yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix trees

Browse Source
This commit is contained in:
Nikolaj Geisle
2022-03-31 12:52:26 +02:00
parent 57ed0b7b4d
commit 2460c82e02
71 changed files with 723 additions and 535 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs
View File

@@ -145,7 +145,7 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers
/// </remarks>
[ValidateAngularAntiForgeryToken]
[Authorize(Policy = AuthorizationPolicies.DenyLocalLoginIfConfigured)]
public async Task<ActionResult<UserDisplay>> PostVerifyInvite([FromQuery] int id, [FromQuery] string token)
public async Task<ActionResult<UserDisplay?>> PostVerifyInvite([FromQuery] int id, [FromQuery] string token)
{
if (string.IsNullOrWhiteSpace(token))
return NotFound();
@@ -158,7 +158,7 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers
if (identityUser == null)
return NotFound();
var result = await _userManager.ConfirmEmailAsync(identityUser, decoded);
var result = await _userManager.ConfirmEmailAsync(identityUser, decoded!);
if (result.Succeeded == false)
{
@@ -178,7 +178,7 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers
[ValidateAngularAntiForgeryToken]
public async Task<IActionResult> PostUnLinkLogin(UnLinkLoginModel unlinkLoginModel)
{
var user = await _userManager.FindByIdAsync(User.Identity.GetUserId());
var user = await _userManager.FindByIdAsync(User.Identity?.GetUserId());
if (user == null) throw new InvalidOperationException("Could not find user");
var authType = (await _signInManager.GetExternalAuthenticationSchemesAsync())
@@ -275,13 +275,16 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers
[Authorize(Policy = AuthorizationPolicies.BackOfficeAccess)]
[SetAngularAntiForgeryTokens]
[CheckIfUserTicketDataIsStale]
public UserDetail GetCurrentUser()
public UserDetail? GetCurrentUser()
{
var user = _backofficeSecurityAccessor.BackOfficeSecurity.CurrentUser;
var user = _backofficeSecurityAccessor.BackOfficeSecurity?.CurrentUser;
var result = _umbracoMapper.Map<UserDetail>(user);
//set their remaining seconds
result.SecondsUntilTimeout = HttpContext.User.GetRemainingAuthSeconds();
if (result is not null)
{
//set their remaining seconds
result.SecondsUntilTimeout = HttpContext.User.GetRemainingAuthSeconds();
}
return result;
}
@@ -297,11 +300,11 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers
[Authorize(Policy = AuthorizationPolicies.BackOfficeAccessWithoutApproval)]
[SetAngularAntiForgeryTokens]
[Authorize(Policy = AuthorizationPolicies.DenyLocalLoginIfConfigured)]
public ActionResult<UserDetail> GetCurrentInvitedUser()
public ActionResult<UserDetail?> GetCurrentInvitedUser()
{
var user = _backofficeSecurityAccessor.BackOfficeSecurity.CurrentUser;
var user = _backofficeSecurityAccessor.BackOfficeSecurity?.CurrentUser;
if (user.IsApproved)
if (user?.IsApproved ?? false)
{
// if they are approved, than they are no longer invited and we can return an error
return Forbid();
@@ -309,8 +312,11 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers
var result = _umbracoMapper.Map<UserDetail>(user);
// set their remaining seconds
result.SecondsUntilTimeout = HttpContext.User.GetRemainingAuthSeconds();
if (result is not null)
{
// set their remaining seconds
result.SecondsUntilTimeout = HttpContext.User.GetRemainingAuthSeconds();
}
return result;
}
@@ -321,7 +327,7 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers
/// <returns></returns>
[SetAngularAntiForgeryTokens]
[Authorize(Policy = AuthorizationPolicies.DenyLocalLoginIfConfigured)]
public async Task<ActionResult<UserDetail>> PostLogin(LoginModel loginModel)
public async Task<ActionResult<UserDetail?>> PostLogin(LoginModel loginModel)
{
// Sign the user in with username/password, this also gives a chance for developers to
// custom verify the credentials and auto-link user accounts with a custom IBackOfficePasswordChecker
@@ -342,13 +348,13 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers
return new ValidationErrorResult($"The registered {typeof(IBackOfficeTwoFactorOptions)} of type {_backOfficeTwoFactorOptions.GetType()} did not return a view for two factor auth ");
}
IUser attemptedUser = _userService.GetByUsername(loginModel.Username);
IUser? attemptedUser = _userService.GetByUsername(loginModel.Username);
// create a with information to display a custom two factor send code view
var verifyResponse = new ObjectResult(new
{
twoFactorView = twofactorView,
userId = attemptedUser.Id
userId = attemptedUser?.Id
})
{
StatusCode = StatusCodes.Status402PaymentRequired
@@ -388,7 +394,7 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers
var user = _userService.GetByEmail(model.Email);
if (user != null)
{
var from = _globalSettings.Smtp.From;
var from = _globalSettings.Smtp?.From;
var code = await _userManager.GeneratePasswordResetTokenAsync(identityUser);
var callbackUrl = ConstructCallbackUrl(identityUser.Id, code);
@@ -445,7 +451,7 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers
return NotFound();
}
var from = _globalSettings.Smtp.From;
var from = _globalSettings.Smtp?.From;
// Generate the token and send it
var code = await _userManager.GenerateTwoFactorTokenAsync(user, provider);
if (string.IsNullOrWhiteSpace(code))
@@ -479,7 +485,7 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers
[SetAngularAntiForgeryTokens]
[AllowAnonymous]
public async Task<ActionResult<UserDetail>> PostVerify2FACode(Verify2FACodeModel model)
public async Task<ActionResult<UserDetail?>> PostVerify2FACode(Verify2FACodeModel model)
{
if (ModelState.IsValid == false)
{
@@ -561,7 +567,7 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers
{
var user = _userService.GetByUsername(identityUser.UserName);
// also check InvitedDate and never logged in, otherwise this would allow a disabled user to reactivate their account with a forgot password
if (user.LastLoginDate == default && user.InvitedDate != null)
if (user?.LastLoginDate == default && user?.InvitedDate != null)
{
user.IsApproved = true;
user.InvitedDate = null;