yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixes issue with growing cookie/identity (we don't want to use Actor), fixes GlobalSettings issue, ensures temp claims are not cloned

Browse Source
This commit is contained in:
Shannon
2020-06-09 17:40:35 +10:00
parent 246e28d147
commit 2b412f337c
7 changed files with 26 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Umbraco.Web.BackOffice/Security/BackOfficeCookieManager.cs
View File

@@ -31,7 +31,6 @@ namespace Umbraco.Web.BackOffice.Security
private readonly IGlobalSettings _globalSettings;
private readonly IRequestCache _requestCache;
private readonly string[] _explicitPaths;
private readonly string _getRemainingSecondsPath;
public BackOfficeCookieManager(
IUmbracoContextAccessor umbracoContextAccessor,
@@ -58,7 +57,6 @@ namespace Umbraco.Web.BackOffice.Security
_globalSettings = globalSettings;
_requestCache = requestCache;
_explicitPaths = explicitPaths?.ToArray();
_getRemainingSecondsPath = linkGenerator.GetUmbracoApiService<AuthenticationController>(x => x.GetRemainingTimeoutSeconds());
}
/// <summary>

3
src/Umbraco.Web.BackOffice/Security/BackOfficeSecureDataFormat.cs
View File

@@ -9,7 +9,6 @@ namespace Umbraco.Web.BackOffice.Security
/// <summary>
/// Custom secure format that ensures the Identity in the ticket is <see cref="UmbracoBackOfficeIdentity"/> and not just a ClaimsIdentity
/// </summary>
// TODO: Unsure if we really need this, there's no real reason why we have a custom Identity instead of just a ClaimsIdentity
internal class BackOfficeSecureDataFormat : ISecureDataFormat<AuthenticationTicket>
{
private readonly int _loginTimeoutMinutes;
@@ -23,7 +22,7 @@ namespace Umbraco.Web.BackOffice.Security
public string Protect(AuthenticationTicket data, string purpose)
{
//create a new ticket based on the passed in tickets details, however, we'll adjust the expires utc based on the specified timeout mins
// create a new ticket based on the passed in tickets details, however, we'll adjust the expires utc based on the specified timeout mins
var ticket = new AuthenticationTicket(data.Principal,
new AuthenticationProperties(data.Properties.Items)
{

4
src/Umbraco.Web.BackOffice/Security/ConfigureBackOfficeCookieOptions.cs
View File

@@ -150,10 +150,6 @@ namespace Umbraco.Web.BackOffice.Security
UmbracoBackOfficeIdentity.Issuer,
backOfficeIdentity));
if (_securitySettings.KeepUserLoggedIn)
{
}
},
OnSigningIn = ctx =>
{