Fixes: #U4-2042 - ensures users cannot continue to user the back office after they've been disabled and
ensures that the user context cache is cleared when users are saved which will work in LB environments. Changes more HttpRuntime.Cache dependencies to ApplicationContext.Current.ApplicationCache.
This commit is contained in:
Shannon Deminick
@@ -23,6 +23,8 @@ namespace Umbraco.Core.Cache
|
||||
public const string TemplateFrontEndCacheKey = "template";
|
||||
public const string TemplateBusinessLogicCacheKey = "UmbracoTemplateCache";
|
||||
|
||||
public const string UserContextCacheKey = "UmbracoUserContext";
|
||||
public const string UserContextTimeoutCacheKey = "UmbracoUserContextTimeout";
|
||||
public const string UserCacheKey = "UmbracoUser";
|
||||
|
||||
public const string ContentTypeCacheKey = "UmbracoContentType";
|
||||
|
||||
@@ -28,6 +28,7 @@ namespace Umbraco.Web.Cache
|
||||
public override void RefreshAll()
|
||||
{
|
||||
ApplicationContext.Current.ApplicationCache.ClearCacheByKeySearch(CacheKeys.UserCacheKey);
|
||||
ApplicationContext.Current.ApplicationCache.ClearCacheByKeySearch(CacheKeys.UserContextCacheKey);
|
||||
}
|
||||
|
||||
public override void Refresh(int id)
|
||||
@@ -37,7 +38,11 @@ namespace Umbraco.Web.Cache
|
||||
|
||||
public override void Remove(int id)
|
||||
{
|
||||
ApplicationContext.Current.ApplicationCache.ClearCacheItem(string.Format("{0}{1}", CacheKeys.UserCacheKey, id));
|
||||
ApplicationContext.Current.ApplicationCache.ClearCacheItem(string.Format("{0}{1}", CacheKeys.UserCacheKey, id));
|
||||
|
||||
//we need to clear all UserContextCacheKey since we cannot invalidate based on ID since the cache is done so based
|
||||
//on the current contextId stored in the database
|
||||
ApplicationContext.Current.ApplicationCache.ClearCacheByKeySearch(CacheKeys.UserContextCacheKey);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -5,8 +5,8 @@ using System.Text;
|
||||
using System.Web;
|
||||
using System.Web.Security;
|
||||
using Umbraco.Core;
|
||||
using Umbraco.Core.Cache;
|
||||
using Umbraco.Core.Logging;
|
||||
using Umbraco.Web.UI.Pages;
|
||||
using umbraco;
|
||||
using umbraco.BusinessLogic;
|
||||
using umbraco.DataLayer;
|
||||
@@ -164,26 +164,10 @@ namespace Umbraco.Web.Security
|
||||
|
||||
internal static long GetTimeout(string umbracoUserContextId)
|
||||
{
|
||||
//TODO: Clean this up! We should be using the CacheHelper (ApplicationContext.Current.ApplicationCache)
|
||||
// for all things cache related
|
||||
|
||||
if (HttpRuntime.Cache["UmbracoUserContextTimeout" + umbracoUserContextId] == null)
|
||||
{
|
||||
HttpRuntime.Cache.Insert(
|
||||
"UmbracoUserContextTimeout" + umbracoUserContextId,
|
||||
GetTimeout(true),
|
||||
null,
|
||||
DateTime.Now.AddMinutes(UmbracoTimeOutInMinutes / 10), System.Web.Caching.Cache.NoSlidingExpiration);
|
||||
|
||||
|
||||
}
|
||||
|
||||
var timeout = HttpRuntime.Cache["UmbracoUserContextTimeout" + umbracoUserContextId];
|
||||
if (timeout != null)
|
||||
return (long)timeout;
|
||||
|
||||
return 0;
|
||||
|
||||
return ApplicationContext.Current.ApplicationCache.GetCacheItem(
|
||||
CacheKeys.UserContextTimeoutCacheKey + umbracoUserContextId,
|
||||
new TimeSpan(0, UmbracoTimeOutInMinutes / 10, 0),
|
||||
() => GetTimeout(true));
|
||||
}
|
||||
|
||||
internal static long GetTimeout(bool byPassCache)
|
||||
@@ -208,28 +192,22 @@ namespace Umbraco.Web.Security
|
||||
/// <returns></returns>
|
||||
public static int GetUserId(string umbracoUserContextId)
|
||||
{
|
||||
try
|
||||
{
|
||||
//TODO: Clean this up! We should be using the CacheHelper (ApplicationContext.Current.ApplicationCache)
|
||||
// for all things cache related
|
||||
|
||||
if (HttpRuntime.Cache["UmbracoUserContext" + umbracoUserContextId] == null)
|
||||
{
|
||||
HttpRuntime.Cache.Insert(
|
||||
"UmbracoUserContext" + umbracoUserContextId,
|
||||
SqlHelper.ExecuteScalar<int>("select userID from umbracoUserLogins where contextID = @contextId",
|
||||
SqlHelper.CreateParameter("@contextId", new Guid(umbracoUserContextId))
|
||||
),
|
||||
null,
|
||||
System.Web.Caching.Cache.NoAbsoluteExpiration,
|
||||
new TimeSpan(0, (int)(UmbracoTimeOutInMinutes / 10), 0));
|
||||
}
|
||||
return (int)HttpRuntime.Cache["UmbracoUserContext" + umbracoUserContextId];
|
||||
}
|
||||
catch
|
||||
//need to parse to guid
|
||||
Guid gid;
|
||||
if (!Guid.TryParse(umbracoUserContextId, out gid))
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
|
||||
var id = ApplicationContext.Current.ApplicationCache.GetCacheItem<int?>(
|
||||
CacheKeys.UserContextCacheKey + umbracoUserContextId,
|
||||
new TimeSpan(0, UmbracoTimeOutInMinutes/10, 0),
|
||||
() => SqlHelper.ExecuteScalar<int?>(
|
||||
"select userID from umbracoUserLogins where contextID = @contextId",
|
||||
SqlHelper.CreateParameter("@contextId", gid)));
|
||||
if (id == null)
|
||||
return -1;
|
||||
return id.Value;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
@@ -248,7 +226,7 @@ namespace Umbraco.Web.Security
|
||||
{
|
||||
return true;
|
||||
}
|
||||
var user = global::umbraco.BusinessLogic.User.GetUser(uid);
|
||||
var user = User.GetUser(uid);
|
||||
LogHelper.Info(typeof(WebSecurity), "User {0} (Id:{1}) logged out", () => user.Name, () => user.Id);
|
||||
}
|
||||
return false;
|
||||
|
||||
@@ -340,6 +340,7 @@
|
||||
<Compile Include="Routing\UrlProviderMode.cs" />
|
||||
<Compile Include="Search\ExamineIndexerModel.cs" />
|
||||
<Compile Include="Search\LuceneIndexerExtensions.cs" />
|
||||
<Compile Include="Security\WebSecurity.cs" />
|
||||
<Compile Include="umbraco.presentation\LegacyClasses.cs" />
|
||||
<Compile Include="umbraco.presentation\umbraco\dialogs\AssignDomain2.aspx.cs">
|
||||
<DependentUpon>AssignDomain2.aspx</DependentUpon>
|
||||
@@ -424,7 +425,6 @@
|
||||
<Compile Include="Routing\WebServicesRouteConstraint.cs" />
|
||||
<Compile Include="Search\ExamineSearcherModel.cs" />
|
||||
<Compile Include="Search\ExamineEvents.cs" />
|
||||
<Compile Include="Security\WebSecurity.cs" />
|
||||
<Compile Include="Strategies\DataTypes\LegacyUploadFieldWorkaround.cs" />
|
||||
<Compile Include="Strategies\Migrations\PublishAfterUpgradeToVersionSixth.cs" />
|
||||
<Compile Include="Strategies\Publishing\UpdateCacheAfterPublish.cs" />
|
||||
@@ -466,7 +466,7 @@
|
||||
<Compile Include="umbraco.presentation\ScriptingMacroResult.cs" />
|
||||
<Compile Include="umbraco.presentation\umbraco\cacheBrowser.aspx.cs">
|
||||
<SubType>ASPXCodeBehind</SubType>
|
||||
</Compile>
|
||||
</Compile>
|
||||
<Compile Include="umbraco.presentation\umbraco\canvas.aspx.cs">
|
||||
<SubType>ASPXCodeBehind</SubType>
|
||||
</Compile>
|
||||
|
||||
@@ -12,37 +12,16 @@ namespace umbraco.cms.presentation.developer
|
||||
public viewCacheItem()
|
||||
{
|
||||
CurrentApp = BusinessLogic.DefaultApps.developer.ToString();
|
||||
|
||||
}
|
||||
|
||||
protected void Page_Load(object sender, EventArgs e)
|
||||
{
|
||||
// Put user code to initialize the page here
|
||||
Panel1.Text = ui.Text("viewCacheItem");
|
||||
string cacheKey = Request.QueryString["key"];
|
||||
var cacheKey = Request.QueryString["key"];
|
||||
LabelCacheAlias.Text = cacheKey;
|
||||
object cacheItem = HttpRuntime.Cache[cacheKey];
|
||||
var cacheItem = ApplicationContext.ApplicationCache.GetCacheItem<object>(cacheKey);
|
||||
LabelCacheValue.Text = cacheItem != null ? cacheItem.ToString() : "Cache item isn't in cache anymore!";
|
||||
}
|
||||
|
||||
#region Web Form Designer generated code
|
||||
|
||||
protected override void OnInit(EventArgs e)
|
||||
{
|
||||
//
|
||||
// CODEGEN: This call is required by the ASP.NET Web Form Designer.
|
||||
//
|
||||
InitializeComponent();
|
||||
base.OnInit(e);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Required method for Designer support - do not modify
|
||||
/// the contents of this method with the code editor.
|
||||
/// </summary>
|
||||
private void InitializeComponent()
|
||||
{
|
||||
}
|
||||
|
||||
#endregion
|
||||
}
|
||||
}
|
||||
@@ -102,9 +102,7 @@ namespace umbraco.cms.presentation.developer
|
||||
dt.DataType = f.DataType(new Guid(ddlRenderControl.SelectedValue));
|
||||
dt.Save();
|
||||
|
||||
System.Web.HttpRuntime.Cache.Remove(string.Format("UmbracoDataTypeDefinition{0}", dt.UniqueId));
|
||||
|
||||
ClientTools.ShowSpeechBubble(BasePages.BasePage.speechBubbleIcon.save, ui.Text("speechBubbles", "dataTypeSaved", null), "");
|
||||
ClientTools.ShowSpeechBubble(speechBubbleIcon.save, ui.Text("speechBubbles", "dataTypeSaved", null), "");
|
||||
|
||||
ClientTools.SyncTree(dt.Path, true);
|
||||
}
|
||||
|
||||
@@ -6,6 +6,7 @@ using System.Web.Mvc;
|
||||
using System.Web.Routing;
|
||||
using System.Web.Security;
|
||||
using Umbraco.Core;
|
||||
using Umbraco.Core.Cache;
|
||||
using Umbraco.Core.Logging;
|
||||
using Umbraco.Core.Services;
|
||||
using umbraco.BusinessLogic;
|
||||
@@ -167,29 +168,22 @@ namespace umbraco.BasePages
|
||||
[Obsolete("Use Umbraco.Web.Security.WebSecurity.GetUserId instead")]
|
||||
public static int GetUserId(string umbracoUserContextID)
|
||||
{
|
||||
try
|
||||
{
|
||||
if (System.Web.HttpRuntime.Cache["UmbracoUserContext" + umbracoUserContextID] == null)
|
||||
{
|
||||
System.Web.HttpRuntime.Cache.Insert(
|
||||
"UmbracoUserContext" + umbracoUserContextID,
|
||||
SqlHelper.ExecuteScalar<int>("select userID from umbracoUserLogins where contextID = @contextId",
|
||||
SqlHelper.CreateParameter("@contextId", new Guid(umbracoUserContextID))
|
||||
),
|
||||
null,
|
||||
System.Web.Caching.Cache.NoAbsoluteExpiration,
|
||||
new TimeSpan(0, (int) (UmbracoTimeOutInMinutes/10), 0));
|
||||
|
||||
|
||||
}
|
||||
|
||||
return (int)System.Web.HttpRuntime.Cache["UmbracoUserContext" + umbracoUserContextID];
|
||||
|
||||
}
|
||||
catch
|
||||
//need to parse to guid
|
||||
Guid gid;
|
||||
if (!Guid.TryParse(umbracoUserContextID, out gid))
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
|
||||
var id = ApplicationContext.Current.ApplicationCache.GetCacheItem<int?>(
|
||||
CacheKeys.UserContextCacheKey + umbracoUserContextID,
|
||||
new TimeSpan(0, UmbracoTimeOutInMinutes / 10, 0),
|
||||
() => SqlHelper.ExecuteScalar<int?>(
|
||||
"select userID from umbracoUserLogins where contextID = @contextId",
|
||||
SqlHelper.CreateParameter("@contextId", gid)));
|
||||
if (id == null)
|
||||
return -1;
|
||||
return id.Value;
|
||||
}
|
||||
|
||||
|
||||
@@ -219,23 +213,10 @@ namespace umbraco.BasePages
|
||||
|
||||
private static long GetTimeout(string umbracoUserContextID)
|
||||
{
|
||||
if (System.Web.HttpRuntime.Cache["UmbracoUserContextTimeout" + umbracoUserContextID] == null)
|
||||
{
|
||||
System.Web.HttpRuntime.Cache.Insert(
|
||||
"UmbracoUserContextTimeout" + umbracoUserContextID,
|
||||
GetTimeout(true),
|
||||
null,
|
||||
DateTime.Now.AddMinutes(UmbracoTimeOutInMinutes / 10), System.Web.Caching.Cache.NoSlidingExpiration);
|
||||
|
||||
|
||||
}
|
||||
|
||||
object timeout = HttpRuntime.Cache["UmbracoUserContextTimeout" + umbracoUserContextID];
|
||||
if (timeout != null)
|
||||
return (long)timeout;
|
||||
|
||||
return 0;
|
||||
|
||||
return ApplicationContext.Current.ApplicationCache.GetCacheItem(
|
||||
CacheKeys.UserContextTimeoutCacheKey + umbracoUserContextID,
|
||||
new TimeSpan(0, UmbracoTimeOutInMinutes / 10, 0),
|
||||
() => GetTimeout(true));
|
||||
}
|
||||
|
||||
[Obsolete("Use Umbraco.Web.Security.WebSecurity.GetTimeout instead")]
|
||||
|
||||
@@ -647,6 +647,9 @@ namespace umbraco.BusinessLogic
|
||||
OnDisabling(EventArgs.Empty);
|
||||
//change disabled and userLogin (prefix with yyyyMMdd_ )
|
||||
this.Disabled = true;
|
||||
//MUST clear out the umbraco logins otherwise if they are still logged in they can still do stuff:
|
||||
//http://issues.umbraco.org/issue/U4-2042
|
||||
SqlHelper.ExecuteNonQuery("delete from umbracoUserLogins where userID = @id", SqlHelper.CreateParameter("@id", Id));
|
||||
//can't rename if it's going to take up too many chars
|
||||
if (this.LoginName.Length + 9 <= 125)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user