Member password roll forward (#10138)
* Getting new netcore PublicAccessChecker in place
* Adds full test coverage for PublicAccessChecker
* remove PublicAccessComposer
* adjust namespaces, ensure RoleManager works, separate public access controller, reduce content controller
* Implements the required methods on IMemberManager, removes old migrated code
* Updates routing to be able to re-route, Fixes middleware ordering ensuring endpoints are last, refactors pipeline options, adds public access middleware, ensures public access follows all hops
* adds note
* adds note
* Cleans up ext methods, ensures that members identity is added on both front-end and back ends. updates how UmbracoApplicationBuilder works in that it explicitly starts endpoints at the time of calling.
* Changes name to IUmbracoEndpointBuilder
* adds note
* Fixing tests, fixing error describers so there's 2x one for back office, one for members, fixes TryConvertTo, fixes login redirect
* fixing build
* Updates user manager to correctly validate password hashing and injects the IBackOfficeUserPasswordChecker
* Merges PR
* Fixes up build and notes
* Fixes keepalive, fixes PublicAccessMiddleware to not throw, updates startup code to be more clear and removes magic that registers middleware.
* adds note
* removes unused filter, fixes build
* fixes WebPath and tests
* Looks up entities in one query
* remove usings
* Fix test, remove stylesheet
* Set status code before we write to response to avoid error
* Ensures that users and members are validated when logging in. Shares more code between users and members.
* Fixes RepositoryCacheKeys to ensure the keys are normalized
* oops didn't mean to commit this
* Fix casing issues with caching, stop boxing value types for all cache operations, stop re-creating string keys in DefaultRepositoryCachePolicy
* oops didn't mean to comit this
* bah, far out this keeps getting recommitted. sorry
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
2021-04-20 15:45:35 +10:00
|
|
|
using Microsoft.AspNetCore.Identity;
|
2021-12-02 11:54:24 +01:00
|
|
|
using Microsoft.Extensions.Logging;
|
|
|
|
|
using Microsoft.Extensions.Logging.Abstractions;
|
|
|
|
|
using Microsoft.Extensions.Options;
|
Member password roll forward (#10138)
* Getting new netcore PublicAccessChecker in place
* Adds full test coverage for PublicAccessChecker
* remove PublicAccessComposer
* adjust namespaces, ensure RoleManager works, separate public access controller, reduce content controller
* Implements the required methods on IMemberManager, removes old migrated code
* Updates routing to be able to re-route, Fixes middleware ordering ensuring endpoints are last, refactors pipeline options, adds public access middleware, ensures public access follows all hops
* adds note
* adds note
* Cleans up ext methods, ensures that members identity is added on both front-end and back ends. updates how UmbracoApplicationBuilder works in that it explicitly starts endpoints at the time of calling.
* Changes name to IUmbracoEndpointBuilder
* adds note
* Fixing tests, fixing error describers so there's 2x one for back office, one for members, fixes TryConvertTo, fixes login redirect
* fixing build
* Updates user manager to correctly validate password hashing and injects the IBackOfficeUserPasswordChecker
* Merges PR
* Fixes up build and notes
* Fixes keepalive, fixes PublicAccessMiddleware to not throw, updates startup code to be more clear and removes magic that registers middleware.
* adds note
* removes unused filter, fixes build
* fixes WebPath and tests
* Looks up entities in one query
* remove usings
* Fix test, remove stylesheet
* Set status code before we write to response to avoid error
* Ensures that users and members are validated when logging in. Shares more code between users and members.
* Fixes RepositoryCacheKeys to ensure the keys are normalized
* oops didn't mean to commit this
* Fix casing issues with caching, stop boxing value types for all cache operations, stop re-creating string keys in DefaultRepositoryCachePolicy
* oops didn't mean to comit this
* bah, far out this keeps getting recommitted. sorry
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
2021-04-20 15:45:35 +10:00
|
|
|
using NUnit.Framework;
|
2021-12-02 11:54:24 +01:00
|
|
|
using Umbraco.Cms.Core.Configuration.Models;
|
Member password roll forward (#10138)
* Getting new netcore PublicAccessChecker in place
* Adds full test coverage for PublicAccessChecker
* remove PublicAccessComposer
* adjust namespaces, ensure RoleManager works, separate public access controller, reduce content controller
* Implements the required methods on IMemberManager, removes old migrated code
* Updates routing to be able to re-route, Fixes middleware ordering ensuring endpoints are last, refactors pipeline options, adds public access middleware, ensures public access follows all hops
* adds note
* adds note
* Cleans up ext methods, ensures that members identity is added on both front-end and back ends. updates how UmbracoApplicationBuilder works in that it explicitly starts endpoints at the time of calling.
* Changes name to IUmbracoEndpointBuilder
* adds note
* Fixing tests, fixing error describers so there's 2x one for back office, one for members, fixes TryConvertTo, fixes login redirect
* fixing build
* Updates user manager to correctly validate password hashing and injects the IBackOfficeUserPasswordChecker
* Merges PR
* Fixes up build and notes
* Fixes keepalive, fixes PublicAccessMiddleware to not throw, updates startup code to be more clear and removes magic that registers middleware.
* adds note
* removes unused filter, fixes build
* fixes WebPath and tests
* Looks up entities in one query
* remove usings
* Fix test, remove stylesheet
* Set status code before we write to response to avoid error
* Ensures that users and members are validated when logging in. Shares more code between users and members.
* Fixes RepositoryCacheKeys to ensure the keys are normalized
* oops didn't mean to commit this
* Fix casing issues with caching, stop boxing value types for all cache operations, stop re-creating string keys in DefaultRepositoryCachePolicy
* oops didn't mean to comit this
* bah, far out this keeps getting recommitted. sorry
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
2021-04-20 15:45:35 +10:00
|
|
|
using Umbraco.Cms.Core.Security;
|
Implement password config storage for members (#10170)
* Getting new netcore PublicAccessChecker in place
* Adds full test coverage for PublicAccessChecker
* remove PublicAccessComposer
* adjust namespaces, ensure RoleManager works, separate public access controller, reduce content controller
* Implements the required methods on IMemberManager, removes old migrated code
* Updates routing to be able to re-route, Fixes middleware ordering ensuring endpoints are last, refactors pipeline options, adds public access middleware, ensures public access follows all hops
* adds note
* adds note
* Cleans up ext methods, ensures that members identity is added on both front-end and back ends. updates how UmbracoApplicationBuilder works in that it explicitly starts endpoints at the time of calling.
* Changes name to IUmbracoEndpointBuilder
* adds note
* Fixing tests, fixing error describers so there's 2x one for back office, one for members, fixes TryConvertTo, fixes login redirect
* fixing build
* Updates user manager to correctly validate password hashing and injects the IBackOfficeUserPasswordChecker
* Merges PR
* Fixes up build and notes
* Implements security stamp and email confirmed for members, cleans up a bunch of repo/service level member groups stuff, shares user store code between members and users and fixes the user identity object so we arent' tracking both groups and roles.
* Security stamp for members is now working
* Fixes keepalive, fixes PublicAccessMiddleware to not throw, updates startup code to be more clear and removes magic that registers middleware.
* adds note
* removes unused filter, fixes build
* fixes WebPath and tests
* Looks up entities in one query
* remove usings
* Fix test, remove stylesheet
* Set status code before we write to response to avoid error
* Ensures that users and members are validated when logging in. Shares more code between users and members.
* merge changes
* oops
* Reducing and removing published member cache
* Fixes RepositoryCacheKeys to ensure the keys are normalized
* oops didn't mean to commit this
* Fix casing issues with caching, stop boxing value types for all cache operations, stop re-creating string keys in DefaultRepositoryCachePolicy
* oops didn't mean to comit this
* bah, far out this keeps getting recommitted. sorry
* cannot inject IPublishedMemberCache and cannot have IPublishedMember
* splits out files, fixes build
* fix tests
* removes membership provider classes
* removes membership provider classes
* updates the identity map definition
* reverts commented out lines
* reverts commented out lines
* Implements members Password config in db, fixes members cookie auth to not interfere with the back office cookie auth, fixes Startup sequence, fixes startup pipeline
* commits change to Startup
* Rename migration from `MemberTableColumns2` to `AddPasswordConfigToMemberTable`
* Fix test
* Fix tests, but adding default passwordConfig to members
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
2021-04-22 23:59:13 +10:00
|
|
|
using Umbraco.Cms.Infrastructure.Serialization;
|
Member password roll forward (#10138)
* Getting new netcore PublicAccessChecker in place
* Adds full test coverage for PublicAccessChecker
* remove PublicAccessComposer
* adjust namespaces, ensure RoleManager works, separate public access controller, reduce content controller
* Implements the required methods on IMemberManager, removes old migrated code
* Updates routing to be able to re-route, Fixes middleware ordering ensuring endpoints are last, refactors pipeline options, adds public access middleware, ensures public access follows all hops
* adds note
* adds note
* Cleans up ext methods, ensures that members identity is added on both front-end and back ends. updates how UmbracoApplicationBuilder works in that it explicitly starts endpoints at the time of calling.
* Changes name to IUmbracoEndpointBuilder
* adds note
* Fixing tests, fixing error describers so there's 2x one for back office, one for members, fixes TryConvertTo, fixes login redirect
* fixing build
* Updates user manager to correctly validate password hashing and injects the IBackOfficeUserPasswordChecker
* Merges PR
* Fixes up build and notes
* Fixes keepalive, fixes PublicAccessMiddleware to not throw, updates startup code to be more clear and removes magic that registers middleware.
* adds note
* removes unused filter, fixes build
* fixes WebPath and tests
* Looks up entities in one query
* remove usings
* Fix test, remove stylesheet
* Set status code before we write to response to avoid error
* Ensures that users and members are validated when logging in. Shares more code between users and members.
* Fixes RepositoryCacheKeys to ensure the keys are normalized
* oops didn't mean to commit this
* Fix casing issues with caching, stop boxing value types for all cache operations, stop re-creating string keys in DefaultRepositoryCachePolicy
* oops didn't mean to comit this
* bah, far out this keeps getting recommitted. sorry
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
2021-04-20 15:45:35 +10:00
|
|
|
|
2022-06-21 08:09:38 +02:00
|
|
|
namespace Umbraco.Cms.Tests.Integration.Umbraco.Infrastructure.Security;
|
|
|
|
|
|
|
|
|
|
[TestFixture]
|
|
|
|
|
public class MemberPasswordHasherTests
|
Member password roll forward (#10138)
* Getting new netcore PublicAccessChecker in place
* Adds full test coverage for PublicAccessChecker
* remove PublicAccessComposer
* adjust namespaces, ensure RoleManager works, separate public access controller, reduce content controller
* Implements the required methods on IMemberManager, removes old migrated code
* Updates routing to be able to re-route, Fixes middleware ordering ensuring endpoints are last, refactors pipeline options, adds public access middleware, ensures public access follows all hops
* adds note
* adds note
* Cleans up ext methods, ensures that members identity is added on both front-end and back ends. updates how UmbracoApplicationBuilder works in that it explicitly starts endpoints at the time of calling.
* Changes name to IUmbracoEndpointBuilder
* adds note
* Fixing tests, fixing error describers so there's 2x one for back office, one for members, fixes TryConvertTo, fixes login redirect
* fixing build
* Updates user manager to correctly validate password hashing and injects the IBackOfficeUserPasswordChecker
* Merges PR
* Fixes up build and notes
* Fixes keepalive, fixes PublicAccessMiddleware to not throw, updates startup code to be more clear and removes magic that registers middleware.
* adds note
* removes unused filter, fixes build
* fixes WebPath and tests
* Looks up entities in one query
* remove usings
* Fix test, remove stylesheet
* Set status code before we write to response to avoid error
* Ensures that users and members are validated when logging in. Shares more code between users and members.
* Fixes RepositoryCacheKeys to ensure the keys are normalized
* oops didn't mean to commit this
* Fix casing issues with caching, stop boxing value types for all cache operations, stop re-creating string keys in DefaultRepositoryCachePolicy
* oops didn't mean to comit this
* bah, far out this keeps getting recommitted. sorry
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
2021-04-20 15:45:35 +10:00
|
|
|
{
|
2022-06-21 08:09:38 +02:00
|
|
|
[Test]
|
|
|
|
|
[TestCase(
|
|
|
|
|
"Password123!",
|
|
|
|
|
"AQAAAAEAACcQAAAAEGF/tTVoL6ef3bQPZFYfbgKFu1CDQIAMgyY1N4EDt9jqdG/hsOX93X1U6LNvlIQ3mw==",
|
|
|
|
|
null,
|
|
|
|
|
ExpectedResult = PasswordVerificationResult.Success,
|
|
|
|
|
Description = "AspNetCoreIdentityPasswordHash: Correct password")]
|
|
|
|
|
[TestCase(
|
|
|
|
|
"wrongPassword",
|
|
|
|
|
"AQAAAAEAACcQAAAAEGF/tTVoL6ef3bQPZFYfbgKFu1CDQIAMgyY1N4EDt9jqdG/hsOX93X1U6LNvlIQ3mw==",
|
|
|
|
|
null,
|
|
|
|
|
ExpectedResult = PasswordVerificationResult.Failed,
|
|
|
|
|
Description = "AspNetCoreIdentityPasswordHash: Wrong password")]
|
|
|
|
|
[TestCase(
|
|
|
|
|
"Password123!",
|
|
|
|
|
"yDiU2YyuYZU4jz6F0fpErQ==BxNRHkXBVyJs9gwWF6ktWdfDwYf5bwm+rvV7tOcNNx8=",
|
|
|
|
|
null,
|
|
|
|
|
ExpectedResult = PasswordVerificationResult.SuccessRehashNeeded,
|
|
|
|
|
Description = "GivenALegacyPasswordHash: Correct password")]
|
|
|
|
|
[TestCase(
|
|
|
|
|
"wrongPassword",
|
|
|
|
|
"yDiU2YyuYZU4jz6F0fpErQ==BxNRHkXBVyJs9gwWF6ktWdfDwYf5bwm+rvV7tOcNNx8=",
|
|
|
|
|
null,
|
|
|
|
|
ExpectedResult = PasswordVerificationResult.Failed,
|
|
|
|
|
Description = "GivenALegacyPasswordHash: Wrong password")]
|
|
|
|
|
[TestCase(
|
|
|
|
|
"Password123!",
|
|
|
|
|
"AJszAsQqxOYbASKfL3JVUu6cjU18ouizXDfX4j7wLlir8SWj2yQaTepE9e5bIohIsQ==",
|
|
|
|
|
null,
|
|
|
|
|
ExpectedResult = PasswordVerificationResult.SuccessRehashNeeded,
|
|
|
|
|
Description = "GivenALegacyPasswordHash: Correct password")]
|
|
|
|
|
[TestCase(
|
|
|
|
|
"wrongPassword",
|
|
|
|
|
"AJszAsQqxOYbASKfL3JVUu6cjU18ouizXDfX4j7wLlir8SWj2yQaTepE9e5bIohIsQ==",
|
|
|
|
|
null,
|
|
|
|
|
ExpectedResult = PasswordVerificationResult.Failed,
|
|
|
|
|
Description = "GivenALegacyPasswordHash: Wrong password")]
|
|
|
|
|
[TestCase(
|
|
|
|
|
"1234567890",
|
|
|
|
|
"1234567890",
|
|
|
|
|
null,
|
|
|
|
|
ExpectedResult = PasswordVerificationResult.Failed,
|
|
|
|
|
Description = "ClearText: Correct password, but not supported")]
|
|
|
|
|
[TestCase(
|
|
|
|
|
"wrongPassword",
|
|
|
|
|
"1234567890",
|
|
|
|
|
null,
|
|
|
|
|
ExpectedResult = PasswordVerificationResult.Failed,
|
|
|
|
|
Description = "ClearText: Wrong password")]
|
|
|
|
|
[TestCase(
|
|
|
|
|
"1234567890",
|
|
|
|
|
"XyFRG4/xJ5JGQJYqqIFK70BjHdM=",
|
|
|
|
|
null,
|
|
|
|
|
ExpectedResult = PasswordVerificationResult.SuccessRehashNeeded,
|
|
|
|
|
Description = "Hashed: Correct password")]
|
|
|
|
|
[TestCase(
|
|
|
|
|
"wrongPassword",
|
|
|
|
|
"XyFRG4/xJ5JGQJYqqIFK70BjHdM=",
|
|
|
|
|
null,
|
|
|
|
|
ExpectedResult = PasswordVerificationResult.Failed,
|
|
|
|
|
Description = "Hashed: Wrong password")]
|
|
|
|
|
[TestCase(
|
|
|
|
|
"1234567890",
|
|
|
|
|
"K2JPOhoqNoysfnnD67QsWDSliHrjoSTRTvv9yiaKf30=",
|
|
|
|
|
"1D43BFA074DF6DCEF6E44A7F5B5F56CDDD60BE198FBBB0222C96A5BD696F3CAA",
|
|
|
|
|
ExpectedResult = PasswordVerificationResult.SuccessRehashNeeded,
|
|
|
|
|
Description = "Encrypted: Correct password and correct decryptionKey")]
|
|
|
|
|
[TestCase(
|
|
|
|
|
"wrongPassword",
|
|
|
|
|
"K2JPOhoqNoysfnnD67QsWDSliHrjoSTRTvv9yiaKf30=",
|
|
|
|
|
"1D43BFA074DF6DCEF6E44A7F5B5F56CDDD60BE198FBBB0222C96A5BD696F3CAA",
|
|
|
|
|
ExpectedResult = PasswordVerificationResult.Failed,
|
|
|
|
|
Description = "Encrypted: Wrong password but correct decryptionKey")]
|
|
|
|
|
[TestCase(
|
|
|
|
|
"1234567890",
|
|
|
|
|
"qiuwRr4K7brpTcIzLFfR3iGG9zj4/z4ewHCVZmYUDKM=",
|
|
|
|
|
"B491B602E0CE1D52450A8089FD2013B340743A7EFCC12B039BD11977A083ACA1",
|
|
|
|
|
ExpectedResult = PasswordVerificationResult.Failed,
|
|
|
|
|
Description = "Encrypted: Correct password but wrong decryptionKey")]
|
|
|
|
|
[TestCase(
|
|
|
|
|
"1234567890",
|
|
|
|
|
"qiuwRr4K7brpTcIzLFfR3iGG9zj4/z4ewHCVZmYUDKM=",
|
|
|
|
|
"InvalidDecryptionKey",
|
|
|
|
|
ExpectedResult = PasswordVerificationResult.Failed,
|
|
|
|
|
Description = "Encrypted: Invalid decryptionKey")]
|
|
|
|
|
public PasswordVerificationResult VerifyHashedPassword(string password, string encryptedPassword, string decryptionKey)
|
Member password roll forward (#10138)
* Getting new netcore PublicAccessChecker in place
* Adds full test coverage for PublicAccessChecker
* remove PublicAccessComposer
* adjust namespaces, ensure RoleManager works, separate public access controller, reduce content controller
* Implements the required methods on IMemberManager, removes old migrated code
* Updates routing to be able to re-route, Fixes middleware ordering ensuring endpoints are last, refactors pipeline options, adds public access middleware, ensures public access follows all hops
* adds note
* adds note
* Cleans up ext methods, ensures that members identity is added on both front-end and back ends. updates how UmbracoApplicationBuilder works in that it explicitly starts endpoints at the time of calling.
* Changes name to IUmbracoEndpointBuilder
* adds note
* Fixing tests, fixing error describers so there's 2x one for back office, one for members, fixes TryConvertTo, fixes login redirect
* fixing build
* Updates user manager to correctly validate password hashing and injects the IBackOfficeUserPasswordChecker
* Merges PR
* Fixes up build and notes
* Fixes keepalive, fixes PublicAccessMiddleware to not throw, updates startup code to be more clear and removes magic that registers middleware.
* adds note
* removes unused filter, fixes build
* fixes WebPath and tests
* Looks up entities in one query
* remove usings
* Fix test, remove stylesheet
* Set status code before we write to response to avoid error
* Ensures that users and members are validated when logging in. Shares more code between users and members.
* Fixes RepositoryCacheKeys to ensure the keys are normalized
* oops didn't mean to commit this
* Fix casing issues with caching, stop boxing value types for all cache operations, stop re-creating string keys in DefaultRepositoryCachePolicy
* oops didn't mean to comit this
* bah, far out this keeps getting recommitted. sorry
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
2021-04-20 15:45:35 +10:00
|
|
|
{
|
2022-06-21 08:09:38 +02:00
|
|
|
var member = new MemberIdentityUser { PasswordConfig = null };
|
2021-12-02 11:54:24 +01:00
|
|
|
|
2022-06-21 08:09:38 +02:00
|
|
|
var sut = new MemberPasswordHasher(
|
|
|
|
|
new LegacyPasswordSecurity(),
|
|
|
|
|
new JsonNetSerializer(),
|
|
|
|
|
Options.Create(new LegacyPasswordMigrationSettings { MachineKeyDecryptionKey = decryptionKey }),
|
|
|
|
|
NullLoggerFactory.Instance.CreateLogger<MemberPasswordHasher>());
|
2021-12-02 11:54:24 +01:00
|
|
|
|
2022-06-21 08:09:38 +02:00
|
|
|
return sut.VerifyHashedPassword(member, encryptedPassword, password);
|
Member password roll forward (#10138)
* Getting new netcore PublicAccessChecker in place
* Adds full test coverage for PublicAccessChecker
* remove PublicAccessComposer
* adjust namespaces, ensure RoleManager works, separate public access controller, reduce content controller
* Implements the required methods on IMemberManager, removes old migrated code
* Updates routing to be able to re-route, Fixes middleware ordering ensuring endpoints are last, refactors pipeline options, adds public access middleware, ensures public access follows all hops
* adds note
* adds note
* Cleans up ext methods, ensures that members identity is added on both front-end and back ends. updates how UmbracoApplicationBuilder works in that it explicitly starts endpoints at the time of calling.
* Changes name to IUmbracoEndpointBuilder
* adds note
* Fixing tests, fixing error describers so there's 2x one for back office, one for members, fixes TryConvertTo, fixes login redirect
* fixing build
* Updates user manager to correctly validate password hashing and injects the IBackOfficeUserPasswordChecker
* Merges PR
* Fixes up build and notes
* Fixes keepalive, fixes PublicAccessMiddleware to not throw, updates startup code to be more clear and removes magic that registers middleware.
* adds note
* removes unused filter, fixes build
* fixes WebPath and tests
* Looks up entities in one query
* remove usings
* Fix test, remove stylesheet
* Set status code before we write to response to avoid error
* Ensures that users and members are validated when logging in. Shares more code between users and members.
* Fixes RepositoryCacheKeys to ensure the keys are normalized
* oops didn't mean to commit this
* Fix casing issues with caching, stop boxing value types for all cache operations, stop re-creating string keys in DefaultRepositoryCachePolicy
* oops didn't mean to comit this
* bah, far out this keeps getting recommitted. sorry
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
2021-04-20 15:45:35 +10:00
|
|
|
}
|
|
|
|
|
}
|