From 38ea741d78aea2e0d5f53262db66d0dc2d22af0f Mon Sep 17 00:00:00 2001 From: Scott Brady Date: Tue, 25 Feb 2020 18:00:06 +0000 Subject: [PATCH] Removed use of Identity.Owin extension methods. Replaced security stamp constant --- src/Umbraco.Core/Constants-Web.cs | 5 +++++ .../UmbracoBackOfficeIdentityTests.cs | 2 +- .../Security/AuthenticationExtensions.cs | 3 +-- .../BackOfficeCookieAuthenticationProvider.cs | 3 +-- .../Security/UmbracoBackOfficeIdentity.cs | 19 +++++++++---------- 5 files changed, 17 insertions(+), 15 deletions(-) diff --git a/src/Umbraco.Core/Constants-Web.cs b/src/Umbraco.Core/Constants-Web.cs index a1e138116d..4574934939 100644 --- a/src/Umbraco.Core/Constants-Web.cs +++ b/src/Umbraco.Core/Constants-Web.cs @@ -34,6 +34,11 @@ /// The header name that angular uses to pass in the token to validate the cookie /// public const string AngularHeadername = "X-UMB-XSRF-TOKEN"; + + /// + /// The claim type for the ASP.NET Identity security stamp + /// + public const string SecurityStampClaimType = "AspNet.Identity.SecurityStamp"; } } } diff --git a/src/Umbraco.Tests/Security/UmbracoBackOfficeIdentityTests.cs b/src/Umbraco.Tests/Security/UmbracoBackOfficeIdentityTests.cs index beb2c0b3dc..9c16d0c35a 100644 --- a/src/Umbraco.Tests/Security/UmbracoBackOfficeIdentityTests.cs +++ b/src/Umbraco.Tests/Security/UmbracoBackOfficeIdentityTests.cs @@ -38,7 +38,7 @@ namespace Umbraco.Tests.Security new Claim(ClaimTypes.Locality, "en-us", ClaimValueTypes.String, TestIssuer, TestIssuer), new Claim(Constants.Security.SessionIdClaimType, sessionId, Constants.Security.SessionIdClaimType, TestIssuer, TestIssuer), new Claim(ClaimsIdentity.DefaultRoleClaimType, "admin", ClaimValueTypes.String, TestIssuer, TestIssuer), - new Claim(Microsoft.AspNet.Identity.Constants.DefaultSecurityStampClaimType, securityStamp, ClaimValueTypes.String, TestIssuer, TestIssuer), + new Claim(Constants.Web.SecurityStampClaimType, securityStamp, ClaimValueTypes.String, TestIssuer, TestIssuer), }); var backofficeIdentity = UmbracoBackOfficeIdentity.FromClaimsIdentity(claimsIdentity); diff --git a/src/Umbraco.Web/Security/AuthenticationExtensions.cs b/src/Umbraco.Web/Security/AuthenticationExtensions.cs index 1fd8e45c55..1c2184728a 100644 --- a/src/Umbraco.Web/Security/AuthenticationExtensions.cs +++ b/src/Umbraco.Web/Security/AuthenticationExtensions.cs @@ -7,7 +7,6 @@ using System.Security.Claims; using System.Security.Principal; using System.Threading; using System.Web; -using Microsoft.AspNet.Identity; using Microsoft.Owin; using Microsoft.Owin.Security; using Newtonsoft.Json; @@ -231,7 +230,7 @@ namespace Umbraco.Web.Security var claimsIdentity = http.User.Identity as ClaimsIdentity; if (claimsIdentity != null) { - var sessionId = claimsIdentity.FindFirstValue(Constants.Security.SessionIdClaimType); + var sessionId = claimsIdentity.FindFirst(Constants.Security.SessionIdClaimType)?.Value; Guid guidSession; if (sessionId.IsNullOrWhiteSpace() == false && Guid.TryParse(sessionId, out guidSession)) { diff --git a/src/Umbraco.Web/Security/BackOfficeCookieAuthenticationProvider.cs b/src/Umbraco.Web/Security/BackOfficeCookieAuthenticationProvider.cs index c0390da40a..dc243f969c 100644 --- a/src/Umbraco.Web/Security/BackOfficeCookieAuthenticationProvider.cs +++ b/src/Umbraco.Web/Security/BackOfficeCookieAuthenticationProvider.cs @@ -1,7 +1,6 @@ using System; using System.Security.Claims; using System.Threading.Tasks; -using Microsoft.AspNet.Identity; using Microsoft.Owin; using Microsoft.Owin.Security.Cookies; using Umbraco.Core; @@ -57,7 +56,7 @@ namespace Umbraco.Web.Security if (context?.OwinContext?.Authentication?.User?.Identity != null) { var claimsIdentity = context.OwinContext.Authentication.User.Identity as ClaimsIdentity; - var sessionId = claimsIdentity.FindFirstValue(Core.Constants.Security.SessionIdClaimType); + var sessionId = claimsIdentity.FindFirst(Core.Constants.Security.SessionIdClaimType)?.Value; if (sessionId.IsNullOrWhiteSpace() == false && Guid.TryParse(sessionId, out var guidSession)) { _userService.ClearLoginSession(guidSession); diff --git a/src/Umbraco.Web/Security/UmbracoBackOfficeIdentity.cs b/src/Umbraco.Web/Security/UmbracoBackOfficeIdentity.cs index 7817e4729f..e2f78546fd 100644 --- a/src/Umbraco.Web/Security/UmbracoBackOfficeIdentity.cs +++ b/src/Umbraco.Web/Security/UmbracoBackOfficeIdentity.cs @@ -2,7 +2,6 @@ using System.Collections.Generic; using System.Linq; using System.Security.Claims; -using Microsoft.AspNet.Identity; namespace Umbraco.Core.Security { @@ -117,7 +116,7 @@ namespace Umbraco.Core.Security Constants.Security.StartMediaNodeIdClaimType, ClaimTypes.Locality, Constants.Security.SessionIdClaimType, - Microsoft.AspNet.Identity.Constants.DefaultSecurityStampClaimType + Constants.Web.SecurityStampClaimType }; /// @@ -161,8 +160,8 @@ namespace Umbraco.Core.Security //The security stamp claim is also required... this is because this claim type is hard coded // by the SecurityStampValidator, see: https://katanaproject.codeplex.com/workitem/444 - if (HasClaim(x => x.Type == Microsoft.AspNet.Identity.Constants.DefaultSecurityStampClaimType) == false) - AddClaim(new Claim(Microsoft.AspNet.Identity.Constants.DefaultSecurityStampClaimType, securityStamp, ClaimValueTypes.String, Issuer, Issuer, this)); + if (HasClaim(x => x.Type == Constants.Web.SecurityStampClaimType) == false) + AddClaim(new Claim(Constants.Web.SecurityStampClaimType, securityStamp, ClaimValueTypes.String, Issuer, Issuer, this)); //Add each app as a separate claim if (HasClaim(x => x.Type == Constants.Security.AllowedApplicationsClaimType) == false && allowedApps != null) @@ -204,17 +203,17 @@ namespace Umbraco.Core.Security private string[] _allowedApplications; public string[] AllowedApplications => _allowedApplications ?? (_allowedApplications = FindAll(x => x.Type == Constants.Security.AllowedApplicationsClaimType).Select(app => app.Value).ToArray()); - public int Id => int.Parse(this.FindFirstValue(ClaimTypes.NameIdentifier)); + public int Id => int.Parse(this.FindFirst(ClaimTypes.NameIdentifier)?.Value); - public string RealName => this.FindFirstValue(ClaimTypes.GivenName); + public string RealName => this.FindFirst(ClaimTypes.GivenName)?.Value; - public string Username => this.GetUserName(); + public string Username => this.FindFirst(ClaimTypes.Name)?.Value; - public string Culture => this.FindFirstValue(ClaimTypes.Locality); + public string Culture => this.FindFirst(ClaimTypes.Locality)?.Value; public string SessionId { - get => this.FindFirstValue(Constants.Security.SessionIdClaimType); + get => this.FindFirst(Constants.Security.SessionIdClaimType)?.Value; set { var existing = FindFirst(Constants.Security.SessionIdClaimType); @@ -224,7 +223,7 @@ namespace Umbraco.Core.Security } } - public string SecurityStamp => this.FindFirstValue(Microsoft.AspNet.Identity.Constants.DefaultSecurityStampClaimType); + public string SecurityStamp => this.FindFirst(Constants.Web.SecurityStampClaimType)?.Value; public string[] Roles => this.FindAll(x => x.Type == DefaultRoleClaimType).Select(role => role.Value).ToArray();