yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V10: Build warnings in Web.Website (#12332)

Browse Source 
* add new rule to globalconfig

* Fix warnings in Web.Website

* Fix more warnings in Web.Website

* Fix more build warnings in Web.Website

* Fix more warnings in Web.Website

* Fix tests

* Fix proper constructor call

* Fix not being able to run project

* Fix Obsolete method

Co-authored-by: Nikolaj Geisle <niko737@edu.ucl.dk>
This commit is contained in:
Nikolaj Geisle
2022-05-06 15:06:39 +02:00
committed by GitHub
parent b648177a40
commit 4f3d680f06
47 changed files with 3525 additions and 3447 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
src/Umbraco.Web.Website/Controllers/RenderNoContentController.cs
View File

@@ -1,43 +1,56 @@
using System;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Options;
using Umbraco.Cms.Core.Configuration.Models;
using Umbraco.Cms.Core.Hosting;
using Umbraco.Cms.Core.IO;
using Umbraco.Cms.Core.PublishedCache;
using Umbraco.Cms.Core.Web;
using Umbraco.Cms.Web.Common.DependencyInjection;
using Umbraco.Cms.Web.Website.Models;
using Umbraco.Extensions;
namespace Umbraco.Cms.Web.Website.Controllers
namespace Umbraco.Cms.Web.Website.Controllers;
public class RenderNoContentController : Controller
{
public class RenderNoContentController : Controller
private readonly GlobalSettings _globalSettings;
private readonly IHostingEnvironment _hostingEnvironment;
private readonly IUmbracoContextAccessor _umbracoContextAccessor;
[Obsolete("Please use constructor that takes an IHostingEnvironment instead")]
public RenderNoContentController(
IUmbracoContextAccessor umbracoContextAccessor,
IIOHelper ioHelper,
IOptionsSnapshot<GlobalSettings> globalSettings)
: this(umbracoContextAccessor, globalSettings, StaticServiceProvider.Instance.GetRequiredService<IHostingEnvironment>())
{
private readonly IUmbracoContextAccessor _umbracoContextAccessor;
private readonly IIOHelper _ioHelper;
private readonly GlobalSettings _globalSettings;
}
public RenderNoContentController(IUmbracoContextAccessor umbracoContextAccessor, IIOHelper ioHelper, IOptionsSnapshot<GlobalSettings> globalSettings)
[ActivatorUtilitiesConstructor]
public RenderNoContentController(
IUmbracoContextAccessor umbracoContextAccessor,
IOptionsSnapshot<GlobalSettings> globalSettings,
IHostingEnvironment hostingEnvironment)
{
_umbracoContextAccessor =
umbracoContextAccessor ?? throw new ArgumentNullException(nameof(umbracoContextAccessor));
_hostingEnvironment = hostingEnvironment;
_globalSettings = globalSettings.Value ?? throw new ArgumentNullException(nameof(globalSettings));
}
public ActionResult Index()
{
IUmbracoContext umbracoContext = _umbracoContextAccessor.GetRequiredUmbracoContext();
IPublishedContentCache? store = umbracoContext.Content;
if (store?.HasContent() ?? false)
{
_umbracoContextAccessor = umbracoContextAccessor ?? throw new ArgumentNullException(nameof(umbracoContextAccessor));
_ioHelper = ioHelper ?? throw new ArgumentNullException(nameof(ioHelper));
_globalSettings = globalSettings.Value ?? throw new ArgumentNullException(nameof(globalSettings));
// If there is actually content, go to the root.
return Redirect("~/");
}
public ActionResult Index()
{
var umbracoContext = _umbracoContextAccessor.GetRequiredUmbracoContext();
var store = umbracoContext.Content;
if (store?.HasContent() ?? false)
{
// If there is actually content, go to the root.
return Redirect("~/");
}
var model = new NoNodesViewModel { UmbracoPath = _hostingEnvironment.ToAbsolute(_globalSettings.UmbracoPath) };
var model = new NoNodesViewModel
{
UmbracoPath = _ioHelper.ResolveUrl(_globalSettings.UmbracoPath),
};
return View(_globalSettings.NoNodesViewPath, model);
}
return View(_globalSettings.NoNodesViewPath, model);
}
}

169
src/Umbraco.Web.Website/Controllers/SurfaceController.cs
View File

@@ -1,4 +1,3 @@
using System;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Umbraco.Cms.Core.Cache;
@@ -12,94 +11,102 @@ using Umbraco.Cms.Web.Common.Controllers;
using Umbraco.Cms.Web.Common.Routing;
using Umbraco.Cms.Web.Website.ActionResults;
namespace Umbraco.Cms.Web.Website.Controllers
namespace Umbraco.Cms.Web.Website.Controllers;
/// <summary>
/// Provides a base class for front-end add-in controllers.
/// </summary>
[AutoValidateAntiforgeryToken]
public abstract class SurfaceController : PluginController
{
/// <summary>
/// Provides a base class for front-end add-in controllers.
/// Initializes a new instance of the <see cref="SurfaceController" /> class.
/// </summary>
[AutoValidateAntiforgeryToken]
public abstract class SurfaceController : PluginController
protected SurfaceController(
IUmbracoContextAccessor umbracoContextAccessor,
IUmbracoDatabaseFactory databaseFactory,
ServiceContext services,
AppCaches appCaches,
IProfilingLogger profilingLogger,
IPublishedUrlProvider publishedUrlProvider)
: base(umbracoContextAccessor, databaseFactory, services, appCaches, profilingLogger)
=> PublishedUrlProvider = publishedUrlProvider;
protected IPublishedUrlProvider PublishedUrlProvider { get; }
/// <summary>
/// Gets the current page.
/// </summary>
protected virtual IPublishedContent? CurrentPage
{
/// <summary>
/// Initializes a new instance of the <see cref="SurfaceController"/> class.
/// </summary>
protected SurfaceController(IUmbracoContextAccessor umbracoContextAccessor, IUmbracoDatabaseFactory databaseFactory, ServiceContext services, AppCaches appCaches, IProfilingLogger profilingLogger, IPublishedUrlProvider publishedUrlProvider)
: base(umbracoContextAccessor, databaseFactory, services, appCaches, profilingLogger)
=> PublishedUrlProvider = publishedUrlProvider;
protected IPublishedUrlProvider PublishedUrlProvider { get; }
/// <summary>
/// Gets the current page.
/// </summary>
protected virtual IPublishedContent? CurrentPage
get
{
get
UmbracoRouteValues? umbracoRouteValues = HttpContext.Features.Get<UmbracoRouteValues>();
if (umbracoRouteValues is null)
{
UmbracoRouteValues? umbracoRouteValues = HttpContext.Features.Get<UmbracoRouteValues>();
if (umbracoRouteValues is null)
{
throw new InvalidOperationException($"No {nameof(UmbracoRouteValues)} feature was found in the HttpContext");
}
return umbracoRouteValues.PublishedRequest.PublishedContent;
throw new InvalidOperationException(
$"No {nameof(UmbracoRouteValues)} feature was found in the HttpContext");
}
}
/// <summary>
/// Redirects to the Umbraco page with the given id
/// </summary>
protected RedirectToUmbracoPageResult RedirectToUmbracoPage(Guid contentKey)
=> new RedirectToUmbracoPageResult(contentKey, PublishedUrlProvider, UmbracoContextAccessor);
/// <summary>
/// Redirects to the Umbraco page with the given id and passes provided querystring
/// </summary>
protected RedirectToUmbracoPageResult RedirectToUmbracoPage(Guid contentKey, QueryString queryString)
=> new RedirectToUmbracoPageResult(contentKey, queryString, PublishedUrlProvider, UmbracoContextAccessor);
/// <summary>
/// Redirects to the Umbraco page with the given published content
/// </summary>
protected RedirectToUmbracoPageResult RedirectToUmbracoPage(IPublishedContent publishedContent)
=> new RedirectToUmbracoPageResult(publishedContent, PublishedUrlProvider, UmbracoContextAccessor);
/// <summary>
/// Redirects to the Umbraco page with the given published content and passes provided querystring
/// </summary>
protected RedirectToUmbracoPageResult RedirectToUmbracoPage(IPublishedContent publishedContent, QueryString queryString)
=> new RedirectToUmbracoPageResult(publishedContent, queryString, PublishedUrlProvider, UmbracoContextAccessor);
/// <summary>
/// Redirects to the currently rendered Umbraco page
/// </summary>
protected RedirectToUmbracoPageResult RedirectToCurrentUmbracoPage()
=> new RedirectToUmbracoPageResult(CurrentPage, PublishedUrlProvider, UmbracoContextAccessor);
/// <summary>
/// Redirects to the currently rendered Umbraco page and passes provided querystring
/// </summary>
protected RedirectToUmbracoPageResult RedirectToCurrentUmbracoPage(QueryString queryString)
=> new RedirectToUmbracoPageResult(CurrentPage, queryString, PublishedUrlProvider, UmbracoContextAccessor);
/// <summary>
/// Redirects to the currently rendered Umbraco URL
/// </summary>
/// <remarks>
/// This is useful if you need to redirect
/// to the current page but the current page is actually a rewritten URL normally done with something like
/// Server.Transfer.*
/// </remarks>
protected RedirectToUmbracoUrlResult RedirectToCurrentUmbracoUrl()
=> new RedirectToUmbracoUrlResult(UmbracoContext);
/// <summary>
/// Returns the currently rendered Umbraco page
/// </summary>
protected UmbracoPageResult CurrentUmbracoPage()
{
HttpContext.Features.Set(new ProxyViewDataFeature(ViewData, TempData));
return new UmbracoPageResult(ProfilingLogger);
return umbracoRouteValues.PublishedRequest.PublishedContent;
}
}
/// <summary>
/// Redirects to the Umbraco page with the given id
/// </summary>
protected RedirectToUmbracoPageResult RedirectToUmbracoPage(Guid contentKey)
=> new(contentKey, PublishedUrlProvider, UmbracoContextAccessor);
/// <summary>
/// Redirects to the Umbraco page with the given id and passes provided querystring
/// </summary>
protected RedirectToUmbracoPageResult RedirectToUmbracoPage(Guid contentKey, QueryString queryString)
=> new(contentKey, queryString, PublishedUrlProvider, UmbracoContextAccessor);
/// <summary>
/// Redirects to the Umbraco page with the given published content
/// </summary>
protected RedirectToUmbracoPageResult RedirectToUmbracoPage(IPublishedContent publishedContent)
=> new(publishedContent, PublishedUrlProvider, UmbracoContextAccessor);
/// <summary>
/// Redirects to the Umbraco page with the given published content and passes provided querystring
/// </summary>
protected RedirectToUmbracoPageResult RedirectToUmbracoPage(
IPublishedContent publishedContent,
QueryString queryString)
=> new(publishedContent, queryString, PublishedUrlProvider, UmbracoContextAccessor);
/// <summary>
/// Redirects to the currently rendered Umbraco page
/// </summary>
protected RedirectToUmbracoPageResult RedirectToCurrentUmbracoPage()
=> new(CurrentPage, PublishedUrlProvider, UmbracoContextAccessor);
/// <summary>
/// Redirects to the currently rendered Umbraco page and passes provided querystring
/// </summary>
protected RedirectToUmbracoPageResult RedirectToCurrentUmbracoPage(QueryString queryString)
=> new(CurrentPage, queryString, PublishedUrlProvider, UmbracoContextAccessor);
/// <summary>
/// Redirects to the currently rendered Umbraco URL
/// </summary>
/// <remarks>
/// This is useful if you need to redirect
/// to the current page but the current page is actually a rewritten URL normally done with something like
/// Server.Transfer.*
/// </remarks>
protected RedirectToUmbracoUrlResult RedirectToCurrentUmbracoUrl()
=> new(UmbracoContext);
/// <summary>
/// Returns the currently rendered Umbraco page
/// </summary>
protected UmbracoPageResult CurrentUmbracoPage()
{
HttpContext.Features.Set(new ProxyViewDataFeature(ViewData, TempData));
return new UmbracoPageResult(ProfilingLogger);
}
}

447
src/Umbraco.Web.Website/Controllers/UmbExternalLoginController.cs
View File

@@ -1,7 +1,4 @@
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http.Extensions;
@@ -12,7 +9,6 @@ using Microsoft.Extensions.Options;
using Umbraco.Cms.Core.Cache;
using Umbraco.Cms.Core.Configuration.Models;
using Umbraco.Cms.Core.Logging;
using Umbraco.Cms.Core.Models;
using Umbraco.Cms.Core.Routing;
using Umbraco.Cms.Core.Security;
using Umbraco.Cms.Core.Services;
@@ -24,266 +20,269 @@ using Umbraco.Cms.Web.Common.Security;
using Umbraco.Extensions;
using SignInResult = Microsoft.AspNetCore.Identity.SignInResult;
namespace Umbraco.Cms.Web.Website.Controllers
namespace Umbraco.Cms.Web.Website.Controllers;
[UmbracoMemberAuthorize]
public class UmbExternalLoginController : SurfaceController
{
[UmbracoMemberAuthorize]
public class UmbExternalLoginController : SurfaceController
private readonly ILogger<UmbExternalLoginController> _logger;
private readonly IMemberManager _memberManager;
private readonly IMemberSignInManager _memberSignInManager;
private readonly IOptions<SecuritySettings> _securitySettings;
private readonly ITwoFactorLoginService _twoFactorLoginService;
public UmbExternalLoginController(
ILogger<UmbExternalLoginController> logger,
IUmbracoContextAccessor umbracoContextAccessor,
IUmbracoDatabaseFactory databaseFactory,
ServiceContext services,
AppCaches appCaches,
IProfilingLogger profilingLogger,
IPublishedUrlProvider publishedUrlProvider,
IMemberSignInManager memberSignInManager,
IMemberManager memberManager,
ITwoFactorLoginService twoFactorLoginService,
IOptions<SecuritySettings> securitySettings)
: base(
umbracoContextAccessor,
databaseFactory,
services,
appCaches,
profilingLogger,
publishedUrlProvider)
{
private readonly IMemberManager _memberManager;
private readonly ITwoFactorLoginService _twoFactorLoginService;
private readonly IOptions<SecuritySettings> _securitySettings;
private readonly ILogger<UmbExternalLoginController> _logger;
private readonly IMemberSignInManager _memberSignInManager;
_logger = logger;
_memberSignInManager = memberSignInManager;
_memberManager = memberManager;
_twoFactorLoginService = twoFactorLoginService;
_securitySettings = securitySettings;
}
public UmbExternalLoginController(
ILogger<UmbExternalLoginController> logger,
IUmbracoContextAccessor umbracoContextAccessor,
IUmbracoDatabaseFactory databaseFactory,
ServiceContext services,
AppCaches appCaches,
IProfilingLogger profilingLogger,
IPublishedUrlProvider publishedUrlProvider,
IMemberSignInManager memberSignInManager,
IMemberManager memberManager,
ITwoFactorLoginService twoFactorLoginService,
IOptions<SecuritySettings> securitySettings)
: base(
umbracoContextAccessor,
databaseFactory,
services,
appCaches,
profilingLogger,
publishedUrlProvider)
/// <summary>
/// Endpoint used to redirect to a specific login provider. This endpoint is used from the Login Macro snippet.
/// </summary>
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult ExternalLogin(string provider, string? returnUrl = null)
{
if (returnUrl.IsNullOrWhiteSpace())
{
_logger = logger;
_memberSignInManager = memberSignInManager;
_memberManager = memberManager;
_twoFactorLoginService = twoFactorLoginService;
_securitySettings = securitySettings;
returnUrl = Request.GetEncodedPathAndQuery();
}
/// <summary>
/// Endpoint used to redirect to a specific login provider. This endpoint is used from the Login Macro snippet.
/// </summary>
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult ExternalLogin(string provider, string? returnUrl = null)
var wrappedReturnUrl =
Url.SurfaceAction(nameof(ExternalLoginCallback), this.GetControllerName(), new { returnUrl });
AuthenticationProperties properties =
_memberSignInManager.ConfigureExternalAuthenticationProperties(provider, wrappedReturnUrl);
return Challenge(properties, provider);
}
/// <summary>
/// Endpoint used my the login provider to call back to our solution.
/// </summary>
[HttpGet]
[AllowAnonymous]
public async Task<IActionResult> ExternalLoginCallback(string returnUrl)
{
var errors = new List<string>();
ExternalLoginInfo? loginInfo = await _memberSignInManager.GetExternalLoginInfoAsync();
if (loginInfo is null)
{
if (returnUrl.IsNullOrWhiteSpace())
{
returnUrl = Request.GetEncodedPathAndQuery();
}
var wrappedReturnUrl =
Url.SurfaceAction(nameof(ExternalLoginCallback), this.GetControllerName(), new { returnUrl });
AuthenticationProperties properties =
_memberSignInManager.ConfigureExternalAuthenticationProperties(provider, wrappedReturnUrl);
return Challenge(properties, provider);
errors.Add("Invalid response from the login provider");
}
/// <summary>
/// Endpoint used my the login provider to call back to our solution.
/// </summary>
[HttpGet]
[AllowAnonymous]
public async Task<IActionResult> ExternalLoginCallback(string returnUrl)
else
{
var errors = new List<string>();
SignInResult result = await _memberSignInManager.ExternalLoginSignInAsync(
loginInfo,
false,
_securitySettings.Value.MemberBypassTwoFactorForExternalLogins);
ExternalLoginInfo? loginInfo = await _memberSignInManager.GetExternalLoginInfoAsync();
if (loginInfo is null)
if (result == SignInResult.Success)
{
errors.Add("Invalid response from the login provider");
}
else
{
SignInResult result = await _memberSignInManager.ExternalLoginSignInAsync(loginInfo, false, _securitySettings.Value.MemberBypassTwoFactorForExternalLogins);
// Update any authentication tokens if succeeded
await _memberSignInManager.UpdateExternalAuthenticationTokensAsync(loginInfo);
if (result == SignInResult.Success)
{
// Update any authentication tokens if succeeded
await _memberSignInManager.UpdateExternalAuthenticationTokensAsync(loginInfo);
return RedirectToLocal(returnUrl);
}
if (result == SignInResult.TwoFactorRequired)
{
MemberIdentityUser attemptedUser =
await _memberManager.FindByLoginAsync(loginInfo.LoginProvider, loginInfo.ProviderKey);
if (attemptedUser == null)
{
return new ValidationErrorResult(
$"No local user found for the login provider {loginInfo.LoginProvider} - {loginInfo.ProviderKey}");
}
var providerNames = await _twoFactorLoginService.GetEnabledTwoFactorProviderNamesAsync(attemptedUser.Key);
ViewData.SetTwoFactorProviderNames(providerNames);
return CurrentUmbracoPage();
}
if (result == SignInResult.LockedOut)
{
errors.Add(
$"The local member {loginInfo.Principal.Identity?.Name} for the external provider {loginInfo.ProviderDisplayName} is locked out.");
}
else if (result == SignInResult.NotAllowed)
{
// This occurs when SignInManager.CanSignInAsync fails which is when RequireConfirmedEmail , RequireConfirmedPhoneNumber or RequireConfirmedAccount fails
// however since we don't enforce those rules (yet) this shouldn't happen.
errors.Add(
$"The member {loginInfo.Principal.Identity?.Name} for the external provider {loginInfo.ProviderDisplayName} has not confirmed their details and cannot sign in.");
}
else if (result == SignInResult.Failed)
{
// Failed only occurs when the user does not exist
errors.Add("The requested provider (" + loginInfo.LoginProvider +
") has not been linked to an account, the provider must be linked before it can be used.");
}
else if (result == MemberSignInManager.ExternalLoginSignInResult.NotAllowed)
{
// This occurs when the external provider has approved the login but custom logic in OnExternalLogin has denined it.
errors.Add(
$"The user {loginInfo.Principal.Identity?.Name} for the external provider {loginInfo.ProviderDisplayName} has not been accepted and cannot sign in.");
}
else if (result == MemberSignInManager.AutoLinkSignInResult.FailedNotLinked)
{
errors.Add("The requested provider (" + loginInfo.LoginProvider +
") has not been linked to an account, the provider must be linked from the back office.");
}
else if (result == MemberSignInManager.AutoLinkSignInResult.FailedNoEmail)
{
errors.Add(
$"The requested provider ({loginInfo.LoginProvider}) has not provided the email claim {ClaimTypes.Email}, the account cannot be linked.");
}
else if (result is MemberSignInManager.AutoLinkSignInResult autoLinkSignInResult &&
autoLinkSignInResult.Errors.Count > 0)
{
errors.AddRange(autoLinkSignInResult.Errors);
}
else if (!result.Succeeded)
{
// this shouldn't occur, the above should catch the correct error but we'll be safe just in case
errors.Add($"An unknown error with the requested provider ({loginInfo.LoginProvider}) occurred.");
}
return RedirectToLocal(returnUrl);
}
if (errors.Count > 0)
if (result == SignInResult.TwoFactorRequired)
{
ViewData.SetExternalSignInProviderErrors(
new BackOfficeExternalLoginProviderErrors(
loginInfo?.LoginProvider,
errors));
MemberIdentityUser attemptedUser =
await _memberManager.FindByLoginAsync(loginInfo.LoginProvider, loginInfo.ProviderKey);
if (attemptedUser == null!)
{
return new ValidationErrorResult(
$"No local user found for the login provider {loginInfo.LoginProvider} - {loginInfo.ProviderKey}");
}
IEnumerable<string> providerNames =
await _twoFactorLoginService.GetEnabledTwoFactorProviderNamesAsync(attemptedUser.Key);
ViewData.SetTwoFactorProviderNames(providerNames);
return CurrentUmbracoPage();
}
return RedirectToLocal(returnUrl);
}
private void AddModelErrors(IdentityResult result, string prefix = "")
{
foreach (IdentityError error in result.Errors)
if (result == SignInResult.LockedOut)
{
ModelState.AddModelError(prefix, error.Description);
errors.Add(
$"The local member {loginInfo.Principal.Identity?.Name} for the external provider {loginInfo.ProviderDisplayName} is locked out.");
}
else if (result == SignInResult.NotAllowed)
{
// This occurs when SignInManager.CanSignInAsync fails which is when RequireConfirmedEmail , RequireConfirmedPhoneNumber or RequireConfirmedAccount fails
// however since we don't enforce those rules (yet) this shouldn't happen.
errors.Add(
$"The member {loginInfo.Principal.Identity?.Name} for the external provider {loginInfo.ProviderDisplayName} has not confirmed their details and cannot sign in.");
}
else if (result == SignInResult.Failed)
{
// Failed only occurs when the user does not exist
errors.Add("The requested provider (" + loginInfo.LoginProvider +
") has not been linked to an account, the provider must be linked before it can be used.");
}
else if (result == MemberSignInManager.ExternalLoginSignInResult.NotAllowed)
{
// This occurs when the external provider has approved the login but custom logic in OnExternalLogin has denined it.
errors.Add(
$"The user {loginInfo.Principal.Identity?.Name} for the external provider {loginInfo.ProviderDisplayName} has not been accepted and cannot sign in.");
}
else if (result == MemberSignInManager.AutoLinkSignInResult.FailedNotLinked)
{
errors.Add("The requested provider (" + loginInfo.LoginProvider +
") has not been linked to an account, the provider must be linked from the back office.");
}
else if (result == MemberSignInManager.AutoLinkSignInResult.FailedNoEmail)
{
errors.Add(
$"The requested provider ({loginInfo.LoginProvider}) has not provided the email claim {ClaimTypes.Email}, the account cannot be linked.");
}
else if (result is MemberSignInManager.AutoLinkSignInResult autoLinkSignInResult &&
autoLinkSignInResult.Errors.Count > 0)
{
errors.AddRange(autoLinkSignInResult.Errors);
}
else if (!result.Succeeded)
{
// this shouldn't occur, the above should catch the correct error but we'll be safe just in case
errors.Add($"An unknown error with the requested provider ({loginInfo.LoginProvider}) occurred.");
}
}
[HttpPost]
[ValidateAntiForgeryToken]
public IActionResult LinkLogin(string provider, string? returnUrl = null)
if (errors.Count > 0)
{
if (returnUrl.IsNullOrWhiteSpace())
{
returnUrl = Request.GetEncodedPathAndQuery();
}
ViewData.SetExternalSignInProviderErrors(
new BackOfficeExternalLoginProviderErrors(
loginInfo?.LoginProvider,
errors));
var wrappedReturnUrl =
Url.SurfaceAction(nameof(ExternalLinkLoginCallback), this.GetControllerName(), new { returnUrl });
// Configures the redirect URL and user identifier for the specified external login including xsrf data
AuthenticationProperties properties =
_memberSignInManager.ConfigureExternalAuthenticationProperties(provider, wrappedReturnUrl,
_memberManager.GetUserId(User));
return Challenge(properties, provider);
return CurrentUmbracoPage();
}
[HttpGet]
public async Task<IActionResult> ExternalLinkLoginCallback(string returnUrl)
return RedirectToLocal(returnUrl);
}
private void AddModelErrors(IdentityResult result, string prefix = "")
{
foreach (IdentityError error in result.Errors)
{
MemberIdentityUser user = await _memberManager.GetUserAsync(User);
string? loginProvider = null;
var errors = new List<string>();
if (user == null)
ModelState.AddModelError(prefix, error.Description);
}
}
[HttpPost]
[ValidateAntiForgeryToken]
public IActionResult LinkLogin(string provider, string? returnUrl = null)
{
if (returnUrl.IsNullOrWhiteSpace())
{
returnUrl = Request.GetEncodedPathAndQuery();
}
var wrappedReturnUrl =
Url.SurfaceAction(nameof(ExternalLinkLoginCallback), this.GetControllerName(), new { returnUrl });
// Configures the redirect URL and user identifier for the specified external login including xsrf data
AuthenticationProperties properties =
_memberSignInManager.ConfigureExternalAuthenticationProperties(
provider,
wrappedReturnUrl,
_memberManager.GetUserId(User));
return Challenge(properties, provider);
}
[HttpGet]
public async Task<IActionResult> ExternalLinkLoginCallback(string returnUrl)
{
MemberIdentityUser user = await _memberManager.GetUserAsync(User);
string? loginProvider = null;
var errors = new List<string>();
if (user == null!)
{
// ... this should really not happen
errors.Add("Local user does not exist");
}
else
{
ExternalLoginInfo? info =
await _memberSignInManager.GetExternalLoginInfoAsync(await _memberManager.GetUserIdAsync(user));
if (info == null)
{
// ... this should really not happen
errors.Add("Local user does not exist");
// Add error and redirect for it to be displayed
errors.Add("An error occurred, could not get external login info");
}
else
{
ExternalLoginInfo? info =
await _memberSignInManager.GetExternalLoginInfoAsync(await _memberManager.GetUserIdAsync(user));
if (info == null)
loginProvider = info.LoginProvider;
IdentityResult addLoginResult = await _memberManager.AddLoginAsync(user, info);
if (addLoginResult.Succeeded)
{
//Add error and redirect for it to be displayed
errors.Add( "An error occurred, could not get external login info");
}
else
{
loginProvider = info.LoginProvider;
IdentityResult addLoginResult = await _memberManager.AddLoginAsync(user, info);
if (addLoginResult.Succeeded)
{
// Update any authentication tokens if succeeded
await _memberSignInManager.UpdateExternalAuthenticationTokensAsync(info);
// Update any authentication tokens if succeeded
await _memberSignInManager.UpdateExternalAuthenticationTokensAsync(info);
return RedirectToLocal(returnUrl);
}
//Add errors and redirect for it to be displayed
errors.AddRange(addLoginResult.Errors.Select(x => x.Description));
return RedirectToLocal(returnUrl);
}
// Add errors and redirect for it to be displayed
errors.AddRange(addLoginResult.Errors.Select(x => x.Description));
}
ViewData.SetExternalSignInProviderErrors(
new BackOfficeExternalLoginProviderErrors(
loginProvider,
errors));
return CurrentUmbracoPage();
}
private IActionResult RedirectToLocal(string returnUrl) =>
Url.IsLocalUrl(returnUrl) ? Redirect(returnUrl) : RedirectToCurrentUmbracoPage();
ViewData.SetExternalSignInProviderErrors(
new BackOfficeExternalLoginProviderErrors(
loginProvider,
errors));
return CurrentUmbracoPage();
}
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Disassociate(string provider, string providerKey, string? returnUrl = null)
private IActionResult RedirectToLocal(string returnUrl) =>
Url.IsLocalUrl(returnUrl) ? Redirect(returnUrl) : RedirectToCurrentUmbracoPage();
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Disassociate(string provider, string providerKey, string? returnUrl = null)
{
if (returnUrl.IsNullOrWhiteSpace())
{
if (returnUrl.IsNullOrWhiteSpace())
{
returnUrl = Request.GetEncodedPathAndQuery();
}
MemberIdentityUser user = await _memberManager.FindByIdAsync(User.Identity?.GetUserId());
IdentityResult result = await _memberManager.RemoveLoginAsync(user, provider, providerKey);
if (result.Succeeded)
{
await _memberSignInManager.SignInAsync(user, false);
return RedirectToLocal(returnUrl!);
}
AddModelErrors(result);
return CurrentUmbracoPage();
returnUrl = Request.GetEncodedPathAndQuery();
}
MemberIdentityUser user = await _memberManager.FindByIdAsync(User.Identity?.GetUserId());
IdentityResult result = await _memberManager.RemoveLoginAsync(user, provider, providerKey);
if (result.Succeeded)
{
await _memberSignInManager.SignInAsync(user, false);
return RedirectToLocal(returnUrl!);
}
AddModelErrors(result);
return CurrentUmbracoPage();
}
}

224
src/Umbraco.Web.Website/Controllers/UmbLoginController.cs
View File

@@ -1,13 +1,7 @@
using System;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.DependencyInjection;
using Umbraco.Cms.Core.Cache;
using Umbraco.Cms.Core.Logging;
using Umbraco.Cms.Core.Models;
using Umbraco.Cms.Core.Models.ContentEditing;
using Umbraco.Cms.Core.Routing;
using Umbraco.Cms.Core.Security;
using Umbraco.Cms.Core.Services;
@@ -21,126 +15,130 @@ using Umbraco.Cms.Web.Common.Security;
using Umbraco.Extensions;
using SignInResult = Microsoft.AspNetCore.Identity.SignInResult;
namespace Umbraco.Cms.Web.Website.Controllers
namespace Umbraco.Cms.Web.Website.Controllers;
public class UmbLoginController : SurfaceController
{
public class UmbLoginController : SurfaceController
private readonly IMemberManager _memberManager;
private readonly IMemberSignInManager _signInManager;
private readonly ITwoFactorLoginService _twoFactorLoginService;
[ActivatorUtilitiesConstructor]
public UmbLoginController(
IUmbracoContextAccessor umbracoContextAccessor,
IUmbracoDatabaseFactory databaseFactory,
ServiceContext services,
AppCaches appCaches,
IProfilingLogger profilingLogger,
IPublishedUrlProvider publishedUrlProvider,
IMemberSignInManager signInManager,
IMemberManager memberManager,
ITwoFactorLoginService twoFactorLoginService)
: base(umbracoContextAccessor, databaseFactory, services, appCaches, profilingLogger, publishedUrlProvider)
{
private readonly IMemberSignInManager _signInManager;
private readonly IMemberManager _memberManager;
private readonly ITwoFactorLoginService _twoFactorLoginService;
_signInManager = signInManager;
_memberManager = memberManager;
_twoFactorLoginService = twoFactorLoginService;
}
[Obsolete("Use ctor with all params")]
public UmbLoginController(
IUmbracoContextAccessor umbracoContextAccessor,
IUmbracoDatabaseFactory databaseFactory,
ServiceContext services,
AppCaches appCaches,
IProfilingLogger profilingLogger,
IPublishedUrlProvider publishedUrlProvider,
IMemberSignInManager signInManager)
: this(
umbracoContextAccessor,
databaseFactory,
services,
appCaches,
profilingLogger,
publishedUrlProvider,
signInManager,
StaticServiceProvider.Instance.GetRequiredService<IMemberManager>(),
StaticServiceProvider.Instance.GetRequiredService<ITwoFactorLoginService>())
{
}
[ActivatorUtilitiesConstructor]
public UmbLoginController(
IUmbracoContextAccessor umbracoContextAccessor,
IUmbracoDatabaseFactory databaseFactory,
ServiceContext services,
AppCaches appCaches,
IProfilingLogger profilingLogger,
IPublishedUrlProvider publishedUrlProvider,
IMemberSignInManager signInManager,
IMemberManager memberManager,
ITwoFactorLoginService twoFactorLoginService)
: base(umbracoContextAccessor, databaseFactory, services, appCaches, profilingLogger, publishedUrlProvider)
[HttpPost]
[ValidateAntiForgeryToken]
[ValidateUmbracoFormRouteString]
public async Task<IActionResult> HandleLogin([Bind(Prefix = "loginModel")] LoginModel model)
{
if (ModelState.IsValid == false)
{
_signInManager = signInManager;
_memberManager = memberManager;
_twoFactorLoginService = twoFactorLoginService;
}
[Obsolete("Use ctor with all params")]
public UmbLoginController(
IUmbracoContextAccessor umbracoContextAccessor,
IUmbracoDatabaseFactory databaseFactory,
ServiceContext services,
AppCaches appCaches,
IProfilingLogger profilingLogger,
IPublishedUrlProvider publishedUrlProvider,
IMemberSignInManager signInManager)
: this(umbracoContextAccessor, databaseFactory, services, appCaches, profilingLogger, publishedUrlProvider, signInManager,
StaticServiceProvider.Instance.GetRequiredService<IMemberManager>(),
StaticServiceProvider.Instance.GetRequiredService<ITwoFactorLoginService>())
{
}
[HttpPost]
[ValidateAntiForgeryToken]
[ValidateUmbracoFormRouteString]
public async Task<IActionResult> HandleLogin([Bind(Prefix = "loginModel")]LoginModel model)
{
if (ModelState.IsValid == false)
{
return CurrentUmbracoPage();
}
MergeRouteValuesToModel(model);
// Sign the user in with username/password, this also gives a chance for developers to
// custom verify the credentials and auto-link user accounts with a custom IBackOfficePasswordChecker
SignInResult result = await _signInManager.PasswordSignInAsync(
model.Username, model.Password, isPersistent: model.RememberMe, lockoutOnFailure: true);
if (result.Succeeded)
{
TempData["LoginSuccess"] = true;
// If there is a specified path to redirect to then use it.
if (model.RedirectUrl.IsNullOrWhiteSpace() == false)
{
// Validate the redirect URL.
// If it's not a local URL we'll redirect to the root of the current site.
return Redirect(Url.IsLocalUrl(model.RedirectUrl)
? model.RedirectUrl
: CurrentPage!.AncestorOrSelf(1)!.Url(PublishedUrlProvider));
}
// Redirect to current URL by default.
// This is different from the current 'page' because when using Public Access the current page
// will be the login page, but the URL will be on the requested page so that's where we need
// to redirect too.
return RedirectToCurrentUmbracoUrl();
}
if (result.RequiresTwoFactor)
{
MemberIdentityUser attemptedUser = await _memberManager.FindByNameAsync(model.Username);
if (attemptedUser == null)
{
return new ValidationErrorResult(
$"No local member found for username {model.Username}");
}
var providerNames = await _twoFactorLoginService.GetEnabledTwoFactorProviderNamesAsync(attemptedUser.Key);
ViewData.SetTwoFactorProviderNames(providerNames);
}
else if (result.IsLockedOut)
{
ModelState.AddModelError("loginModel", "Member is locked out");
}
else if (result.IsNotAllowed)
{
ModelState.AddModelError("loginModel", "Member is not allowed");
}
else
{
ModelState.AddModelError("loginModel", "Invalid username or password");
}
return CurrentUmbracoPage();
}
/// <summary>
/// We pass in values via encrypted route values so they cannot be tampered with and merge them into the model for use
/// </summary>
/// <param name="model"></param>
private void MergeRouteValuesToModel(LoginModel model)
MergeRouteValuesToModel(model);
// Sign the user in with username/password, this also gives a chance for developers to
// custom verify the credentials and auto-link user accounts with a custom IBackOfficePasswordChecker
SignInResult result = await _signInManager.PasswordSignInAsync(
model.Username, model.Password, model.RememberMe, true);
if (result.Succeeded)
{
if (RouteData.Values.TryGetValue(nameof(LoginModel.RedirectUrl), out var redirectUrl) && redirectUrl != null)
TempData["LoginSuccess"] = true;
// If there is a specified path to redirect to then use it.
if (model.RedirectUrl.IsNullOrWhiteSpace() == false)
{
model.RedirectUrl = redirectUrl.ToString();
// Validate the redirect URL.
// If it's not a local URL we'll redirect to the root of the current site.
return Redirect(Url.IsLocalUrl(model.RedirectUrl)
? model.RedirectUrl
: CurrentPage!.AncestorOrSelf(1)!.Url(PublishedUrlProvider));
}
// Redirect to current URL by default.
// This is different from the current 'page' because when using Public Access the current page
// will be the login page, but the URL will be on the requested page so that's where we need
// to redirect too.
return RedirectToCurrentUmbracoUrl();
}
if (result.RequiresTwoFactor)
{
MemberIdentityUser attemptedUser = await _memberManager.FindByNameAsync(model.Username);
if (attemptedUser == null!)
{
return new ValidationErrorResult(
$"No local member found for username {model.Username}");
}
IEnumerable<string> providerNames =
await _twoFactorLoginService.GetEnabledTwoFactorProviderNamesAsync(attemptedUser.Key);
ViewData.SetTwoFactorProviderNames(providerNames);
}
else if (result.IsLockedOut)
{
ModelState.AddModelError("loginModel", "Member is locked out");
}
else if (result.IsNotAllowed)
{
ModelState.AddModelError("loginModel", "Member is not allowed");
}
else
{
ModelState.AddModelError("loginModel", "Invalid username or password");
}
return CurrentUmbracoPage();
}
/// <summary>
/// We pass in values via encrypted route values so they cannot be tampered with and merge them into the model for use
/// </summary>
/// <param name="model"></param>
private void MergeRouteValuesToModel(LoginModel model)
{
if (RouteData.Values.TryGetValue(nameof(LoginModel.RedirectUrl), out var redirectUrl) && redirectUrl != null)
{
model.RedirectUrl = redirectUrl.ToString();
}
}
}

84
src/Umbraco.Web.Website/Controllers/UmbLoginStatusController.cs
View File

@@ -1,4 +1,3 @@
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc;
using Umbraco.Cms.Core.Cache;
using Umbraco.Cms.Core.Logging;
@@ -11,51 +10,50 @@ using Umbraco.Cms.Web.Common.Models;
using Umbraco.Cms.Web.Common.Security;
using Umbraco.Extensions;
namespace Umbraco.Cms.Web.Website.Controllers
namespace Umbraco.Cms.Web.Website.Controllers;
[UmbracoMemberAuthorize]
public class UmbLoginStatusController : SurfaceController
{
[UmbracoMemberAuthorize]
public class UmbLoginStatusController : SurfaceController
private readonly IMemberSignInManager _signInManager;
public UmbLoginStatusController(
IUmbracoContextAccessor umbracoContextAccessor,
IUmbracoDatabaseFactory databaseFactory,
ServiceContext services,
AppCaches appCaches,
IProfilingLogger profilingLogger,
IPublishedUrlProvider publishedUrlProvider,
IMemberSignInManager signInManager)
: base(umbracoContextAccessor, databaseFactory, services, appCaches, profilingLogger, publishedUrlProvider)
=> _signInManager = signInManager;
[HttpPost]
[ValidateAntiForgeryToken]
[ValidateUmbracoFormRouteString]
public async Task<IActionResult> HandleLogout([Bind(Prefix = "logoutModel")] PostRedirectModel model)
{
private readonly IMemberSignInManager _signInManager;
public UmbLoginStatusController(
IUmbracoContextAccessor umbracoContextAccessor,
IUmbracoDatabaseFactory databaseFactory,
ServiceContext services,
AppCaches appCaches,
IProfilingLogger profilingLogger,
IPublishedUrlProvider publishedUrlProvider,
IMemberSignInManager signInManager)
: base(umbracoContextAccessor, databaseFactory, services, appCaches, profilingLogger, publishedUrlProvider)
=> _signInManager = signInManager;
[HttpPost]
[ValidateAntiForgeryToken]
[ValidateUmbracoFormRouteString]
public async Task<IActionResult> HandleLogout([Bind(Prefix = "logoutModel")]PostRedirectModel model)
if (ModelState.IsValid == false)
{
if (ModelState.IsValid == false)
{
return CurrentUmbracoPage();
}
var isLoggedIn = HttpContext.User?.Identity?.IsAuthenticated ?? false;
if (isLoggedIn)
{
await _signInManager.SignOutAsync();
}
TempData["LogoutSuccess"] = true;
// If there is a specified path to redirect to then use it.
if (model.RedirectUrl.IsNullOrWhiteSpace() == false)
{
return Redirect(model.RedirectUrl!);
}
// Redirect to current page by default.
return RedirectToCurrentUmbracoPage();
return CurrentUmbracoPage();
}
var isLoggedIn = HttpContext.User.Identity?.IsAuthenticated ?? false;
if (isLoggedIn)
{
await _signInManager.SignOutAsync();
}
TempData["LogoutSuccess"] = true;
// If there is a specified path to redirect to then use it.
if (model.RedirectUrl.IsNullOrWhiteSpace() == false)
{
return Redirect(model.RedirectUrl!);
}
// Redirect to current page by default.
return RedirectToCurrentUmbracoPage();
}
}

230
src/Umbraco.Web.Website/Controllers/UmbProfileController.cs
View File

@@ -1,6 +1,3 @@
using System;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using Umbraco.Cms.Core.Cache;
@@ -16,136 +13,133 @@ using Umbraco.Cms.Web.Common.Filters;
using Umbraco.Cms.Web.Website.Models;
using Umbraco.Extensions;
namespace Umbraco.Cms.Web.Website.Controllers
{
[UmbracoMemberAuthorize]
public class UmbProfileController : SurfaceController
{
private readonly IMemberManager _memberManager;
private readonly IMemberService _memberService;
private readonly IMemberTypeService _memberTypeService;
private readonly ICoreScopeProvider _scopeProvider;
namespace Umbraco.Cms.Web.Website.Controllers;
public UmbProfileController(
IUmbracoContextAccessor umbracoContextAccessor,
IUmbracoDatabaseFactory databaseFactory,
ServiceContext services,
AppCaches appCaches,
IProfilingLogger profilingLogger,
IPublishedUrlProvider publishedUrlProvider,
IMemberManager memberManager,
IMemberService memberService,
IMemberTypeService memberTypeService,
ICoreScopeProvider scopeProvider)
: base(umbracoContextAccessor, databaseFactory, services, appCaches, profilingLogger, publishedUrlProvider)
[UmbracoMemberAuthorize]
public class UmbProfileController : SurfaceController
{
private readonly IMemberManager _memberManager;
private readonly IMemberService _memberService;
private readonly IMemberTypeService _memberTypeService;
private readonly ICoreScopeProvider _scopeProvider;
public UmbProfileController(
IUmbracoContextAccessor umbracoContextAccessor,
IUmbracoDatabaseFactory databaseFactory,
ServiceContext services,
AppCaches appCaches,
IProfilingLogger profilingLogger,
IPublishedUrlProvider publishedUrlProvider,
IMemberManager memberManager,
IMemberService memberService,
IMemberTypeService memberTypeService,
ICoreScopeProvider scopeProvider)
: base(umbracoContextAccessor, databaseFactory, services, appCaches, profilingLogger, publishedUrlProvider)
{
_memberManager = memberManager;
_memberService = memberService;
_memberTypeService = memberTypeService;
_scopeProvider = scopeProvider;
}
[HttpPost]
[ValidateAntiForgeryToken]
[ValidateUmbracoFormRouteString]
public async Task<IActionResult> HandleUpdateProfile([Bind(Prefix = "profileModel")] ProfileModel model)
{
if (ModelState.IsValid == false)
{
_memberManager = memberManager;
_memberService = memberService;
_memberTypeService = memberTypeService;
_scopeProvider = scopeProvider;
return CurrentUmbracoPage();
}
[HttpPost]
[ValidateAntiForgeryToken]
[ValidateUmbracoFormRouteString]
public async Task<IActionResult> HandleUpdateProfile([Bind(Prefix = "profileModel")] ProfileModel model)
MergeRouteValuesToModel(model);
MemberIdentityUser? currentMember = await _memberManager.GetUserAsync(HttpContext.User);
if (currentMember == null!)
{
if (ModelState.IsValid == false)
{
return CurrentUmbracoPage();
}
MergeRouteValuesToModel(model);
MemberIdentityUser currentMember = await _memberManager.GetUserAsync(HttpContext.User);
if (currentMember == null)
{
// this shouldn't happen, we also don't want to return an error so just redirect to where we came from
return RedirectToCurrentUmbracoPage();
}
IdentityResult result = await UpdateMemberAsync(model, currentMember);
if (!result.Succeeded)
{
AddErrors(result);
return CurrentUmbracoPage();
}
TempData["FormSuccess"] = true;
// If there is a specified path to redirect to then use it.
if (model.RedirectUrl.IsNullOrWhiteSpace() == false)
{
return Redirect(model.RedirectUrl!);
}
// Redirect to current page by default.
// this shouldn't happen, we also don't want to return an error so just redirect to where we came from
return RedirectToCurrentUmbracoPage();
}
/// <summary>
/// We pass in values via encrypted route values so they cannot be tampered with and merge them into the model for use
/// </summary>
/// <param name="model"></param>
private void MergeRouteValuesToModel(ProfileModel model)
IdentityResult result = await UpdateMemberAsync(model, currentMember);
if (!result.Succeeded)
{
if (RouteData.Values.TryGetValue(nameof(ProfileModel.RedirectUrl), out var redirectUrl) && redirectUrl != null)
{
model.RedirectUrl = redirectUrl.ToString();
}
AddErrors(result);
return CurrentUmbracoPage();
}
private void AddErrors(IdentityResult result)
TempData["FormSuccess"] = true;
// If there is a specified path to redirect to then use it.
if (model.RedirectUrl.IsNullOrWhiteSpace() == false)
{
foreach (var error in result.Errors)
{
ModelState.AddModelError("profileModel", error.Description);
}
return Redirect(model.RedirectUrl!);
}
private async Task<IdentityResult> UpdateMemberAsync(ProfileModel model, MemberIdentityUser currentMember)
// Redirect to current page by default.
return RedirectToCurrentUmbracoPage();
}
/// <summary>
/// We pass in values via encrypted route values so they cannot be tampered with and merge them into the model for use
/// </summary>
/// <param name="model"></param>
private void MergeRouteValuesToModel(ProfileModel model)
{
if (RouteData.Values.TryGetValue(nameof(ProfileModel.RedirectUrl), out var redirectUrl) && redirectUrl != null)
{
using ICoreScope scope = _scopeProvider.CreateCoreScope(autoComplete: true);
currentMember.Email = model.Email;
currentMember.Name = model.Name;
currentMember.UserName = model.UserName;
currentMember.Comments = model.Comments;
IdentityResult saveResult = await _memberManager.UpdateAsync(currentMember);
if (!saveResult.Succeeded)
{
return saveResult;
}
// now we can update the custom properties
// TODO: Ideally we could do this all through our MemberIdentityUser
IMember? member = _memberService.GetByKey(currentMember.Key);
if (member == null)
{
// should never happen
throw new InvalidOperationException($"Could not find a member with key: {member?.Key}.");
}
IMemberType? memberType = _memberTypeService.Get(member.ContentTypeId);
if (model.MemberProperties != null)
{
foreach (MemberPropertyModel property in model.MemberProperties
//ensure the property they are posting exists
.Where(p => memberType?.PropertyTypeExists(p.Alias) ?? false)
.Where(property => member.Properties.Contains(property.Alias))
//needs to be editable
.Where(p => memberType?.MemberCanEditProperty(p.Alias) ?? false))
{
member.Properties[property.Alias]?.SetValue(property.Value);
}
}
_memberService.Save(member);
return saveResult;
model.RedirectUrl = redirectUrl.ToString();
}
}
private void AddErrors(IdentityResult result)
{
foreach (IdentityError? error in result.Errors)
{
ModelState.AddModelError("profileModel", error.Description);
}
}
private async Task<IdentityResult> UpdateMemberAsync(ProfileModel model, MemberIdentityUser currentMember)
{
using ICoreScope scope = _scopeProvider.CreateCoreScope(autoComplete: true);
currentMember.Email = model.Email;
currentMember.Name = model.Name;
currentMember.UserName = model.UserName;
currentMember.Comments = model.Comments;
IdentityResult saveResult = await _memberManager.UpdateAsync(currentMember);
if (!saveResult.Succeeded)
{
return saveResult;
}
// now we can update the custom properties
// TODO: Ideally we could do this all through our MemberIdentityUser
IMember? member = _memberService.GetByKey(currentMember.Key);
if (member == null)
{
// should never happen
throw new InvalidOperationException($"Could not find a member with key: {member?.Key}.");
}
IMemberType? memberType = _memberTypeService.Get(member.ContentTypeId);
foreach (MemberPropertyModel property in model.MemberProperties
// ensure the property they are posting exists
.Where(p => memberType?.PropertyTypeExists(p.Alias) ?? false)
.Where(property => member.Properties.Contains(property.Alias))
// needs to be editable
.Where(p => memberType?.MemberCanEditProperty(p.Alias) ?? false))
{
member.Properties[property.Alias]?.SetValue(property.Value);
}
_memberService.Save(member);
return saveResult;
}
}

249
src/Umbraco.Web.Website/Controllers/UmbRegisterController.cs
View File

@@ -1,6 +1,3 @@
using System;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using Umbraco.Cms.Core.Cache;
@@ -17,149 +14,147 @@ using Umbraco.Cms.Web.Common.Security;
using Umbraco.Cms.Web.Website.Models;
using Umbraco.Extensions;
namespace Umbraco.Cms.Web.Website.Controllers
namespace Umbraco.Cms.Web.Website.Controllers;
public class UmbRegisterController : SurfaceController
{
public class UmbRegisterController : SurfaceController
private readonly IMemberManager _memberManager;
private readonly IMemberService _memberService;
private readonly IMemberSignInManager _memberSignInManager;
private readonly ICoreScopeProvider _scopeProvider;
public UmbRegisterController(
IMemberManager memberManager,
IMemberService memberService,
IUmbracoContextAccessor umbracoContextAccessor,
IUmbracoDatabaseFactory databaseFactory,
ServiceContext services,
AppCaches appCaches,
IProfilingLogger profilingLogger,
IPublishedUrlProvider publishedUrlProvider,
IMemberSignInManager memberSignInManager,
ICoreScopeProvider scopeProvider)
: base(umbracoContextAccessor, databaseFactory, services, appCaches, profilingLogger, publishedUrlProvider)
{
private readonly IMemberManager _memberManager;
private readonly IMemberService _memberService;
private readonly IMemberSignInManager _memberSignInManager;
private readonly ICoreScopeProvider _scopeProvider;
_memberManager = memberManager;
_memberService = memberService;
_memberSignInManager = memberSignInManager;
_scopeProvider = scopeProvider;
}
public UmbRegisterController(
IMemberManager memberManager,
IMemberService memberService,
IUmbracoContextAccessor umbracoContextAccessor,
IUmbracoDatabaseFactory databaseFactory,
ServiceContext services,
AppCaches appCaches,
IProfilingLogger profilingLogger,
IPublishedUrlProvider publishedUrlProvider,
IMemberSignInManager memberSignInManager,
ICoreScopeProvider scopeProvider)
: base(umbracoContextAccessor, databaseFactory, services, appCaches, profilingLogger, publishedUrlProvider)
[HttpPost]
[ValidateAntiForgeryToken]
[ValidateUmbracoFormRouteString]
public async Task<IActionResult> HandleRegisterMember([Bind(Prefix = "registerModel")] RegisterModel model)
{
if (ModelState.IsValid == false)
{
_memberManager = memberManager;
_memberService = memberService;
_memberSignInManager = memberSignInManager;
_scopeProvider = scopeProvider;
return CurrentUmbracoPage();
}
[HttpPost]
[ValidateAntiForgeryToken]
[ValidateUmbracoFormRouteString]
public async Task<IActionResult> HandleRegisterMember([Bind(Prefix = "registerModel")]RegisterModel model)
MergeRouteValuesToModel(model);
IdentityResult result = await RegisterMemberAsync(model);
if (result.Succeeded)
{
if (ModelState.IsValid == false)
TempData["FormSuccess"] = true;
// If there is a specified path to redirect to then use it.
if (model.RedirectUrl.IsNullOrWhiteSpace() == false)
{
return CurrentUmbracoPage();
return Redirect(model.RedirectUrl!);
}
MergeRouteValuesToModel(model);
IdentityResult result = await RegisterMemberAsync(model, true);
if (result.Succeeded)
{
TempData["FormSuccess"] = true;
// If there is a specified path to redirect to then use it.
if (model.RedirectUrl.IsNullOrWhiteSpace() == false)
{
return Redirect(model.RedirectUrl!);
}
// Redirect to current page by default.
return RedirectToCurrentUmbracoPage();
}
else
{
AddErrors(result);
return CurrentUmbracoPage();
}
// Redirect to current page by default.
return RedirectToCurrentUmbracoPage();
}
/// <summary>
/// We pass in values via encrypted route values so they cannot be tampered with and merge them into the model for use
/// </summary>
/// <param name="model"></param>
private void MergeRouteValuesToModel(RegisterModel model)
AddErrors(result);
return CurrentUmbracoPage();
}
/// <summary>
/// We pass in values via encrypted route values so they cannot be tampered with and merge them into the model for use
/// </summary>
/// <param name="model"></param>
private void MergeRouteValuesToModel(RegisterModel model)
{
if (RouteData.Values.TryGetValue(nameof(RegisterModel.RedirectUrl), out var redirectUrl) && redirectUrl != null)
{
if (RouteData.Values.TryGetValue(nameof(RegisterModel.RedirectUrl), out var redirectUrl) && redirectUrl != null)
{
model.RedirectUrl = redirectUrl.ToString();
}
if (RouteData.Values.TryGetValue(nameof(RegisterModel.MemberTypeAlias), out var memberTypeAlias) && memberTypeAlias != null)
{
model.MemberTypeAlias = memberTypeAlias.ToString()!;
}
if (RouteData.Values.TryGetValue(nameof(RegisterModel.UsernameIsEmail), out var usernameIsEmail) && usernameIsEmail != null)
{
model.UsernameIsEmail = usernameIsEmail.ToString() == "True";
}
model.RedirectUrl = redirectUrl.ToString();
}
private void AddErrors(IdentityResult result)
if (RouteData.Values.TryGetValue(nameof(RegisterModel.MemberTypeAlias), out var memberTypeAlias) &&
memberTypeAlias != null)
{
foreach (var error in result.Errors)
{
ModelState.AddModelError("registerModel", error.Description);
}
model.MemberTypeAlias = memberTypeAlias.ToString()!;
}
/// <summary>
/// Registers a new member.
/// </summary>
/// <param name="model">Register member model.</param>
/// <param name="logMemberIn">Flag for whether to log the member in upon successful registration.</param>
/// <returns>Result of registration operation.</returns>
private async Task<IdentityResult> RegisterMemberAsync(RegisterModel model, bool logMemberIn = true)
if (RouteData.Values.TryGetValue(nameof(RegisterModel.UsernameIsEmail), out var usernameIsEmail) &&
usernameIsEmail != null)
{
using ICoreScope scope = _scopeProvider.CreateCoreScope(autoComplete: true);
// U4-10762 Server error with "Register Member" snippet (Cannot save member with empty name)
// If name field is empty, add the email address instead.
if (string.IsNullOrEmpty(model.Name) && string.IsNullOrEmpty(model.Email) == false)
{
model.Name = model.Email;
}
model.Username = (model.UsernameIsEmail || model.Username == null) ? model.Email : model.Username;
var identityUser = MemberIdentityUser.CreateNew(model.Username, model.Email, model.MemberTypeAlias, true, model.Name);
IdentityResult identityResult = await _memberManager.CreateAsync(
identityUser,
model.Password);
if (identityResult.Succeeded)
{
// Update the custom properties
// TODO: See TODO in MembersIdentityUser, Should we support custom member properties for persistence/retrieval?
IMember? member = _memberService.GetByKey(identityUser.Key);
if (member == null)
{
// should never happen
throw new InvalidOperationException($"Could not find a member with key: {member?.Key}.");
}
if (model.MemberProperties != null)
{
foreach (MemberPropertyModel property in model.MemberProperties.Where(p => p.Value != null)
.Where(property => member.Properties.Contains(property.Alias)))
{
member.Properties[property.Alias]?.SetValue(property.Value);
}
}
_memberService.Save(member);
if (logMemberIn)
{
await _memberSignInManager.SignInAsync(identityUser, false);
}
}
return identityResult;
model.UsernameIsEmail = usernameIsEmail.ToString() == "True";
}
}
private void AddErrors(IdentityResult result)
{
foreach (IdentityError? error in result.Errors)
{
ModelState.AddModelError("registerModel", error.Description);
}
}
/// <summary>
/// Registers a new member.
/// </summary>
/// <param name="model">Register member model.</param>
/// <param name="logMemberIn">Flag for whether to log the member in upon successful registration.</param>
/// <returns>Result of registration operation.</returns>
private async Task<IdentityResult> RegisterMemberAsync(RegisterModel model, bool logMemberIn = true)
{
using ICoreScope scope = _scopeProvider.CreateCoreScope(autoComplete: true);
// U4-10762 Server error with "Register Member" snippet (Cannot save member with empty name)
// If name field is empty, add the email address instead.
if (string.IsNullOrEmpty(model.Name) && string.IsNullOrEmpty(model.Email) == false)
{
model.Name = model.Email;
}
model.Username = model.UsernameIsEmail || model.Username == null ? model.Email : model.Username;
var identityUser =
MemberIdentityUser.CreateNew(model.Username, model.Email, model.MemberTypeAlias, true, model.Name);
IdentityResult identityResult = await _memberManager.CreateAsync(
identityUser,
model.Password);
if (identityResult.Succeeded)
{
// Update the custom properties
// TODO: See TODO in MembersIdentityUser, Should we support custom member properties for persistence/retrieval?
IMember? member = _memberService.GetByKey(identityUser.Key);
if (member == null)
{
// should never happen
throw new InvalidOperationException($"Could not find a member with key: {member?.Key}.");
}
foreach (MemberPropertyModel property in model.MemberProperties.Where(p => p.Value != null)
.Where(property => member.Properties.Contains(property.Alias)))
{
member.Properties[property.Alias]?.SetValue(property.Value);
}
_memberService.Save(member);
if (logMemberIn)
{
await _memberSignInManager.SignInAsync(identityUser, false);
}
}
return identityResult;
}
}

238
src/Umbraco.Web.Website/Controllers/UmbTwoFactorLoginController.cs
View File

@@ -1,10 +1,4 @@
using System.Collections.Generic;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http.Extensions;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Logging;
using Umbraco.Cms.Core.Cache;
@@ -15,146 +9,150 @@ using Umbraco.Cms.Core.Security;
using Umbraco.Cms.Core.Services;
using Umbraco.Cms.Core.Web;
using Umbraco.Cms.Infrastructure.Persistence;
using Umbraco.Cms.Web.Common.ActionsResults;
using Umbraco.Cms.Web.Common.Filters;
using Umbraco.Cms.Web.Common.Security;
using Umbraco.Extensions;
using SignInResult = Microsoft.AspNetCore.Identity.SignInResult;
namespace Umbraco.Cms.Web.Website.Controllers
namespace Umbraco.Cms.Web.Website.Controllers;
[UmbracoMemberAuthorize]
public class UmbTwoFactorLoginController : SurfaceController
{
[UmbracoMemberAuthorize]
public class UmbTwoFactorLoginController : SurfaceController
private readonly ILogger<UmbTwoFactorLoginController> _logger;
private readonly IMemberManager _memberManager;
private readonly IMemberSignInManager _memberSignInManager;
private readonly ITwoFactorLoginService _twoFactorLoginService;
public UmbTwoFactorLoginController(
ILogger<UmbTwoFactorLoginController> logger,
IUmbracoContextAccessor umbracoContextAccessor,
IUmbracoDatabaseFactory databaseFactory,
ServiceContext services,
AppCaches appCaches,
IProfilingLogger profilingLogger,
IPublishedUrlProvider publishedUrlProvider,
IMemberSignInManager memberSignInManager,
IMemberManager memberManager,
ITwoFactorLoginService twoFactorLoginService)
: base(
umbracoContextAccessor,
databaseFactory,
services,
appCaches,
profilingLogger,
publishedUrlProvider)
{
private readonly IMemberManager _memberManager;
private readonly ITwoFactorLoginService _twoFactorLoginService;
private readonly ILogger<UmbTwoFactorLoginController> _logger;
private readonly IMemberSignInManager _memberSignInManager;
_logger = logger;
_memberSignInManager = memberSignInManager;
_memberManager = memberManager;
_twoFactorLoginService = twoFactorLoginService;
}
public UmbTwoFactorLoginController(
ILogger<UmbTwoFactorLoginController> logger,
IUmbracoContextAccessor umbracoContextAccessor,
IUmbracoDatabaseFactory databaseFactory,
ServiceContext services,
AppCaches appCaches,
IProfilingLogger profilingLogger,
IPublishedUrlProvider publishedUrlProvider,
IMemberSignInManager memberSignInManager,
IMemberManager memberManager,
ITwoFactorLoginService twoFactorLoginService)
: base(
umbracoContextAccessor,
databaseFactory,
services,
appCaches,
profilingLogger,
publishedUrlProvider)
/// <summary>
/// Used to retrieve the 2FA providers for code submission
/// </summary>
/// <returns></returns>
[AllowAnonymous]
public async Task<ActionResult<IEnumerable<string>>> Get2FAProviders()
{
MemberIdentityUser? user = await _memberSignInManager.GetTwoFactorAuthenticationUserAsync();
if (user == null!)
{
_logger = logger;
_memberSignInManager = memberSignInManager;
_memberManager = memberManager;
_twoFactorLoginService = twoFactorLoginService;
_logger.LogWarning("Get2FAProviders :: No verified member found, returning 404");
return NotFound();
}
/// <summary>
/// Used to retrieve the 2FA providers for code submission
/// </summary>
/// <returns></returns>
[AllowAnonymous]
public async Task<ActionResult<IEnumerable<string>>> Get2FAProviders()
{
var user = await _memberSignInManager.GetTwoFactorAuthenticationUserAsync();
if (user == null)
{
_logger.LogWarning("Get2FAProviders :: No verified member found, returning 404");
return NotFound();
}
IList<string> userFactors = await _memberManager.GetValidTwoFactorProvidersAsync(user);
return new ObjectResult(userFactors);
}
var userFactors = await _memberManager.GetValidTwoFactorProvidersAsync(user);
return new ObjectResult(userFactors);
[AllowAnonymous]
public async Task<IActionResult> Verify2FACode(Verify2FACodeModel model, string? returnUrl = null)
{
MemberIdentityUser? user = await _memberSignInManager.GetTwoFactorAuthenticationUserAsync();
if (user == null!)
{
_logger.LogWarning("PostVerify2FACode :: No verified member found, returning 404");
return NotFound();
}
[AllowAnonymous]
public async Task<IActionResult> Verify2FACode(Verify2FACodeModel model, string? returnUrl = null)
if (ModelState.IsValid)
{
var user = await _memberSignInManager.GetTwoFactorAuthenticationUserAsync();
if (user == null)
SignInResult result = await _memberSignInManager.TwoFactorSignInAsync(
model.Provider,
model.Code,
model.IsPersistent,
model.RememberClient);
if (result.Succeeded && returnUrl is not null)
{
_logger.LogWarning("PostVerify2FACode :: No verified member found, returning 404");
return NotFound();
return RedirectToLocal(returnUrl);
}
if (ModelState.IsValid)
if (result.IsLockedOut)
{
var result = await _memberSignInManager.TwoFactorSignInAsync(model.Provider, model.Code, model.IsPersistent, model.RememberClient);
if (result.Succeeded && returnUrl is not null)
{
return RedirectToLocal(returnUrl);
}
if (result.IsLockedOut)
{
ModelState.AddModelError(nameof(Verify2FACodeModel.Code), "Member is locked out");
}
else if (result.IsNotAllowed)
{
ModelState.AddModelError(nameof(Verify2FACodeModel.Code), "Member is not allowed");
}
else
{
ModelState.AddModelError(nameof(Verify2FACodeModel.Code), "Invalid code");
}
ModelState.AddModelError(nameof(Verify2FACodeModel.Code), "Member is locked out");
}
else if (result.IsNotAllowed)
{
ModelState.AddModelError(nameof(Verify2FACodeModel.Code), "Member is not allowed");
}
else
{
ModelState.AddModelError(nameof(Verify2FACodeModel.Code), "Invalid code");
}
}
// We need to set this, to ensure we show the 2fa login page
IEnumerable<string> providerNames =
await _twoFactorLoginService.GetEnabledTwoFactorProviderNamesAsync(user.Key);
ViewData.SetTwoFactorProviderNames(providerNames);
return CurrentUmbracoPage();
}
[HttpPost]
public async Task<IActionResult> ValidateAndSaveSetup(
string providerName,
string secret,
string code,
string? returnUrl = null)
{
MemberIdentityUser? member = await _memberManager.GetCurrentMemberAsync();
var isValid = _twoFactorLoginService.ValidateTwoFactorSetup(providerName, secret, code);
if (member is null || isValid == false)
{
ModelState.AddModelError(nameof(code), "Invalid Code");
//We need to set this, to ensure we show the 2fa login page
var providerNames = await _twoFactorLoginService.GetEnabledTwoFactorProviderNamesAsync(user.Key);
ViewData.SetTwoFactorProviderNames(providerNames);
return CurrentUmbracoPage();
}
[HttpPost]
public async Task<IActionResult> ValidateAndSaveSetup(string providerName, string secret, string code, string? returnUrl = null)
var twoFactorLogin = new TwoFactorLogin
{
var member = await _memberManager.GetCurrentMemberAsync();
Confirmed = true, Secret = secret, UserOrMemberKey = member.Key, ProviderName = providerName,
};
var isValid = _twoFactorLoginService.ValidateTwoFactorSetup(providerName, secret, code);
await _twoFactorLoginService.SaveAsync(twoFactorLogin);
if (member is null || isValid == false)
{
ModelState.AddModelError(nameof(code), "Invalid Code");
return CurrentUmbracoPage();
}
var twoFactorLogin = new TwoFactorLogin()
{
Confirmed = true,
Secret = secret,
UserOrMemberKey = member.Key,
ProviderName = providerName,
};
await _twoFactorLoginService.SaveAsync(twoFactorLogin);
return RedirectToLocal(returnUrl);
}
[HttpPost]
public async Task<IActionResult> Disable(string providerName, string? returnUrl = null)
{
var member = await _memberManager.GetCurrentMemberAsync();
var success = member is not null && await _twoFactorLoginService.DisableAsync(member.Key, providerName);
if (!success)
{
return CurrentUmbracoPage();
}
return RedirectToLocal(returnUrl);
}
private IActionResult RedirectToLocal(string? returnUrl) =>
Url.IsLocalUrl(returnUrl) ? Redirect(returnUrl) : RedirectToCurrentUmbracoPage();
return RedirectToLocal(returnUrl);
}
[HttpPost]
public async Task<IActionResult> Disable(string providerName, string? returnUrl = null)
{
MemberIdentityUser? member = await _memberManager.GetCurrentMemberAsync();
var success = member is not null && await _twoFactorLoginService.DisableAsync(member.Key, providerName);
if (!success)
{
return CurrentUmbracoPage();
}
return RedirectToLocal(returnUrl);
}
private IActionResult RedirectToLocal(string? returnUrl) =>
Url.IsLocalUrl(returnUrl) ? Redirect(returnUrl) : RedirectToCurrentUmbracoPage();
}

18
src/Umbraco.Web.Website/Controllers/UmbracoRenderingDefaultsOptions.cs
View File

@@ -1,16 +1,14 @@
using System;
using Umbraco.Cms.Web.Common.Controllers;
namespace Umbraco.Cms.Web.Website.Controllers
namespace Umbraco.Cms.Web.Website.Controllers;
/// <summary>
/// The defaults used for rendering Umbraco front-end pages
/// </summary>
public class UmbracoRenderingDefaultsOptions
{
/// <summary>
/// The defaults used for rendering Umbraco front-end pages
/// Gets the default umbraco render controller type
/// </summary>
public class UmbracoRenderingDefaultsOptions
{
/// <summary>
/// Gets the default umbraco render controller type
/// </summary>
public Type DefaultControllerType { get; set; } = typeof(RenderController);
}
public Type DefaultControllerType { get; set; } = typeof(RenderController);
}