From 525d14ed2569378bb6841f48e666b8e9ea24f5b5 Mon Sep 17 00:00:00 2001 From: Emma Garland Date: Fri, 26 Feb 2021 14:21:23 +0000 Subject: [PATCH] Updated to set correct properties --- .../Repositories/Implement/MemberRepository.cs | 1 + .../Controllers/MemberControllerUnitTests.cs | 1 + .../Controllers/CurrentUserController.cs | 9 +++------ .../Controllers/MemberController.cs | 1 + .../Controllers/UsersController.cs | 1 + .../DependencyInjection/UmbracoBuilderExtensions.cs | 5 ++++- src/Umbraco.Web.BackOffice/Security/IPasswordChanger.cs | 2 +- src/Umbraco.Web.BackOffice/Security/PasswordChanger.cs | 2 +- src/Umbraco.Web/AspNet/AspNetPasswordHasher.cs | 2 ++ 9 files changed, 15 insertions(+), 9 deletions(-) diff --git a/src/Umbraco.Infrastructure/Persistence/Repositories/Implement/MemberRepository.cs b/src/Umbraco.Infrastructure/Persistence/Repositories/Implement/MemberRepository.cs index e97add3f5e..406eb08c62 100644 --- a/src/Umbraco.Infrastructure/Persistence/Repositories/Implement/MemberRepository.cs +++ b/src/Umbraco.Infrastructure/Persistence/Repositories/Implement/MemberRepository.cs @@ -314,6 +314,7 @@ namespace Umbraco.Cms.Infrastructure.Persistence.Repositories.Implement // persist the member dto dto.NodeId = nodeDto.NodeId; + // TODO: password parts of this file need updating // if the password is empty, generate one with the special prefix // this will hash the guid with a salt so should be nicely random if (entity.RawPasswordValue.IsNullOrWhiteSpace()) diff --git a/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Controllers/MemberControllerUnitTests.cs b/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Controllers/MemberControllerUnitTests.cs index f9f5c0d72a..9e26beea28 100644 --- a/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Controllers/MemberControllerUnitTests.cs +++ b/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Controllers/MemberControllerUnitTests.cs @@ -35,6 +35,7 @@ using Umbraco.Cms.Web.BackOffice.Controllers; using Umbraco.Cms.Web.BackOffice.Mapping; using Umbraco.Cms.Web.BackOffice.Security; using Umbraco.Cms.Web.Common.ActionsResults; +using Umbraco.Cms.Web.Common.Security; using IHostingEnvironment = Umbraco.Cms.Core.Hosting.IHostingEnvironment; using MemberMapDefinition = Umbraco.Cms.Web.BackOffice.Mapping.MemberMapDefinition; diff --git a/src/Umbraco.Web.BackOffice/Controllers/CurrentUserController.cs b/src/Umbraco.Web.BackOffice/Controllers/CurrentUserController.cs index c0615e37a1..6492a7b528 100644 --- a/src/Umbraco.Web.BackOffice/Controllers/CurrentUserController.cs +++ b/src/Umbraco.Web.BackOffice/Controllers/CurrentUserController.cs @@ -24,10 +24,10 @@ using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Strings; using Umbraco.Cms.Web.BackOffice.Extensions; using Umbraco.Cms.Web.BackOffice.Filters; -using Umbraco.Cms.Web.BackOffice.Security; using Umbraco.Cms.Web.Common.ActionsResults; using Umbraco.Cms.Web.Common.Attributes; using Umbraco.Cms.Web.Common.Authorization; +using Umbraco.Cms.Web.Common.Security; using Umbraco.Extensions; using Constants = Umbraco.Cms.Core.Constants; @@ -223,12 +223,9 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers public async Task>> PostChangePassword(ChangingPasswordModel changingPasswordModel) { IUser currentUser = _backOfficeSecurityAccessor.BackOfficeSecurity.CurrentUser; + changingPasswordModel.Id = currentUser.Id; - // if the current user has access to reset/manually change the password - if (currentUser.HasSectionAccess(Constants.Applications.Users) == false) - { - return new ValidationErrorResult("The current user is not authorized"); - } + // all current users have access to reset/manually change their password Attempt passwordChangeResult = await _passwordChanger.ChangePasswordWithIdentityAsync(changingPasswordModel, _backOfficeUserManager); diff --git a/src/Umbraco.Web.BackOffice/Controllers/MemberController.cs b/src/Umbraco.Web.BackOffice/Controllers/MemberController.cs index b5f81ca3f4..3174727071 100644 --- a/src/Umbraco.Web.BackOffice/Controllers/MemberController.cs +++ b/src/Umbraco.Web.BackOffice/Controllers/MemberController.cs @@ -33,6 +33,7 @@ using Umbraco.Cms.Web.Common.ActionsResults; using Umbraco.Cms.Web.Common.Attributes; using Umbraco.Cms.Web.Common.Authorization; using Umbraco.Cms.Web.Common.Filters; +using Umbraco.Cms.Web.Common.Security; using Umbraco.Extensions; namespace Umbraco.Cms.Web.BackOffice.Controllers diff --git a/src/Umbraco.Web.BackOffice/Controllers/UsersController.cs b/src/Umbraco.Web.BackOffice/Controllers/UsersController.cs index 7ad12ecd65..ae8618e020 100644 --- a/src/Umbraco.Web.BackOffice/Controllers/UsersController.cs +++ b/src/Umbraco.Web.BackOffice/Controllers/UsersController.cs @@ -39,6 +39,7 @@ using Umbraco.Cms.Web.BackOffice.Security; using Umbraco.Cms.Web.Common.ActionsResults; using Umbraco.Cms.Web.Common.Attributes; using Umbraco.Cms.Web.Common.Authorization; +using Umbraco.Cms.Web.Common.Security; using Umbraco.Extensions; using Constants = Umbraco.Cms.Core.Constants; diff --git a/src/Umbraco.Web.BackOffice/DependencyInjection/UmbracoBuilderExtensions.cs b/src/Umbraco.Web.BackOffice/DependencyInjection/UmbracoBuilderExtensions.cs index 2c79fd3e2a..53ea801490 100644 --- a/src/Umbraco.Web.BackOffice/DependencyInjection/UmbracoBuilderExtensions.cs +++ b/src/Umbraco.Web.BackOffice/DependencyInjection/UmbracoBuilderExtensions.cs @@ -8,6 +8,7 @@ using Umbraco.Cms.Core.DependencyInjection; using Umbraco.Cms.Core.Hosting; using Umbraco.Cms.Core.IO; using Umbraco.Cms.Core.Models.Identity; +using Umbraco.Cms.Core.Security; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.WebAssets; using Umbraco.Cms.Infrastructure.DependencyInjection; @@ -21,6 +22,7 @@ using Umbraco.Cms.Web.BackOffice.Security; using Umbraco.Cms.Web.BackOffice.Services; using Umbraco.Cms.Web.BackOffice.Trees; using Umbraco.Cms.Web.Common.Authorization; +using Umbraco.Cms.Web.Common.Security; namespace Umbraco.Extensions { @@ -83,7 +85,8 @@ namespace Umbraco.Extensions builder.Services.AddUnique(); builder.Services.AddUnique(); builder.Services.AddUnique(); - builder.Services.AddUnique, PasswordChanger>(); + builder.Services.AddUnique, PasswordChanger>(); + builder.Services.AddUnique, PasswordChanger>(); return builder; } diff --git a/src/Umbraco.Web.BackOffice/Security/IPasswordChanger.cs b/src/Umbraco.Web.BackOffice/Security/IPasswordChanger.cs index 721ee6b683..d1f90d7bcf 100644 --- a/src/Umbraco.Web.BackOffice/Security/IPasswordChanger.cs +++ b/src/Umbraco.Web.BackOffice/Security/IPasswordChanger.cs @@ -4,7 +4,7 @@ using Umbraco.Cms.Core.Models; using Umbraco.Cms.Core.Models.Identity; using Umbraco.Cms.Core.Security; -namespace Umbraco.Cms.Web.BackOffice.Security +namespace Umbraco.Cms.Web.Common.Security { public interface IPasswordChanger where TUser : UmbracoIdentityUser { diff --git a/src/Umbraco.Web.BackOffice/Security/PasswordChanger.cs b/src/Umbraco.Web.BackOffice/Security/PasswordChanger.cs index 99e8a98a32..83f68c8754 100644 --- a/src/Umbraco.Web.BackOffice/Security/PasswordChanger.cs +++ b/src/Umbraco.Web.BackOffice/Security/PasswordChanger.cs @@ -9,7 +9,7 @@ using Umbraco.Cms.Core.Models.Identity; using Umbraco.Cms.Core.Security; using Umbraco.Extensions; -namespace Umbraco.Cms.Web.BackOffice.Security +namespace Umbraco.Cms.Web.Common.Security { /// /// Changes the password for an identity user diff --git a/src/Umbraco.Web/AspNet/AspNetPasswordHasher.cs b/src/Umbraco.Web/AspNet/AspNetPasswordHasher.cs index 7cdeef6e21..e7adae86a6 100644 --- a/src/Umbraco.Web/AspNet/AspNetPasswordHasher.cs +++ b/src/Umbraco.Web/AspNet/AspNetPasswordHasher.cs @@ -1,8 +1,10 @@ +using System; using Microsoft.AspNet.Identity; using IPasswordHasher = Umbraco.Cms.Core.Security.IPasswordHasher; namespace Umbraco.Web { + [Obsolete("Should be removed")] public class AspNetPasswordHasher : Cms.Core.Security.IPasswordHasher { private PasswordHasher _underlyingHasher;