src/Umbraco.Web.Common/Preview/UserBasedPreviewTokenGenerator.cs

using Microsoft.AspNetCore.DataProtection;
using Microsoft.Extensions.Logging;
using Umbraco.Cms.Core;
using Umbraco.Cms.Core.Models.Membership;
using Umbraco.Cms.Core.Preview;
using Umbraco.Cms.Core.Services;
using Umbraco.Cms.Web.Common.Security;

namespace Umbraco.Cms.Web.Common.Preview;

public class UserBasedPreviewTokenGenerator : IPreviewTokenGenerator
{
    private readonly IDataProtectionProvider _dataProtectionProvider;
    private readonly IUserService _userService;
    private readonly ILogger<UserBasedPreviewTokenGenerator> _logger;

    public UserBasedPreviewTokenGenerator(
        IDataProtectionProvider dataProtectionProvider,
        IUserService userService,
        ILogger<UserBasedPreviewTokenGenerator> logger)
    {
        _dataProtectionProvider = dataProtectionProvider;
        _userService = userService;
        _logger = logger;
    }

    public Task<Attempt<string?>> GenerateTokenAsync(Guid userKey)
    {
        var token = EncryptionHelper.Encrypt(userKey.ToString(), _dataProtectionProvider);

        return Task.FromResult(Attempt.Succeed(token));
    }

    public async Task<Attempt<Guid?>> VerifyAsync(string token)
    {
        try
        {
            var decrypted = EncryptionHelper.Decrypt(token, _dataProtectionProvider);
            if (Guid.TryParse(decrypted, out Guid key))
            {
                IUser? user = await _userService.GetAsync(key);

                if (user is { IsApproved: true, IsLockedOut: false })
                {
                    return Attempt.Succeed<Guid?>(user.Key);
                }
            }
        }
        catch (Exception e)
        {
            _logger.LogDebug(e, "An error occured when trying to get the user from the encrypted token");
        }

        return Attempt.Fail<Guid?>(null);
    }
}
V14: Untangle the preview functionality from the auth cookie (#16308) * AB40660 - untangle the preview cookie from the auth cookie * Clean up * Allow anonymous to end preview sessions * Some refinements * update OpenApi.json * Fix enter preview test * correct tests to match new expectations of the preview cookie * sync preview tests with correct expectations of access level --------- Co-authored-by: Sven Geusens <sge@umbraco.dk> Co-authored-by: Jacob Overgaard <752371+iOvergaard@users.noreply.github.com> 2024-05-17 16:06:26 +02:00			`using Microsoft.AspNetCore.DataProtection;`
			`using Microsoft.Extensions.Logging;`
			`using Umbraco.Cms.Core;`
			`using Umbraco.Cms.Core.Models.Membership;`
			`using Umbraco.Cms.Core.Preview;`
			`using Umbraco.Cms.Core.Services;`
			`using Umbraco.Cms.Web.Common.Security;`

			`namespace Umbraco.Cms.Web.Common.Preview;`

			`public class UserBasedPreviewTokenGenerator : IPreviewTokenGenerator`
			`{`
			`private readonly IDataProtectionProvider _dataProtectionProvider;`
			`private readonly IUserService _userService;`
			`private readonly ILogger<UserBasedPreviewTokenGenerator> _logger;`

			`public UserBasedPreviewTokenGenerator(`
			`IDataProtectionProvider dataProtectionProvider,`
			`IUserService userService,`
			`ILogger<UserBasedPreviewTokenGenerator> logger)`
			`{`
			`_dataProtectionProvider = dataProtectionProvider;`
			`_userService = userService;`
			`_logger = logger;`
			`}`

			`public Task<Attempt<string?>> GenerateTokenAsync(Guid userKey)`
			`{`
			`var token = EncryptionHelper.Encrypt(userKey.ToString(), _dataProtectionProvider);`

			`return Task.FromResult(Attempt.Succeed(token));`
			`}`

			`public async Task<Attempt<Guid?>> VerifyAsync(string token)`
			`{`
			`try`
			`{`
			`var decrypted = EncryptionHelper.Decrypt(token, _dataProtectionProvider);`
			`if (Guid.TryParse(decrypted, out Guid key))`
			`{`
			`IUser? user = await _userService.GetAsync(key);`

			`if (user is { IsApproved: true, IsLockedOut: false })`
			`{`
			`return Attempt.Succeed<Guid?>(user.Key);`
			`}`
			`}`
			`}`
			`catch (Exception e)`
			`{`
			`_logger.LogDebug(e, "An error occured when trying to get the user from the encrypted token");`
			`}`

			`return Attempt.Fail<Guid?>(null);`
			`}`
			`}`