yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/netcore/dev' into netcore/dev

Browse Source 
# Conflicts:
#	src/Umbraco.Web.UI/config/umbracoSettings.Release.config
This commit is contained in:
Bjarke Berg
2020-01-07 07:35:34 +01:00
parent 0c7cc8e002 a68d1af2ca
commit 09b480919b
23 changed files with 588 additions and 274 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/Umbraco.Abstractions/Configuration/ConfigsExtensions.cs
View File

@@ -28,9 +28,6 @@ namespace Umbraco.Core
public static IUmbracoSettingsSection Settings(this Configs configs)
=> configs.GetConfig<IUmbracoSettingsSection>();
public static IUserPasswordConfiguration UserPasswordConfig(this Configs configs)
=> configs.GetConfig<IUserPasswordConfiguration>();
public static IHealthChecks HealthChecks(this Configs configs)
=> configs.GetConfig<IHealthChecks>();
@@ -40,11 +37,28 @@ namespace Umbraco.Core
public static ICoreDebug CoreDebug(this Configs configs)
=> configs.GetConfig<ICoreDebug>();
public static IUserPasswordConfiguration UserPasswordConfiguration(this Configs configs)
=> configs.GetConfig<IUserPasswordConfiguration>();
public static IMemberPasswordConfiguration MemberPasswordConfiguration(this Configs configs)
=> configs.GetConfig<IMemberPasswordConfiguration>();
public static void AddPasswordConfigurations(this Configs configs)
{
configs.Add<IUserPasswordConfiguration>(() =>
{
return new UserPasswordConfiguration(configs.Settings().Security.UserPasswordConfiguration);
});
configs.Add<IMemberPasswordConfiguration>(() =>
{
return new MemberPasswordConfiguration(configs.Settings().Security.MemberPasswordConfiguration);
});
}
public static void AddCoreConfigs(this Configs configs, IIOHelper ioHelper)
{
var configDir = new DirectoryInfo(ioHelper.MapPath(Constants.SystemDirectories.Config));
// GridConfig depends on runtime caches, manifest parsers... and cannot be available during composition
configs.Add<IGridConfig>(factory => new GridConfig(
factory.GetInstance<ILogger>(),

15
src/Umbraco.Abstractions/Configuration/MemberPasswordConfiguration.cs Normal file
View File

@@ -0,0 +1,15 @@
using Umbraco.Core.Configuration.UmbracoSettings;
namespace Umbraco.Core.Configuration
{
/// <summary>
/// The password configuration for back office users
/// </summary>
public class MemberPasswordConfiguration : PasswordConfiguration, IMemberPasswordConfiguration
{
public MemberPasswordConfiguration(IMemberPasswordConfigurationSection configSection)
: base(configSection)
{
}
}
}

41
src/Umbraco.Abstractions/Configuration/PasswordConfiguration.cs Normal file
View File

@@ -0,0 +1,41 @@
using System;
using Umbraco.Core.Configuration.UmbracoSettings;
namespace Umbraco.Core.Configuration
{
public abstract class PasswordConfiguration : IPasswordConfiguration
{
protected PasswordConfiguration(IPasswordConfigurationSection configSection)
{
if (configSection == null)
{
throw new ArgumentNullException(nameof(configSection));
}
RequiredLength = configSection.RequiredLength;
RequireNonLetterOrDigit = configSection.RequireNonLetterOrDigit;
RequireDigit = configSection.RequireDigit;
RequireLowercase = configSection.RequireLowercase;
RequireUppercase = configSection.RequireUppercase;
UseLegacyEncoding = configSection.UseLegacyEncoding;
HashAlgorithmType = configSection.HashAlgorithmType;
MaxFailedAccessAttemptsBeforeLockout = configSection.MaxFailedAccessAttemptsBeforeLockout;
}
public int RequiredLength { get; }
public bool RequireNonLetterOrDigit { get; }
public bool RequireDigit { get; }
public bool RequireLowercase { get; }
public bool RequireUppercase { get; }
public bool UseLegacyEncoding { get; }
public string HashAlgorithmType { get; }
public int MaxFailedAccessAttemptsBeforeLockout { get; }
}
}

6
src/Umbraco.Abstractions/Configuration/UmbracoSettings/IMemberPasswordConfigurationSection.cs Normal file
View File

@@ -0,0 +1,6 @@
namespace Umbraco.Core.Configuration.UmbracoSettings
{
public interface IMemberPasswordConfigurationSection : IPasswordConfigurationSection
{
}
}

21
src/Umbraco.Abstractions/Configuration/UmbracoSettings/IPasswordConfigurationSection.cs Normal file
View File

@@ -0,0 +1,21 @@
namespace Umbraco.Core.Configuration.UmbracoSettings
{
public interface IPasswordConfigurationSection : IUmbracoConfigurationSection
{
int RequiredLength { get; }
bool RequireNonLetterOrDigit { get; }
bool RequireDigit { get; }
bool RequireLowercase { get; }
bool RequireUppercase { get; }
bool UseLegacyEncoding { get; }
string HashAlgorithmType { get; }
int MaxFailedAccessAttemptsBeforeLockout { get; }
}
}

6
src/Umbraco.Abstractions/Configuration/UmbracoSettings/ISecuritySection.cs
View File

@@ -3,7 +3,7 @@
public interface ISecuritySection : IUmbracoConfigurationSection
{
bool KeepUserLoggedIn { get; }
bool HideDisabledUsersInBackoffice { get; }
/// <summary>
@@ -23,5 +23,9 @@
/// When this is false, the username and email fields will be shown in the user section.
/// </remarks>
bool UsernameIsEmail { get; }
IUserPasswordConfigurationSection UserPasswordConfiguration { get; }
IMemberPasswordConfigurationSection MemberPasswordConfiguration { get; }
}
}

6
src/Umbraco.Abstractions/Configuration/UmbracoSettings/IUserPasswordConfigurationSection.cs Normal file
View File

@@ -0,0 +1,6 @@
namespace Umbraco.Core.Configuration.UmbracoSettings
{
public interface IUserPasswordConfigurationSection : IPasswordConfigurationSection
{
}
}

15
src/Umbraco.Abstractions/Configuration/UserPasswordConfiguration.cs Normal file
View File

@@ -0,0 +1,15 @@
using Umbraco.Core.Configuration.UmbracoSettings;
namespace Umbraco.Core.Configuration
{
/// <summary>
/// The password configuration for back office users
/// </summary>
public class UserPasswordConfiguration : PasswordConfiguration, IUserPasswordConfiguration
{
public UserPasswordConfiguration(IUserPasswordConfigurationSection configSection)
: base(configSection)
{
}
}
}

27
src/Umbraco.Configuration/ConfigsFactory.cs
View File

@@ -13,6 +13,7 @@ namespace Umbraco.Core.Configuration
}
public IHostingSettings HostingSettings { get; } = new HostingSettings();
public ICoreDebug CoreDebug { get; } = new CoreDebug();
public IUmbracoSettingsSection UmbracoSettings { get; }
@@ -21,33 +22,19 @@ namespace Umbraco.Core.Configuration
{
var configs = new Configs(section => ConfigurationManager.GetSection(section));
configs.Add<IGlobalSettings>(() => new GlobalSettings(ioHelper));
configs.Add<IHostingSettings>(() => HostingSettings);
configs.Add(() => HostingSettings);
configs.Add<IUmbracoSettingsSection>("umbracoConfiguration/settings");
configs.Add<IHealthChecks>("umbracoConfiguration/HealthChecks");
configs.Add<IUserPasswordConfiguration>(() => new DefaultPasswordConfig());
configs.Add<IMemberPasswordConfiguration>(() => new DefaultPasswordConfig());
configs.Add<ICoreDebug>(() => CoreDebug);
// Password configuration is held within IUmbracoSettingsSection from umbracoConfiguration/settings but we'll add explicitly
// so it can be independently retrieved in classes that need it.
configs.AddPasswordConfigurations();
configs.Add(() => CoreDebug);
configs.Add<IConnectionStrings>(() => new ConnectionStrings());
configs.AddCoreConfigs(ioHelper);
return configs;
}
}
// Default/static user password configs
// TODO: Make this configurable somewhere - we've removed membership providers for users, so could be a section in the umbracosettings.config file?
// keeping in mind that we will also be removing the members membership provider so there will be 2x the same/similar configuration.
// TODO: Currently it doesn't actually seem possible to replace any sub-configuration unless totally replacing the IConfigsFactory??
internal class DefaultPasswordConfig : IUserPasswordConfiguration, IMemberPasswordConfiguration
{
public int RequiredLength => 12;
public bool RequireNonLetterOrDigit => false;
public bool RequireDigit => false;
public bool RequireLowercase => false;
public bool RequireUppercase => false;
public bool UseLegacyEncoding => false;
public string HashAlgorithmType => "HMACSHA256";
public int MaxFailedAccessAttemptsBeforeLockout => 5;
}
}

6
src/Umbraco.Configuration/UmbracoSettings/MemberPasswordConfigurationElement.cs Normal file
View File

@@ -0,0 +1,6 @@
namespace Umbraco.Core.Configuration.UmbracoSettings
{
internal class MemberPasswordConfigurationElement : PasswordConfigurationElement, IMemberPasswordConfigurationSection
{
}
}

31
src/Umbraco.Configuration/UmbracoSettings/PasswordConfigurationElement.cs Normal file
View File

@@ -0,0 +1,31 @@
using System.Configuration;
namespace Umbraco.Core.Configuration.UmbracoSettings
{
internal class PasswordConfigurationElement : UmbracoConfigurationElement
{
[ConfigurationProperty("requiredLength", DefaultValue = "12")]
public int RequiredLength => (int)base["requiredLength"];
[ConfigurationProperty("requireNonLetterOrDigit", DefaultValue = "false")]
public bool RequireNonLetterOrDigit => (bool)base["requireNonLetterOrDigit"];
[ConfigurationProperty("requireDigit", DefaultValue = "false")]
public bool RequireDigit => (bool)base["requireDigit"];
[ConfigurationProperty("requireLowercase", DefaultValue = "false")]
public bool RequireLowercase => (bool)base["requireLowercase"];
[ConfigurationProperty("requireUppercase", DefaultValue = "false")]
public bool RequireUppercase => (bool)base["requireUppercase"];
[ConfigurationProperty("useLegacyEncoding", DefaultValue = "false")]
public bool UseLegacyEncoding => (bool)base["useLegacyEncoding"];
[ConfigurationProperty("hashAlgorithmType", DefaultValue = "HMACSHA256")]
public string HashAlgorithmType => (string)base["hashAlgorithmType"];
[ConfigurationProperty("maxFailedAccessAttemptsBeforeLockout", DefaultValue = "5")]
public int MaxFailedAccessAttemptsBeforeLockout => (int)base["maxFailedAccessAttemptsBeforeLockout"];
}
}

10
src/Umbraco.Configuration/UmbracoSettings/SecurityElement.cs
View File

@@ -32,6 +32,12 @@ namespace Umbraco.Core.Configuration.UmbracoSettings
[ConfigurationProperty("authCookieDomain")]
internal InnerTextConfigurationElement<string> AuthCookieDomain => GetOptionalTextElement<string>("authCookieDomain", null);
[ConfigurationProperty("userPasswordConfiguration")]
public UserPasswordConfigurationElement UserPasswordConfiguration => (UserPasswordConfigurationElement)this["userPasswordConfiguration"];
[ConfigurationProperty("memberPasswordConfiguration")]
public MemberPasswordConfigurationElement MemberPasswordConfiguration => (MemberPasswordConfigurationElement)this["memberPasswordConfiguration"];
bool ISecuritySection.KeepUserLoggedIn => KeepUserLoggedIn;
bool ISecuritySection.HideDisabledUsersInBackoffice => HideDisabledUsersInBackoffice;
@@ -53,5 +59,9 @@ namespace Umbraco.Core.Configuration.UmbracoSettings
string ISecuritySection.AuthCookieName => AuthCookieName;
string ISecuritySection.AuthCookieDomain => AuthCookieDomain;
IUserPasswordConfigurationSection ISecuritySection.UserPasswordConfiguration => UserPasswordConfiguration;
IMemberPasswordConfigurationSection ISecuritySection.MemberPasswordConfiguration => MemberPasswordConfiguration;
}
}

6
src/Umbraco.Configuration/UmbracoSettings/UserPasswordConfigurationElement.cs Normal file
View File

@@ -0,0 +1,6 @@
namespace Umbraco.Core.Configuration.UmbracoSettings
{
internal class UserPasswordConfigurationElement : PasswordConfigurationElement, IUserPasswordConfigurationSection
{
}
}

96
src/Umbraco.Tests/Configurations/UmbracoSettings/SecurityElementTests.cs
View File

@@ -35,5 +35,101 @@ namespace Umbraco.Tests.Configurations.UmbracoSettings
{
Assert.IsTrue(SettingsSection.Security.AuthCookieName == "UMB_UCONTEXT");
}
[Test]
public void UserPasswordConfiguration_RequiredLength()
{
Assert.IsTrue(SettingsSection.Security.UserPasswordConfiguration.RequiredLength == 12);
}
[Test]
public void UserPasswordConfiguration_RequireNonLetterOrDigit()
{
Assert.IsTrue(SettingsSection.Security.UserPasswordConfiguration.RequireNonLetterOrDigit == false);
}
[Test]
public void UserPasswordConfiguration_RequireDigit()
{
Assert.IsTrue(SettingsSection.Security.UserPasswordConfiguration.RequireDigit == false);
}
[Test]
public void UserPasswordConfiguration_RequireLowercase()
{
Assert.IsTrue(SettingsSection.Security.UserPasswordConfiguration.RequireLowercase == false);
}
[Test]
public void UserPasswordConfiguration_RequireUppercase()
{
Assert.IsTrue(SettingsSection.Security.UserPasswordConfiguration.RequireUppercase == false);
}
[Test]
public void UserPasswordConfiguration_UseLegacyEncoding()
{
Assert.IsTrue(SettingsSection.Security.UserPasswordConfiguration.UseLegacyEncoding == false);
}
[Test]
public void UserPasswordConfiguration_HashAlgorithmType()
{
Assert.IsTrue(SettingsSection.Security.UserPasswordConfiguration.HashAlgorithmType == "HMACSHA256");
}
[Test]
public void UserPasswordConfiguration_MaxFailedAccessAttemptsBeforeLockout()
{
Assert.IsTrue(SettingsSection.Security.UserPasswordConfiguration.MaxFailedAccessAttemptsBeforeLockout == 5);
}
[Test]
public void MemberPasswordConfiguration_RequiredLength()
{
Assert.IsTrue(SettingsSection.Security.MemberPasswordConfiguration.RequiredLength == 12);
}
[Test]
public void MemberPasswordConfiguration_RequireNonLetterOrDigit()
{
Assert.IsTrue(SettingsSection.Security.MemberPasswordConfiguration.RequireNonLetterOrDigit == false);
}
[Test]
public void MemberPasswordConfiguration_RequireDigit()
{
Assert.IsTrue(SettingsSection.Security.MemberPasswordConfiguration.RequireDigit == false);
}
[Test]
public void MemberPasswordConfiguration_RequireLowercase()
{
Assert.IsTrue(SettingsSection.Security.MemberPasswordConfiguration.RequireLowercase == false);
}
[Test]
public void MemberPasswordConfiguration_RequireUppercase()
{
Assert.IsTrue(SettingsSection.Security.MemberPasswordConfiguration.RequireUppercase == false);
}
[Test]
public void MemberPasswordConfiguration_UseLegacyEncoding()
{
Assert.IsTrue(SettingsSection.Security.MemberPasswordConfiguration.UseLegacyEncoding == false);
}
[Test]
public void MemberPasswordConfiguration_HashAlgorithmType()
{
Assert.IsTrue(SettingsSection.Security.MemberPasswordConfiguration.HashAlgorithmType == "HMACSHA256");
}
[Test]
public void MemberPasswordConfiguration_MaxFailedAccessAttemptsBeforeLockout()
{
Assert.IsTrue(SettingsSection.Security.MemberPasswordConfiguration.MaxFailedAccessAttemptsBeforeLockout == 5);
}
}
}

2
src/Umbraco.Tests/Configurations/UmbracoSettings/WebRoutingElementTests.cs
View File

@@ -14,7 +14,7 @@ namespace Umbraco.Tests.Configurations.UmbracoSettings
[Test]
public void InternalRedirectPreservesTemplate()
{
Assert.IsTrue(SettingsSection.WebRouting.TrySkipIisCustomErrors == false);
Assert.IsTrue(SettingsSection.WebRouting.InternalRedirectPreservesTemplate == false);
}
[Test]

7
src/Umbraco.Tests/Configurations/UmbracoSettings/umbracoSettings.config
View File

@@ -69,6 +69,13 @@
<!-- set to true to enable the UI and API to allow back-office users to reset their passwords -->
<allowPasswordReset>true</allowPasswordReset>
<userPasswordConfiguration
requiredLength="12" requireNonLetterOrDigit="false" requireDigit="false" requireLowercase="false" requireUppercase="false"
useLegacyEncoding="false" hashAlgorithmType="HMACSHA256" maxFailedAccessAttemptsBeforeLockout="5" />
<memberPasswordConfiguration
requiredLength="12" requireNonLetterOrDigit="false" requireDigit="false" requireLowercase="false" requireUppercase="false"
useLegacyEncoding="false" hashAlgorithmType="HMACSHA256" maxFailedAccessAttemptsBeforeLockout="5" />
</security>
<requestHandler>

5
src/Umbraco.Tests/TestHelpers/SettingsForTests.cs
View File

@@ -48,6 +48,11 @@ namespace Umbraco.Tests.TestHelpers
var logging = new Mock<ILoggingSection>();
var routing = new Mock<IWebRoutingSection>();
var userPasswordConfig = new Mock<IUserPasswordConfigurationSection>();
var memberPasswordConfig = new Mock<IMemberPasswordConfigurationSection>();
security.Setup(x => x.UserPasswordConfiguration).Returns(userPasswordConfig.Object);
security.Setup(x => x.MemberPasswordConfiguration).Returns(memberPasswordConfig.Object);
settings.Setup(x => x.Content).Returns(content.Object);
settings.Setup(x => x.Security).Returns(security.Object);
settings.Setup(x => x.RequestHandler).Returns(requestHandler.Object);

23
src/Umbraco.Tests/TestHelpers/Stubs/TestUserPasswordConfig.cs Normal file
View File

@@ -0,0 +1,23 @@
using Umbraco.Core.Configuration;
namespace Umbraco.Tests.TestHelpers.Stubs
{
internal class TestUserPasswordConfig : IUserPasswordConfiguration
{
public int RequiredLength => 12;
public bool RequireNonLetterOrDigit => false;
public bool RequireDigit => false;
public bool RequireLowercase => false;
public bool RequireUppercase => false;
public bool UseLegacyEncoding => false;
public string HashAlgorithmType => "HMACSHA256";
public int MaxFailedAccessAttemptsBeforeLockout => 5;
}
}

1
src/Umbraco.Tests/Umbraco.Tests.csproj
View File

@@ -168,6 +168,7 @@
<Compile Include="Services\PropertyValidationServiceTests.cs" />
<Compile Include="Templates\HtmlLocalLinkParserTests.cs" />
<Compile Include="TestHelpers\RandomIdRamDirectory.cs" />
<Compile Include="TestHelpers\Stubs\TestUserPasswordConfig.cs" />
<Compile Include="Testing\Objects\TestDataSource.cs" />
<Compile Include="Published\PublishedSnapshotTestObjects.cs" />
<Compile Include="Published\ModelTypeTests.cs" />

4
src/Umbraco.Tests/Web/Controllers/AuthenticationControllerTests.cs
View File

@@ -16,7 +16,6 @@ using Umbraco.Core;
using Umbraco.Core.Cache;
using Umbraco.Core.Composing;
using Umbraco.Core.Configuration;
using Umbraco.Core.IO;
using Umbraco.Core.Logging;
using Umbraco.Core.Mapping;
using Umbraco.Core.Persistence;
@@ -26,6 +25,7 @@ using Umbraco.Core.Persistence.SqlSyntax;
using Umbraco.Core.Services;
using Umbraco.Tests.TestHelpers;
using Umbraco.Tests.TestHelpers.ControllerTesting;
using Umbraco.Tests.TestHelpers.Stubs;
using Umbraco.Tests.Testing;
using Umbraco.Web;
using Umbraco.Web.Editors;
@@ -76,7 +76,7 @@ namespace Umbraco.Tests.Web.Controllers
}
IOHelper.ForceNotHosted = true;
var usersController = new AuthenticationController(
new DefaultPasswordConfig(),
new TestUserPasswordConfig(),
Factory.GetInstance<IGlobalSettings>(),
umbracoContextAccessor,
Factory.GetInstance<ISqlContext>(),

500
src/Umbraco.Web.UI/config/umbracoSettings.Release.config
View File

@@ -1,245 +1,255 @@
<?xml version="1.0" encoding="utf-8" ?>
<settings>
<!--
umbracoSettings.config configuration documentation can be found here:
https://our.umbraco.com/documentation/using-umbraco/config-files/umbracoSettings/
Many of the optional settings are not explicitly listed here
but can be found in the online documentation.
-->
<backOffice>
<tours enable="true"></tours>
</backOffice>
<content>
<errors>
<error404>1</error404>
<!--
The value for error pages can be:
* A content item's GUID ID (example: 26C1D84F-C900-4D53-B167-E25CC489DAC8)
* An XPath statement (example: //errorPages[@nodeName='My cool error']
* A content item's integer ID (example: 1234)
-->
<!--
<error404>
<errorPage culture="default">26C1D84F-C900-4D53-B167-E25CC489DAC8</errorPage>
<errorPage culture="en-US">D820E120-6865-4D88-BFFE-48801A6AC375</errorPage>
</error404>
-->
</errors>
<notifications>
<!-- the email that should be used as from mail when umbraco sends a notification -->
<!-- you can add a display name to the email like this: <email>Your display name here &lt;your@email.here&gt;</email> -->
<email>your@email.here</email>
</notifications>
<!-- The html injected into a (x)html page if Umbraco is running in preview mode -->
<PreviewBadge>
<![CDATA[
<div id="umbracoPreviewBadge" class="umbraco-preview-badge">
<span class="umbraco-preview-badge__header">Preview mode</span>
<a href="{0}/preview/?id={2}" class="umbraco-preview-badge__a open">
</a>
<a href="{0}/preview/end?redir={1}" class="umbraco-preview-badge__a end">
<svg viewBox="0 0 100 100" xmlns="http://www.w3.org/2000/svg"><title>Click to end</title><path fill="#fff" d="M5273.1 2400.1v-2c0-2.8-5-4-9.7-4s-9.7 1.3-9.7 4v2a7 7 0 002 4.9l5 4.9c.3.3.4.6.4 1v6.4c0 .4.2.7.6.8l2.9.9c.5.1 1-.2 1-.8v-7.2c0-.4.2-.7.4-1l5.1-5a7 7 0 002-4.9zm-9.7-.1c-4.8 0-7.4-1.3-7.5-1.8.1-.5 2.7-1.8 7.5-1.8s7.3 1.3 7.5 1.8c-.2.5-2.7 1.8-7.5 1.8z"/><path fill="#fff" d="M5268.4 2410.3c-.6 0-1 .4-1 1s.4 1 1 1h4.3c.6 0 1-.4 1-1s-.4-1-1-1h-4.3zM5272.7 2413.7h-4.3c-.6 0-1 .4-1 1s.4 1 1 1h4.3c.6 0 1-.4 1-1s-.4-1-1-1zM5272.7 2417h-4.3c-.6 0-1 .4-1 1s.4 1 1 1h4.3c.6 0 1-.4 1-1 0-.5-.4-1-1-1z"/><path fill="#fff" d="M78.2 13l-8.7 11.7a32.5 32.5 0 11-51.9 25.8c0-10.3 4.7-19.7 12.9-25.8L21.8 13a47 47 0 1056.4 0z"/><path fill="#fff" d="M42.7 2.5h14.6v49.4H42.7z"/></svg>
</a>
</div>
<style type="text/css">
.umbraco-preview-badge {{
position: fixed;
bottom: 0;
display: inline-flex;
background: rgba(27, 38, 79, 0.9);
color: #fff;
font-size: 12px;
z-index: 99999999;
justify-content: center;
align-items: center;
box-shadow: 0 5px 10px rgba(0, 0, 0, .2), 0 1px 2px rgba(0, 0, 0, .2);
line-height: 1;
pointer-events:none;
left: 50%;
transform: translate(-50%, 40px);
animation: umbraco-preview-badge--effect 10s 100ms ease both;
border-radius: 3px 3px 0 0;
}}
@keyframes umbraco-preview-badge--effect {{
0% {{
transform: translate(-50%, 40px);
animation-timing-function: ease-out;
}}
1.5% {{
transform: translate(-50%, -20px);
animation-timing-function: ease-in;
}}
5.0% {{
transform: translate(-50%, -8px);
animation-timing-function: ease-in;
}}
7.5% {{
transform: translate(-50%, -4px);
animation-timing-function: ease-in;
}}
9.2% {{
transform: translate(-50%, -2px);
animation-timing-function: ease-in;
}}
3.5%,
6.5%,
8.5% {{
transform: translate(-50%, 0px);
animation-timing-function: ease-out;
}}
9.7% {{
transform: translate(-50%, 0px);
animation-timing-function: ease-out;
}}
10.0% {{
transform: translate(-50%, 0px);
}}
60% {{
transform: translate(-50%, 0px);
animation-timing-function: ease-out;
}}
61.5% {{
transform: translate(-50%, -20px);
animation-timing-function: ease-in;
}}
65.0% {{
transform: translate(-50%, -8px);
animation-timing-function: ease-in;
}}
67.5% {{
transform: translate(-50%, -4px);
animation-timing-function: ease-in;
}}
69.2% {{
transform: translate(-50%, -2px);
animation-timing-function: ease-in;
}}
63.5%,
66.5%,
68.5% {{
transform: translate(-50%, 0px);
animation-timing-function: ease-out;
}}
69.7% {{
transform: translate(-50%, 0px);
animation-timing-function: ease-out;
}}
70.0% {{
transform: translate(-50%, 0px);
}}
100.0% {{
transform: translate(-50%, 0px);
}}
}}
.umbraco-preview-badge__header {{
padding: 1em;
font-weight: bold;
pointer-events:none;
}}
.umbraco-preview-badge__a {{
width: 3em;
padding: 1em;
display: flex;
flex-shrink: 0;
align-items: center;
align-self: stretch;
color:white;
text-decoration:none;
font-weight: bold;
border-left: 1px solid hsla(0,0%,100%,.25);
pointer-events:all;
}}
.umbraco-preview-badge__a svg {{
width: 1em;
height:1em;
}}
.umbraco-preview-badge__a:hover {{
background: #202d5e;
}}
.umbraco-preview-badge__end svg {{
fill: #fff;
width:1em;
}}
</style>
]]>
</PreviewBadge>
<!-- How Umbraco should handle errors during macro execution. Can be one of the following values:
- inline - show an inline error within the macro but allow the page to continue rendering. Historial Umbraco behaviour.
- silent - Silently suppress the error and do not render the offending macro.
- throw - Throw an exception which can be caught by the global error handler defined in Application_OnError. If no such
error handler is defined then you'll see the Yellow Screen Of Death (YSOD) error page.
Note the error can also be handled by the umbraco.macro.Error event, where you can log/alarm with your own code and change the behaviour per event. -->
<MacroErrors>throw</MacroErrors>
<!-- These file types will not be allowed to be uploaded via the upload control for media and content -->
<disallowedUploadFiles>ashx,aspx,ascx,config,cshtml,vbhtml,asmx,air,axd,swf,xml,xhtml,html,htm,php,htaccess</disallowedUploadFiles>
<!-- You can specify your own background image for the login screen here. This path is relative to the ~/umbraco path. The default location is: /umbraco/assets/img/login.jpg -->
<loginBackgroundImage>assets/img/login.jpg</loginBackgroundImage>
</content>
<security>
<!-- set to true to auto update login interval (and there by disabling the lock screen -->
<keepUserLoggedIn>false</keepUserLoggedIn>
<!-- by default this is true and if not specified in config will be true. set to false to always show a separate username field in the back office user editor -->
<usernameIsEmail>true</usernameIsEmail>
<!-- change in 4.8: Disabled users are now showed dimmed and last in the tree. If you prefer not to display them set this to true -->
<hideDisabledUsersInBackoffice>false</hideDisabledUsersInBackoffice>
</security>
<requestHandler>
<!-- this ensures that all url segments are turned to ASCII as much as we can -->
<urlReplacing toAscii="try" />
</requestHandler>
<!--
web.routing
@trySkipIisCustomErrors
Tries to skip IIS custom errors.
Starting with IIS 7.5, this must be set to true for Umbraco 404 pages to show. Else, IIS will take
over and render its built-in error page. See MS doc for HttpResponseBase.TrySkipIisCustomErrors.
The default value is false, for backward compatibility reasons, which means that IIS _will_ take
over, and _prevent_ Umbraco 404 pages to show.
@internalRedirectPreservesTemplate
By default as soon as we're not displaying the initial document, we reset the template set by the
finder or by the alt. template. Set this option to true to preserve the template set by the finder
or by the alt. template, in case of an internal redirect.
(false by default, and in fact should remain false unless you know what you're doing)
@disableAlternativeTemplates
By default you can add a altTemplate querystring or append a template name to the current URL which
will make Umbraco render the content on the current page with the template you requested, for example:
http://mysite.com/about-us/?altTemplate=Home and http://mysite.com/about-us/Home would render the
"About Us" page with a template with the alias Home. Setting this setting to true stops that behavior
@validateAlternativeTemplates
By default you can add a altTemplate querystring or append a template name to the current URL which
will make Umbraco render the content on the current page with the template you requested, for example:
http://mysite.com/about-us/?altTemplate=Home and http://mysite.com/about-us/Home would render the
"About Us" page with a template with the alias Home. Setting this setting to true will ensure that
only templates that have been permitted on the document type will be allowed
@disableFindContentByIdPath
By default you can call any content Id in the url and show the content with that id, for example:
http://mysite.com/1092 or http://mysite.com/1092.aspx would render the content with id 1092. Setting
this setting to true stops that behavior
@umbracoApplicationUrl
The url of the Umbraco application. By default, Umbraco will figure it out from the first request.
Configure it here if you need anything specific. Needs to be a complete url with scheme and umbraco
path, eg http://mysite.com/umbraco. NOT just "mysite.com" or "mysite.com/umbraco" or "http://mysite.com".
-->
<web.routing
trySkipIisCustomErrors="true"
internalRedirectPreservesTemplate="false" disableAlternativeTemplates="false" validateAlternativeTemplates="false" disableFindContentByIdPath="false"
umbracoApplicationUrl="">
</web.routing>
</settings>
<?xml version="1.0" encoding="utf-8" ?>
<settings>
<!--
umbracoSettings.config configuration documentation can be found here:
https://our.umbraco.com/documentation/using-umbraco/config-files/umbracoSettings/
Many of the optional settings are not explicitly listed here
but can be found in the online documentation.
-->
<backOffice>
<tours enable="true"></tours>
</backOffice>
<content>
<errors>
<error404>1</error404>
<!--
The value for error pages can be:
* A content item's GUID ID (example: 26C1D84F-C900-4D53-B167-E25CC489DAC8)
* An XPath statement (example: //errorPages[@nodeName='My cool error']
* A content item's integer ID (example: 1234)
-->
<!--
<error404>
<errorPage culture="default">26C1D84F-C900-4D53-B167-E25CC489DAC8</errorPage>
<errorPage culture="en-US">D820E120-6865-4D88-BFFE-48801A6AC375</errorPage>
</error404>
-->
</errors>
<notifications>
<!-- the email that should be used as from mail when umbraco sends a notification -->
<!-- you can add a display name to the email like this: <email>Your display name here &lt;your@email.here&gt;</email> -->
<email>your@email.here</email>
</notifications>
<!-- The html injected into a (x)html page if Umbraco is running in preview mode -->
<PreviewBadge>
<![CDATA[
<div id="umbracoPreviewBadge" class="umbraco-preview-badge">
<span class="umbraco-preview-badge__header">Preview mode</span>
<a href="{0}/preview/?id={2}" class="umbraco-preview-badge__a open">
</a>
<a href="{0}/preview/end?redir={1}" class="umbraco-preview-badge__a end">
<svg viewBox="0 0 100 100" xmlns="http://www.w3.org/2000/svg"><title>Click to end</title><path fill="#fff" d="M5273.1 2400.1v-2c0-2.8-5-4-9.7-4s-9.7 1.3-9.7 4v2a7 7 0 002 4.9l5 4.9c.3.3.4.6.4 1v6.4c0 .4.2.7.6.8l2.9.9c.5.1 1-.2 1-.8v-7.2c0-.4.2-.7.4-1l5.1-5a7 7 0 002-4.9zm-9.7-.1c-4.8 0-7.4-1.3-7.5-1.8.1-.5 2.7-1.8 7.5-1.8s7.3 1.3 7.5 1.8c-.2.5-2.7 1.8-7.5 1.8z"/><path fill="#fff" d="M5268.4 2410.3c-.6 0-1 .4-1 1s.4 1 1 1h4.3c.6 0 1-.4 1-1s-.4-1-1-1h-4.3zM5272.7 2413.7h-4.3c-.6 0-1 .4-1 1s.4 1 1 1h4.3c.6 0 1-.4 1-1s-.4-1-1-1zM5272.7 2417h-4.3c-.6 0-1 .4-1 1s.4 1 1 1h4.3c.6 0 1-.4 1-1 0-.5-.4-1-1-1z"/><path fill="#fff" d="M78.2 13l-8.7 11.7a32.5 32.5 0 11-51.9 25.8c0-10.3 4.7-19.7 12.9-25.8L21.8 13a47 47 0 1056.4 0z"/><path fill="#fff" d="M42.7 2.5h14.6v49.4H42.7z"/></svg>
</a>
</div>
<style type="text/css">
.umbraco-preview-badge {{
position: fixed;
bottom: 0;
display: inline-flex;
background: rgba(27, 38, 79, 0.9);
color: #fff;
font-size: 12px;
z-index: 99999999;
justify-content: center;
align-items: center;
box-shadow: 0 5px 10px rgba(0, 0, 0, .2), 0 1px 2px rgba(0, 0, 0, .2);
line-height: 1;
pointer-events:none;
left: 50%;
transform: translate(-50%, 40px);
animation: umbraco-preview-badge--effect 10s 100ms ease both;
border-radius: 3px 3px 0 0;
}}
@keyframes umbraco-preview-badge--effect {{
0% {{
transform: translate(-50%, 40px);
animation-timing-function: ease-out;
}}
1.5% {{
transform: translate(-50%, -20px);
animation-timing-function: ease-in;
}}
5.0% {{
transform: translate(-50%, -8px);
animation-timing-function: ease-in;
}}
7.5% {{
transform: translate(-50%, -4px);
animation-timing-function: ease-in;
}}
9.2% {{
transform: translate(-50%, -2px);
animation-timing-function: ease-in;
}}
3.5%,
6.5%,
8.5% {{
transform: translate(-50%, 0px);
animation-timing-function: ease-out;
}}
9.7% {{
transform: translate(-50%, 0px);
animation-timing-function: ease-out;
}}
10.0% {{
transform: translate(-50%, 0px);
}}
60% {{
transform: translate(-50%, 0px);
animation-timing-function: ease-out;
}}
61.5% {{
transform: translate(-50%, -20px);
animation-timing-function: ease-in;
}}
65.0% {{
transform: translate(-50%, -8px);
animation-timing-function: ease-in;
}}
67.5% {{
transform: translate(-50%, -4px);
animation-timing-function: ease-in;
}}
69.2% {{
transform: translate(-50%, -2px);
animation-timing-function: ease-in;
}}
63.5%,
66.5%,
68.5% {{
transform: translate(-50%, 0px);
animation-timing-function: ease-out;
}}
69.7% {{
transform: translate(-50%, 0px);
animation-timing-function: ease-out;
}}
70.0% {{
transform: translate(-50%, 0px);
}}
100.0% {{
transform: translate(-50%, 0px);
}}
}}
.umbraco-preview-badge__header {{
padding: 1em;
font-weight: bold;
pointer-events:none;
}}
.umbraco-preview-badge__a {{
width: 3em;
padding: 1em;
display: flex;
flex-shrink: 0;
align-items: center;
align-self: stretch;
color:white;
text-decoration:none;
font-weight: bold;
border-left: 1px solid hsla(0,0%,100%,.25);
pointer-events:all;
}}
.umbraco-preview-badge__a svg {{
width: 1em;
height:1em;
}}
.umbraco-preview-badge__a:hover {{
background: #202d5e;
}}
.umbraco-preview-badge__end svg {{
fill: #fff;
width:1em;
}}
</style>
]]>
</PreviewBadge>
<!-- How Umbraco should handle errors during macro execution. Can be one of the following values:
- inline - show an inline error within the macro but allow the page to continue rendering. Historial Umbraco behaviour.
- silent - Silently suppress the error and do not render the offending macro.
- throw - Throw an exception which can be caught by the global error handler defined in Application_OnError. If no such
error handler is defined then you'll see the Yellow Screen Of Death (YSOD) error page.
Note the error can also be handled by the umbraco.macro.Error event, where you can log/alarm with your own code and change the behaviour per event. -->
<MacroErrors>throw</MacroErrors>
<!-- These file types will not be allowed to be uploaded via the upload control for media and content -->
<disallowedUploadFiles>ashx,aspx,ascx,config,cshtml,vbhtml,asmx,air,axd,swf,xml,xhtml,html,htm,php,htaccess</disallowedUploadFiles>
<!-- You can specify your own background image for the login screen here. This path is relative to the ~/umbraco path. The default location is: /umbraco/assets/img/login.jpg -->
<loginBackgroundImage>assets/img/login.jpg</loginBackgroundImage>
</content>
<security>
<!-- set to true to auto update login interval (and there by disabling the lock screen -->
<keepUserLoggedIn>false</keepUserLoggedIn>
<!-- by default this is true and if not specified in config will be true. set to false to always show a separate username field in the back office user editor -->
<usernameIsEmail>true</usernameIsEmail>
<!-- change in 4.8: Disabled users are now showed dimmed and last in the tree. If you prefer not to display them set this to true -->
<hideDisabledUsersInBackoffice>false</hideDisabledUsersInBackoffice>
<!-- use to configure rules for password complexity for users and members -->
<userPasswordConfiguration
requiredLength="12" requireNonLetterOrDigit="false" requireDigit="false" requireLowercase="false" requireUppercase="false"
useLegacyEncoding="false" hashAlgorithmType="HMACSHA256" maxFailedAccessAttemptsBeforeLockout="5" />
<memberPasswordConfiguration
requiredLength="12" requireNonLetterOrDigit="false" requireDigit="false" requireLowercase="false" requireUppercase="false"
useLegacyEncoding="false" hashAlgorithmType="HMACSHA256" maxFailedAccessAttemptsBeforeLockout="5" />
</security>
<requestHandler>
<!-- this ensures that all url segments are turned to ASCII as much as we can -->
<urlReplacing toAscii="try" />
</requestHandler>
<!--
web.routing
@trySkipIisCustomErrors
Tries to skip IIS custom errors.
Starting with IIS 7.5, this must be set to true for Umbraco 404 pages to show. Else, IIS will take
over and render its built-in error page. See MS doc for HttpResponseBase.TrySkipIisCustomErrors.
The default value is false, for backward compatibility reasons, which means that IIS _will_ take
over, and _prevent_ Umbraco 404 pages to show.
@internalRedirectPreservesTemplate
By default as soon as we're not displaying the initial document, we reset the template set by the
finder or by the alt. template. Set this option to true to preserve the template set by the finder
or by the alt. template, in case of an internal redirect.
(false by default, and in fact should remain false unless you know what you're doing)
@disableAlternativeTemplates
By default you can add a altTemplate querystring or append a template name to the current URL which
will make Umbraco render the content on the current page with the template you requested, for example:
http://mysite.com/about-us/?altTemplate=Home and http://mysite.com/about-us/Home would render the
"About Us" page with a template with the alias Home. Setting this setting to true stops that behavior
@validateAlternativeTemplates
By default you can add a altTemplate querystring or append a template name to the current URL which
will make Umbraco render the content on the current page with the template you requested, for example:
http://mysite.com/about-us/?altTemplate=Home and http://mysite.com/about-us/Home would render the
"About Us" page with a template with the alias Home. Setting this setting to true will ensure that
only templates that have been permitted on the document type will be allowed
@disableFindContentByIdPath
By default you can call any content Id in the url and show the content with that id, for example:
http://mysite.com/1092 or http://mysite.com/1092.aspx would render the content with id 1092. Setting
this setting to true stops that behavior
@umbracoApplicationUrl
The url of the Umbraco application. By default, Umbraco will figure it out from the first request.
Configure it here if you need anything specific. Needs to be a complete url with scheme and umbraco
path, eg http://mysite.com/umbraco. NOT just "mysite.com" or "mysite.com/umbraco" or "http://mysite.com".
-->
<web.routing
trySkipIisCustomErrors="true"
internalRedirectPreservesTemplate="false" disableAlternativeTemplates="false" validateAlternativeTemplates="false" disableFindContentByIdPath="false"
umbracoApplicationUrl="">
</web.routing>
</settings>

10
src/Umbraco.Web.UI/config/umbracoSettings.config
View File

@@ -192,10 +192,20 @@
<security>
<!-- set to true to auto update login interval (and there by disabling the lock screen -->
<keepUserLoggedIn>false</keepUserLoggedIn>
<!-- by default this is true and if not specified in config will be true. set to false to always show a separate username field in the back office user editor -->
<usernameIsEmail>true</usernameIsEmail>
<!-- change in 4.8: Disabled users are now showed dimmed and last in the tree. If you prefer not to display them set this to true -->
<hideDisabledUsersInBackoffice>false</hideDisabledUsersInBackoffice>
<!-- use to configure rules for password complexity for users and members -->
<userPasswordConfiguration
requiredLength="12" requireNonLetterOrDigit="false" requireDigit="false" requireLowercase="false" requireUppercase="false"
useLegacyEncoding="false" hashAlgorithmType="HMACSHA256" maxFailedAccessAttemptsBeforeLockout="5" />
<memberPasswordConfiguration
requiredLength="12" requireNonLetterOrDigit="false" requireDigit="false" requireLowercase="false" requireUppercase="false"
useLegacyEncoding="false" hashAlgorithmType="HMACSHA256" maxFailedAccessAttemptsBeforeLockout="5" />
</security>
<requestHandler>

2
src/Umbraco.Web/UmbracoDefaultOwinStartup.cs
View File

@@ -29,7 +29,7 @@ namespace Umbraco.Web
protected IUmbracoContextAccessor UmbracoContextAccessor => Current.UmbracoContextAccessor;
protected IGlobalSettings GlobalSettings => Current.Configs.Global();
protected IUmbracoSettingsSection UmbracoSettings => Current.Configs.Settings();
protected IUserPasswordConfiguration UserPasswordConfig => Current.Configs.UserPasswordConfig();
protected IUserPasswordConfiguration UserPasswordConfig => Current.Configs.UserPasswordConfiguration();
protected IRuntimeState RuntimeState => Core.Composing.Current.RuntimeState;
protected ServiceContext Services => Current.Services;
protected UmbracoMapper Mapper => Current.Mapper;