yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Prevent non-backoffice auth schemes being overridden (#11630)

Browse Source
This commit is contained in:
Scott Brady
2022-02-28 09:40:51 +00:00
committed by GitHub
parent cf3d697bc5
commit 25ea5cdb1b
2 changed files with 48 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/Umbraco.Web.BackOffice/Security/BackOfficeAuthenticationBuilder.cs
View File

@@ -58,16 +58,15 @@ namespace Umbraco.Cms.Web.BackOffice.Security
// TODO: We could override and throw NotImplementedException for other methods?
// Ensures that the sign in scheme is always the Umbraco back office external type
private class EnsureBackOfficeScheme<TOptions> : IPostConfigureOptions<TOptions> where TOptions : RemoteAuthenticationOptions
internal class EnsureBackOfficeScheme<TOptions> : IPostConfigureOptions<TOptions> where TOptions : RemoteAuthenticationOptions
{
public void PostConfigure(string name, TOptions options)
{
if (!name.StartsWith(Constants.Security.BackOfficeExternalAuthenticationTypePrefix))
// ensure logic only applies to backoffice authentication schemes
if (name.StartsWith(Constants.Security.BackOfficeExternalAuthenticationTypePrefix))
{
return;
options.SignInScheme = Constants.Security.BackOfficeExternalAuthenticationType;
}
options.SignInScheme = Constants.Security.BackOfficeExternalAuthenticationType;
}
}
}