From 8dd950bd521cfd63aaf7169cbd7eebae32daedb8 Mon Sep 17 00:00:00 2001 From: Shannon Date: Tue, 18 Mar 2014 17:22:25 +1100 Subject: [PATCH] Ensures all access to the users membership provider is done with our extension method --- .../Security/MembershipProviderExtensions.cs | 19 +++++++++++++++ .../install/steps/DefaultUser.ascx.cs | 10 +------- .../umbraco/create/User.ascx.cs | 10 +++++--- .../Routing/PublishedContentRequestEngine.cs | 3 +-- src/Umbraco.Web/Security/MembershipHelper.cs | 14 ++++------- src/Umbraco.Web/Security/WebSecurity.cs | 2 +- src/Umbraco.Web/UmbracoHelper.cs | 3 +-- .../umbraco.presentation/LegacyClasses.cs | 3 +-- .../install/steps/LegacyClasses.cs | 17 ++++++++------ .../umbraco/channels/UmbracoMetaWeblogAPI.cs | 23 +++++++++++-------- .../umbraco/create/userTasks.cs | 9 +++++--- .../umbraco/dashboard/ChangePassword.ascx.cs | 3 ++- .../umbraco/login.aspx.cs | 2 +- .../umbraco/users/EditUser.aspx.cs | 10 +------- .../umbraco/webservices/MediaUploader.ashx.cs | 3 ++- .../businesslogic/member/Member.cs | 10 ++++---- 16 files changed, 75 insertions(+), 66 deletions(-) diff --git a/src/Umbraco.Core/Security/MembershipProviderExtensions.cs b/src/Umbraco.Core/Security/MembershipProviderExtensions.cs index 24f5bd01c8..afcedac65b 100644 --- a/src/Umbraco.Core/Security/MembershipProviderExtensions.cs +++ b/src/Umbraco.Core/Security/MembershipProviderExtensions.cs @@ -48,6 +48,25 @@ namespace Umbraco.Core.Security return Membership.Providers[Constants.Conventions.Member.UmbracoMemberProviderName]; } + /// + /// Method to get the Umbraco Users membership provider based on it's alias + /// + /// + public static MembershipProvider GetUsersMembershipProvider() + { + if (Membership.Providers[Constants.Conventions.User.UmbracoUsersProviderName] == null) + { + throw new InvalidOperationException("No membership provider found with name " + Constants.Conventions.User.UmbracoUsersProviderName); + } + return Membership.Providers[Constants.Conventions.User.UmbracoUsersProviderName]; + } + + public static MembershipUser GetCurrentUser(this MembershipProvider membershipProvider) + { + var username = membershipProvider.GetCurrentUserName(); + return membershipProvider.GetUser(username, true); + } + /// /// Just returns the current user's login name (just a wrapper). /// diff --git a/src/Umbraco.Web.UI/install/steps/DefaultUser.ascx.cs b/src/Umbraco.Web.UI/install/steps/DefaultUser.ascx.cs index 57772cfbdd..ce81ca3bce 100644 --- a/src/Umbraco.Web.UI/install/steps/DefaultUser.ascx.cs +++ b/src/Umbraco.Web.UI/install/steps/DefaultUser.ascx.cs @@ -19,15 +19,7 @@ namespace Umbraco.Web.UI.Install.Steps protected MembershipProvider CurrentProvider { - get - { - var provider = Membership.Providers[UmbracoSettings.DefaultBackofficeProvider]; - if (provider == null) - { - throw new InvalidOperationException("No MembershipProvider found with name " + UmbracoSettings.DefaultBackofficeProvider); - } - return provider; - } + get { return MembershipProviderExtensions.GetUsersMembershipProvider(); } } protected void ChangePasswordClick(object sender, EventArgs e) diff --git a/src/Umbraco.Web.UI/umbraco/create/User.ascx.cs b/src/Umbraco.Web.UI/umbraco/create/User.ascx.cs index ff69a0b44c..9e7af18387 100644 --- a/src/Umbraco.Web.UI/umbraco/create/User.ascx.cs +++ b/src/Umbraco.Web.UI/umbraco/create/User.ascx.cs @@ -28,7 +28,9 @@ namespace Umbraco.Web.UI.Umbraco.Create /// protected void LoginExistsCheck(object sender, ServerValidateEventArgs e) { - var user = Membership.Providers[UmbracoSettings.DefaultBackofficeProvider].GetUser(Login.Text.Replace(" ", "").ToLower(), false); + var provider = MembershipProviderExtensions.GetUsersMembershipProvider(); + + var user = provider.GetUser(Login.Text.Replace(" ", "").ToLower(), false); if (Login.Text != "" && user != null) e.IsValid = false; @@ -44,9 +46,11 @@ namespace Umbraco.Web.UI.Umbraco.Create /// protected void EmailExistsCheck(object sender, ServerValidateEventArgs e) { - var found = Membership.Providers[UmbracoSettings.DefaultBackofficeProvider].GetUserNameByEmail(Email.Text.ToLower()); + var provider = MembershipProviderExtensions.GetUsersMembershipProvider(); - if (Email.Text != "" && found.IsNullOrWhiteSpace() == false && Membership.Providers[UmbracoSettings.DefaultBackofficeProvider].RequiresUniqueEmail) + var found = provider.GetUserNameByEmail(Email.Text.ToLower()); + + if (Email.Text != "" && found.IsNullOrWhiteSpace() == false && provider.RequiresUniqueEmail) e.IsValid = false; else e.IsValid = true; diff --git a/src/Umbraco.Web/Routing/PublishedContentRequestEngine.cs b/src/Umbraco.Web/Routing/PublishedContentRequestEngine.cs index 4265a4e07f..da8bd37393 100644 --- a/src/Umbraco.Web/Routing/PublishedContentRequestEngine.cs +++ b/src/Umbraco.Web/Routing/PublishedContentRequestEngine.cs @@ -522,8 +522,7 @@ namespace Umbraco.Web.Routing try { var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); - var username = provider.GetCurrentUserName(); - user = provider.GetUser(username, true); + user = provider.GetCurrentUser(); } catch (ArgumentException) { diff --git a/src/Umbraco.Web/Security/MembershipHelper.cs b/src/Umbraco.Web/Security/MembershipHelper.cs index 1a280374f5..4572026938 100644 --- a/src/Umbraco.Web/Security/MembershipHelper.cs +++ b/src/Umbraco.Web/Security/MembershipHelper.cs @@ -66,8 +66,7 @@ namespace Umbraco.Web.Security //get the current membership user var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); - var username = provider.GetCurrentUserName(); - var membershipUser = provider.GetUser(username, true); + var membershipUser = provider.GetCurrentUser(); //NOTE: This should never happen since they are logged in if (membershipUser == null) throw new InvalidOperationException("Could not find member with username " + _httpContext.User.Identity.Name); @@ -274,9 +273,8 @@ namespace Umbraco.Web.Security var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); if (provider.IsUmbracoMembershipProvider()) - { - var username = provider.GetCurrentUserName(); - var membershipUser = provider.GetUser(username, true); + { + var membershipUser = provider.GetCurrentUser(); var member = GetCurrentMember(); //this shouldn't happen if (member == null) return null; @@ -426,8 +424,7 @@ namespace Umbraco.Web.Security } else { - var username = provider.GetCurrentUserName(); - var member = provider.GetUser(username, true); + var member = provider.GetCurrentUser(); //this shouldn't happen if (member == null) return null; model.Name = member.UserName; @@ -506,8 +503,7 @@ namespace Umbraco.Web.Security } else { - var currUsername = provider.GetCurrentUserName(); - var member = provider.GetUser(currUsername, true); + var member = provider.GetCurrentUser(); username = member.UserName; } diff --git a/src/Umbraco.Web/Security/WebSecurity.cs b/src/Umbraco.Web/Security/WebSecurity.cs index 88e7781aaa..b197820443 100644 --- a/src/Umbraco.Web/Security/WebSecurity.cs +++ b/src/Umbraco.Web/Security/WebSecurity.cs @@ -135,7 +135,7 @@ namespace Umbraco.Web.Security /// internal bool ValidateBackOfficeCredentials(string username, string password) { - var membershipProvider = Membership.Providers[UmbracoSettings.DefaultBackofficeProvider]; + var membershipProvider = MembershipProviderExtensions.GetUsersMembershipProvider(); return membershipProvider != null && membershipProvider.ValidateUser(username, password); } diff --git a/src/Umbraco.Web/UmbracoHelper.cs b/src/Umbraco.Web/UmbracoHelper.cs index 2c41188215..03b0aaf93d 100644 --- a/src/Umbraco.Web/UmbracoHelper.cs +++ b/src/Umbraco.Web/UmbracoHelper.cs @@ -411,8 +411,7 @@ namespace Umbraco.Web if (IsProtected(nodeId, path)) { var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); - var username = provider.GetCurrentUserName(); - return _membershipHelper.IsLoggedIn() && Access.HasAccess(nodeId, path, provider.GetUser(username, true)); + return _membershipHelper.IsLoggedIn() && Access.HasAccess(nodeId, path, provider.GetCurrentUser()); } return true; } diff --git a/src/Umbraco.Web/umbraco.presentation/LegacyClasses.cs b/src/Umbraco.Web/umbraco.presentation/LegacyClasses.cs index 457db46395..dffac19054 100644 --- a/src/Umbraco.Web/umbraco.presentation/LegacyClasses.cs +++ b/src/Umbraco.Web/umbraco.presentation/LegacyClasses.cs @@ -423,8 +423,7 @@ namespace umbraco HttpContext.Current.Trace.Write("umbracoRequestHandler", "Page protected"); var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); - var username = provider.GetCurrentUserName(); - var user = provider.GetUser(username, true); + var user = provider.GetCurrentUser(); if (user == null || !library.IsLoggedOn()) { diff --git a/src/Umbraco.Web/umbraco.presentation/install/steps/LegacyClasses.cs b/src/Umbraco.Web/umbraco.presentation/install/steps/LegacyClasses.cs index d62bada27a..573c97d4de 100644 --- a/src/Umbraco.Web/umbraco.presentation/install/steps/LegacyClasses.cs +++ b/src/Umbraco.Web/umbraco.presentation/install/steps/LegacyClasses.cs @@ -13,6 +13,7 @@ using Umbraco.Core.Configuration; using Umbraco.Core.IO; using Umbraco.Core.Logging; using umbraco.BusinessLogic; +using Umbraco.Core.Security; using umbraco.DataLayer; using umbraco.presentation.install.utills; using umbraco.providers; @@ -523,19 +524,21 @@ namespace umbraco.presentation.install { Page.Validate(); + var provider = MembershipProviderExtensions.GetUsersMembershipProvider(); + if (Page.IsValid) { User u = User.GetUser(0); - MembershipUser user = Membership.Providers[UmbracoSettings.DefaultBackofficeProvider].GetUser(0, true); + var user = provider.GetUser(0, true); user.ChangePassword(u.GetPassword(), tb_password.Text.Trim()); // Is it using the default membership provider - if (Membership.Providers[UmbracoSettings.DefaultBackofficeProvider] is UsersMembershipProvider) + if (provider is UsersMembershipProvider) { // Save user in membership provider - UsersMembershipUser umbracoUser = user as UsersMembershipUser; + var umbracoUser = user as UsersMembershipUser; umbracoUser.FullName = tb_name.Text.Trim(); - Membership.Providers[UmbracoSettings.DefaultBackofficeProvider].UpdateUser(umbracoUser); + provider.UpdateUser(umbracoUser); // Save user details u.Email = tb_email.Text.Trim(); @@ -543,7 +546,7 @@ namespace umbraco.presentation.install else { u.Name = tb_name.Text.Trim(); - if (!(Membership.Providers[UmbracoSettings.DefaultBackofficeProvider] is ActiveDirectoryMembershipProvider)) Membership.Providers[UmbracoSettings.DefaultBackofficeProvider].UpdateUser(user); + if ((provider is ActiveDirectoryMembershipProvider) == false) provider.UpdateUser(user); } // we need to update the login name here as it's set to the old name when saving the user via the membership provider! @@ -555,8 +558,8 @@ namespace umbraco.presentation.install { try { - System.Net.WebClient client = new System.Net.WebClient(); - NameValueCollection values = new NameValueCollection(); + var client = new System.Net.WebClient(); + var values = new NameValueCollection(); values.Add("name", tb_name.Text); values.Add("email", tb_email.Text); diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/channels/UmbracoMetaWeblogAPI.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/channels/UmbracoMetaWeblogAPI.cs index 4df569f87d..00e1fc721f 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/channels/UmbracoMetaWeblogAPI.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/channels/UmbracoMetaWeblogAPI.cs @@ -14,6 +14,7 @@ using umbraco.cms.businesslogic.media; using umbraco.cms.businesslogic.property; using umbraco.cms.businesslogic.propertytype; using umbraco.cms.businesslogic.web; +using Umbraco.Core.Security; using umbraco.presentation.channels.businesslogic; using Post = CookComputing.MetaWeblog.Post; @@ -45,7 +46,7 @@ namespace umbraco.presentation.channels Description = "Where applicable, this specifies whether the blog " + "should be republished after the post has been deleted.")] bool publish) { - if (validateUser(username, password)) + if (ValidateUser(username, password)) { Channel userChannel = new Channel(username); new Document(int.Parse(postid)) @@ -62,7 +63,7 @@ namespace umbraco.presentation.channels Post post, bool publish) { - if (validateUser(username, password)) + if (ValidateUser(username, password)) { Channel userChannel = new Channel(username); Document doc = new Document(Convert.ToInt32(postid)); @@ -140,7 +141,7 @@ namespace umbraco.presentation.channels string username, string password) { - if (validateUser(username, password)) + if (ValidateUser(username, password)) { Channel userChannel = new Channel(username); if (userChannel.FieldCategoriesAlias != null && userChannel.FieldCategoriesAlias != "") @@ -218,7 +219,7 @@ namespace umbraco.presentation.channels string username, string password) { - if (validateUser(username, password)) + if (ValidateUser(username, password)) { Channel userChannel = new Channel(username); Document d = new Document(int.Parse(postid)); @@ -258,7 +259,7 @@ namespace umbraco.presentation.channels string password, int numberOfPosts) { - if (validateUser(username, password)) + if (ValidateUser(username, password)) { ArrayList blogPosts = new ArrayList(); ArrayList blogPostsObjects = new ArrayList(); @@ -369,7 +370,7 @@ namespace umbraco.presentation.channels Post post, bool publish) { - if (validateUser(username, password)) + if (ValidateUser(username, password)) { Channel userChannel = new Channel(username); User u = new User(username); @@ -427,7 +428,7 @@ namespace umbraco.presentation.channels string password, FileData file) { - if (validateUser(username, password)) + if (ValidateUser(username, password)) { User u = new User(username); Channel userChannel = new Channel(username); @@ -512,9 +513,11 @@ namespace umbraco.presentation.channels return new UrlData(); } - private static bool validateUser(string username, string password) + private static bool ValidateUser(string username, string password) { - return Membership.Providers[UmbracoSettings.DefaultBackofficeProvider].ValidateUser(username, password); + var provider = MembershipProviderExtensions.GetUsersMembershipProvider(); + + return provider.ValidateUser(username, password); } [XmlRpcMethod("blogger.getUsersBlogs", @@ -525,7 +528,7 @@ namespace umbraco.presentation.channels string username, string password) { - if (validateUser(username, password)) + if (ValidateUser(username, password)) { BlogInfo[] blogs = new BlogInfo[1]; User u = new User(username); diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/create/userTasks.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/create/userTasks.cs index 942405d0ae..7be7679178 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/create/userTasks.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/create/userTasks.cs @@ -3,6 +3,7 @@ using System.Data; using System.Web.Security; using Umbraco.Core.Logging; using umbraco.BusinessLogic; +using Umbraco.Core.Security; using umbraco.DataLayer; using umbraco.BasePages; using Umbraco.Core.IO; @@ -38,14 +39,16 @@ namespace umbraco //BusinessLogic.User.MakeNew(Alias, Alias, "", BusinessLogic.UserType.GetUserType(1)); //return true; + var provider = MembershipProviderExtensions.GetUsersMembershipProvider(); + var status = MembershipCreateStatus.ProviderError; try { // Password is auto-generated. They are they required to change the password by editing the user information. var password = Membership.GeneratePassword( - Membership.Providers[UmbracoSettings.DefaultBackofficeProvider].MinRequiredPasswordLength, - Membership.Providers[UmbracoSettings.DefaultBackofficeProvider].MinRequiredNonAlphanumericCharacters); + provider.MinRequiredPasswordLength, + provider.MinRequiredNonAlphanumericCharacters); var parts = Alias.Split(new[] {'|'}, StringSplitOptions.RemoveEmptyEntries); if (parts.Length != 2) @@ -55,7 +58,7 @@ namespace umbraco var login = parts[0]; var email = parts[1]; - var u = Membership.Providers[UmbracoSettings.DefaultBackofficeProvider].CreateUser( + var u = provider.CreateUser( login, password, email.Trim().ToLower(), "", "", true, null, out status); if (u == null) diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/dashboard/ChangePassword.ascx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/dashboard/ChangePassword.ascx.cs index 82cb31733f..09deb110ec 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/dashboard/ChangePassword.ascx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/dashboard/ChangePassword.ascx.cs @@ -6,6 +6,7 @@ using System.Web.UI; using System.Web.UI.WebControls; using System.Web.Security; using umbraco.BusinessLogic; +using Umbraco.Core.Security; namespace umbraco.presentation.umbraco.dashboard { @@ -13,7 +14,7 @@ namespace umbraco.presentation.umbraco.dashboard { protected MembershipProvider Provider { - get { return Membership.Providers[UmbracoSettings.DefaultBackofficeProvider]; } + get { return MembershipProviderExtensions.GetUsersMembershipProvider(); } } protected override void OnLoad(EventArgs e) diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/login.aspx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/login.aspx.cs index 3773e1ffab..a9a6339d88 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/login.aspx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/login.aspx.cs @@ -37,7 +37,7 @@ namespace umbraco.cms.presentation { get { - var provider = Membership.Providers[UmbracoSettings.DefaultBackofficeProvider]; + var provider = MembershipProviderExtensions.GetUsersMembershipProvider(); if (provider == null) { throw new ProviderException("The membership provider " + UmbracoSettings.DefaultBackofficeProvider + " was not found"); diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/users/EditUser.aspx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/users/EditUser.aspx.cs index 84b8f42e96..1f0262a1d0 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/users/EditUser.aspx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/users/EditUser.aspx.cs @@ -73,15 +73,7 @@ namespace umbraco.cms.presentation.user private MembershipProvider BackOfficeProvider { - get - { - var provider = Membership.Providers[UmbracoSettings.DefaultBackofficeProvider]; - if (provider == null) - { - throw new ProviderException("The membership provider " + UmbracoSettings.DefaultBackofficeProvider + " was not found"); - } - return provider; - } + get { return MembershipProviderExtensions.GetUsersMembershipProvider(); } } protected void Page_Load(object sender, EventArgs e) diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/MediaUploader.ashx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/MediaUploader.ashx.cs index e5902b34eb..97532cf590 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/MediaUploader.ashx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/MediaUploader.ashx.cs @@ -15,6 +15,7 @@ using umbraco.BusinessLogic; using umbraco.businesslogic.Exceptions; using umbraco.cms.businesslogic.media; using Umbraco.Core; +using Umbraco.Core.Security; namespace umbraco.presentation.umbraco.webservices { @@ -222,7 +223,7 @@ namespace umbraco.presentation.umbraco.webservices if (!string.IsNullOrEmpty(username) && !string.IsNullOrEmpty(password)) { - var mp = Membership.Providers[UmbracoSettings.DefaultBackofficeProvider]; + var mp = MembershipProviderExtensions.GetUsersMembershipProvider(); if (mp != null && mp.ValidateUser(username, password)) { var user = new User(username); diff --git a/src/umbraco.cms/businesslogic/member/Member.cs b/src/umbraco.cms/businesslogic/member/Member.cs index 76329c1ce3..c2b19b9d8b 100644 --- a/src/umbraco.cms/businesslogic/member/Member.cs +++ b/src/umbraco.cms/businesslogic/member/Member.cs @@ -1082,11 +1082,10 @@ namespace umbraco.cms.businesslogic.member if (HttpContext.Current.User.Identity.IsAuthenticated) { var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); - var username = provider.GetCurrentUserName(); - var member = provider.GetUser(username, true); + var member = provider.GetCurrentUser(); if (member == null) { - throw new InvalidOperationException("No member object found with username " + username); + throw new InvalidOperationException("No member object found with username " + provider.GetCurrentUserName()); } int.TryParse(member.ProviderUserKey.ToString(), out currentMemberId); } @@ -1105,11 +1104,10 @@ namespace umbraco.cms.businesslogic.member if (HttpContext.Current.User.Identity.IsAuthenticated) { var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); - var username = provider.GetCurrentUserName(); - var member = provider.GetUser(username, true); + var member = provider.GetCurrentUser(); if (member == null) { - throw new InvalidOperationException("No member object found with username " + username); + throw new InvalidOperationException("No member object found with username " + provider.GetCurrentUserName()); } int currentMemberId = 0;