diff --git a/src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs b/src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs index bf1271c910..9d76e58982 100644 --- a/src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs +++ b/src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs @@ -45,7 +45,7 @@ namespace Umbraco.Web.BackOffice.Controllers [PluginController(Constants.Web.Mvc.BackOfficeApiArea)] // TODO: Maybe this could be applied with our Application Model conventions //[ValidationFilter] // TODO: I don't actually think this is required with our custom Application Model conventions applied [AngularJsonOnlyConfiguration] // TODO: This could be applied with our Application Model conventions - [IsBackOffice] + [IsBackOffice] // TODO: This could be applied with our Application Model conventions public class AuthenticationController : UmbracoApiControllerBase { private readonly IBackOfficeSecurityAccessor _backofficeSecurityAccessor; diff --git a/src/Umbraco.Web.BackOffice/Controllers/BackOfficeController.cs b/src/Umbraco.Web.BackOffice/Controllers/BackOfficeController.cs index 3998a65cd6..83e94c1e30 100644 --- a/src/Umbraco.Web.BackOffice/Controllers/BackOfficeController.cs +++ b/src/Umbraco.Web.BackOffice/Controllers/BackOfficeController.cs @@ -41,7 +41,6 @@ namespace Umbraco.Web.BackOffice.Controllers [DisableBrowserCache] //[UmbracoRequireHttps] //TODO Reintroduce [PluginController(Constants.Web.Mvc.BackOfficeArea)] - [IsBackOffice] public class BackOfficeController : UmbracoController { private readonly IBackOfficeUserManager _userManager; diff --git a/src/Umbraco.Web.BackOffice/Controllers/PublishedSnapshotCacheStatusController.cs b/src/Umbraco.Web.BackOffice/Controllers/PublishedSnapshotCacheStatusController.cs index c9c420f254..1a0e3457ca 100644 --- a/src/Umbraco.Web.BackOffice/Controllers/PublishedSnapshotCacheStatusController.cs +++ b/src/Umbraco.Web.BackOffice/Controllers/PublishedSnapshotCacheStatusController.cs @@ -8,7 +8,8 @@ using Umbraco.Web.PublishedCache; namespace Umbraco.Web.BackOffice.Controllers { - [PluginController(Constants.Web.Mvc.BackOfficeApiArea)] + [PluginController(Constants.Web.Mvc.BackOfficeApiArea)] + [IsBackOffice] public class PublishedSnapshotCacheStatusController : UmbracoAuthorizedApiController { private readonly IPublishedSnapshotService _publishedSnapshotService; diff --git a/src/Umbraco.Web.BackOffice/Extensions/UmbracoBuilderExtensions.cs b/src/Umbraco.Web.BackOffice/Extensions/UmbracoBuilderExtensions.cs index fe6eacbb35..75d53c91de 100644 --- a/src/Umbraco.Web.BackOffice/Extensions/UmbracoBuilderExtensions.cs +++ b/src/Umbraco.Web.BackOffice/Extensions/UmbracoBuilderExtensions.cs @@ -32,9 +32,15 @@ namespace Umbraco.Extensions builder.Services.AddAntiforgery(); builder.Services.AddSingleton(); + // TODO: We need to see if we are 'allowed' to do this, the docs say: + // "The call to AddIdentity configures the default scheme settings. The AddAuthentication(String) overload sets the DefaultScheme property. The AddAuthentication(Action) overload allows configuring authentication options, which can be used to set up default authentication schemes for different purposes. Subsequent calls to AddAuthentication override previously configured AuthenticationOptions properties." + // So if someone calls services.AddAuthentication() ... in Startup does that overwrite all of this? + // It also says "When the app requires multiple providers, chain the provider extension methods behind AddAuthentication" + // Which leads me to believe it all gets overwritten? :/ + // UPDATE: I have tested this breifly in Startup doing Services.AddAuthentication().AddGoogle() ... and the back office auth + // still seems to work. We'll see how it goes i guess. builder.Services - .AddAuthentication() // This just creates a builder, nothing more - // Add our custom schemes which are cookie handlers + .AddAuthentication(Core.Constants.Security.BackOfficeAuthenticationType) .AddCookie(Core.Constants.Security.BackOfficeAuthenticationType) .AddCookie(Core.Constants.Security.BackOfficeExternalAuthenticationType, o => { diff --git a/src/Umbraco.Web.BackOffice/Security/IBackOfficeExternalLoginProviders.cs b/src/Umbraco.Web.BackOffice/Security/IBackOfficeExternalLoginProviders.cs index 6b78e58ead..6d0b64e84f 100644 --- a/src/Umbraco.Web.BackOffice/Security/IBackOfficeExternalLoginProviders.cs +++ b/src/Umbraco.Web.BackOffice/Security/IBackOfficeExternalLoginProviders.cs @@ -26,11 +26,6 @@ namespace Umbraco.Web.BackOffice.Security _loginProviderOptions = loginProviderOptions; } - public string SchemeForBackOffice(string scheme) - { - return Constants.Security.BackOfficeExternalAuthenticationTypePrefix + scheme; - } - /// /// Overridden to track the final authenticationScheme being registered for the external login /// @@ -41,11 +36,11 @@ namespace Umbraco.Web.BackOffice.Security /// /// public override AuthenticationBuilder AddRemoteScheme(string authenticationScheme, string displayName, Action configureOptions) - { - // Validate that the prefix is set + { + //Ensure the prefix is set if (!authenticationScheme.StartsWith(Constants.Security.BackOfficeExternalAuthenticationTypePrefix)) { - throw new InvalidOperationException($"The {nameof(authenticationScheme)} is not prefixed with {Constants.Security.BackOfficeExternalAuthenticationTypePrefix}. The scheme must be created with a call to the method {nameof(SchemeForBackOffice)}"); + authenticationScheme = Constants.Security.BackOfficeExternalAuthenticationTypePrefix + authenticationScheme; } // add our login provider to the container along with a custom options configuration diff --git a/src/Umbraco.Web.Common/ApplicationModels/AuthenticateAsBackOfficeSchemeConvention.cs b/src/Umbraco.Web.Common/ApplicationModels/AuthenticateAsBackOfficeSchemeConvention.cs deleted file mode 100644 index 838cc59ac4..0000000000 --- a/src/Umbraco.Web.Common/ApplicationModels/AuthenticateAsBackOfficeSchemeConvention.cs +++ /dev/null @@ -1,16 +0,0 @@ -using Microsoft.AspNetCore.Mvc.ApplicationModels; -using Umbraco.Web.Common.Filters; - -namespace Umbraco.Web.Common.ApplicationModels -{ - /// - /// Ensures all requests with this convention are authenticated with the back office scheme - /// - public class AuthenticateAsBackOfficeSchemeConvention : IActionModelConvention - { - public void Apply(ActionModel action) - { - action.Filters.Add(new EnsureUmbracoBackOfficeAuthentication()); - } - } -} diff --git a/src/Umbraco.Web.Common/ApplicationModels/BackOfficeApplicationModelProvider.cs b/src/Umbraco.Web.Common/ApplicationModels/BackOfficeApplicationModelProvider.cs index dc0816e1e2..0ad6c4ec1a 100644 --- a/src/Umbraco.Web.Common/ApplicationModels/BackOfficeApplicationModelProvider.cs +++ b/src/Umbraco.Web.Common/ApplicationModels/BackOfficeApplicationModelProvider.cs @@ -6,8 +6,6 @@ using Umbraco.Web.Common.Attributes; namespace Umbraco.Web.Common.ApplicationModels { - // TODO: This should just exist in the back office project - /// /// An application model provider for all Umbraco Back Office controllers /// @@ -17,8 +15,7 @@ namespace Umbraco.Web.Common.ApplicationModels { ActionModelConventions = new List() { - new BackOfficeIdentityCultureConvention(), - new AuthenticateAsBackOfficeSchemeConvention() + new BackOfficeIdentityCultureConvention() }; } @@ -52,7 +49,12 @@ namespace Umbraco.Web.Common.ApplicationModels } private bool IsBackOfficeController(ControllerModel controller) - => controller.Attributes.OfType().Any(); - + { + var pluginControllerAttribute = controller.Attributes.OfType().FirstOrDefault(); + return pluginControllerAttribute != null + && (pluginControllerAttribute.AreaName == Core.Constants.Web.Mvc.BackOfficeArea + || pluginControllerAttribute.AreaName == Core.Constants.Web.Mvc.BackOfficeApiArea + || pluginControllerAttribute.AreaName == Core.Constants.Web.Mvc.BackOfficeTreeArea); + } } } diff --git a/src/Umbraco.Web.Common/ApplicationModels/BackOfficeIdentityCultureConvention.cs b/src/Umbraco.Web.Common/ApplicationModels/BackOfficeIdentityCultureConvention.cs index 0a5a1f9945..d3e2096dd3 100644 --- a/src/Umbraco.Web.Common/ApplicationModels/BackOfficeIdentityCultureConvention.cs +++ b/src/Umbraco.Web.Common/ApplicationModels/BackOfficeIdentityCultureConvention.cs @@ -3,9 +3,6 @@ using Umbraco.Web.Common.Filters; namespace Umbraco.Web.Common.ApplicationModels { - - // TODO: This should just exist in the back office project - public class BackOfficeIdentityCultureConvention : IActionModelConvention { public void Apply(ActionModel action) diff --git a/src/Umbraco.Web.Common/ApplicationModels/UmbracoApiBehaviorApplicationModelProvider.cs b/src/Umbraco.Web.Common/ApplicationModels/UmbracoApiBehaviorApplicationModelProvider.cs index be296969e7..918bc3776f 100644 --- a/src/Umbraco.Web.Common/ApplicationModels/UmbracoApiBehaviorApplicationModelProvider.cs +++ b/src/Umbraco.Web.Common/ApplicationModels/UmbracoApiBehaviorApplicationModelProvider.cs @@ -81,7 +81,6 @@ namespace Umbraco.Web.Common.ApplicationModels } } - private bool IsUmbracoApiController(ControllerModel controller) - => controller.Attributes.OfType().Any(); + private bool IsUmbracoApiController(ControllerModel controller) => controller.Attributes.OfType().Any(); } } diff --git a/src/Umbraco.Web.Common/ApplicationModels/UmbracoJsonModelBinderConvention.cs b/src/Umbraco.Web.Common/ApplicationModels/UmbracoJsonModelBinderConvention.cs index 42d23b33b3..96c60398f0 100644 --- a/src/Umbraco.Web.Common/ApplicationModels/UmbracoJsonModelBinderConvention.cs +++ b/src/Umbraco.Web.Common/ApplicationModels/UmbracoJsonModelBinderConvention.cs @@ -2,9 +2,6 @@ using Microsoft.AspNetCore.Mvc.ModelBinding; using Umbraco.Web.Common.ModelBinding; using System.Linq; -using Umbraco.Web.Common.Attributes; -using Umbraco.Web.Actions; -using Umbraco.Web.Common.Filters; namespace Umbraco.Web.Common.ApplicationModels { @@ -24,6 +21,4 @@ namespace Umbraco.Web.Common.ApplicationModels } } } - - } diff --git a/src/Umbraco.Web.Common/Filters/EnsureUmbracoBackOfficeAuthentication.cs b/src/Umbraco.Web.Common/Filters/EnsureUmbracoBackOfficeAuthentication.cs deleted file mode 100644 index 5ad43dc922..0000000000 --- a/src/Umbraco.Web.Common/Filters/EnsureUmbracoBackOfficeAuthentication.cs +++ /dev/null @@ -1,25 +0,0 @@ -using Microsoft.AspNetCore.Authorization; -using Microsoft.AspNetCore.Mvc.Filters; -using Umbraco.Web.Common.ApplicationModels; -using Umbraco.Web.Common.Attributes; - -namespace Umbraco.Web.Common.Filters -{ - - /// - /// Assigned as part of the umbraco back office application model - /// to always ensure that back office authentication occurs for all controller/actions with - /// applied. - /// - public class EnsureUmbracoBackOfficeAuthentication : IAuthorizationFilter, IAuthorizeData - { - // Implements IAuthorizeData only to return the back office scheme - public string AuthenticationSchemes { get; set; } = Umbraco.Core.Constants.Security.BackOfficeAuthenticationType; - public string Policy { get; set; } - public string Roles { get; set; } - - public void OnAuthorization(AuthorizationFilterContext context) - { - } - } -} diff --git a/src/Umbraco.Web.Common/Filters/UmbracoBackOfficeAuthorizeAttribute.cs b/src/Umbraco.Web.Common/Filters/UmbracoBackOfficeAuthorizeAttribute.cs index 40f534f289..1f4abbaa25 100644 --- a/src/Umbraco.Web.Common/Filters/UmbracoBackOfficeAuthorizeAttribute.cs +++ b/src/Umbraco.Web.Common/Filters/UmbracoBackOfficeAuthorizeAttribute.cs @@ -1,5 +1,4 @@ -using Microsoft.AspNetCore.Authorization; -using Microsoft.AspNetCore.Mvc; +using Microsoft.AspNetCore.Mvc; namespace Umbraco.Web.Common.Filters { diff --git a/src/Umbraco.Web.Common/Filters/UmbracoBackOfficeAuthorizeFilter.cs b/src/Umbraco.Web.Common/Filters/UmbracoBackOfficeAuthorizeFilter.cs index c8ae0aacd8..8fad886f27 100644 --- a/src/Umbraco.Web.Common/Filters/UmbracoBackOfficeAuthorizeFilter.cs +++ b/src/Umbraco.Web.Common/Filters/UmbracoBackOfficeAuthorizeFilter.cs @@ -12,8 +12,6 @@ using IHostingEnvironment = Umbraco.Core.Hosting.IHostingEnvironment; namespace Umbraco.Web.Common.Filters { - - /// /// Ensures authorization is successful for a back office user. ///