Merge branch 'netcore/dev' into netcore/task/6973-migrating-authenticationcontroller

# Conflicts:
#	src/Umbraco.Core/Constants-Security.cs
#	src/Umbraco.Infrastructure/BackOffice/BackOfficeClaimsPrincipalFactory.cs
#	src/Umbraco.Infrastructure/BackOffice/BackOfficeUserManager.cs
#	src/Umbraco.Infrastructure/Migrations/Upgrade/UmbracoPlan.cs
#	src/Umbraco.Tests.AcceptanceTest/cypress/integration/Tour/backofficeTour.ts
#	src/Umbraco.Web.BackOffice/Controllers/BackOfficeServerVariables.cs
#	src/Umbraco.Web.BackOffice/Controllers/DenyLocalLoginAuthorizationAttribute.cs
#	src/Umbraco.Web.BackOffice/Controllers/UsersController.cs
#	src/Umbraco.Web.BackOffice/Extensions/HtmlHelperBackOfficeExtensions.cs
#	src/Umbraco.Web.BackOffice/Services/IconService.cs
#	src/Umbraco.Web.Common/Security/ExternalSignInAutoLinkOptions.cs
#	src/Umbraco.Web.UI.Client/src/common/interceptors/_module.js
#	src/Umbraco.Web.UI.Client/src/common/interceptors/requiredheaders.interceptor.js
#	src/Umbraco.Web.UI.Client/src/views/common/overlays/user/user.controller.js
#	src/Umbraco.Web.UI.NetCore/umbraco/UmbracoBackOffice/Default.cshtml
#	src/Umbraco.Web.UI.NetCore/umbraco/config/lang/da.xml
#	src/Umbraco.Web.UI.NetCore/umbraco/config/lang/en.xml
#	src/Umbraco.Web.UI.NetCore/umbraco/config/lang/en_us.xml
#	src/Umbraco.Web.UI/Umbraco/Views/AuthorizeUpgrade.cshtml
#	src/Umbraco.Web/Editors/AuthenticationController.cs
#	src/Umbraco.Web/Editors/BackOfficeController.cs
#	src/Umbraco.Web/Editors/Filters/IsCurrentUserModelFilterAttribute.cs
#	src/Umbraco.Web/Security/AppBuilderExtensions.cs
#	src/Umbraco.Web/Security/AuthenticationOptionsExtensions.cs
#	src/Umbraco.Web/UmbracoDefaultOwinStartup.cs

src/Umbraco.Web.BackOffice/Controllers/UsersController.cs

@@ -428,11 +428,6 @@ namespace Umbraco.Web.BackOffice.Controllers
                 throw new HttpResponseException(HttpStatusCode.BadRequest, ModelState);
             }
 
-            if (EmailSender.CanSendRequiredEmail(_globalSettings) == false)
-            {
-                throw HttpResponseException.CreateNotificationValidationErrorResponse("No Email server is configured");
-            }
-
             IUser user;
             if (_securitySettings.UsernameIsEmail)
             {
@@ -442,9 +437,17 @@ namespace Umbraco.Web.BackOffice.Controllers
             else
             {
                 //first validate the username if we're showing it
-                user = CheckUniqueUsername(userSave.Username, u => u.LastLoginDate != default(DateTime) || u.EmailConfirmedDate.HasValue);
+                user = CheckUniqueUsername(userSave.Username, u => u.LastLoginDate != default || u.EmailConfirmedDate.HasValue);
+            }
+            user = CheckUniqueEmail(userSave.Email, u => u.LastLoginDate != default || u.EmailConfirmedDate.HasValue);
+
+            var userMgr = TryGetOwinContext().Result.GetBackOfficeUserManager();
+
+            if (!EmailSender.CanSendRequiredEmail(GlobalSettings) && !userMgr.HasSendingUserInviteEventHandler)
+            {
+                throw new HttpResponseException(
+                    Request.CreateNotificationValidationErrorResponse("No Email server is configured"));
             }
-            user = CheckUniqueEmail(userSave.Email, u => u.LastLoginDate != default(DateTime) || u.EmailConfirmedDate.HasValue);
 
             //Perform authorization here to see if the current user can actually save this user with the info being requested
             var authHelper = new UserEditorAuthorizationHelper(_contentService,_mediaService, _userService, _entityService);
@@ -477,16 +480,50 @@ namespace Umbraco.Web.BackOffice.Controllers
             //ensure the invited date is set
             user.InvitedDate = DateTime.Now;
 
-            //Save the updated user
+            //Save the updated user (which will process the user groups too)
             _userService.Save(user);
             var display = _umbracoMapper.Map<UserDisplay>(user);
 
-            //send the email
+            var inviteArgs = new UserInviteEventArgs(
+                Request.TryGetHttpContext().Result.GetCurrentRequestIpAddress(),
+                performingUser: Security.GetUserId().Result,
+                userSave,
+                user);
 
-            await SendUserInviteEmailAsync(display, _backofficeSecurityAccessor.BackOfficeSecurity.CurrentUser.Name, _backofficeSecurityAccessor.BackOfficeSecurity.CurrentUser.Email, user, userSave.Message);
+            try
+            {
+                userMgr.RaiseSendingUserInvite(inviteArgs);
+            }
+            catch (Exception ex)
+            {
+                Logger.Error<UsersController>(ex, "An error occured in a custom event handler while inviting the user");
+                throw new HttpResponseException(
+                    Request.CreateNotificationValidationErrorResponse($"An error occured inviting the user (check logs for more info): {ex.Message}"));
+            }
+
+            // If the event is handled then no need to send the email
+            if (inviteArgs.InviteHandled)
+            {
+                // if no user result was created then map the minimum args manually for the UI
+                if (!inviteArgs.ShowUserResult)
+                {
+                    display = new UserDisplay
+                    {
+                        Name = userSave.Name,
+                        Email = userSave.Email,
+                        Username = userSave.Username
+                    };
+                }
+            }
+            else
+            {
+                //send the email
+
+                await SendUserInviteEmailAsync(display, _backofficeSecurityAccessor.BackOfficeSecurity.CurrentUser.Name, _backofficeSecurityAccessor.BackOfficeSecurity.CurrentUser.Email, user, userSave.Message);
+
+            }
 
             display.AddSuccessNotification(_localizedTextService.Localize("speechBubbles/resendInviteHeader"), _localizedTextService.Localize("speechBubbles/resendInviteSuccess", new[] { user.Name }));
-
             return display;
         }
 
@@ -560,7 +597,7 @@ namespace Umbraco.Web.BackOffice.Controllers
         /// <param name="userSave"></param>
         /// <returns></returns>
         [TypeFilter(typeof(OutgoingEditorModelEventAttribute))]
-        public async Task<UserDisplay> PostSaveUser(UserSave userSave)
+        public UserDisplay PostSaveUser(UserSave userSave)
         {
             if (userSave == null) throw new ArgumentNullException(nameof(userSave));
 
@@ -587,6 +624,14 @@ namespace Umbraco.Web.BackOffice.Controllers
 
             var hasErrors = false;
 
+            // we need to check if there's any Deny Local login providers present, if so we need to ensure that the user's email address cannot be changed
+            var owinContext = Request.TryGetOwinContext().Result;
+            var hasDenyLocalLogin = owinContext.Authentication.HasDenyLocalLogin();
+            if (hasDenyLocalLogin)
+            {
+                userSave.Email = found.Email; // it cannot change, this would only happen if people are mucking around with the request
+            }
+
             var existing = _userService.GetByEmail(userSave.Email);
             if (existing != null && existing.Id != userSave.Id)
             {