yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ensures that all back office controllers are authenticated under the back office scheme

Browse Source
This commit is contained in:
Shannon
2020-11-27 13:32:41 +11:00
parent 7d143ec240
commit 313a2e6f7c
13 changed files with 74 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/Umbraco.Web.Common/ApplicationModels/BackOfficeApplicationModelProvider.cs
View File

@@ -6,6 +6,8 @@ using Umbraco.Web.Common.Attributes;
namespace Umbraco.Web.Common.ApplicationModels
{
// TODO: This should just exist in the back office project
/// <summary>
/// An application model provider for all Umbraco Back Office controllers
/// </summary>
@@ -15,7 +17,8 @@ namespace Umbraco.Web.Common.ApplicationModels
{
ActionModelConventions = new List<IActionModelConvention>()
{
new BackOfficeIdentityCultureConvention()
new BackOfficeIdentityCultureConvention(),
new AuthenticateAsBackOfficeSchemeConvention()
};
}
@@ -49,12 +52,7 @@ namespace Umbraco.Web.Common.ApplicationModels
}
private bool IsBackOfficeController(ControllerModel controller)
{
var pluginControllerAttribute = controller.Attributes.OfType<PluginControllerAttribute>().FirstOrDefault();
return pluginControllerAttribute != null
&& (pluginControllerAttribute.AreaName == Core.Constants.Web.Mvc.BackOfficeArea
|| pluginControllerAttribute.AreaName == Core.Constants.Web.Mvc.BackOfficeApiArea
|| pluginControllerAttribute.AreaName == Core.Constants.Web.Mvc.BackOfficeTreeArea);
}
=> controller.Attributes.OfType<IsBackOfficeAttribute>().Any();
}
}