diff --git a/src/Umbraco.Abstractions/IUmbracoContext.cs b/src/Umbraco.Abstractions/IUmbracoContext.cs
index 3bc51f224f..b38a031f88 100644
--- a/src/Umbraco.Abstractions/IUmbracoContext.cs
+++ b/src/Umbraco.Abstractions/IUmbracoContext.cs
@@ -88,8 +88,6 @@ namespace Umbraco.Web
///
bool InPreviewMode { get; }
- string PreviewToken { get; }
-
///
/// Gets the url of a content identified by its identifier.
///
diff --git a/src/Umbraco.Abstractions/Routing/IPublishedRequest.cs b/src/Umbraco.Abstractions/Routing/IPublishedRequest.cs
index 6856b09127..f357108a4e 100644
--- a/src/Umbraco.Abstractions/Routing/IPublishedRequest.cs
+++ b/src/Umbraco.Abstractions/Routing/IPublishedRequest.cs
@@ -123,14 +123,6 @@ namespace Umbraco.Web.Routing
/// should use the specified description. The description will or will not be used, in due time.
string ResponseStatusDescription { get; }
- ///
- /// Gets or sets the System.Web.HttpCacheability
- ///
-// Note: we used to set a default value here but that would then be the default
-// for ALL requests, we shouldn't overwrite it though if people are using [OutputCache] for example
-// see: https://our.umbraco.com/forum/using-umbraco-and-getting-started/79715-output-cache-in-umbraco-752
- //HttpCacheability Cacheability { get; set; }
-
///
/// Gets or sets a list of Extensions to append to the Response.Cache object.
///
diff --git a/src/Umbraco.Abstractions/Routing/IPublishedUrlProvider.cs b/src/Umbraco.Abstractions/Routing/IPublishedUrlProvider.cs
index a26f3efaff..45faf76772 100644
--- a/src/Umbraco.Abstractions/Routing/IPublishedUrlProvider.cs
+++ b/src/Umbraco.Abstractions/Routing/IPublishedUrlProvider.cs
@@ -12,11 +12,6 @@ namespace Umbraco.Web.Routing
///
UrlMode Mode { get; set; }
- UrlMode GetMode(bool absolute);
- IPublishedContent GetDocument(int id);
- IPublishedContent GetDocument(Guid id);
- IPublishedContent GetMedia(Guid id);
-
///
/// Gets the url of a published content.
///
@@ -107,4 +102,4 @@ namespace Umbraco.Web.Routing
///
string GetMediaUrl(IPublishedContent content, UrlMode mode = UrlMode.Default, string culture = null, string propertyAlias = Constants.Conventions.Media.File, Uri current = null);
}
-}
\ No newline at end of file
+}
diff --git a/src/Umbraco.Abstractions/Security/IWebSecurity.cs b/src/Umbraco.Abstractions/Security/IWebSecurity.cs
index cc268b87b4..0822b5cb69 100644
--- a/src/Umbraco.Abstractions/Security/IWebSecurity.cs
+++ b/src/Umbraco.Abstractions/Security/IWebSecurity.cs
@@ -1,3 +1,4 @@
+using System;
using Umbraco.Core;
using Umbraco.Core.Models.Membership;
@@ -11,41 +12,18 @@ namespace Umbraco.Web.Security
/// The current user.
IUser CurrentUser { get; }
- ///
- /// Logs a user in.
- ///
- /// The user Id
- /// returns the number of seconds until their session times out
+ [Obsolete("This needs to be removed, ASP.NET Identity should always be used for this operation, this is currently only used in the installer which needs to be updated")]
double PerformLogin(int userId);
- ///
- /// Clears the current login for the currently logged in user
- ///
+ [Obsolete("This needs to be removed, ASP.NET Identity should always be used for this operation, this is currently only used in the installer which needs to be updated")]
void ClearCurrentLogin();
- ///
- /// Validates credentials for a back office user
- ///
- ///
- ///
- ///
- ///
- /// This uses ASP.NET Identity to perform the validation
- ///
- bool ValidateBackOfficeCredentials(string username, string password);
-
///
/// Gets the current user's id.
///
///
Attempt GetUserId();
- ///
- /// Returns the current user's unique session id - used to mitigate csrf attacks or any other reason to validate a request
- ///
- ///
- string GetSessionId();
-
///
/// Validates the currently logged in user and ensures they are not timed out
///
@@ -75,14 +53,6 @@ namespace Umbraco.Web.Security
///
bool UserHasSectionAccess(string section, IUser user);
- ///
- /// Checks if the specified user by username as access to the app
- ///
- ///
- ///
- ///
- bool UserHasSectionAccess(string section, string username);
-
///
/// Ensures that a back office user is logged in
///
diff --git a/src/Umbraco.Web/Routing/UrlProvider.cs b/src/Umbraco.Web/Routing/UrlProvider.cs
index 693482db76..2ce673dcce 100644
--- a/src/Umbraco.Web/Routing/UrlProvider.cs
+++ b/src/Umbraco.Web/Routing/UrlProvider.cs
@@ -73,10 +73,9 @@ namespace Umbraco.Web.Routing
#region GetUrl
- public UrlMode GetMode(bool absolute) => absolute ? UrlMode.Absolute : Mode;
- public IPublishedContent GetDocument(int id) => _umbracoContext.Content.GetById(id);
- public IPublishedContent GetDocument(Guid id) => _umbracoContext.Content.GetById(id);
- public IPublishedContent GetMedia(Guid id) => _umbracoContext.Media.GetById(id);
+ private IPublishedContent GetDocument(int id) => _umbracoContext.Content.GetById(id);
+ private IPublishedContent GetDocument(Guid id) => _umbracoContext.Content.GetById(id);
+ private IPublishedContent GetMedia(Guid id) => _umbracoContext.Media.GetById(id);
///
/// Gets the url of a published content.
diff --git a/src/Umbraco.Web/Security/WebSecurity.cs b/src/Umbraco.Web/Security/WebSecurity.cs
index 9a5bfb2437..c809838c73 100644
--- a/src/Umbraco.Web/Security/WebSecurity.cs
+++ b/src/Umbraco.Web/Security/WebSecurity.cs
@@ -10,9 +10,7 @@ using Microsoft.Owin;
using Umbraco.Core.Configuration;
using Umbraco.Core.IO;
using Umbraco.Core.Models;
-using Umbraco.Core.Models.Identity;
using Umbraco.Web.Models.Identity;
-using Current = Umbraco.Web.Composing.Current;
namespace Umbraco.Web.Security
{
@@ -41,7 +39,7 @@ namespace Umbraco.Web.Security
/// Gets the current user.
///
/// The current user.
- public virtual IUser CurrentUser
+ public IUser CurrentUser
{
get
{
@@ -78,12 +76,8 @@ namespace Umbraco.Web.Security
protected BackOfficeUserManager UserManager
=> _userManager ?? (_userManager = _httpContext.GetOwinContext().GetBackOfficeUserManager());
- ///
- /// Logs a user in.
- ///
- /// The user Id
- /// returns the number of seconds until their session times out
- public virtual double PerformLogin(int userId)
+ [Obsolete("This needs to be removed, ASP.NET Identity should always be used for this operation, this is currently only used in the installer which needs to be updated")]
+ public double PerformLogin(int userId)
{
var owinCtx = _httpContext.GetOwinContext();
//ensure it's done for owin too
@@ -98,10 +92,8 @@ namespace Umbraco.Web.Security
return TimeSpan.FromMinutes(_globalSettings.TimeOutInMinutes).TotalSeconds;
}
- ///
- /// Clears the current login for the currently logged in user
- ///
- public virtual void ClearCurrentLogin()
+ [Obsolete("This needs to be removed, ASP.NET Identity should always be used for this operation, this is currently only used in the installer which needs to be updated")]
+ public void ClearCurrentLogin()
{
_httpContext.UmbracoLogout();
_httpContext.GetOwinContext().Authentication.SignOut(
@@ -112,67 +104,26 @@ namespace Umbraco.Web.Security
///
/// Renews the user's login ticket
///
- public virtual void RenewLoginTimeout()
+ public void RenewLoginTimeout()
{
_httpContext.RenewUmbracoAuthTicket();
}
- ///
- /// Validates credentials for a back office user
- ///
- ///
- ///
- ///
- ///
- /// This uses ASP.NET Identity to perform the validation
- ///
- public virtual bool ValidateBackOfficeCredentials(string username, string password)
- {
- //find the user by username
- var user = UserManager.FindByNameAsync(username).Result;
- return user != null && UserManager.CheckPasswordAsync(user, password).Result;
- }
-
- ///
- /// Validates the current user to see if they have access to the specified app
- ///
- ///
- ///
- internal bool ValidateUserApp(string app)
- {
- //if it is empty, don't validate
- if (app.IsNullOrWhiteSpace())
- {
- return true;
- }
- return CurrentUser.AllowedSections.Any(uApp => uApp.InvariantEquals(app));
- }
-
///
/// Gets the current user's id.
///
///
- public virtual Attempt GetUserId()
+ public Attempt GetUserId()
{
var identity = _httpContext.GetCurrentIdentity(false);
return identity == null ? Attempt.Fail() : Attempt.Succeed(Convert.ToInt32(identity.Id));
}
- ///
- /// Returns the current user's unique session id - used to mitigate csrf attacks or any other reason to validate a request
- ///
- ///
- public virtual string GetSessionId()
- {
- var identity = _httpContext.GetCurrentIdentity(false);
- return identity?.SessionId;
- }
-
///
/// Validates the currently logged in user and ensures they are not timed out
///
///
- public virtual bool ValidateCurrentUser()
+ public bool ValidateCurrentUser()
{
return ValidateCurrentUser(false, true) == ValidateRequestAttempt.Success;
}
@@ -183,7 +134,7 @@ namespace Umbraco.Web.Security
/// set to true if you want exceptions to be thrown if failed
/// If true requires that the user is approved to be validated
///
- public virtual ValidateRequestAttempt ValidateCurrentUser(bool throwExceptions, bool requiresApproval = true)
+ public ValidateRequestAttempt ValidateCurrentUser(bool throwExceptions, bool requiresApproval = true)
{
//This will first check if the current user is already authenticated - which should be the case in nearly all circumstances
// since the authentication happens in the Module, that authentication also checks the ticket expiry. We don't
@@ -235,27 +186,11 @@ namespace Umbraco.Web.Security
///
///
///
- public virtual bool UserHasSectionAccess(string section, IUser user)
+ public bool UserHasSectionAccess(string section, IUser user)
{
return user.HasSectionAccess(section);
}
- ///
- /// Checks if the specified user by username as access to the app
- ///
- ///
- ///
- ///
- public bool UserHasSectionAccess(string section, string username)
- {
- var user = _userService.GetByUsername(username);
- if (user == null)
- {
- return false;
- }
- return user.HasSectionAccess(section);
- }
-
///
/// Ensures that a back office user is logged in
///
diff --git a/src/Umbraco.Web/Umbraco.Web.csproj b/src/Umbraco.Web/Umbraco.Web.csproj
index 69b9e182c7..392899a279 100755
--- a/src/Umbraco.Web/Umbraco.Web.csproj
+++ b/src/Umbraco.Web/Umbraco.Web.csproj
@@ -708,7 +708,6 @@
True
Reference.map
-
Component
diff --git a/src/Umbraco.Web/UmbracoAuthorizedHttpHandler.cs b/src/Umbraco.Web/UmbracoAuthorizedHttpHandler.cs
deleted file mode 100644
index 394c25dc6f..0000000000
--- a/src/Umbraco.Web/UmbracoAuthorizedHttpHandler.cs
+++ /dev/null
@@ -1,100 +0,0 @@
-using System;
-using System.Security;
-using Umbraco.Core;
-using Umbraco.Core.Cache;
-using Umbraco.Core.Logging;
-using Umbraco.Web.Security;
-using Umbraco.Core.Models.Membership;
-using Umbraco.Core.Services;
-
-namespace Umbraco.Web
-{
- public abstract class UmbracoAuthorizedHttpHandler : UmbracoHttpHandler
- {
- protected UmbracoAuthorizedHttpHandler()
- {
- }
-
- protected UmbracoAuthorizedHttpHandler(IUmbracoContextAccessor umbracoContextAccessor, UmbracoHelper umbracoHelper, ServiceContext service, IProfilingLogger plogger) : base(umbracoContextAccessor, umbracoHelper, service, plogger)
- {
- }
-
- ///
- /// Checks if the umbraco context id is valid
- ///
- ///
- ///
- protected bool ValidateUserContextId(string currentUmbracoUserContextId)
- {
- return Security.ValidateCurrentUser();
- }
-
- ///
- /// Checks if the username/password credentials are valid
- ///
- ///
- ///
- ///
- protected bool ValidateCredentials(string username, string password)
- {
- return Security.ValidateBackOfficeCredentials(username, password);
- }
-
- ///
- /// Validates the user for access to a certain application
- ///
- /// The application alias.
- /// true if an exception should be thrown if authorization fails
- ///
- protected bool AuthorizeRequest(string app, bool throwExceptions = false)
- {
- //ensure we have a valid user first!
- if (!AuthorizeRequest(throwExceptions)) return false;
-
- //if it is empty, don't validate
- if (app.IsNullOrWhiteSpace())
- {
- return true;
- }
- var hasAccess = UserHasAppAccess(app, Security.CurrentUser);
- if (!hasAccess && throwExceptions)
- throw new SecurityException("The user does not have access to the required application");
- return hasAccess;
- }
-
- ///
- /// Checks if the specified user as access to the app
- ///
- ///
- ///
- ///
- protected bool UserHasAppAccess(string app, IUser user)
- {
- return Security.UserHasSectionAccess(app, user);
- }
-
- ///
- /// Checks if the specified user by username as access to the app
- ///
- ///
- ///
- ///
- protected bool UserHasAppAccess(string app, string username)
- {
- return Security.UserHasSectionAccess(app, username);
- }
-
- ///
- /// Returns true if there is a valid logged in user and that ssl is enabled if required
- ///
- /// true if an exception should be thrown if authorization fails
- ///
- protected bool AuthorizeRequest(bool throwExceptions = false)
- {
- var result = Security.AuthorizeRequest(throwExceptions);
- return result == ValidateRequestAttempt.Success;
- }
-
-
- }
-}
diff --git a/src/Umbraco.Web/UmbracoContextFactory.cs b/src/Umbraco.Web/UmbracoContextFactory.cs
index 50d450112e..4c7ca2c2a3 100644
--- a/src/Umbraco.Web/UmbracoContextFactory.cs
+++ b/src/Umbraco.Web/UmbracoContextFactory.cs
@@ -90,7 +90,8 @@ namespace Umbraco.Web
public static HttpContextBase EnsureHttpContext(HttpContextBase httpContext = null)
{
- if (Thread.GetDomain().GetData(".appPath") is null || Thread.GetDomain().GetData(".appVPath") is null)
+ var domain = Thread.GetDomain();
+ if (domain.GetData(".appPath") is null || domain.GetData(".appVPath") is null)
{
return httpContext ?? new HttpContextWrapper(HttpContext.Current ??
new HttpContext(new SimpleWorkerRequest("", "", "null.aspx", "", NullWriterInstance)));