Fixes anti-forgery, fixes tempdata, adds front-end security/identity, gets member macro snippets and controllers all working, removes old code, adds more props to the member identity

src/Umbraco.Web.UI.NetCore/umbraco/PartialViewMacros/Templates/EditProfile.cshtml

@@ -1,62 +1,68 @@
-@using Umbraco.Cms.Core.Security
-@using Umbraco.Cms.Web.Website.Controllers
-@using Umbraco.Extensions
 @inherits Umbraco.Cms.Web.Common.Macros.PartialViewMacroPage
-@inject IUmbracoWebsiteSecurityAccessor UmbracoWebsiteSecurityAccessor
+@using Umbraco.Cms.Core
+@using Umbraco.Cms.Core.Security
+@using Umbraco.Cms.Web.Website.Controllers
+@using Umbraco.Cms.Web.Website.Models
+@using Umbraco.Extensions
+@inject MemberModelBuilderFactory memberModelBuilderFactory;
 
 @{
-    var websiteSecurity = UmbracoWebsiteSecurityAccessor.WebsiteSecurity;
-    var profileModel = await websiteSecurity.GetCurrentMemberProfileModelAsync();
+    // Build a profile model to edit
+    var profileModel = await memberModelBuilderFactory
+        .CreateProfileModel()
+        // If null or not set, this will redirect to the current page
+        .WithRedirectUrl(null)
+        .BuildForCurrentMemberAsync();
 
-
-    var success = TempData["ProfileUpdateSuccess"] != null;
+    var success = TempData["FormSuccess"] != null;
 }
 
 <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
 <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.19.0/jquery.validate.min.js"></script>
 <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery-validation-unobtrusive/3.2.11/jquery.validate.unobtrusive.min.js"></script>
 
-@if (websiteSecurity.IsLoggedIn() && profileModel != null)
+@if(profileModel != null)
 {
     if (success)
     {
         @* This message will show if profileModel.RedirectUrl is not defined (default) *@
-        <p>Profile updated</p>
+        <p class="text-success">Profile updated</p>
     }
 
-    using (Html.BeginUmbracoForm<UmbProfileController>("HandleUpdateProfile"))
+    using (Html.BeginUmbracoForm<UmbProfileController>("HandleUpdateProfile", new { RedirectUrl = profileModel.RedirectUrl }))
     {
-        <fieldset>
-            <legend>Edit profile</legend>
+        <h2>Update your account.</h2>
+        <hr />
+        <div asp-validation-summary="All" class="text-danger"></div>
+        <div class="mb-3">
+            <label asp-for="@profileModel.Name"></label>
+            <input asp-for="@profileModel.Name" class="form-control" aria-required="true" />
+            <span asp-validation-for="@profileModel.Name" class="form-text text-danger"></span>
+        </div>
+        <div class="mb-3">
+            <label asp-for="@profileModel.Email"></label>
+            <input asp-for="@profileModel.Email" class="form-control" autocomplete="username" aria-required="true" />
+            <span asp-validation-for="@profileModel.Email" class="form-text text-danger"></span>
+        </div>
 
-            @Html.ValidationSummary("profileModel", true)
+        @if (!string.IsNullOrWhiteSpace(profileModel.UserName))
+        {
+            <div class="mb-3">
+                <label asp-for="@profileModel.UserName"></label>
+                <input asp-for="@profileModel.UserName" class="form-control" autocomplete="username" aria-required="true" />
+                <span asp-validation-for="@profileModel.UserName" class="form-text text-danger"></span>
+            </div>
+        }
 
-            @Html.LabelFor(m => profileModel.Name)
-            @Html.TextBoxFor(m => profileModel.Name)
-            @Html.ValidationMessageFor(m => profileModel.Name)
-            <br />
+for (var i = 0; i < profileModel.MemberProperties.Count; i++)
+        {
+            <div class="mb-3">
+                <label asp-for="@profileModel.MemberProperties[i].Value"></label>
+                <input asp-for="@profileModel.MemberProperties[i].Value" class="form-control" />
+                <span asp-validation-for="@profileModel.MemberProperties[i].Value" class="form-text text-danger"></span>
+            </div>
+        }
 
-            @Html.LabelFor(m => profileModel.Email)
-            @Html.TextBoxFor(m => profileModel.Email)
-            @Html.ValidationMessageFor(m => profileModel.Email)
-            <br />
-
-            @for (var i = 0; i < profileModel.MemberProperties.Count; i++)
-            {
-                @Html.LabelFor(m => profileModel.MemberProperties[i].Value, profileModel.MemberProperties[i].Name)
-                @*
-                    By default this will render a textbox but if you want to change the editor template for this property you can
-                    easily change it. For example, if you wanted to render a custom editor for this field called "MyEditor" you would
-                    create a file at ~/Views/Shared/EditorTemplates/MyEditor.cshtml", then you will change the next line of code to
-                    render your specific editor template like:
-                    @Html.EditorFor(m => profileModel.MemberProperties[i].Value, "MyEditor")
-                *@
-                @Html.EditorFor(m => profileModel.MemberProperties[i].Value)
-                @Html.HiddenFor(m => profileModel.MemberProperties[i].Alias)
-                <br />
-            }
-
-            <button>Save</button>
-        </fieldset>
+        <button type="submit" class="btn btn-primary">Update</button>
     }
 }

src/Umbraco.Web.UI.NetCore/umbraco/PartialViewMacros/Templates/Login.cshtml

@@ -1,36 +1,45 @@
+@inherits Umbraco.Cms.Web.Common.Macros.PartialViewMacroPage
 @using Microsoft.AspNetCore.Http.Extensions
-@using Umbraco.Cms.Core.Models.Security
+@using Umbraco.Cms.Web.Common.Models
 @using Umbraco.Cms.Web.Website.Controllers
 @using Umbraco.Extensions
-@inherits Umbraco.Cms.Web.Common.Macros.PartialViewMacroPage
 
 @{
     var loginModel = new LoginModel();
-    loginModel.RedirectUrl = Context.Request.GetDisplayUrl();
+    // You can modify this to redirect to a different URL instead of the current one
+    loginModel.RedirectUrl = null;
 }
 
 <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
 <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.19.0/jquery.validate.min.js"></script>
 <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery-validation-unobtrusive/3.2.11/jquery.validate.unobtrusive.min.js"></script>
 
-@using (Html.BeginUmbracoForm<UmbLoginController>("HandleLogin"))
-{
-    @Html.HiddenFor(m => loginModel.RedirectUrl)
-    <fieldset>
-        <legend>Login</legend>
+<div class="login-form">
 
-        @Html.ValidationSummary("loginModel", true)
+    @using (Html.BeginUmbracoForm<UmbLoginController>(
+        "HandleLogin", new { RedirectUrl = loginModel.RedirectUrl })) {
 
-        @Html.LabelFor(m => loginModel.Username)
-        @Html.TextBoxFor(m => loginModel.Username)
-        @Html.ValidationMessageFor(m => loginModel.Username)
-        <br />
+        <h4>Log in with a local account.</h4>
+        <hr />
+        <div asp-validation-summary="ModelOnly" class="text-danger"></div>
+        <div class="mb-3">
+            <label asp-for="@loginModel.Username" class="col-md-2 control-label"></label>
+            <input asp-for="@loginModel.Username" class="form-control" />
+            <span asp-validation-for="@loginModel.Username" class="form-text text-danger"></span>
+        </div>
+        <div class="mb-3">
+            <label asp-for="@loginModel.Password" class="col-md-2 control-label"></label>
+            <input asp-for="@loginModel.Password" class="form-control" />
+            <span asp-validation-for="@loginModel.Password" class="form-text text-danger"></span>
+        </div>
+        <div class="mb-3 form-check">
+            <input asp-for="@loginModel.RememberMe" class="form-check-input">
+            <label asp-for="@loginModel.RememberMe" class="form-check-label">
+                @Html.DisplayNameFor(m => loginModel.RememberMe)
+            </label>
+        </div>
 
-        @Html.LabelFor(m => loginModel.Password)
-        @Html.PasswordFor(m => loginModel.Password)
-        @Html.ValidationMessageFor(m => loginModel.Password)
-        <br />
+        <button type="submit" class="btn btn-primary">Log in</button>
+    }
 
-        <button>Login</button>
-    </fieldset>
-}
+</div>

src/Umbraco.Web.UI.NetCore/umbraco/PartialViewMacros/Templates/LoginStatus.cshtml

@@ -1,34 +1,26 @@
-@using Umbraco.Cms.Core.Models.Security
-@using Umbraco.Cms.Core.Security
+@inherits Umbraco.Cms.Web.Common.Macros.PartialViewMacroPage
+@using Microsoft.AspNetCore.Http.Extensions
+@using Umbraco.Cms.Web.Common.Models
 @using Umbraco.Cms.Web.Website.Controllers
 @using Umbraco.Extensions
-@inherits Umbraco.Cms.Web.Common.Macros.PartialViewMacroPage
-@inject IUmbracoWebsiteSecurityAccessor UmbracoWebsiteSecurityAccessor
 
 @{
-    var websiteSecurity = UmbracoWebsiteSecurityAccessor.WebsiteSecurity;
-    var loginStatusModel = await websiteSecurity.GetCurrentLoginStatusAsync();
+    var isLoggedIn = Context.User?.Identity?.IsAuthenticated ?? false;
     var logoutModel = new PostRedirectModel();
-
-    @*
-        Here you can specify a redirect URL for after logging out, by default umbraco will simply
-        redirect to the current page. Example to redirect to the home page:
-
-        logoutModel.RedirectUrl = "/";
-    *@
+    // You can modify this to redirect to a different URL instead of the current one
+    logoutModel.RedirectUrl = null;
 }
 
-@if (loginStatusModel.IsLoggedIn)
+@if (isLoggedIn)
 {
-    <p>You are currently logged in as @loginStatusModel.Name</p>
+    <div class="login-status">
 
-    using (Html.BeginUmbracoForm<UmbLoginStatusController>("HandleLogout"))
-    {
-        <fieldset>
-            <legend>Logout</legend>
-            <button>Logout</button>
-        </fieldset>
+        <p>You are currently logged in as @Context.User.Identity.Name</p>
 
-        @Html.HiddenFor(m => logoutModel.RedirectUrl)
-    }
+        @using (Html.BeginUmbracoForm<UmbLoginStatusController>("HandleLogout", new { RedirectUrl = logoutModel.RedirectUrl }))
+        {
+            <button type="submit" class="btn btn-primary">Log out</button>
+        }
+
+    </div>
 }

src/Umbraco.Web.UI.NetCore/umbraco/PartialViewMacros/Templates/RegisterMember.cshtml

@@ -1,36 +1,24 @@
-@using Umbraco.Cms.Core.Security
-@using Umbraco.Cms.Web.Website.Controllers
-@using Umbraco.Extensions
 @inherits Umbraco.Cms.Web.Common.Macros.PartialViewMacroPage
-@inject IUmbracoWebsiteSecurityAccessor UmbracoWebsiteSecurityAccessor
+@using Microsoft.AspNetCore.Http.Extensions
+@using Umbraco.Cms.Core
+@using Umbraco.Cms.Core.Security
+@using Umbraco.Cms.Web.Website.Controllers
+@using Umbraco.Cms.Web.Website.Models
+@using Umbraco.Extensions
+@inject MemberModelBuilderFactory memberModelBuilderFactory;
 
 @{
-    @*
-        You can specify a custom member type alias in the constructor, the default is 'Member'
-        for example, to use 'Custom Member' you'd use this syntax:
-
-        var registerModel = Members.CreateRegistrationModel("Custom Member");
-    *@
-
-    var websiteSecurity = UmbracoWebsiteSecurityAccessor.WebsiteSecurity;
-    var registerModel = websiteSecurity.CreateRegistrationModel();
-
-    @*
-        Configurable here:
-
-        registerModel.RedirectUrl       - Optional. What path to redirect to if registration is successful.
-                                          By default the member will be redirected to the current umbraco page
-                                          unless this is specified.
-
-        registerModel.UsernameIsEmail   - the default is true
-                                          if you want the username to be different from the email
-                                          address, set this to true and add a new Username field in
-                                          the form below
-
-                                          @Html.LabelFor(m => registerModel.Username)
-                                          @Html.TextBoxFor(m => registerModel.Username)
-                                          @Html.ValidationMessageFor(m => registerModel.Username)
-    *@
+    // Build a registration model with parameters
+    var registerModel = memberModelBuilderFactory
+        .CreateRegisterModel()
+        // Set the member type alias to use for the new member
+        .WithMemberTypeAlias(Constants.Conventions.MemberTypes.DefaultAlias)
+        // If null or not set, this will redirect to the current page
+        .WithRedirectUrl(null)
+        // Set to true if you want the member editable properties shown.
+        // It will only displays properties marked as "Member can edit" on the "Info" tab of the Member Type.
+        .LookupProperties(true)
+        .Build();
 
     var success = TempData["FormSuccess"] != null;
 }
@@ -42,58 +30,55 @@
 @if (success)
 {
     @* This message will show if registerModel.RedirectUrl is not defined (default) *@
-    <p>Registration succeeded.</p>
+    <p class="text-success">Registration succeeded.</p>
 }
 else
 {
-    using (Html.BeginUmbracoForm<UmbRegisterController>("HandleRegisterMember"))
+    using (Html.BeginUmbracoForm<UmbRegisterController>(
+            "HandleRegisterMember",
+            new {
+                MemberTypeAlias = registerModel.MemberTypeAlias,
+                UsernameIsEmail = registerModel.UsernameIsEmail,
+                RedirectUrl = registerModel.RedirectUrl
+            }))
     {
-        <fieldset>
-            <legend>Register Member</legend>
+        <h2>Create a new account.</h2>
+        <hr />
+        <div asp-validation-summary="All" class="text-danger"></div>
+        <div class="mb-3">
+            <label asp-for="@registerModel.Name"></label>
+            <input asp-for="@registerModel.Name" class="form-control" aria-required="true" />
+            <span asp-validation-for="@registerModel.Name" class="form-text text-danger"></span>
+        </div>
+        <div class="mb-3">
+            <label asp-for="@registerModel.Email"></label>
+            <input asp-for="@registerModel.Email" class="form-control" autocomplete="username" aria-required="true" />
+            <span asp-validation-for="@registerModel.Email" class="form-text text-danger"></span>
+        </div>
+        <div class="mb-3">
+            <label asp-for="@registerModel.Password"></label>
+            <input asp-for="@registerModel.Password" class="form-control" autocomplete="new-password" aria-required="true" />
+            <span asp-validation-for="@registerModel.Password" class="form-text text-danger"></span>
+        </div>
+        <div class="mb-3">
+            <label asp-for="@registerModel.ConfirmPassword"></label>
+            <input asp-for="@registerModel.ConfirmPassword" class="form-control" autocomplete="new-password" aria-required="true" />
+            <span asp-validation-for="@registerModel.ConfirmPassword" class="form-text text-danger"></span>
+        </div>
 
-            @Html.ValidationSummary("registerModel", true)
-
-            @Html.LabelFor(m => registerModel.Name)
-            @Html.TextBoxFor(m => registerModel.Name)
-            @Html.ValidationMessageFor(m => registerModel.Name)
-            <br />
-
-            @Html.LabelFor(m => registerModel.Email)
-            @Html.TextBoxFor(m => registerModel.Email)
-            @Html.ValidationMessageFor(m => registerModel.Email)
-            <br />
-
-            @Html.LabelFor(m => registerModel.Password)
-            @Html.PasswordFor(m => registerModel.Password)
-            @Html.ValidationMessageFor(m => registerModel.Password)
-            <br />
-
-            @if (registerModel.MemberProperties != null)
+        @if (registerModel.MemberProperties != null)
+        {
+            for (var i = 0; i < registerModel.MemberProperties.Count; i++)
             {
-                @*
-                    It will only displays properties marked as "Member can edit" on the "Info" tab of the Member Type.
-                *@
-                for (var i = 0; i < registerModel.MemberProperties.Count; i++)
-                {
-                    @Html.LabelFor(m => registerModel.MemberProperties[i].Value, registerModel.MemberProperties[i].Name)
-                    @*
-                        By default this will render a textbox but if you want to change the editor template for this property you can
-                        easily change it. For example, if you wanted to render a custom editor for this field called "MyEditor" you would
-                        create a file at ~/Views/Shared/EditorTemplates/MyEditor.cshtml", then you will change the next line of code to
-                        render your specific editor template like:
-                        @Html.EditorFor(m => registerModel.MemberProperties[i].Value, "MyEditor")
-                    *@
-                    @Html.EditorFor(m => registerModel.MemberProperties[i].Value)
-                    @Html.HiddenFor(m => registerModel.MemberProperties[i].Alias)
-                    <br />
-                }
+                <div class="mb-3">
+                    <label asp-for="@registerModel.MemberProperties[i].Value"></label>
+                    <input asp-for="@registerModel.MemberProperties[i].Value" class="form-control" />
+                    <span asp-validation-for="@registerModel.MemberProperties[i].Value" class="form-text text-danger"></span>
+                </div>
             }
+        }
 
-            @Html.HiddenFor(m => registerModel.MemberTypeAlias)
-            @Html.HiddenFor(m => registerModel.RedirectUrl)
-            @Html.HiddenFor(m => registerModel.UsernameIsEmail)
-
-            <button>Register</button>
-        </fieldset>
+        <button type="submit" class="btn btn-primary">Register</button>
+        
     }
 }