yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add member auth to the Delivery API (#14730)

Browse Source 
* Refactor OpenIddict for shared usage between APIs + implement member authentication and handling within the Delivery API

* Make SwaggerRouteTemplatePipelineFilter UI config overridable

* Enable token revocation + rename logout endpoint to signout

* Add default implementation of SwaggerGenOptions configuration for enabling Delivery API member auth in Swagger

* Correct notification handling when (un)protecting content

* Fixing integration test framework

* Cleanup test to not execute some composers twice

* Update paths to match docs

* Return Forbidden when a member is authorized but not allowed to access the requested resource

* Cleanup

* Rename RequestMemberService to RequestMemberAccessService

* Rename badly named variable

* Review comments

* Hide the auth controller from Swagger

* Remove semaphore

* Add security requirements for content API operations in Swagger

* Hide the back-office auth endpoints from Swagger

* Fix merge

* Update back-office API auth endpoint paths + add revoke and sign-out endpoints (as of now they do not exist, a separate task will fix that)

* Swap endpoint order to maintain backwards compat with the current login screen for new back-office (will be swapped back again to ensure correct .well-known endpoints, see FIXME comment)

* Make "items by IDs" endpoint support member auth

* Add 401 and 403 to "items by IDs" endpoint responses

---------

Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: Elitsa <elm@umbraco.dk>
This commit is contained in:
Kenn Jacobsen
2023-09-26 09:22:45 +02:00
committed by GitHub
parent 624f9a0508
commit 83321a8fad
50 changed files with 1521 additions and 276 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
tests/Umbraco.Tests.Integration/NewBackoffice/OpenAPIContractTest.cs
View File

@@ -28,9 +28,6 @@ internal sealed class OpenAPIContractTest : UmbracoTestServerTestBase
mvcBuilder.AddApplicationPart(typeof(InstallControllerBase).Assembly);
});
new ManagementApiComposer().Compose(builder);
new UmbracoEFCoreComposer().Compose(builder);
// Currently we cannot do this in tests, as EF Core is not initialized
builder.Services.PostConfigure<UmbracoPipelineOptions>(options =>
{