start adding DenyLocalLoginAuthorizationAttribute
This commit is contained in:
Shannon
@@ -26,6 +26,7 @@ using Umbraco.Core.Logging;
|
|||||||
using Umbraco.Core.Persistence;
|
using Umbraco.Core.Persistence;
|
||||||
using Umbraco.Web.Composing;
|
using Umbraco.Web.Composing;
|
||||||
using IUser = Umbraco.Core.Models.Membership.IUser;
|
using IUser = Umbraco.Core.Models.Membership.IUser;
|
||||||
|
using Umbraco.Web.Editors.Filters;
|
||||||
|
|
||||||
namespace Umbraco.Web.Editors
|
namespace Umbraco.Web.Editors
|
||||||
{
|
{
|
||||||
@@ -75,6 +76,7 @@ namespace Umbraco.Web.Editors
|
|||||||
/// This will also update the security stamp for the user so it can only be used once
|
/// This will also update the security stamp for the user so it can only be used once
|
||||||
/// </remarks>
|
/// </remarks>
|
||||||
[ValidateAngularAntiForgeryToken]
|
[ValidateAngularAntiForgeryToken]
|
||||||
|
[DenyLocalLoginAuthorization]
|
||||||
public async Task<UserDisplay> PostVerifyInvite([FromUri]int id, [FromUri]string token)
|
public async Task<UserDisplay> PostVerifyInvite([FromUri]int id, [FromUri]string token)
|
||||||
{
|
{
|
||||||
if (string.IsNullOrWhiteSpace(token))
|
if (string.IsNullOrWhiteSpace(token))
|
||||||
@@ -110,6 +112,8 @@ namespace Umbraco.Web.Editors
|
|||||||
[ValidateAngularAntiForgeryToken]
|
[ValidateAngularAntiForgeryToken]
|
||||||
public async Task<HttpResponseMessage> PostUnLinkLogin(UnLinkLoginModel unlinkLoginModel)
|
public async Task<HttpResponseMessage> PostUnLinkLogin(UnLinkLoginModel unlinkLoginModel)
|
||||||
{
|
{
|
||||||
|
// TODO: If DenyLocalLogin is enabled for this provider we cannot unlink
|
||||||
|
|
||||||
var result = await UserManager.RemoveLoginAsync(
|
var result = await UserManager.RemoveLoginAsync(
|
||||||
User.Identity.GetUserId<int>(),
|
User.Identity.GetUserId<int>(),
|
||||||
new UserLoginInfo(unlinkLoginModel.LoginProvider, unlinkLoginModel.ProviderKey));
|
new UserLoginInfo(unlinkLoginModel.LoginProvider, unlinkLoginModel.ProviderKey));
|
||||||
@@ -178,6 +182,7 @@ namespace Umbraco.Web.Editors
|
|||||||
/// </remarks>
|
/// </remarks>
|
||||||
[WebApi.UmbracoAuthorize(requireApproval: false)]
|
[WebApi.UmbracoAuthorize(requireApproval: false)]
|
||||||
[SetAngularAntiForgeryTokens]
|
[SetAngularAntiForgeryTokens]
|
||||||
|
[DenyLocalLoginAuthorization]
|
||||||
public UserDetail GetCurrentInvitedUser()
|
public UserDetail GetCurrentInvitedUser()
|
||||||
{
|
{
|
||||||
var user = UmbracoContext.Security.CurrentUser;
|
var user = UmbracoContext.Security.CurrentUser;
|
||||||
@@ -213,6 +218,7 @@ namespace Umbraco.Web.Editors
|
|||||||
/// </summary>
|
/// </summary>
|
||||||
/// <returns></returns>
|
/// <returns></returns>
|
||||||
[SetAngularAntiForgeryTokens]
|
[SetAngularAntiForgeryTokens]
|
||||||
|
[DenyLocalLoginAuthorization]
|
||||||
public async Task<HttpResponseMessage> PostLogin(LoginModel loginModel)
|
public async Task<HttpResponseMessage> PostLogin(LoginModel loginModel)
|
||||||
{
|
{
|
||||||
var http = EnsureHttpContext();
|
var http = EnsureHttpContext();
|
||||||
@@ -286,6 +292,7 @@ namespace Umbraco.Web.Editors
|
|||||||
/// </summary>
|
/// </summary>
|
||||||
/// <returns></returns>
|
/// <returns></returns>
|
||||||
[SetAngularAntiForgeryTokens]
|
[SetAngularAntiForgeryTokens]
|
||||||
|
[DenyLocalLoginAuthorization]
|
||||||
public async Task<HttpResponseMessage> PostRequestPasswordReset(RequestPasswordResetModel model)
|
public async Task<HttpResponseMessage> PostRequestPasswordReset(RequestPasswordResetModel model)
|
||||||
{
|
{
|
||||||
// If this feature is switched off in configuration the UI will be amended to not make the request to reset password available.
|
// If this feature is switched off in configuration the UI will be amended to not make the request to reset password available.
|
||||||
|
|||||||
@@ -0,0 +1,18 @@
|
|||||||
|
using System;
|
||||||
|
using System.Collections.Generic;
|
||||||
|
using System.Linq;
|
||||||
|
using System.Text;
|
||||||
|
using System.Threading.Tasks;
|
||||||
|
using System.Web.Http;
|
||||||
|
using System.Web.Http.Controllers;
|
||||||
|
|
||||||
|
namespace Umbraco.Web.Editors.Filters
|
||||||
|
{
|
||||||
|
internal class DenyLocalLoginAuthorizationAttribute : AuthorizeAttribute
|
||||||
|
{
|
||||||
|
protected override bool IsAuthorized(HttpActionContext actionContext)
|
||||||
|
{
|
||||||
|
return base.IsAuthorized(actionContext);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -149,6 +149,7 @@
|
|||||||
<Compile Include="Dashboards\SettingsDashboards.cs" />
|
<Compile Include="Dashboards\SettingsDashboards.cs" />
|
||||||
<Compile Include="Editors\BackOfficePreviewModel.cs" />
|
<Compile Include="Editors\BackOfficePreviewModel.cs" />
|
||||||
<Compile Include="Editors\Filters\ContentSaveModelValidator.cs" />
|
<Compile Include="Editors\Filters\ContentSaveModelValidator.cs" />
|
||||||
|
<Compile Include="Editors\Filters\DenyLocalLoginAuthorizationAttribute.cs" />
|
||||||
<Compile Include="Editors\Filters\MediaSaveModelValidator.cs" />
|
<Compile Include="Editors\Filters\MediaSaveModelValidator.cs" />
|
||||||
<Compile Include="Editors\ImageUrlGeneratorController.cs" />
|
<Compile Include="Editors\ImageUrlGeneratorController.cs" />
|
||||||
<Compile Include="Editors\PackageController.cs" />
|
<Compile Include="Editors\PackageController.cs" />
|
||||||
|
|||||||
Reference in New Issue
Block a user