccessChecker in place
* Adds full test coverage for PublicAccessChecker
* remove PublicAccessComposer
* adjust namespaces, ensure RoleManager works, separate public access controller, reduce content controller
* Implements the required methods on IMemberManager, removes old migrated code
* Updates routing to be able to re-route, Fixes middleware ordering ensuring endpoints are last, refactors pipeline options, adds public access middleware, ensures public access follows all hops
* adds note
* adds note
* Cleans up ext methods, ensures that members identity is added on both front-end and back ends. updates how UmbracoApplicationBuilder works in that it explicitly starts endpoints at the time of calling.
* Changes name to IUmbracoEndpointBuilder
* adds note
* Fixing tests, fixing error describers so there's 2x one for back office, one for members, fixes TryConvertTo, fixes login redirect
* fixing build
* Fixes keepalive, fixes PublicAccessMiddleware to not throw, updates startup code to be more clear and removes magic that registers middleware.
* adds note
* removes unused filter, fixes build
* fixes WebPath and tests
* Looks up entities in one query
* remove usings
* Fix test, remove stylesheet
* Set status code before we write to response to avoid error
* Ensures that users and members are validated when logging in. Shares more code between users and members.
* Fixes RepositoryCacheKeys to ensure the keys are normalized
* oops didn't mean to commit this
* Fix casing issues with caching, stop boxing value types for all cache operations, stop re-creating string keys in DefaultRepositoryCachePolicy
* bah, far out this keeps getting recommitted. sorry
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
2021-04-20 15:11:45 +10:00
|
|
|
|
2022-06-20 08:37:17 +02:00
|
|
|
options.User.RequireUniqueEmail = true;
|
2023-09-19 09:01:35 +02:00
|
|
|
// Support validation of users names using Down-Level Logon Name format
|
|
|
|
|
options.User.AllowedUserNameCharacters = _securitySettings.AllowedUserNameCharacters;
|
Implements Public Access in netcore (#10137)
* Getting new netcore PublicAccessChecker in place
* Adds full test coverage for PublicAccessChecker
* remove PublicAccessComposer
* adjust namespaces, ensure RoleManager works, separate public access controller, reduce content controller
* Implements the required methods on IMemberManager, removes old migrated code
* Updates routing to be able to re-route, Fixes middleware ordering ensuring endpoints are last, refactors pipeline options, adds public access middleware, ensures public access follows all hops
* adds note
* adds note
* Cleans up ext methods, ensures that members identity is added on both front-end and back ends. updates how UmbracoApplicationBuilder works in that it explicitly starts endpoints at the time of calling.
* Changes name to IUmbracoEndpointBuilder
* adds note
* Fixing tests, fixing error describers so there's 2x one for back office, one for members, fixes TryConvertTo, fixes login redirect
* fixing build
* Fixes keepalive, fixes PublicAccessMiddleware to not throw, updates startup code to be more clear and removes magic that registers middleware.
* adds note
* removes unused filter, fixes build
* fixes WebPath and tests
* Looks up entities in one query
* remove usings
* Fix test, remove stylesheet
* Set status code before we write to response to avoid error
* Ensures that users and members are validated when logging in. Shares more code between users and members.
* Fixes RepositoryCacheKeys to ensure the keys are normalized
* oops didn't mean to commit this
* Fix casing issues with caching, stop boxing value types for all cache operations, stop re-creating string keys in DefaultRepositoryCachePolicy
* bah, far out this keeps getting recommitted. sorry
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
2021-04-20 15:11:45 +10:00
|
|
|
|
2022-06-20 08:37:17 +02:00
|
|
|
options.ClaimsIdentity.UserIdClaimType = ClaimTypes.NameIdentifier;
|
|
|
|
|
options.ClaimsIdentity.UserNameClaimType = ClaimTypes.Name;
|
|
|
|
|
options.ClaimsIdentity.RoleClaimType = ClaimTypes.Role;
|
|
|
|
|
options.ClaimsIdentity.SecurityStampClaimType = Constants.Security.SecurityStampClaimType;
|
2020-05-21 15:43:33 +10:00
|
|
|
|
2022-06-20 08:37:17 +02:00
|
|
|
options.Lockout.AllowedForNewUsers = true;
|
2023-02-10 10:56:55 +01:00
|
|
|
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(_securitySettings.UserDefaultLockoutTimeInMinutes);
|
2020-05-27 13:48:26 +10:00
|
|
|
|
2022-06-20 08:37:17 +02:00
|
|
|
options.Password.ConfigurePasswordOptions(_userPasswordConfiguration);
|
2020-05-27 13:48:26 +10:00
|
|
|
|
2022-06-20 08:37:17 +02:00
|
|
|
options.Lockout.MaxFailedAccessAttempts = _userPasswordConfiguration.MaxFailedAccessAttemptsBeforeLockout;
|
2020-05-21 15:43:33 +10:00
|
|
|
}
|
|
|
|
|
}
|