yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Replace usages of ClaimsIdentityExtensions.Issuer with Constants.Security.BackOfficeAuthenticationType

Browse Source 
Also remove todo and cases of using ClaimsIdentityExtensions = Umbraco.Extensions.ClaimsIdentityExtensions;
This commit is contained in:
Mole
2021-02-22 15:30:28 +01:00
parent 63c8365e6a
commit 1c1394e0bf
4 changed files with 69 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
src/Umbraco.Core/Extensions/ClaimsIdentityExtensions.cs
View File

@@ -93,8 +93,6 @@ namespace Umbraco.Extensions
Constants.Security.SecurityStampClaimType
};
public const string Issuer = Constants.Security.BackOfficeAuthenticationType;
/// <summary>
/// Verify that a ClaimsIdentity has all the required claim types
/// </summary>
@@ -138,18 +136,35 @@ namespace Umbraco.Extensions
//This is the id that 'identity' uses to check for the user id
if (identity.HasClaim(x => x.Type == ClaimTypes.NameIdentifier) == false)
{
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, userId, ClaimValueTypes.String,
Issuer, Issuer, identity));
identity.AddClaim(new Claim(
ClaimTypes.NameIdentifier,
userId,
ClaimValueTypes.String,
Constants.Security.BackOfficeAuthenticationType,
Constants.Security.BackOfficeAuthenticationType,
identity));
}
if (identity.HasClaim(x => x.Type == ClaimTypes.Name) == false)
{
identity.AddClaim(new Claim(ClaimTypes.Name, username, ClaimValueTypes.String, Issuer, Issuer, identity));
identity.AddClaim(new Claim(
ClaimTypes.Name,
username,
ClaimValueTypes.String,
Constants.Security.BackOfficeAuthenticationType,
Constants.Security.BackOfficeAuthenticationType,
identity));
}
if (identity.HasClaim(x => x.Type == ClaimTypes.GivenName) == false)
{
identity.AddClaim(new Claim(ClaimTypes.GivenName, realName, ClaimValueTypes.String, Issuer, Issuer, identity));
identity.AddClaim(new Claim(
ClaimTypes.GivenName,
realName,
ClaimValueTypes.String,
Constants.Security.BackOfficeAuthenticationType,
Constants.Security.BackOfficeAuthenticationType,
identity));
}
if (identity.HasClaim(x => x.Type == Constants.Security.StartContentNodeIdClaimType) == false &&
@@ -157,7 +172,13 @@ namespace Umbraco.Extensions
{
foreach (var startContentNode in startContentNodes)
{
identity.AddClaim(new Claim(Constants.Security.StartContentNodeIdClaimType, startContentNode.ToInvariantString(), ClaimValueTypes.Integer32, Issuer, Issuer, identity));
identity.AddClaim(new Claim(
Constants.Security.StartContentNodeIdClaimType,
startContentNode.ToInvariantString(),
ClaimValueTypes.Integer32,
Constants.Security.BackOfficeAuthenticationType,
Constants.Security.BackOfficeAuthenticationType,
identity));
}
}
@@ -166,19 +187,37 @@ namespace Umbraco.Extensions
{
foreach (var startMediaNode in startMediaNodes)
{
identity.AddClaim(new Claim(Constants.Security.StartMediaNodeIdClaimType, startMediaNode.ToInvariantString(), ClaimValueTypes.Integer32, Issuer, Issuer, identity));
identity.AddClaim(new Claim(
Constants.Security.StartMediaNodeIdClaimType,
startMediaNode.ToInvariantString(),
ClaimValueTypes.Integer32,
Constants.Security.BackOfficeAuthenticationType,
Constants.Security.BackOfficeAuthenticationType,
identity));
}
}
if (identity.HasClaim(x => x.Type == ClaimTypes.Locality) == false)
{
identity.AddClaim(new Claim(ClaimTypes.Locality, culture, ClaimValueTypes.String, Issuer, Issuer, identity));
identity.AddClaim(new Claim(
ClaimTypes.Locality,
culture,
ClaimValueTypes.String,
Constants.Security.BackOfficeAuthenticationType,
Constants.Security.BackOfficeAuthenticationType,
identity));
}
// The security stamp claim is also required
if (identity.HasClaim(x => x.Type == Constants.Security.SecurityStampClaimType) == false)
{
identity.AddClaim(new Claim(Constants.Security.SecurityStampClaimType, securityStamp, ClaimValueTypes.String, Issuer, Issuer, identity));
identity.AddClaim(new Claim(
Constants.Security.SecurityStampClaimType,
securityStamp,
ClaimValueTypes.String,
Constants.Security.BackOfficeAuthenticationType,
Constants.Security.BackOfficeAuthenticationType,
identity));
}
// Add each app as a separate claim
@@ -187,7 +226,13 @@ namespace Umbraco.Extensions
{
foreach (var application in allowedApps)
{
identity.AddClaim(new Claim(Constants.Security.AllowedApplicationsClaimType, application, ClaimValueTypes.String, Issuer, Issuer, identity));
identity.AddClaim(new Claim(
Constants.Security.AllowedApplicationsClaimType,
application,
ClaimValueTypes.String,
Constants.Security.BackOfficeAuthenticationType,
Constants.Security.BackOfficeAuthenticationType,
identity));
}
}
@@ -198,7 +243,13 @@ namespace Umbraco.Extensions
// Manually add them
foreach (var roleName in roles)
{
identity.AddClaim(new Claim(identity.RoleClaimType, roleName, ClaimValueTypes.String, Issuer, Issuer, identity));
identity.AddClaim(new Claim(
identity.RoleClaimType,
roleName,
ClaimValueTypes.String,
Constants.Security.BackOfficeAuthenticationType,
Constants.Security.BackOfficeAuthenticationType,
identity));
}
}
}

2
src/Umbraco.Infrastructure/Security/BackOfficeClaimsPrincipalFactory.cs
View File

@@ -43,8 +43,6 @@ namespace Umbraco.Core.Security
baseIdentity.AddClaim(new Claim(claim.ClaimType, claim.ClaimValue));
}
// TODO: We want to remove UmbracoBackOfficeIdentity and only rely on ClaimsIdentity, once
// that is done then we'll create a ClaimsIdentity with all of the requirements here instead
baseIdentity.AddRequiredClaims(
user.Id,
user.UserName,

5
src/Umbraco.Tests.UnitTests/Umbraco.Core/Extensions/ClaimsPrincipalExtensionsTests.cs
View File

@@ -8,7 +8,6 @@ using NUnit.Framework;
using Umbraco.Cms.Core.Security;
using Umbraco.Extensions;
using Constants = Umbraco.Cms.Core.Constants;
using ClaimsIdentityExtensions = Umbraco.Extensions.ClaimsIdentityExtensions;
namespace Umbraco.Cms.Tests.UnitTests.Umbraco.Core.Extensions
{
@@ -43,8 +42,8 @@ namespace Umbraco.Cms.Tests.UnitTests.Umbraco.Core.Extensions
Constants.Security.TicketExpiresClaimType,
expires,
ClaimValueTypes.DateTime,
ClaimsIdentityExtensions.Issuer,
ClaimsIdentityExtensions.Issuer,
Constants.Security.BackOfficeAuthenticationType,
Constants.Security.BackOfficeAuthenticationType,
backOfficeIdentity));
var ticketRemainingSeconds = principal.GetRemainingAuthSeconds(then);

9
src/Umbraco.Web.BackOffice/Security/ConfigureBackOfficeCookieOptions.cs
View File

@@ -15,7 +15,6 @@ using Umbraco.Cms.Core.Routing;
using Umbraco.Cms.Core.Services;
using Umbraco.Cms.Core.Web;
using Umbraco.Extensions;
using ClaimsIdentityExtensions = Umbraco.Extensions.ClaimsIdentityExtensions;
using Constants = Umbraco.Cms.Core.Constants;
namespace Umbraco.Cms.Web.BackOffice.Security
@@ -155,8 +154,8 @@ namespace Umbraco.Cms.Web.BackOffice.Security
Constants.Security.TicketExpiresClaimType,
ctx.Properties.ExpiresUtc.Value.ToString("o"),
ClaimValueTypes.DateTime,
ClaimsIdentityExtensions.Issuer,
ClaimsIdentityExtensions.Issuer,
Constants.Security.BackOfficeAuthenticationType,
Constants.Security.BackOfficeAuthenticationType,
backOfficeIdentity));
},
@@ -173,10 +172,10 @@ namespace Umbraco.Cms.Web.BackOffice.Security
: Guid.NewGuid();
// add our session claim
backOfficeIdentity.AddClaim(new Claim(Constants.Security.SessionIdClaimType, session.ToString(), ClaimValueTypes.String, ClaimsIdentityExtensions.Issuer, ClaimsIdentityExtensions.Issuer, backOfficeIdentity));
backOfficeIdentity.AddClaim(new Claim(Constants.Security.SessionIdClaimType, session.ToString(), ClaimValueTypes.String, Constants.Security.BackOfficeAuthenticationType, Constants.Security.BackOfficeAuthenticationType, backOfficeIdentity));
// since it is a cookie-based authentication add that claim
backOfficeIdentity.AddClaim(new Claim(ClaimTypes.CookiePath, "/", ClaimValueTypes.String, ClaimsIdentityExtensions.Issuer, ClaimsIdentityExtensions.Issuer, backOfficeIdentity));
backOfficeIdentity.AddClaim(new Claim(ClaimTypes.CookiePath, "/", ClaimValueTypes.String, Constants.Security.BackOfficeAuthenticationType, Constants.Security.BackOfficeAuthenticationType, backOfficeIdentity));
}
return Task.CompletedTask;