Security stamp implementation for members (#10140)

* Getting new netcore PublicAccessChecker in place * Adds full test coverage for PublicAccessChecker * remove PublicAccessComposer * adjust namespaces, ensure RoleManager works, separate public access controller, reduce content controller * Implements the required methods on IMemberManager, removes old migrated code * Updates routing to be able to re-route, Fixes middleware ordering ensuring endpoints are last, refactors pipeline options, adds public access middleware, ensures public access follows all hops * adds note * adds note * Cleans up ext methods, ensures that members identity is added on both front-end and back ends. updates how UmbracoApplicationBuilder works in that it explicitly starts endpoints at the time of calling. * Changes name to IUmbracoEndpointBuilder * adds note * Fixing tests, fixing error describers so there's 2x one for back office, one for members, fixes TryConvertTo, fixes login redirect * fixing build * Updates user manager to correctly validate password hashing and injects the IBackOfficeUserPasswordChecker * Merges PR * Fixes up build and notes * Implements security stamp and email confirmed for members, cleans up a bunch of repo/service level member groups stuff, shares user store code between members and users and fixes the user identity object so we arent' tracking both groups and roles. * Security stamp for members is now working * Fixes keepalive, fixes PublicAccessMiddleware to not throw, updates startup code to be more clear and removes magic that registers middleware. * adds note * removes unused filter, fixes build * fixes WebPath and tests * Looks up entities in one query * remove usings * Fix test, remove stylesheet * Set status code before we write to response to avoid error * Ensures that users and members are validated when logging in. Shares more code between users and members. * merge changes * oops * Fixes RepositoryCacheKeys to ensure the keys are normalized * oops didn't mean to commit this * Fix casing issues with caching, stop boxing value types for all cache operations, stop re-creating string keys in DefaultRepositoryCachePolicy * oops didn't mean to comit this * bah, far out this keeps getting recommitted. sorry Co-authored-by: Bjarke Berg <mail@bergmania.dk>
2021-04-20 17:13:40 +10:00
parent de28fbb0a4
commit 6c660d5721
26 changed files with 670 additions and 709 deletions
--- a/src/Umbraco.Infrastructure/Persistence/Repositories/Implement/MemberRepository.cs
+++ b/src/Umbraco.Infrastructure/Persistence/Repositories/Implement/MemberRepository.cs
@@ -252,6 +252,12 @@ namespace Umbraco.Cms.Infrastructure.Persistence.Repositories.Implement
        {
            entity.AddingEntity();

+            // ensure security stamp if missing
+            if (entity.SecurityStamp.IsNullOrWhiteSpace())
+            {
+                entity.SecurityStamp = Guid.NewGuid().ToString();
+            }
+
            // ensure that strings don't contain characters that are invalid in xml
            // TODO: do we really want to keep doing this here?
            entity.SanitizeEntityPropertiesForXmlStorage();
@@ -342,6 +348,12 @@ namespace Umbraco.Cms.Infrastructure.Persistence.Repositories.Implement
            // update
            entity.UpdatingEntity();

+            // ensure security stamp if missing
+            if (entity.SecurityStamp.IsNullOrWhiteSpace())
+            {
+                entity.SecurityStamp = Guid.NewGuid().ToString();
+            }
+
            // ensure that strings don't contain characters that are invalid in xml
            // TODO: do we really want to keep doing this here?
            entity.SanitizeEntityPropertiesForXmlStorage();
@@ -373,18 +385,52 @@ namespace Umbraco.Cms.Infrastructure.Persistence.Repositories.Implement
            // but only the changed columns, 'cos we cannot update password if empty
            var changedCols = new List<string>();

+            if (entity.IsPropertyDirty("SecurityStamp"))
+            {
+                changedCols.Add("securityStampToken");
+            }
+
            if (entity.IsPropertyDirty("Email"))
+            {
                changedCols.Add("Email");
+            }

            if (entity.IsPropertyDirty("Username"))
+            {
                changedCols.Add("LoginName");
+            }

            // do NOT update the password if it has not changed or if it is null or empty
            if (entity.IsPropertyDirty("RawPasswordValue") && !string.IsNullOrWhiteSpace(entity.RawPasswordValue))
+            {
                changedCols.Add("Password");

+                // If the security stamp hasn't already updated we need to force it
+                if (entity.IsPropertyDirty("SecurityStamp") == false)
+                {
+                    dto.SecurityStampToken = entity.SecurityStamp = Guid.NewGuid().ToString();
+                    changedCols.Add("securityStampToken");
+                }
+            }
+
+            // If userlogin or the email has changed then need to reset security stamp
+            if (changedCols.Contains("Email") || changedCols.Contains("LoginName"))
+            {
+                dto.EmailConfirmedDate = null;
+                changedCols.Add("emailConfirmedDate");
+
+                // If the security stamp hasn't already updated we need to force it
+                if (entity.IsPropertyDirty("SecurityStamp") == false)
+                {
+                    dto.SecurityStampToken = entity.SecurityStamp = Guid.NewGuid().ToString();
+                    changedCols.Add("securityStampToken");
+                }
+            }
+
            if (changedCols.Count > 0)
+            {
                Database.Update(dto, changedCols);
+            }

            ReplacePropertyValues(entity, entity.VersionId, 0, out _, out _);

@@ -655,8 +701,8 @@ namespace Umbraco.Cms.Infrastructure.Persistence.Repositories.Implement

        private IMember MapDtoToContent(MemberDto dto)
        {
-            var memberType = _memberTypeRepository.Get(dto.ContentDto.ContentTypeId);
-            var member = ContentBaseFactory.BuildEntity(dto, memberType);
+            IMemberType memberType = _memberTypeRepository.Get(dto.ContentDto.ContentTypeId);
+            Member member = ContentBaseFactory.BuildEntity(dto, memberType);

            // get properties - indexed by version id
            var versionId = dto.ContentVersionDto.Id;
@@ -674,6 +720,20 @@ namespace Umbraco.Cms.Infrastructure.Persistence.Repositories.Implement
            return _memberByUsernameCachePolicy.Get(username, PerformGetByUsername, PerformGetAllByUsername);
        }

+        public int[] GetMemberIds(string[] usernames)
+        {
+            var memberObjectType = Cms.Core.Constants.ObjectTypes.Member;
+
+            var memberSql = Sql()
+                .Select("umbracoNode.id")
+                .From<NodeDto>()
+                .InnerJoin<MemberDto>()
+                .On<NodeDto, MemberDto>(dto => dto.NodeId, dto => dto.NodeId)
+                .Where<NodeDto>(x => x.NodeObjectType == memberObjectType)
+                .Where("cmsMember.LoginName in (@usernames)", new { /*usernames =*/ usernames });
+            return Database.Fetch<int>(memberSql).ToArray();
+        }
+
        private IMember PerformGetByUsername(string username)
        {
            var query = Query<IMember>().Where(x => x.Username.Equals(username));