yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add member auth to the Delivery API (#14730)

Browse Source 
* Refactor OpenIddict for shared usage between APIs + implement member authentication and handling within the Delivery API

* Make SwaggerRouteTemplatePipelineFilter UI config overridable

* Enable token revocation + rename logout endpoint to signout

* Add default implementation of SwaggerGenOptions configuration for enabling Delivery API member auth in Swagger

* Correct notification handling when (un)protecting content

* Fixing integration test framework

* Cleanup test to not execute some composers twice

* Update paths to match docs

* Return Forbidden when a member is authorized but not allowed to access the requested resource

* Cleanup

* Rename RequestMemberService to RequestMemberAccessService

* Rename badly named variable

* Review comments

* Hide the auth controller from Swagger

* Remove semaphore

* Add security requirements for content API operations in Swagger

* Hide the back-office auth endpoints from Swagger

* Fix merge

* Update back-office API auth endpoint paths + add revoke and sign-out endpoints (as of now they do not exist, a separate task will fix that)

* Swap endpoint order to maintain backwards compat with the current login screen for new back-office (will be swapped back again to ensure correct .well-known endpoints, see FIXME comment)

* Make "items by IDs" endpoint support member auth

* Add 401 and 403 to "items by IDs" endpoint responses

---------

Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: Elitsa <elm@umbraco.dk>
This commit is contained in:
Kenn Jacobsen
2023-09-26 09:22:45 +02:00
committed by GitHub
parent 624f9a0508
commit 83321a8fad
50 changed files with 1521 additions and 276 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/Umbraco.Core/Security/IPublicAccessChecker.cs
View File

@@ -1,6 +1,21 @@
using System.Security.Claims;
namespace Umbraco.Cms.Core.Security;
public interface IPublicAccessChecker
{
/// <summary>
/// Tests the current member access level to a given content item.
/// </summary>
/// <param name="publishedContentId">The ID of the content item.</param>
/// <returns>The access level for the content item.</returns>
Task<PublicAccessStatus> HasMemberAccessToContentAsync(int publishedContentId);
/// <summary>
/// Tests member access level to a given content item.
/// </summary>
/// <param name="publishedContentId">The ID of the content item.</param>
/// <param name="claimsPrincipal">The member claims to test against the content item.</param>
/// <returns>The access level for the content item.</returns>
Task<PublicAccessStatus> HasMemberAccessToContentAsync(int publishedContentId, ClaimsPrincipal claimsPrincipal) => Task.FromResult(PublicAccessStatus.AccessDenied);
}