More options for external providers with a toggle to not allow manual linking

2020-09-04 14:32:34 +10:00
parent 3cac678bf3
commit 56a73d0395
5 changed files with 30 additions and 9 deletions
--- a/src/Umbraco.Web.UI.Client/src/common/services/externallogininfo.service.js
+++ b/src/Umbraco.Web.UI.Client/src/common/services/externallogininfo.service.js
@@ -36,11 +36,11 @@ function externalLoginInfoService(externalLoginInfo, umbRequestHelper) {

    /**
     * Returns all login providers
-     * @param {any} excludeDenyLocalLogin true to exclude providers the deny local login
+     * @param {any} excludeUnlinkable true to exclude providers that are not manually linkable
     */
-    function getLoginProviders(excludeDenyLocalLogin) {
-        if (excludeDenyLocalLogin) {
-            return _.filter(externalLoginInfo.providers, x => !x.properties.UmbracoBackOfficeExternalLoginOptions.DenyLocalLogin);
+    function getLoginProviders(excludeUnlinkable) {
+        if (excludeUnlinkable) {
+            return _.filter(externalLoginInfo.providers, x => !x.properties.UmbracoBackOfficeExternalLoginOptions.AutoLinkOptions.AllowManualLinking);
        }
        else {
            return externalLoginInfo.providers;
--- a/src/Umbraco.Web/Editors/AuthenticationController.cs
+++ b/src/Umbraco.Web/Editors/AuthenticationController.cs
@@ -27,6 +27,7 @@ using Umbraco.Core.Persistence;
 using Umbraco.Web.Composing;
 using IUser = Umbraco.Core.Models.Membership.IUser;
 using Umbraco.Web.Editors.Filters;
+using Microsoft.Owin.Security;

 namespace Umbraco.Web.Editors
 {
@@ -113,7 +114,22 @@ namespace Umbraco.Web.Editors
        [ValidateAngularAntiForgeryToken]
        public async Task<HttpResponseMessage> PostUnLinkLogin(UnLinkLoginModel unlinkLoginModel)
        {
-            // TODO: If DenyLocalLogin is enabled for this provider we cannot unlink
+            var owinContext = TryGetOwinContext().Result;
+            ExternalSignInAutoLinkOptions autoLinkOptions = null;
+            var authType = owinContext.Authentication.GetExternalAuthenticationTypes().FirstOrDefault(x => x.AuthenticationType == unlinkLoginModel.LoginProvider);
+            if (authType == null)
+            {
+                Logger.Warn<BackOfficeController>("Could not find external authentication provider registered: {LoginProvider}", unlinkLoginModel.LoginProvider);
+            }
+            else
+            {
+                autoLinkOptions = authType.GetExternalSignInAutoLinkOptions();
+                if (!autoLinkOptions.AllowManualLinking)
+                {
+                    // If AllowManualLinking is disabled for this provider we cannot unlink
+                    return Request.CreateResponse(HttpStatusCode.BadRequest);
+                }
+            }

            var result = await UserManager.RemoveLoginAsync(
                User.Identity.GetUserId<int>(),
@@ -183,7 +199,6 @@ namespace Umbraco.Web.Editors
        /// </remarks>
        [WebApi.UmbracoAuthorize(requireApproval: false)]
        [SetAngularAntiForgeryTokens]
-        [DenyLocalLoginAuthorization]
        public UserDetail GetCurrentInvitedUser()
        {
            var user = UmbracoContext.Security.CurrentUser;
--- a/src/Umbraco.Web/Editors/UsersController.cs
+++ b/src/Umbraco.Web/Editors/UsersController.cs
@@ -505,9 +505,9 @@ namespace Umbraco.Web.Editors
        /// <param name="userSave"></param>
        /// <returns></returns>
        [OutgoingEditorModelEvent]
-        public async Task<UserDisplay> PostSaveUser(UserSave userSave)
+        public UserDisplay PostSaveUser(UserSave userSave)
        {
-            if (userSave == null) throw new ArgumentNullException("userSave");
+            if (userSave == null) throw new ArgumentNullException(nameof(userSave));

            if (ModelState.IsValid == false)
            {
--- a/src/Umbraco.Web/Security/BackOfficeExternalLoginProviderOptions.cs
+++ b/src/Umbraco.Web/Security/BackOfficeExternalLoginProviderOptions.cs
@@ -27,7 +27,7 @@ namespace Umbraco.Web.Security
        /// Options used to control how users can be auto-linked/created/updated based on the external login provider
        /// </summary>
        [IgnoreDataMember] // we are ignoring this one from serialization for backwards compat since these options are manually incuded in the response separately
-        public ExternalSignInAutoLinkOptions AutoLinkOptions { get; set; }
+        public ExternalSignInAutoLinkOptions AutoLinkOptions { get; set; } = new ExternalSignInAutoLinkOptions();

        /// <summary>
        /// When set to true will disable all local user login functionality
--- a/src/Umbraco.Web/Security/ExternalSignInAutoLinkOptions.cs
+++ b/src/Umbraco.Web/Security/ExternalSignInAutoLinkOptions.cs
@@ -32,6 +32,12 @@ namespace Umbraco.Web.Security

        private readonly string[] _defaultUserGroups;

+        /// <summary>
+        /// By default this is true which allows the user to manually link and unlink the external provider, if set to false the back office user
+        /// will not see and cannot perform manual linking or unlinking of the external provider.
+        /// </summary>
+        public bool AllowManualLinking { get; set; } = true;
+
        /// <summary>
        /// A callback executed during account auto-linking and before the user is persisted
        /// </summary>