src/Umbraco.Web/HtmlHelperBackOfficeExtensions.cs

using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Web;
using System.Web.Mvc;
using ClientDependency.Core.Config;
using Microsoft.Owin.Security;
using Newtonsoft.Json;
using Umbraco.Core;
using Umbraco.Core.Configuration;
using Umbraco.Web.Editors;
using Umbraco.Web.Models;

namespace Umbraco.Web
{
    using Umbraco.Core.Configuration;

    /// <summary>
    /// HtmlHelper extensions for the back office
    /// </summary>
    public static class HtmlHelperBackOfficeExtensions
    {
        /// <summary>
        /// Outputs a script tag containing the bare minimum (non secure) server vars for use with the angular app
        /// </summary>
        /// <param name="html"></param>
        /// <param name="uri"></param>
        /// <param name="externalLoginsUrl">
        /// The post url used to sign in with external logins - this can change depending on for what service the external login is service.
        /// Example: normal back office login or authenticating upgrade login
        /// </param>
        /// <returns></returns>
        /// <remarks>
        /// These are the bare minimal server variables that are required for the application to start without being authenticated,
        /// we will load the rest of the server vars after the user is authenticated.
        /// </remarks>
        public static IHtmlString BareMinimumServerVariablesScript(this HtmlHelper html, UrlHelper uri, string externalLoginsUrl)
        {
            var version = UmbracoVersion.SemanticVersion.ToSemanticString();
            var str = @"<script type=""text/javascript"">
                var Umbraco = {};
                Umbraco.Sys = {};
                Umbraco.Sys.ServerVariables = {
                    ""umbracoUrls"": {
                        ""authenticationApiBaseUrl"": """ + uri.GetUmbracoApiServiceBaseUrl<AuthenticationController>(controller => controller.PostLogin(null)) + @""",
                        ""serverVarsJs"": """ + uri.GetUrlWithCacheBust("ServerVariables", "BackOffice") + @""",
                        ""externalLoginsUrl"": """ + externalLoginsUrl + @"""
                    },
                    ""umbracoSettings"": {
                        ""allowPasswordReset"": " + (UmbracoConfig.For.UmbracoSettings().Security.AllowPasswordReset ? "true" : "false") + @",
                        ""loginBackgroundImage"": """ + UmbracoConfig.For.UmbracoSettings().Content.LoginBackgroundImage + @"""
                    },
                    ""application"": {
                        ""applicationPath"": """ + html.ViewContext.HttpContext.Request.ApplicationPath + @""",
                        ""version"": """ + version + @""",
                        ""cdf"": """ + ClientDependencySettings.Instance.Version + @"""
                    },
                    ""isDebuggingEnabled"" : " + html.ViewContext.HttpContext.IsDebuggingEnabled.ToString().ToLowerInvariant() + @"
                };       
            </script>";

            return html.Raw(str);
        }      

        /// <summary>
        /// Used to render the script that will pass in the angular "externalLoginInfo" service/value on page load
        /// </summary>
        /// <param name="html"></param>
        /// <param name="externalLoginErrors"></param>
        /// <returns></returns>
        public static IHtmlString AngularValueExternalLoginInfoScript(this HtmlHelper html, IEnumerable<string> externalLoginErrors)
        {
            var loginProviders = html.ViewContext.HttpContext.GetOwinContext().Authentication.GetExternalAuthenticationTypes()
                .Where(p => p.Properties.ContainsKey("UmbracoBackOffice"))
                .Select(p => new
                {
                    authType = p.AuthenticationType,
                    caption = p.Caption,
                    properties = p.Properties
                })
                .ToArray();

            var sb = new StringBuilder();
            sb.AppendLine();
            sb.AppendLine(@"var errors = [];");

            if (externalLoginErrors != null)
            {
                foreach (var error in externalLoginErrors)
                {
                    sb.AppendFormat(@"errors.push(""{0}"");", error).AppendLine();
                }
            }

            sb.AppendLine(@"app.value(""externalLoginInfo"", {");
            sb.AppendLine(@"errors: errors,");
            sb.Append(@"providers: ");
            sb.AppendLine(JsonConvert.SerializeObject(loginProviders));
            sb.AppendLine(@"});");

            return html.Raw(sb.ToString());
        }

        /// <summary>
        /// Used to render the script that will pass in the angular "resetPasswordCodeInfo" service/value on page load
        /// </summary>
        /// <param name="html"></param>
        /// <param name="val"></param>
        /// <returns></returns>
        public static IHtmlString AngularValueResetPasswordCodeInfoScript(this HtmlHelper html, object val)
        {
            var sb = new StringBuilder();
            sb.AppendLine();
            sb.AppendLine(@"var errors = [];");

            var errors = val as IEnumerable<string>;
            if (errors != null)
            {
                foreach (var error in errors)
                {
                    sb.AppendFormat(@"errors.push(""{0}"");", error).AppendLine();
                }
            }

            var resetCodeModel = val as ValidatePasswordResetCodeModel;


            sb.AppendLine(@"app.value(""resetPasswordCodeInfo"", {");
            sb.AppendLine(@"errors: errors,");            
            sb.Append(@"resetCodeModel: ");
            sb.AppendLine(JsonConvert.SerializeObject(resetCodeModel));
            sb.AppendLine(@"});");

            return html.Raw(sb.ToString());
        }
    }
}
moves notification logic to umbnotifications.directive instead of in main (not sure why it was there). Updates the AuthorizeUpgrade screen to be able to show YSOD or alert messages when there are server errors. Adds htmlhelper extensions to share between Default.cshtml and AuthorizeUpgrade.cshtml. Adds null check for BackOfficeUserManager. 2015-04-01 16:04:19 +11:00			`using System.Collections.Generic;`
			`using System.Linq;`
			`using System.Text;`
			`using System.Web;`
			`using System.Web.Mvc;`
Ensures all angular views are cache busted so browser cache is not an issue after upgrading. 2016-03-08 17:23:54 +01:00			`using ClientDependency.Core.Config;`
moves notification logic to umbnotifications.directive instead of in main (not sure why it was there). Updates the AuthorizeUpgrade screen to be able to show YSOD or alert messages when there are server errors. Adds htmlhelper extensions to share between Default.cshtml and AuthorizeUpgrade.cshtml. Adds null check for BackOfficeUserManager. 2015-04-01 16:04:19 +11:00			`using Microsoft.Owin.Security;`
			`using Newtonsoft.Json;`
Ensures all angular views are cache busted so browser cache is not an issue after upgrading. 2016-03-08 17:23:54 +01:00			`using Umbraco.Core;`
			`using Umbraco.Core.Configuration;`
moves notification logic to umbnotifications.directive instead of in main (not sure why it was there). Updates the AuthorizeUpgrade screen to be able to show YSOD or alert messages when there are server errors. Adds htmlhelper extensions to share between Default.cshtml and AuthorizeUpgrade.cshtml. Adds null check for BackOfficeUserManager. 2015-04-01 16:04:19 +11:00			`using Umbraco.Web.Editors;`
Changes the password reset link to be a real link (not an angular deep link), this means there is less logging of the reset code in a query string and less visibility of it, this also means that the validation of the code happens instantly. The premise for this is the same as how we deal with external authentication requests and uses ViewData/TempData with redirects. Fixes the models to have the correct attributes to be able to directly json serialize them. 2016-04-13 13:51:12 +02:00			`using Umbraco.Web.Models;`
moves notification logic to umbnotifications.directive instead of in main (not sure why it was there). Updates the AuthorizeUpgrade screen to be able to show YSOD or alert messages when there are server errors. Adds htmlhelper extensions to share between Default.cshtml and AuthorizeUpgrade.cshtml. Adds null check for BackOfficeUserManager. 2015-04-01 16:04:19 +11:00
			`namespace Umbraco.Web`
			`{`
Merge branch 'u4-222' of https://github.com/AndyButland/Umbraco-CMS into AndyButland-u4-222 Conflicts: src/Umbraco.Core/Security/BackOfficeUserManager.cs src/Umbraco.Web.UI.Client/src/less/pages/login.less src/Umbraco.Web.UI.Client/src/routes.js src/Umbraco.Web.UI.Client/src/views/common/dialogs/login.controller.js src/Umbraco.Web.UI/umbraco/config/lang/en_us.xml src/Umbraco.Web.UI/web.Template.config src/Umbraco.Web/Editors/AuthenticationController.cs src/Umbraco.Web/Editors/BackOfficeController.cs src/Umbraco.Web/Umbraco.Web.csproj 2016-04-12 18:07:25 +02:00			`using Umbraco.Core.Configuration;`

moves notification logic to umbnotifications.directive instead of in main (not sure why it was there). Updates the AuthorizeUpgrade screen to be able to show YSOD or alert messages when there are server errors. Adds htmlhelper extensions to share between Default.cshtml and AuthorizeUpgrade.cshtml. Adds null check for BackOfficeUserManager. 2015-04-01 16:04:19 +11:00			`/// <summary>`
			`/// HtmlHelper extensions for the back office`
			`/// </summary>`
			`public static class HtmlHelperBackOfficeExtensions`
			`{`
			`/// <summary>`
			`/// Outputs a script tag containing the bare minimum (non secure) server vars for use with the angular app`
			`/// </summary>`
			`/// <param name="html"></param>`
			`/// <param name="uri"></param>`
Allows the ability to use external logins to login to authorize upgrades, this means being able to add reserved paths at startup dynamically which is now built in as part of the AuthenticationOptionsExtensions for registering external logins for the back office. 2015-04-02 14:46:53 +11:00			`/// <param name="externalLoginsUrl">`
			`/// The post url used to sign in with external logins - this can change depending on for what service the external login is service.`
			`/// Example: normal back office login or authenticating upgrade login`
			`/// </param>`
moves notification logic to umbnotifications.directive instead of in main (not sure why it was there). Updates the AuthorizeUpgrade screen to be able to show YSOD or alert messages when there are server errors. Adds htmlhelper extensions to share between Default.cshtml and AuthorizeUpgrade.cshtml. Adds null check for BackOfficeUserManager. 2015-04-01 16:04:19 +11:00			`/// <returns></returns>`
			`/// <remarks>`
			`/// These are the bare minimal server variables that are required for the application to start without being authenticated,`
			`/// we will load the rest of the server vars after the user is authenticated.`
			`/// </remarks>`
updates how scripts render in main view - make it more clear where the callback is 2015-06-16 10:59:47 +02:00			`public static IHtmlString BareMinimumServerVariablesScript(this HtmlHelper html, UrlHelper uri, string externalLoginsUrl)`
moves notification logic to umbnotifications.directive instead of in main (not sure why it was there). Updates the AuthorizeUpgrade screen to be able to show YSOD or alert messages when there are server errors. Adds htmlhelper extensions to share between Default.cshtml and AuthorizeUpgrade.cshtml. Adds null check for BackOfficeUserManager. 2015-04-01 16:04:19 +11:00			`{`
Resvolution - Components, Runtime & Booting 2016-09-01 19:06:08 +02:00			`var version = UmbracoVersion.SemanticVersion.ToSemanticString();`
moves notification logic to umbnotifications.directive instead of in main (not sure why it was there). Updates the AuthorizeUpgrade screen to be able to show YSOD or alert messages when there are server errors. Adds htmlhelper extensions to share between Default.cshtml and AuthorizeUpgrade.cshtml. Adds null check for BackOfficeUserManager. 2015-04-01 16:04:19 +11:00			`var str = @"<script type=""text/javascript"">`
			`var Umbraco = {};`
			`Umbraco.Sys = {};`
			`Umbraco.Sys.ServerVariables = {`
			`""umbracoUrls"": {`
			`""authenticationApiBaseUrl"": """ + uri.GetUmbracoApiServiceBaseUrl<AuthenticationController>(controller => controller.PostLogin(null)) + @""",`
			`""serverVarsJs"": """ + uri.GetUrlWithCacheBust("ServerVariables", "BackOffice") + @""",`
Allows the ability to use external logins to login to authorize upgrades, this means being able to add reserved paths at startup dynamically which is now built in as part of the AuthenticationOptionsExtensions for registering external logins for the back office. 2015-04-02 14:46:53 +11:00			`""externalLoginsUrl"": """ + externalLoginsUrl + @"""`
moves notification logic to umbnotifications.directive instead of in main (not sure why it was there). Updates the AuthorizeUpgrade screen to be able to show YSOD or alert messages when there are server errors. Adds htmlhelper extensions to share between Default.cshtml and AuthorizeUpgrade.cshtml. Adds null check for BackOfficeUserManager. 2015-04-01 16:04:19 +11:00			`},`
Merge branch 'u4-222' of https://github.com/AndyButland/Umbraco-CMS into AndyButland-u4-222 Conflicts: src/Umbraco.Core/Security/BackOfficeUserManager.cs src/Umbraco.Web.UI.Client/src/less/pages/login.less src/Umbraco.Web.UI.Client/src/routes.js src/Umbraco.Web.UI.Client/src/views/common/dialogs/login.controller.js src/Umbraco.Web.UI/umbraco/config/lang/en_us.xml src/Umbraco.Web.UI/web.Template.config src/Umbraco.Web/Editors/AuthenticationController.cs src/Umbraco.Web/Editors/BackOfficeController.cs src/Umbraco.Web/Umbraco.Web.csproj 2016-04-12 18:07:25 +02:00			`""umbracoSettings"": {`
porting 7.6-rc1 into 8 2017-05-12 14:49:44 +02:00			`""allowPasswordReset"": " + (UmbracoConfig.For.UmbracoSettings().Security.AllowPasswordReset ? "true" : "false") + @",`
			`""loginBackgroundImage"": """ + UmbracoConfig.For.UmbracoSettings().Content.LoginBackgroundImage + @"""`
Merge branch 'u4-222' of https://github.com/AndyButland/Umbraco-CMS into AndyButland-u4-222 Conflicts: src/Umbraco.Core/Security/BackOfficeUserManager.cs src/Umbraco.Web.UI.Client/src/less/pages/login.less src/Umbraco.Web.UI.Client/src/routes.js src/Umbraco.Web.UI.Client/src/views/common/dialogs/login.controller.js src/Umbraco.Web.UI/umbraco/config/lang/en_us.xml src/Umbraco.Web.UI/web.Template.config src/Umbraco.Web/Editors/AuthenticationController.cs src/Umbraco.Web/Editors/BackOfficeController.cs src/Umbraco.Web/Umbraco.Web.csproj 2016-04-12 18:07:25 +02:00			`},`
moves notification logic to umbnotifications.directive instead of in main (not sure why it was there). Updates the AuthorizeUpgrade screen to be able to show YSOD or alert messages when there are server errors. Adds htmlhelper extensions to share between Default.cshtml and AuthorizeUpgrade.cshtml. Adds null check for BackOfficeUserManager. 2015-04-01 16:04:19 +11:00			`""application"": {`
Ensures all angular views are cache busted so browser cache is not an issue after upgrading. 2016-03-08 17:23:54 +01:00			`""applicationPath"": """ + html.ViewContext.HttpContext.Request.ApplicationPath + @""",`
			`""version"": """ + version + @""",`
			`""cdf"": """ + ClientDependencySettings.Instance.Version + @"""`
moves notification logic to umbnotifications.directive instead of in main (not sure why it was there). Updates the AuthorizeUpgrade screen to be able to show YSOD or alert messages when there are server errors. Adds htmlhelper extensions to share between Default.cshtml and AuthorizeUpgrade.cshtml. Adds null check for BackOfficeUserManager. 2015-04-01 16:04:19 +11:00			`},`
Adds IsUpgrading method to ApplicationContext and fixes AppBuilderExtensions checks since we need a user manager when upgrading 2015-04-01 16:12:32 +11:00			`""isDebuggingEnabled"" : " + html.ViewContext.HttpContext.IsDebuggingEnabled.ToString().ToLowerInvariant() + @"`
moves notification logic to umbnotifications.directive instead of in main (not sure why it was there). Updates the AuthorizeUpgrade screen to be able to show YSOD or alert messages when there are server errors. Adds htmlhelper extensions to share between Default.cshtml and AuthorizeUpgrade.cshtml. Adds null check for BackOfficeUserManager. 2015-04-01 16:04:19 +11:00			`};`
			`</script>";`

			`return html.Raw(str);`
Implements SignInManager, implements lock out policy for user manager, allows for better implementation of 2 factor auth for developers. Updates to latest owin libs. 2015-07-01 17:07:29 +02:00			`}`
moves notification logic to umbnotifications.directive instead of in main (not sure why it was there). Updates the AuthorizeUpgrade screen to be able to show YSOD or alert messages when there are server errors. Adds htmlhelper extensions to share between Default.cshtml and AuthorizeUpgrade.cshtml. Adds null check for BackOfficeUserManager. 2015-04-01 16:04:19 +11:00
			`/// <summary>`
Changes the password reset link to be a real link (not an angular deep link), this means there is less logging of the reset code in a query string and less visibility of it, this also means that the validation of the code happens instantly. The premise for this is the same as how we deal with external authentication requests and uses ViewData/TempData with redirects. Fixes the models to have the correct attributes to be able to directly json serialize them. 2016-04-13 13:51:12 +02:00			`/// Used to render the script that will pass in the angular "externalLoginInfo" service/value on page load`
moves notification logic to umbnotifications.directive instead of in main (not sure why it was there). Updates the AuthorizeUpgrade screen to be able to show YSOD or alert messages when there are server errors. Adds htmlhelper extensions to share between Default.cshtml and AuthorizeUpgrade.cshtml. Adds null check for BackOfficeUserManager. 2015-04-01 16:04:19 +11:00			`/// </summary>`
			`/// <param name="html"></param>`
			`/// <param name="externalLoginErrors"></param>`
			`/// <returns></returns>`
Changes the password reset link to be a real link (not an angular deep link), this means there is less logging of the reset code in a query string and less visibility of it, this also means that the validation of the code happens instantly. The premise for this is the same as how we deal with external authentication requests and uses ViewData/TempData with redirects. Fixes the models to have the correct attributes to be able to directly json serialize them. 2016-04-13 13:51:12 +02:00			`public static IHtmlString AngularValueExternalLoginInfoScript(this HtmlHelper html, IEnumerable<string> externalLoginErrors)`
moves notification logic to umbnotifications.directive instead of in main (not sure why it was there). Updates the AuthorizeUpgrade screen to be able to show YSOD or alert messages when there are server errors. Adds htmlhelper extensions to share between Default.cshtml and AuthorizeUpgrade.cshtml. Adds null check for BackOfficeUserManager. 2015-04-01 16:04:19 +11:00			`{`
			`var loginProviders = html.ViewContext.HttpContext.GetOwinContext().Authentication.GetExternalAuthenticationTypes()`
			`.Where(p => p.Properties.ContainsKey("UmbracoBackOffice"))`
			`.Select(p => new`
			`{`
			`authType = p.AuthenticationType,`
			`caption = p.Caption,`
			`properties = p.Properties`
			`})`
			`.ToArray();`

updates how scripts render in main view - make it more clear where the callback is 2015-06-16 10:59:47 +02:00			`var sb = new StringBuilder();`
			`sb.AppendLine();`
moves notification logic to umbnotifications.directive instead of in main (not sure why it was there). Updates the AuthorizeUpgrade screen to be able to show YSOD or alert messages when there are server errors. Adds htmlhelper extensions to share between Default.cshtml and AuthorizeUpgrade.cshtml. Adds null check for BackOfficeUserManager. 2015-04-01 16:04:19 +11:00			`sb.AppendLine(@"var errors = [];");`

			`if (externalLoginErrors != null)`
			`{`
			`foreach (var error in externalLoginErrors)`
			`{`
			`sb.AppendFormat(@"errors.push(""{0}"");", error).AppendLine();`
			`}`
			`}`

			`sb.AppendLine(@"app.value(""externalLoginInfo"", {");`
			`sb.AppendLine(@"errors: errors,");`
			`sb.Append(@"providers: ");`
			`sb.AppendLine(JsonConvert.SerializeObject(loginProviders));`
			`sb.AppendLine(@"});");`

			`return html.Raw(sb.ToString());`
			`}`
Changes the password reset link to be a real link (not an angular deep link), this means there is less logging of the reset code in a query string and less visibility of it, this also means that the validation of the code happens instantly. The premise for this is the same as how we deal with external authentication requests and uses ViewData/TempData with redirects. Fixes the models to have the correct attributes to be able to directly json serialize them. 2016-04-13 13:51:12 +02:00
			`/// <summary>`
			`/// Used to render the script that will pass in the angular "resetPasswordCodeInfo" service/value on page load`
			`/// </summary>`
			`/// <param name="html"></param>`
			`/// <param name="val"></param>`
			`/// <returns></returns>`
			`public static IHtmlString AngularValueResetPasswordCodeInfoScript(this HtmlHelper html, object val)`
			`{`
			`var sb = new StringBuilder();`
			`sb.AppendLine();`
			`sb.AppendLine(@"var errors = [];");`

			`var errors = val as IEnumerable<string>;`
			`if (errors != null)`
			`{`
			`foreach (var error in errors)`
			`{`
			`sb.AppendFormat(@"errors.push(""{0}"");", error).AppendLine();`
			`}`
			`}`

			`var resetCodeModel = val as ValidatePasswordResetCodeModel;`


			`sb.AppendLine(@"app.value(""resetPasswordCodeInfo"", {");`
			`sb.AppendLine(@"errors: errors,");`
			`sb.Append(@"resetCodeModel: ");`
			`sb.AppendLine(JsonConvert.SerializeObject(resetCodeModel));`
			`sb.AppendLine(@"});");`

			`return html.Raw(sb.ToString());`
			`}`
moves notification logic to umbnotifications.directive instead of in main (not sure why it was there). Updates the AuthorizeUpgrade screen to be able to show YSOD or alert messages when there are server errors. Adds htmlhelper extensions to share between Default.cshtml and AuthorizeUpgrade.cshtml. Adds null check for BackOfficeUserManager. 2015-04-01 16:04:19 +11:00			`}`
			`}`