yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Cleans up IBackofficeSecurity, ensures authn for the AuthenticationController/BackOfficeController

Browse Source
This commit is contained in:
Shannon
2020-12-02 14:28:16 +11:00
parent 372674abde
commit 0846fc5690
13 changed files with 82 additions and 122 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/Umbraco.Web.Common/Install/InstallController.cs
View File

@@ -15,6 +15,7 @@ using Umbraco.Web.Install;
using Umbraco.Web.Security;
using Umbraco.Core.Configuration.Models;
using Microsoft.Extensions.Options;
using Microsoft.AspNetCore.Authentication;
namespace Umbraco.Web.Common.Install
{
@@ -73,13 +74,11 @@ namespace Umbraco.Web.Common.Install
// Update ClientDependency version and delete its temp directories to make sure we get fresh caches
_runtimeMinifier.Reset();
var result = _backofficeSecurityAccessor.BackOfficeSecurity.ValidateCurrentUser(false);
var authResult = await HttpContext.AuthenticateAsync(Core.Constants.Security.BackOfficeAuthenticationType);
switch (result)
if (!authResult.Succeeded)
{
case ValidateRequestAttempt.FailedNoPrivileges:
case ValidateRequestAttempt.FailedNoContextId:
return Redirect(_globalSettings.UmbracoPath + "/AuthorizeUpgrade?redir=" + Request.GetEncodedUrl());
return Redirect(_globalSettings.UmbracoPath + "/AuthorizeUpgrade?redir=" + Request.GetEncodedUrl());
}
}