yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CrLfTab

Browse Source
This commit is contained in:
Stephan
2017-09-23 10:08:18 +02:00
parent c1e2625de0
commit 5ba2ffcbf3
224 changed files with 709 additions and 709 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Umbraco.Web/Security/Identity/BackOfficeCookieManager.cs
View File

@@ -96,7 +96,7 @@ namespace Umbraco.Web.Security.Identity
if (//check the explicit flag
(checkForceAuthTokens && owinContext.Get<bool?>(Constants.Security.ForceReAuthFlag) != null)
|| (checkForceAuthTokens && httpContext.Success && httpContext.Result.Items[Constants.Security.ForceReAuthFlag] != null)
|| (checkForceAuthTokens && httpContext.Success && httpContext.Result.Items[Constants.Security.ForceReAuthFlag] != null)
//check back office
|| request.Uri.IsBackOfficeRequest(HttpRuntime.AppDomainAppVirtualPath)
//check installer

12
src/Umbraco.Web/Security/MembershipHelper.cs
View File

@@ -89,7 +89,7 @@ namespace Umbraco.Web.Security
if (umbracoContext == null) throw new ArgumentNullException(nameof(umbracoContext));
if (membershipProvider == null) throw new ArgumentNullException(nameof(membershipProvider));
if (roleProvider == null) throw new ArgumentNullException(nameof(roleProvider));
_httpContext = umbracoContext.HttpContext;
_umbracoContext = umbracoContext;
_membershipProvider = membershipProvider;
@@ -145,19 +145,19 @@ namespace Umbraco.Web.Security
/// <summary>
/// This will check if the member has access to this path
/// </summary>
/// <param name="path"></param>
/// <param name="path"></param>
/// <param name="roleProvider"></param>
/// <returns></returns>
/// <remarks>
/// This is essentially the same as the PublicAccessServiceExtensions.HasAccess however this will use the PCR cache
/// This is essentially the same as the PublicAccessServiceExtensions.HasAccess however this will use the PCR cache
/// of the already looked up roles for the member so this doesn't need to happen more than once.
/// This does a safety check in case of things like unit tests where there is no PCR and if that is the case it will use
/// This does a safety check in case of things like unit tests where there is no PCR and if that is the case it will use
/// lookup the roles directly.
/// </remarks>
private bool HasAccess(string path, RoleProvider roleProvider)
{
return _umbracoContext.PublishedContentRequest == null
? PublicAccessService.HasAccess(path, CurrentUserName, roleProvider.GetRolesForUser)
? PublicAccessService.HasAccess(path, CurrentUserName, roleProvider.GetRolesForUser)
: PublicAccessService.HasAccess(path, CurrentUserName, Router.GetRolesForLogin);
}
@@ -712,7 +712,7 @@ namespace Umbraco.Web.Security
{
throw new InvalidOperationException("Could not find provider with name " + membershipProviderName);
}
return ChangePassword(username, passwordModel, provider);
}

8
src/Umbraco.Web/Security/Providers/UmbracoMembershipProvider.cs
View File

@@ -457,14 +457,14 @@ namespace Umbraco.Web.Security.Providers
throw new ProviderException(string.Format("No member with the username '{0}' found", username));
}
// Non need to update
// Non need to update
if (member.IsLockedOut == false) return true;
member.IsLockedOut = false;
member.FailedPasswordAttempts = 0;
MemberService.Save(member);
return true;
}
@@ -585,7 +585,7 @@ namespace Umbraco.Web.Security.Providers
string.Format(
"Login attempt failed for username {0} from IP address {1}, the user is now locked out, max invalid password attempts exceeded",
username,
GetCurrentRequestIpAddress()));
GetCurrentRequestIpAddress()));
}
else
{
@@ -610,7 +610,7 @@ namespace Umbraco.Web.Security.Providers
string.Format(
"Login attempt succeeded for username {0} from IP address {1}",
username,
GetCurrentRequestIpAddress()));
GetCurrentRequestIpAddress()));
}
//don't raise events for this! It just sets the member dates, if we do raise events this will

12
src/Umbraco.Web/Security/Providers/UsersMembershipProvider.cs
View File

@@ -73,7 +73,7 @@ namespace Umbraco.Web.Security.Providers
base.Initialize(name, config);
if (config == null) { throw new ArgumentNullException("config"); }
_allowManuallyChangingPassword = config.GetValue("allowManuallyChangingPassword", false);
_enablePasswordReset = config.GetValue("enablePasswordReset", false);
@@ -89,7 +89,7 @@ namespace Umbraco.Web.Security.Providers
}
}
if (_hasDefaultMember == false && config["defaultUserGroupAlias"] != null)
{
{
if (config["defaultUserGroupAlias"].IsNullOrWhiteSpace() == false)
{
_defaultMemberTypeAlias = config["defaultUserGroupAlias"];
@@ -120,7 +120,7 @@ namespace Umbraco.Web.Security.Providers
return _defaultMemberTypeAlias;
}
}
/// <summary>
/// Overridden in order to call the BackOfficeUserManager.UnlockUser method in order to raise the user audit events
/// </summary>
@@ -136,7 +136,7 @@ namespace Umbraco.Web.Security.Providers
if (userManager != null)
{
userManager.RaiseAccountUnlockedEvent(member.Id);
}
}
}
return result;
}
@@ -169,7 +169,7 @@ namespace Umbraco.Web.Security.Providers
{
//we have successfully logged in, if the failed password attempts was modified it means it was reset
if (result.Member.WasPropertyDirty("FailedPasswordAttempts"))
{
{
userManager.RaiseResetAccessFailedCountEvent(result.Member.Id);
}
}
@@ -185,4 +185,4 @@ namespace Umbraco.Web.Security.Providers
: HttpContext.Current.GetOwinContext().GetBackOfficeUserManager();
}
}
}
}

2
src/Umbraco.Web/Security/ValidateRequestAttempt.cs
View File

@@ -2,7 +2,7 @@
{
public enum ValidateRequestAttempt
{
Success = 0,
Success = 0,
FailedNoPrivileges = 100,

2
src/Umbraco.Web/Security/WebSecurity.cs
View File

@@ -255,7 +255,7 @@ namespace Umbraco.Web.Security
public virtual bool ValidateCurrentUser()
{
return ValidateCurrentUser(false, true) == ValidateRequestAttempt.Success;
}
}
/// <summary>
/// Validates the current user assigned to the request and ensures the stored user data is valid