diff --git a/src/Umbraco.Web.BackOffice/Security/AutoLinkSignInResult.cs b/src/Umbraco.Web.BackOffice/Security/AutoLinkSignInResult.cs
index c3f57f2fcc..54f409e6f8 100644
--- a/src/Umbraco.Web.BackOffice/Security/AutoLinkSignInResult.cs
+++ b/src/Umbraco.Web.BackOffice/Security/AutoLinkSignInResult.cs
@@ -1,6 +1,6 @@
-using Microsoft.AspNetCore.Identity;
using System;
using System.Collections.Generic;
+using Microsoft.AspNetCore.Identity;
namespace Umbraco.Web.Common.Security
{
@@ -9,12 +9,12 @@ namespace Umbraco.Web.Common.Security
///
public class AutoLinkSignInResult : SignInResult
{
- public static AutoLinkSignInResult FailedNotLinked = new AutoLinkSignInResult()
+ public static AutoLinkSignInResult FailedNotLinked => new AutoLinkSignInResult()
{
Succeeded = false
};
- public static AutoLinkSignInResult FailedNoEmail = new AutoLinkSignInResult()
+ public static AutoLinkSignInResult FailedNoEmail => new AutoLinkSignInResult()
{
Succeeded = false
};
diff --git a/src/Umbraco.Web.BackOffice/Security/BackOfficeCookieManager.cs b/src/Umbraco.Web.BackOffice/Security/BackOfficeCookieManager.cs
index 60bdc9c8ff..8664713c72 100644
--- a/src/Umbraco.Web.BackOffice/Security/BackOfficeCookieManager.cs
+++ b/src/Umbraco.Web.BackOffice/Security/BackOfficeCookieManager.cs
@@ -1,10 +1,9 @@
-using System;
+using System;
using System.Collections.Generic;
using System.Linq;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Http.Extensions;
-using Microsoft.AspNetCore.Routing;
using Umbraco.Core;
using Umbraco.Core.Cache;
using Umbraco.Core.Configuration.Models;
@@ -13,8 +12,6 @@ using Umbraco.Extensions;
namespace Umbraco.Web.BackOffice.Security
{
- using ICookieManager = Microsoft.AspNetCore.Authentication.Cookies.ICookieManager;
-
///
/// A custom cookie manager that is used to read the cookie from the request.
///
@@ -22,7 +19,7 @@ namespace Umbraco.Web.BackOffice.Security
/// Umbraco's back office cookie needs to be read on two paths: /umbraco and /install, therefore we cannot just set the cookie path to be /umbraco,
/// instead we'll specify our own cookie manager and return null if the request isn't for an acceptable path.
///
- public class BackOfficeCookieManager : ChunkingCookieManager, ICookieManager
+ public class BackOfficeCookieManager : ChunkingCookieManager, Microsoft.AspNetCore.Authentication.Cookies.ICookieManager
{
private readonly IUmbracoContextAccessor _umbracoContextAccessor;
private readonly IRuntimeState _runtime;
@@ -36,9 +33,8 @@ namespace Umbraco.Web.BackOffice.Security
IRuntimeState runtime,
IHostingEnvironment hostingEnvironment,
GlobalSettings globalSettings,
- IRequestCache requestCache,
- LinkGenerator linkGenerator)
- : this(umbracoContextAccessor, runtime, hostingEnvironment, globalSettings, requestCache, linkGenerator, null)
+ IRequestCache requestCache)
+ : this(umbracoContextAccessor, runtime, hostingEnvironment, globalSettings, requestCache, null)
{ }
public BackOfficeCookieManager(
@@ -47,7 +43,6 @@ namespace Umbraco.Web.BackOffice.Security
IHostingEnvironment hostingEnvironment,
GlobalSettings globalSettings,
IRequestCache requestCache,
- LinkGenerator linkGenerator,
IEnumerable explicitPaths)
{
_umbracoContextAccessor = umbracoContextAccessor;
@@ -61,9 +56,9 @@ namespace Umbraco.Web.BackOffice.Security
///
/// Determines if we should authenticate the request
///
- ///
- ///
- ///
+ /// The to check
+ /// true to check if the has been assigned in the request.
+ /// true if the request should be authenticated
///
/// We auth the request when:
/// * it is a back office request
@@ -79,19 +74,27 @@ namespace Umbraco.Web.BackOffice.Security
// was: app.IsConfigured == false (equiv to !Run) && dbContext.IsDbConfigured == false (equiv to Install)
// so, we handle .Install here and NOT .Upgrade
if (_runtime.Level == RuntimeLevel.Install)
+ {
return false;
+ }
- //check the explicit paths
+ // check the explicit paths
if (_explicitPaths != null)
+ {
return _explicitPaths.Any(x => x.InvariantEquals(requestUri.AbsolutePath));
+ }
- if (//check the explicit flag
- checkForceAuthTokens && _requestCache.IsAvailable && _requestCache.Get(Constants.Security.ForceReAuthFlag) != null
- //check back office
+ if (// check the explicit flag
+ (checkForceAuthTokens && _requestCache.IsAvailable && _requestCache.Get(Constants.Security.ForceReAuthFlag) != null)
+
+ // check back office
|| requestUri.IsBackOfficeRequest(_globalSettings, _hostingEnvironment)
- //check installer
+
+ // check installer
|| requestUri.IsInstallerRequest(_hostingEnvironment))
+ {
return true;
+ }
return false;
}
@@ -99,20 +102,20 @@ namespace Umbraco.Web.BackOffice.Security
///
/// Explicitly implement this so that we filter the request
///
- ///
- ///
- ///
- string ICookieManager.GetRequestCookie(HttpContext context, string key)
+ ///
+ string Microsoft.AspNetCore.Authentication.Cookies.ICookieManager.GetRequestCookie(HttpContext context, string key)
{
var requestUri = new Uri(context.Request.GetEncodedUrl(), UriKind.RelativeOrAbsolute);
if (_umbracoContextAccessor.UmbracoContext == null || requestUri.IsClientSideRequest())
+ {
return null;
+ }
return ShouldAuthenticateRequest(requestUri) == false
- //Don't auth request, don't return a cookie
+ // Don't auth request, don't return a cookie
? null
- //Return the default implementation
+ // Return the default implementation
: GetRequestCookie(context, key);
}
diff --git a/src/Umbraco.Web.BackOffice/Security/BackOfficeUserManager.cs b/src/Umbraco.Web.BackOffice/Security/BackOfficeUserManager.cs
index 761bf5c87c..464f2a38aa 100644
--- a/src/Umbraco.Web.BackOffice/Security/BackOfficeUserManager.cs
+++ b/src/Umbraco.Web.BackOffice/Security/BackOfficeUserManager.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
using System.Collections.Generic;
using System.Security.Principal;
using System.Threading;
@@ -115,7 +115,7 @@ namespace Umbraco.Web.Common.Security
///
protected virtual IPasswordHasher GetDefaultPasswordHasher(IPasswordConfiguration passwordConfiguration)
{
- //we can use the user aware password hasher (which will be the default and preferred way)
+ // we can use the user aware password hasher (which will be the default and preferred way)
return new PasswordHasher();
}
@@ -140,16 +140,22 @@ namespace Umbraco.Web.Common.Security
///
/// Override to check the user approval value as well as the user lock out date, by default this only checks the user's locked out date
///
- ///
- ///
+ /// The user
+ /// True if the user is locked out, else false
///
/// In the ASP.NET Identity world, there is only one value for being locked out, in Umbraco we have 2 so when checking this for Umbraco we need to check both values
///
public override async Task IsLockedOutAsync(T user)
{
- if (user == null) throw new ArgumentNullException(nameof(user));
+ if (user == null)
+ {
+ throw new ArgumentNullException(nameof(user));
+ }
- if (user.IsApproved == false) return true;
+ if (user.IsApproved == false)
+ {
+ return true;
+ }
return await base.IsLockedOutAsync(user);
}