Revert "Moves some files, adds notes, starts poc for back office login providers"

Signed-off-by: Bjarke Berg <mail@bergmania.dk>
2020-11-27 13:17:58 +01:00
parent 1833bfa1a9
commit 3b0d33a84c
17 changed files with 91 additions and 180 deletions
--- a/src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs
@@ -21,7 +21,6 @@ using Umbraco.Core.Services;
 using Umbraco.Extensions;
 using Umbraco.Net;
 using Umbraco.Web.BackOffice.Filters;
-using Umbraco.Web.BackOffice.Security;
 using Umbraco.Web.Common.ActionsResults;
 using Umbraco.Web.Common.Attributes;
 using Umbraco.Web.Common.Controllers;
@@ -164,6 +163,7 @@ namespace Umbraco.Web.BackOffice.Controllers
            var user = await _userManager.FindByIdAsync(User.Identity.GetUserId());
            if (user == null) throw new InvalidOperationException("Could not find user");

+            ExternalSignInAutoLinkOptions autoLinkOptions = null;
            var authType = (await _signInManager.GetExternalAuthenticationSchemesAsync())
               .FirstOrDefault(x => x.Name == unlinkLoginModel.LoginProvider);

@@ -173,18 +173,11 @@ namespace Umbraco.Web.BackOffice.Controllers
            }
            else
            {
-                var opt = _externalAuthenticationOptions.Get(authType.Name);
-                if (opt == null)
+                autoLinkOptions = _externalAuthenticationOptions.Get(authType.Name);
+                if (!autoLinkOptions.AllowManualLinking)
                {
-                    return BadRequest($"Could not find external authentication options registered for provider {unlinkLoginModel.LoginProvider}");
-                }
-                else
-                {
-                    if (!opt.AutoLinkOptions.AllowManualLinking)
-                    {
-                        // If AllowManualLinking is disabled for this provider we cannot unlink
-                        return BadRequest();
-                    }
+                    // If AllowManualLinking is disabled for this provider we cannot unlink
+                    return BadRequest();
                }
            }

@@ -250,7 +243,7 @@ namespace Umbraco.Web.BackOffice.Controllers
        /// </remarks>
        [UmbracoBackOfficeAuthorize]
        [SetAngularAntiForgeryTokens]
-        [CheckIfUserTicketDataIsStale]
+        //[CheckIfUserTicketDataIsStale] // TODO: Migrate this, though it will need to be done differently at the cookie auth level
        public UserDetail GetCurrentUser()
        {
            var user = _backofficeSecurityAccessor.BackOfficeSecurity.CurrentUser;
--- a/src/Umbraco.Web.BackOffice/Controllers/BackOfficeController.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/BackOfficeController.cs
@@ -34,11 +34,10 @@ using Microsoft.AspNetCore.Identity;
 using System.Security.Claims;
 using Microsoft.AspNetCore.Http;
 using Umbraco.Web.Security;
-using Umbraco.Web.BackOffice.Security;

 namespace Umbraco.Web.BackOffice.Controllers
 {
-    [DisableBrowserCache]
+    [DisableBrowserCache] //TODO Reintroduce
    //[UmbracoRequireHttps] //TODO Reintroduce
    [PluginController(Constants.Web.Mvc.BackOfficeArea)]
    public class BackOfficeController : UmbracoController
@@ -414,7 +413,7 @@ namespace Umbraco.Web.BackOffice.Controllers
            }
            else
            {
-                autoLinkOptions = _externalLogins.Get(authType.Name)?.AutoLinkOptions;
+                autoLinkOptions = _externalLogins.Get(authType.Name);
            }

            // Sign in the user with this external login provider if the user already has a login
@@ -461,9 +460,7 @@ namespace Umbraco.Web.BackOffice.Controllers
                return false;

            if (autoLinkOptions.AutoLinkExternalAccount == false)
-            {
                return true; // TODO: This seems weird to return true, but it was like that before so must be a reason?
-            }   

            var email = loginInfo.Principal.FindFirstValue(ClaimTypes.Email);

@@ -581,6 +578,10 @@ namespace Umbraco.Web.BackOffice.Controllers
            }
        }

+        // Used for XSRF protection when adding external logins
+        // TODO: This is duplicated in BackOfficeSignInManager
+        private const string XsrfKey = "XsrfId";
+
        private IActionResult RedirectToLocal(string returnUrl)
        {
            if (Url.IsLocalUrl(returnUrl))
--- a/src/Umbraco.Web.BackOffice/Controllers/BackOfficeServerVariables.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/BackOfficeServerVariables.cs
@@ -17,9 +17,9 @@ using Umbraco.Web.BackOffice.HealthCheck;
 using Umbraco.Web.BackOffice.Profiling;
 using Umbraco.Web.BackOffice.PropertyEditors;
 using Umbraco.Web.BackOffice.Routing;
-using Umbraco.Web.BackOffice.Security;
 using Umbraco.Web.BackOffice.Trees;
 using Umbraco.Web.Common.Attributes;
+using Umbraco.Web.Common.Security;
 using Umbraco.Web.Features;
 using Umbraco.Web.Models.ContentEditing;
 using Umbraco.Web.Trees;
@@ -422,7 +422,7 @@ namespace Umbraco.Web.BackOffice.Controllers
                                .Select(p => new
                                {
                                    authType = p.AuthenticationType, caption = p.Name,
-                                    properties = p.Options
+                                    properties = p.Properties
                                })
                                .ToArray()
                        }
--- a/src/Umbraco.Web.BackOffice/Controllers/UsersController.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/UsersController.cs
@@ -41,6 +41,7 @@ using IUser = Umbraco.Core.Models.Membership.IUser;
 using Task = System.Threading.Tasks.Task;
 using Umbraco.Net;
 using Umbraco.Web.Common.ActionsResults;
+using Umbraco.Web.Common.Security;

 namespace Umbraco.Web.BackOffice.Controllers
 {