From 9531a3f37a79b751af180780ab65f1a310a7100c Mon Sep 17 00:00:00 2001 From: hartvig Date: Thu, 9 Aug 2012 10:06:10 -0200 Subject: [PATCH] Updates to login cookies --- .../BasePages/BasePage.cs | 224 +++++++++++------- 1 file changed, 141 insertions(+), 83 deletions(-) diff --git a/src/umbraco.businesslogic/BasePages/BasePage.cs b/src/umbraco.businesslogic/BasePages/BasePage.cs index c5eb2ce75d..b0e367ebe0 100644 --- a/src/umbraco.businesslogic/BasePages/BasePage.cs +++ b/src/umbraco.businesslogic/BasePages/BasePage.cs @@ -2,22 +2,25 @@ using System; using System.Data; using System.Web; using System.Linq; +using System.Web.Security; using umbraco.BusinessLogic; using umbraco.DataLayer; using umbraco.IO; using System.Web.UI; -namespace umbraco.BasePages { +namespace umbraco.BasePages +{ /// /// umbraco.BasePages.BasePage is the default page type for the umbraco backend. /// The basepage keeps track of the current user and the page context. But does not /// Restrict access to the page itself. /// The keep the page secure, the umbracoEnsuredPage class should be used instead /// - public class BasePage : System.Web.UI.Page { + public class BasePage : System.Web.UI.Page + { private User _user; private bool _userisValidated = false; - private ClientTools m_clientTools; + private ClientTools m_clientTools; // ticks per minute 600,000,000 private static long _ticksPrMinute = 600000000; @@ -42,70 +45,78 @@ namespace umbraco.BasePages { /// Gets the SQL helper. /// /// The SQL helper. - protected static ISqlHelper SqlHelper { + protected static ISqlHelper SqlHelper + { get { return umbraco.BusinessLogic.Application.SqlHelper; } } /// /// Initializes a new instance of the class. /// - public BasePage() { + public BasePage() + { } - /// - /// Returns the current BasePage for the current request. - /// This assumes that the current page is a BasePage, otherwise, returns null; - /// - public static BasePage Current - { - get - { - return HttpContext.Current.CurrentHandler as BasePage; - } - } - - /// - /// Returns a refernce of an instance of ClientTools for access to the pages client API - /// - public ClientTools ClientTools - { - get - { - if (m_clientTools == null) - m_clientTools = new ClientTools(this); - return m_clientTools; - } - } - - [Obsolete("Use ClientTools instead")] - public void RefreshPage(int Seconds) - { - ClientTools.RefreshAdmin(Seconds); + /// + /// Returns the current BasePage for the current request. + /// This assumes that the current page is a BasePage, otherwise, returns null; + /// + public static BasePage Current + { + get + { + return HttpContext.Current.CurrentHandler as BasePage; + } } - private void validateUser() { - if ((umbracoUserContextID != "")) { + /// + /// Returns a refernce of an instance of ClientTools for access to the pages client API + /// + public ClientTools ClientTools + { + get + { + if (m_clientTools == null) + m_clientTools = new ClientTools(this); + return m_clientTools; + } + } + + [Obsolete("Use ClientTools instead")] + public void RefreshPage(int Seconds) + { + ClientTools.RefreshAdmin(Seconds); + } + + private void validateUser() + { + if ((umbracoUserContextID != "")) + { uid = GetUserId(umbracoUserContextID); timeout = GetTimeout(umbracoUserContextID); - if (timeout > DateTime.Now.Ticks) { + if (timeout > DateTime.Now.Ticks) + { _user = BusinessLogic.User.GetUser(uid); // Check for console access if (_user.Disabled || (_user.NoConsole && GlobalSettings.RequestIsInUmbracoApplication(HttpContext.Current) && !GlobalSettings.RequestIsLiveEditRedirector(HttpContext.Current))) { throw new ArgumentException("You have no priviledges to the umbraco console. Please contact your administrator"); - } + } else { _userisValidated = true; updateLogin(); } - } else { + } + else + { throw new ArgumentException("User has timed out!!"); } - } else + } + else throw new ArgumentException("The user has no umbraco contextid - try logging in"); } @@ -114,9 +125,12 @@ namespace umbraco.BasePages { /// /// The umbraco user context ID. /// - public static int GetUserId(string umbracoUserContextID) { - try { - if (System.Web.HttpRuntime.Cache["UmbracoUserContext" + umbracoUserContextID] == null) { + public static int GetUserId(string umbracoUserContextID) + { + try + { + if (System.Web.HttpRuntime.Cache["UmbracoUserContext" + umbracoUserContextID] == null) + { System.Web.HttpRuntime.Cache.Insert( "UmbracoUserContext" + umbracoUserContextID, SqlHelper.ExecuteScalar("select userID from umbracoUserLogins where contextID = @contextId", @@ -131,7 +145,9 @@ namespace umbraco.BasePages { return (int)System.Web.HttpRuntime.Cache["UmbracoUserContext" + umbracoUserContextID]; - } catch { + } + catch + { return -1; } } @@ -143,7 +159,8 @@ namespace umbraco.BasePages { /// /// The umbraco user context ID. /// - public static bool ValidateUserContextID(string currentUmbracoUserContextID) { + public static bool ValidateUserContextID(string currentUmbracoUserContextID) + { if ((currentUmbracoUserContextID != "")) { int uid = GetUserId(currentUmbracoUserContextID); @@ -153,14 +170,16 @@ namespace umbraco.BasePages { { return true; } - + BusinessLogic.Log.Add(BusinessLogic.LogTypes.Logout, BusinessLogic.User.GetUser(uid), -1, ""); } return false; } - private static long GetTimeout(string umbracoUserContextID) { - if (System.Web.HttpRuntime.Cache["UmbracoUserContextTimeout" + umbracoUserContextID] == null) { + private static long GetTimeout(string umbracoUserContextID) + { + if (System.Web.HttpRuntime.Cache["UmbracoUserContextTimeout" + umbracoUserContextID] == null) + { System.Web.HttpRuntime.Cache.Insert( "UmbracoUserContextTimeout" + umbracoUserContextID, GetTimeout(true), @@ -171,8 +190,8 @@ namespace umbraco.BasePages { } object timeout = HttpRuntime.Cache["UmbracoUserContextTimeout" + umbracoUserContextID]; - if(timeout != null) - return (long) timeout; + if (timeout != null) + return (long)timeout; return 0; @@ -198,25 +217,58 @@ namespace umbraco.BasePages { /// Gets or sets the umbraco user context ID. /// /// The umbraco user context ID. - public static string umbracoUserContextID { + public static string umbracoUserContextID + { get { - // zb-00004 #29956 : refactor cookies names & handling - if (StateHelper.Cookies.HasCookies && StateHelper.Cookies.UserContext.HasValue) - return StateHelper.Cookies.UserContext.GetValue(); - else - return ""; - } - set { - // zb-00004 #29956 : refactor cookies names & handling - if (StateHelper.Cookies.HasCookies) - { - // Clearing all old cookies before setting a new one. - if (StateHelper.Cookies.UserContext.HasValue) - StateHelper.Cookies.ClearAll(); + // zb-00004 #29956 : refactor cookies names & handling + if (StateHelper.Cookies.HasCookies && StateHelper.Cookies.UserContext.HasValue) + { + try + { + string encTicket = StateHelper.Cookies.UserContext.GetValue(); + if (!String.IsNullOrEmpty(encTicket)) + return FormsAuthentication.Decrypt(encTicket).UserData; + } + catch (HttpException ex) + { + // we swallow this type of exception as it happens if a legacy (pre 4.8.1) cookie is set + } + } - // Create new cookie. - StateHelper.Cookies.UserContext.SetValue(value, 1); + return ""; + } + set + { + // zb-00004 #29956 : refactor cookies names & handling + if (StateHelper.Cookies.HasCookies) + { + // Clearing all old cookies before setting a new one. + if (StateHelper.Cookies.UserContext.HasValue) + StateHelper.Cookies.ClearAll(); + + if (!String.IsNullOrEmpty(value)) + { + FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, + value, + DateTime.Now, + DateTime.Now.AddDays(1), + false, + value, + FormsAuthentication.FormsCookiePath); + + // Encrypt the ticket. + string encTicket = FormsAuthentication.Encrypt(ticket); + + + // Create new cookie. + StateHelper.Cookies.UserContext.SetValue(encTicket, 1); + + + } else + { + StateHelper.Cookies.UserContext.Clear(); + } } } } @@ -261,7 +313,8 @@ namespace umbraco.BasePages { /// Logs a user in. /// /// The user - public static void doLogin(User u) { + public static void doLogin(User u) + { Guid retVal = Guid.NewGuid(); SqlHelper.ExecuteNonQuery( "insert into umbracoUserLogins (contextID, userID, timeout) values (@contextId,'" + u.Id + "','" + @@ -277,7 +330,8 @@ namespace umbraco.BasePages { /// Gets the user. /// /// - public User getUser() { + public User getUser() + { if (!_userisValidated) validateUser(); return _user; } @@ -285,26 +339,28 @@ namespace umbraco.BasePages { /// /// Ensures the page context. /// - public void ensureContext() { + public void ensureContext() + { validateUser(); } - - [Obsolete("Use ClientTools instead")] - public void speechBubble(speechBubbleIcon i, string header, string body) - { - ClientTools.ShowSpeechBubble(i, header, body); + + [Obsolete("Use ClientTools instead")] + public void speechBubble(speechBubbleIcon i, string header, string body) + { + ClientTools.ShowSpeechBubble(i, header, body); } - //[Obsolete("Use ClientTools instead")] - //public void reloadParentNode() - //{ - // ClientTools.ReloadParentNode(true); - //} + //[Obsolete("Use ClientTools instead")] + //public void reloadParentNode() + //{ + // ClientTools.ReloadParentNode(true); + //} /// /// a collection of available speechbubble icons /// - public enum speechBubbleIcon { + public enum speechBubbleIcon + { /// /// Save icon /// @@ -331,10 +387,12 @@ namespace umbraco.BasePages { /// Raises the event. /// /// The object that contains the event data. - protected override void OnLoad(EventArgs e) { + protected override void OnLoad(EventArgs e) + { base.OnLoad(e); - - if (!Request.IsSecureConnection && GlobalSettings.UseSSL) { + + if (!Request.IsSecureConnection && GlobalSettings.UseSSL) + { string serverName = HttpUtility.UrlEncode(Request.ServerVariables["SERVER_NAME"]); Response.Redirect(string.Format("https://{0}{1}", serverName, Request.FilePath)); }