From 8598ab565cd056a230dd4bbada568f5fae32e0ed Mon Sep 17 00:00:00 2001 From: Shannon Date: Tue, 15 Dec 2015 10:34:11 +0100 Subject: [PATCH] Fixes: U4-7536 Sign-out in back office will call all ASP.Net identity middleware sign out methods publicises a few things too. --- src/Umbraco.Core/Constants-Conventions.cs | 2 +- src/Umbraco.Core/Security/AuthenticationExtensions.cs | 4 +++- src/Umbraco.Web/Editors/AuthenticationController.cs | 6 ++++-- src/Umbraco.Web/IUmbracoContextAccessor.cs | 7 ++----- src/Umbraco.Web/Security/WebSecurity.cs | 6 ++++-- .../WebApi/Filters/UmbracoBackOfficeLogoutAttribute.cs | 4 +++- 6 files changed, 17 insertions(+), 12 deletions(-) diff --git a/src/Umbraco.Core/Constants-Conventions.cs b/src/Umbraco.Core/Constants-Conventions.cs index 3456ff1cfa..7e2bb88964 100644 --- a/src/Umbraco.Core/Constants-Conventions.cs +++ b/src/Umbraco.Core/Constants-Conventions.cs @@ -206,7 +206,7 @@ namespace Umbraco.Core /// internal const string StandardPropertiesGroupName = "Membership"; - internal static Dictionary GetStandardPropertyTypeStubs() + public static Dictionary GetStandardPropertyTypeStubs() { return new Dictionary { diff --git a/src/Umbraco.Core/Security/AuthenticationExtensions.cs b/src/Umbraco.Core/Security/AuthenticationExtensions.cs index 1c7c544ed8..79fdc1bed1 100644 --- a/src/Umbraco.Core/Security/AuthenticationExtensions.cs +++ b/src/Umbraco.Core/Security/AuthenticationExtensions.cs @@ -357,7 +357,9 @@ namespace Umbraco.Core.Security { //TODO: Do we need to do more here?? need to make sure that the forms cookie is gone, but is that // taken care of in our custom middleware somehow? - ctx.Authentication.SignOut(); + ctx.Authentication.SignOut( + Core.Constants.Security.BackOfficeAuthenticationType, + Core.Constants.Security.BackOfficeExternalAuthenticationType); return null; } } diff --git a/src/Umbraco.Web/Editors/AuthenticationController.cs b/src/Umbraco.Web/Editors/AuthenticationController.cs index 25b60c5cb7..ca6a69e238 100644 --- a/src/Umbraco.Web/Editors/AuthenticationController.cs +++ b/src/Umbraco.Web/Editors/AuthenticationController.cs @@ -97,7 +97,7 @@ namespace Umbraco.Web.Editors if (result.Succeeded) { var user = await UserManager.FindByIdAsync(User.Identity.GetUserId()); - await SignInManager.SignInAsync(user, isPersistent: false, rememberBrowser: false); + await SignInManager.SignInAsync(user, isPersistent: true, rememberBrowser: false); return Request.CreateResponse(HttpStatusCode.OK); } else @@ -240,7 +240,9 @@ namespace Umbraco.Web.Editors [ValidateAngularAntiForgeryToken] public HttpResponseMessage PostLogout() { - Request.TryGetOwinContext().Result.Authentication.SignOut(); + Request.TryGetOwinContext().Result.Authentication.SignOut( + Core.Constants.Security.BackOfficeAuthenticationType, + Core.Constants.Security.BackOfficeExternalAuthenticationType); Logger.Info("User {0} from IP address {1} has logged out", () => User.Identity == null ? "UNKNOWN" : User.Identity.Name, diff --git a/src/Umbraco.Web/IUmbracoContextAccessor.cs b/src/Umbraco.Web/IUmbracoContextAccessor.cs index e3614a1e86..997b25145b 100644 --- a/src/Umbraco.Web/IUmbracoContextAccessor.cs +++ b/src/Umbraco.Web/IUmbracoContextAccessor.cs @@ -2,11 +2,8 @@ namespace Umbraco.Web { /// /// Used to retrieve the Umbraco context - /// - /// - /// TODO: We could expose this to make working with UmbracoContext easier if we were to use it throughout the codebase - /// - internal interface IUmbracoContextAccessor + /// + public interface IUmbracoContextAccessor { UmbracoContext Value { get; } } diff --git a/src/Umbraco.Web/Security/WebSecurity.cs b/src/Umbraco.Web/Security/WebSecurity.cs index af6e53ca11..4ace3b236b 100644 --- a/src/Umbraco.Web/Security/WebSecurity.cs +++ b/src/Umbraco.Web/Security/WebSecurity.cs @@ -131,7 +131,7 @@ namespace Umbraco.Web.Security var userData = Mapper.Map(user); _httpContext.SetPrincipalForRequest(userData); - SignInManager.SignInAsync(user, isPersistent: false, rememberBrowser: false).Wait(); + SignInManager.SignInAsync(user, isPersistent: true, rememberBrowser: false).Wait(); return TimeSpan.FromMinutes(GlobalSettings.TimeOutInMinutes).TotalSeconds; } @@ -162,7 +162,9 @@ namespace Umbraco.Web.Security public virtual void ClearCurrentLogin() { _httpContext.UmbracoLogout(); - _httpContext.GetOwinContext().Authentication.SignOut(); + _httpContext.GetOwinContext().Authentication.SignOut( + Core.Constants.Security.BackOfficeAuthenticationType, + Core.Constants.Security.BackOfficeExternalAuthenticationType); } /// diff --git a/src/Umbraco.Web/WebApi/Filters/UmbracoBackOfficeLogoutAttribute.cs b/src/Umbraco.Web/WebApi/Filters/UmbracoBackOfficeLogoutAttribute.cs index 29ed4da73e..8912ca68ca 100644 --- a/src/Umbraco.Web/WebApi/Filters/UmbracoBackOfficeLogoutAttribute.cs +++ b/src/Umbraco.Web/WebApi/Filters/UmbracoBackOfficeLogoutAttribute.cs @@ -19,7 +19,9 @@ namespace Umbraco.Web.WebApi.Filters //this calls the underlying owin sign out logic - which should call the // auth providers middleware callbacks if using custom auth middleware - context.Request.TryGetOwinContext().Result.Authentication.SignOut(); + context.Request.TryGetOwinContext().Result.Authentication.SignOut( + Core.Constants.Security.BackOfficeAuthenticationType, + Core.Constants.Security.BackOfficeExternalAuthenticationType); } } } \ No newline at end of file