Migrate UmbracoUserTimeoutFilterAttribute

2020-10-12 13:32:25 +02:00
parent fc23271319
commit 50f4d7abde
5 changed files with 41 additions and 39 deletions
--- a/src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedApiController.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedApiController.cs
@@ -14,7 +14,7 @@ namespace Umbraco.Web.BackOffice.Controllers
    /// before their timeout expires.
    /// </remarks>
    [IsBackOffice]
-    //[UmbracoUserTimeoutFilter] //TODO reintroduce
+    [UmbracoUserTimeoutFilter]
    [UmbracoAuthorize]
    [DisableBrowserCache]
    [UmbracoWebApiRequireHttps]
--- a/src/Umbraco.Web.Common/Filters/UmbracoUserTimeoutFilterAttribute.cs
+++ b/src/Umbraco.Web.Common/Filters/UmbracoUserTimeoutFilterAttribute.cs
@@ -0,0 +1,39 @@
+using System.Globalization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.Filters;
+using Umbraco.Extensions;
+
+namespace Umbraco.Web.Common.Filters
+{
+    /// <summary>
+    /// This will check if the request is authenticated and if there's an auth ticket present we will
+    /// add a custom header to the response indicating how many seconds are remaining for the current
+    /// user's session. This allows us to keep track of a user's session effectively in the back office.
+    /// </summary>
+    public class UmbracoUserTimeoutFilterAttribute : TypeFilterAttribute
+    {
+        public UmbracoUserTimeoutFilterAttribute() : base(typeof(UmbracoUserTimeoutFilter))
+        {
+        }
+
+        private class UmbracoUserTimeoutFilter : IActionFilter
+        {
+
+            public void OnActionExecuted(ActionExecutedContext context)
+            {
+                //this can occur if an error has already occurred.
+                if (context.HttpContext.Response is null) return;
+
+                // Using the new way to GetRemainingAuthSeconds, which does not require you to get the ticket from the request
+                var remainingSeconds = context.HttpContext.User.GetRemainingAuthSeconds();
+
+                context.HttpContext.Response.Headers.Add("X-Umb-User-Seconds", remainingSeconds.ToString(CultureInfo.InvariantCulture));
+            }
+
+            public void OnActionExecuting(ActionExecutingContext context)
+            {
+                // Noop
+            }
+        }
+    }
+}
--- a/src/Umbraco.Web/Umbraco.Web.csproj
+++ b/src/Umbraco.Web/Umbraco.Web.csproj
@@ -372,7 +372,6 @@
    <Compile Include="WebApi\UmbracoAuthorizeAttribute.cs" />
    <Compile Include="WebApi\UmbracoAuthorizedApiController.cs" />
    <Compile Include="WebApi\Filters\ValidationFilterAttribute.cs" />
-    <Compile Include="WebApi\Filters\UmbracoUserTimeoutFilterAttribute.cs" />
    <Compile Include="Mvc\ControllerExtensions.cs" />
    <Compile Include="TypeLoaderExtensions.cs" />
    <Compile Include="Properties\AssemblyInfo.cs">
--- a/src/Umbraco.Web/WebApi/Filters/UmbracoUserTimeoutFilterAttribute.cs
+++ b/src/Umbraco.Web/WebApi/Filters/UmbracoUserTimeoutFilterAttribute.cs
@@ -1,36 +0,0 @@
-using System;
-using System.Globalization;
-using System.Web.Http.Filters;
-using Umbraco.Core.Security;
-using Umbraco.Web.Security;
-
-namespace Umbraco.Web.WebApi.Filters
-{
-    /// <summary>
-    /// This will check if the request is authenticated and if there's an auth ticket present we will
-    /// add a custom header to the response indicating how many seconds are remaining for the current
-    /// user's session. This allows us to keep track of a user's session effectively in the back office.
-    /// </summary>
-    public sealed class UmbracoUserTimeoutFilterAttribute : ActionFilterAttribute
-    {
-        public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext)
-        {
-            base.OnActionExecuted(actionExecutedContext);
-
-            //this can occur if an error has already occurred.
-            if (actionExecutedContext.Response == null) return;
-            
-            var httpContextAttempt = actionExecutedContext.Request.TryGetHttpContext();
-            if (httpContextAttempt.Success)
-            {
-                
-                var ticket = httpContextAttempt.Result.GetUmbracoAuthTicket();
-                if (ticket?.Properties.ExpiresUtc != null && ticket.Properties.ExpiresUtc.Value < DateTimeOffset.UtcNow)
-                {
-                    var remainingSeconds = httpContextAttempt.Result.GetRemainingAuthSeconds();
-                    actionExecutedContext.Response.Headers.Add("X-Umb-User-Seconds", remainingSeconds.ToString(CultureInfo.InvariantCulture));
-                }
-            }
-        }
-    }
-}
--- a/src/Umbraco.Web/WebApi/UmbracoAuthorizedApiController.cs
+++ b/src/Umbraco.Web/WebApi/UmbracoAuthorizedApiController.cs
@@ -21,7 +21,7 @@ namespace Umbraco.Web.WebApi
    /// before their timeout expires.
    /// </remarks>
    [IsBackOffice]
-    [UmbracoUserTimeoutFilter]
+    // [UmbracoUserTimeoutFilter] has been migrated to netcore
    [UmbracoAuthorize]
    [DisableBrowserCache]
   // [UmbracoWebApiRequireHttps]