From 3b849987bf6d3d1cefd959cb32c4fd7c4170141b Mon Sep 17 00:00:00 2001 From: Heather Floyd Date: Thu, 7 May 2015 16:41:12 -0400 Subject: [PATCH 1/4] Small fixes to 'en' language file. Update of 'en-us' language file to match 'en' language file. --- src/Umbraco.Web.UI/umbraco/config/lang/en.xml | 10 ++-- .../umbraco/config/lang/en_us.xml | 48 +++++++++---------- 2 files changed, 28 insertions(+), 30 deletions(-) diff --git a/src/Umbraco.Web.UI/umbraco/config/lang/en.xml b/src/Umbraco.Web.UI/umbraco/config/lang/en.xml index c5c6148b2f..b66a70bdfb 100644 --- a/src/Umbraco.Web.UI/umbraco/config/lang/en.xml +++ b/src/Umbraco.Web.UI/umbraco/config/lang/en.xml @@ -244,8 +244,8 @@ Name the %0%... Enter a name... Type to search... - Type to filter... - Type to add tags (press enter after each tag)... + Type to filter... + Type to add tags (press enter after each tag)... Allow at root @@ -679,9 +679,11 @@ To manage your website, simply open the Umbraco back office and start adding con If you just want to setup simple protection using a single login and password - + + ]]> + diff --git a/src/Umbraco.Web.UI/umbraco/config/lang/en_us.xml b/src/Umbraco.Web.UI/umbraco/config/lang/en_us.xml index 41d7f43a24..856bcaca4f 100644 --- a/src/Umbraco.Web.UI/umbraco/config/lang/en_us.xml +++ b/src/Umbraco.Web.UI/umbraco/config/lang/en_us.xml @@ -44,16 +44,16 @@ Invalid node. Invalid domain format. Domain has already been assigned. - Domain Language + Domain New domain '%0%' has been created Domain '%0%' is deleted Domain '%0%' has already been assigned + Domain '%0%' has been updated + Edit Current Domains
One-level paths in domains are supported, eg. "example.com/en". However, they should be avoided. Better use the culture setting above.]]> - Domain '%0%' has been updated - Edit Current Domains Inherit Culture or inherit culture from parent nodes. Will also apply
@@ -63,8 +63,6 @@ Viewing for - - Select Select current folder @@ -134,7 +132,7 @@ This item has been changed after publication This item is not published Last published - There are no items show in the list. + There are no items to show in the list. Media Type Link to media item(s) Member Group @@ -162,8 +160,7 @@ Remove file(s) Link to document Member of group(s) - Not a member of group(s) - + Not a member of group(s) Child items Target @@ -175,9 +172,7 @@ Where do you want to create the new %0% Create an item under Choose a type and a title - "document types".]]> - "media types".]]> @@ -250,6 +245,7 @@ Enter a name... Type to search... Type to filter... + Type to add tags (press enter after each tag)... @@ -412,7 +408,6 @@ Width Yes Folder - Search results @@ -560,11 +555,9 @@ To manage your website, simply open the Umbraco back office and start adding con Happy thunderous Thursday Happy funky Friday Happy Caturday - - log in below + Log in below Session timed out - © 2001 - %0%
Umbraco.com

]]> - + © 2001 - %0%
Umbraco.com

]]> Dashboard @@ -715,16 +708,16 @@ To manage your website, simply open the Umbraco back office and start adding con You have not configured any approved colors - Add external link - Add internal link - Add + enter external link + choose internal page Caption - Internal page - URL - Move Down - Move Up + Link Open in new window - Remove link + enter the display caption + Enter the link + + + Reset Current version @@ -751,8 +744,8 @@ To manage your website, simply open the Umbraco back office and start adding con Statistics Translation Users - Help + Forms Analytics @@ -859,6 +852,10 @@ To manage your website, simply open the Umbraco back office and start adding con Add rows to your layout below and add your first element]]> + Click to embed + Click to insert image + Image caption... + Write here... Grid layouts Layouts are the overall work area for the grid editor, usually you only need one or two different layouts Add grid layout @@ -1032,12 +1029,11 @@ To manage your website, simply open the Umbraco back office and start adding con Select pages to modify their permissions Search all children Start Node in Content - Username + Name User permissions User type User types Writer - Your profile Your recent history Session expires in From c34605937c85a8c1c101b7ae04699b19f24926ac Mon Sep 17 00:00:00 2001 From: Sebastiaan Janssen Date: Sun, 10 May 2015 17:47:32 +0200 Subject: [PATCH 2/4] U4-6603 Log failed login attempts #U4-6603 Fixed --- .../Editors/AuthenticationController.cs | 32 +++++++++++++++---- 1 file changed, 26 insertions(+), 6 deletions(-) diff --git a/src/Umbraco.Web/Editors/AuthenticationController.cs b/src/Umbraco.Web/Editors/AuthenticationController.cs index 00498f7e61..378306fdb4 100644 --- a/src/Umbraco.Web/Editors/AuthenticationController.cs +++ b/src/Umbraco.Web/Editors/AuthenticationController.cs @@ -21,6 +21,7 @@ using Umbraco.Web.Security; using Umbraco.Web.WebApi; using Umbraco.Web.WebApi.Filters; using umbraco.providers; +using Umbraco.Core.Logging; namespace Umbraco.Web.Editors { @@ -102,23 +103,25 @@ namespace Umbraco.Web.Editors [SetAngularAntiForgeryTokens] public UserDetail PostLogin(LoginModel loginModel) { + var http = this.TryGetHttpContext(); + if (http.Success == false) + throw new InvalidOperationException("This method requires that an HttpContext be active"); + + var ipAddress = GetIPAddress(http.Result); + if (UmbracoContext.Security.ValidateBackOfficeCredentials(loginModel.Username, loginModel.Password)) { var user = Security.GetBackOfficeUser(loginModel.Username); //TODO: Clean up the int cast! var ticket = UmbracoContext.Security.PerformLogin(user); - - var http = this.TryGetHttpContext(); - if (http.Success == false) - { - throw new InvalidOperationException("This method requires that an HttpContext be active"); - } http.Result.AuthenticateCurrentRequest(ticket, false); var result = Mapper.Map(user); //set their remaining seconds result.SecondsUntilTimeout = ticket.GetRemainingAuthSeconds(); + + LogHelper.Info(string.Format("Login attempt succeeded for username {0} from IP address {1}", loginModel.Username, ipAddress)); return result; } @@ -126,6 +129,8 @@ namespace Umbraco.Web.Editors // by our angular helper because it thinks that we need to re-perform the request once we are // authorized and we don't want to return a 403 because angular will show a warning msg indicating // that the user doesn't have access to perform this function, we just want to return a normal invalid msg. + + LogHelper.Info(string.Format("Login attempt failed for username {0} from IP address {1}", loginModel.Username, ipAddress)); throw new HttpResponseException(HttpStatusCode.BadRequest); } @@ -141,5 +146,20 @@ namespace Umbraco.Web.Editors { return Request.CreateResponse(HttpStatusCode.OK); } + + // From: http://stackoverflow.com/a/740431/5018 + protected string GetIPAddress(HttpContextBase httpContext) + { + var ipAddress = httpContext.Request.ServerVariables["HTTP_X_FORWARDED_FOR"]; + + if (string.IsNullOrEmpty(ipAddress)) + return httpContext.Request.ServerVariables["REMOTE_ADDR"]; + + var addresses = ipAddress.Split(','); + if (addresses.Length != 0) + return addresses[0]; + + return httpContext.Request.ServerVariables["REMOTE_ADDR"]; + } } } \ No newline at end of file From a4a49b14666f843a34f0b5e7c0ae06be821c3b8f Mon Sep 17 00:00:00 2001 From: Shannon Date: Mon, 11 May 2015 11:45:13 +1000 Subject: [PATCH 3/4] Revert "Fixes MVC 4.0.0.1 problem once and for all." - All MVC ref's are 4.0.0.0, no web config transforms (also there was never a 4.0.0.1 version of System.Net.Http). Everything works on my machine now, even with 4.0.0.1 installed in the GAC. --- src/SQLCE4Umbraco/app.config | 2 +- src/Umbraco.Core/Umbraco.Core.csproj | 4 ++-- src/Umbraco.Core/app.config | 2 +- src/Umbraco.Core/packages.config | 2 +- src/Umbraco.Tests/App.config | 2 +- src/Umbraco.Tests/Umbraco.Tests.csproj | 4 ++-- src/Umbraco.Tests/packages.config | 2 +- src/Umbraco.Web.UI/Umbraco.Web.UI.csproj | 4 ++-- src/Umbraco.Web.UI/packages.config | 2 +- src/Umbraco.Web.UI/web.Template.Debug.config | 9 ++++++++- src/Umbraco.Web.UI/web.Template.config | 6 +++--- src/Umbraco.Web/Umbraco.Web.csproj | 4 ++-- src/Umbraco.Web/app.config | 2 +- src/Umbraco.Web/packages.config | 2 +- src/UmbracoExamine/app.config | 2 +- src/umbraco.MacroEngines/app.config | 2 +- src/umbraco.MacroEngines/packages.config | 2 +- src/umbraco.MacroEngines/umbraco.MacroEngines.csproj | 4 ++-- src/umbraco.businesslogic/app.config | 2 +- src/umbraco.businesslogic/packages.config | 2 +- src/umbraco.businesslogic/umbraco.businesslogic.csproj | 4 ++-- src/umbraco.cms/app.config | 2 +- src/umbraco.controls/app.config | 2 +- src/umbraco.datalayer/app.config | 2 +- src/umbraco.editorControls/app.config | 2 +- src/umbraco.providers/app.config | 2 +- 26 files changed, 41 insertions(+), 34 deletions(-) diff --git a/src/SQLCE4Umbraco/app.config b/src/SQLCE4Umbraco/app.config index 53f3b4c80b..8f828418f3 100644 --- a/src/SQLCE4Umbraco/app.config +++ b/src/SQLCE4Umbraco/app.config @@ -8,7 +8,7 @@ - + diff --git a/src/Umbraco.Core/Umbraco.Core.csproj b/src/Umbraco.Core/Umbraco.Core.csproj index 8abdd10f9f..bc272d351e 100644 --- a/src/Umbraco.Core/Umbraco.Core.csproj +++ b/src/Umbraco.Core/Umbraco.Core.csproj @@ -99,9 +99,9 @@ True ..\packages\Microsoft.AspNet.WebPages.2.0.30506.0\lib\net40\System.Web.Helpers.dll - + True - ..\packages\Microsoft.AspNet.Mvc.4.0.40804.0\lib\net40\System.Web.Mvc.dll + ..\packages\Microsoft.AspNet.Mvc.4.0.30506.0\lib\net40\System.Web.Mvc.dll True diff --git a/src/Umbraco.Core/app.config b/src/Umbraco.Core/app.config index 53f3b4c80b..8f828418f3 100644 --- a/src/Umbraco.Core/app.config +++ b/src/Umbraco.Core/app.config @@ -8,7 +8,7 @@ - + diff --git a/src/Umbraco.Core/packages.config b/src/Umbraco.Core/packages.config index 1d5de7749b..d717c88286 100644 --- a/src/Umbraco.Core/packages.config +++ b/src/Umbraco.Core/packages.config @@ -3,7 +3,7 @@ - + diff --git a/src/Umbraco.Tests/App.config b/src/Umbraco.Tests/App.config index 45a43631f7..3d35ae5c93 100644 --- a/src/Umbraco.Tests/App.config +++ b/src/Umbraco.Tests/App.config @@ -100,7 +100,7 @@ - + diff --git a/src/Umbraco.Tests/Umbraco.Tests.csproj b/src/Umbraco.Tests/Umbraco.Tests.csproj index 2ae4b72a8c..18b9b8d006 100644 --- a/src/Umbraco.Tests/Umbraco.Tests.csproj +++ b/src/Umbraco.Tests/Umbraco.Tests.csproj @@ -132,9 +132,9 @@ ..\packages\Microsoft.AspNet.WebApi.WebHost.4.0.30506.0\lib\net40\System.Web.Http.WebHost.dll - + True - ..\packages\Microsoft.AspNet.Mvc.4.0.40804.0\lib\net40\System.Web.Mvc.dll + ..\packages\Microsoft.AspNet.Mvc.4.0.30506.0\lib\net40\System.Web.Mvc.dll True diff --git a/src/Umbraco.Tests/packages.config b/src/Umbraco.Tests/packages.config index 4e89abb9a1..58d314c3b1 100644 --- a/src/Umbraco.Tests/packages.config +++ b/src/Umbraco.Tests/packages.config @@ -5,7 +5,7 @@ - + diff --git a/src/Umbraco.Web.UI/Umbraco.Web.UI.csproj b/src/Umbraco.Web.UI/Umbraco.Web.UI.csproj index 28f8183a7e..5de747c1fb 100644 --- a/src/Umbraco.Web.UI/Umbraco.Web.UI.csproj +++ b/src/Umbraco.Web.UI/Umbraco.Web.UI.csproj @@ -230,9 +230,9 @@ ..\packages\Microsoft.AspNet.WebApi.WebHost.4.0.30506.0\lib\net40\System.Web.Http.WebHost.dll True - - ..\packages\Microsoft.AspNet.Mvc.4.0.40804.0\lib\net40\System.Web.Mvc.dll + True + ..\packages\Microsoft.AspNet.Mvc.4.0.30506.0\lib\net40\System.Web.Mvc.dll True diff --git a/src/Umbraco.Web.UI/packages.config b/src/Umbraco.Web.UI/packages.config index 3c1927aac8..4a754f6758 100644 --- a/src/Umbraco.Web.UI/packages.config +++ b/src/Umbraco.Web.UI/packages.config @@ -9,7 +9,7 @@ - + diff --git a/src/Umbraco.Web.UI/web.Template.Debug.config b/src/Umbraco.Web.UI/web.Template.Debug.config index d5901a5c5e..1aecc61f45 100644 --- a/src/Umbraco.Web.UI/web.Template.Debug.config +++ b/src/Umbraco.Web.UI/web.Template.Debug.config @@ -132,7 +132,14 @@ xdt:Locator="Condition(_defaultNamespace:assemblyIdentity[@name='System.Web.Mvc']])" /> - + + + + + + + - + - - + + diff --git a/src/Umbraco.Web/Umbraco.Web.csproj b/src/Umbraco.Web/Umbraco.Web.csproj index 5c3c521b16..08cf22ecd6 100644 --- a/src/Umbraco.Web/Umbraco.Web.csproj +++ b/src/Umbraco.Web/Umbraco.Web.csproj @@ -195,9 +195,9 @@ ..\packages\Microsoft.AspNet.WebApi.WebHost.4.0.30506.0\lib\net40\System.Web.Http.WebHost.dll - + True - ..\packages\Microsoft.AspNet.Mvc.4.0.40804.0\lib\net40\System.Web.Mvc.dll + ..\packages\Microsoft.AspNet.Mvc.4.0.30506.0\lib\net40\System.Web.Mvc.dll True diff --git a/src/Umbraco.Web/app.config b/src/Umbraco.Web/app.config index 105ebc53f3..957569042f 100644 --- a/src/Umbraco.Web/app.config +++ b/src/Umbraco.Web/app.config @@ -29,7 +29,7 @@ - + diff --git a/src/Umbraco.Web/packages.config b/src/Umbraco.Web/packages.config index 3fee35e677..315d780852 100644 --- a/src/Umbraco.Web/packages.config +++ b/src/Umbraco.Web/packages.config @@ -6,7 +6,7 @@ - + diff --git a/src/UmbracoExamine/app.config b/src/UmbracoExamine/app.config index 3a3e923d5b..b77bae14a4 100644 --- a/src/UmbracoExamine/app.config +++ b/src/UmbracoExamine/app.config @@ -4,7 +4,7 @@ - + diff --git a/src/umbraco.MacroEngines/app.config b/src/umbraco.MacroEngines/app.config index d9a8025f65..900c3903d5 100644 --- a/src/umbraco.MacroEngines/app.config +++ b/src/umbraco.MacroEngines/app.config @@ -16,7 +16,7 @@ - + diff --git a/src/umbraco.MacroEngines/packages.config b/src/umbraco.MacroEngines/packages.config index 24fd666515..9951ba7e01 100644 --- a/src/umbraco.MacroEngines/packages.config +++ b/src/umbraco.MacroEngines/packages.config @@ -3,7 +3,7 @@ - + diff --git a/src/umbraco.MacroEngines/umbraco.MacroEngines.csproj b/src/umbraco.MacroEngines/umbraco.MacroEngines.csproj index 59e5e4b4c6..a34198b5ce 100644 --- a/src/umbraco.MacroEngines/umbraco.MacroEngines.csproj +++ b/src/umbraco.MacroEngines/umbraco.MacroEngines.csproj @@ -89,9 +89,9 @@ ..\packages\Microsoft.AspNet.WebApi.WebHost.4.0.30506.0\lib\net40\System.Web.Http.WebHost.dll - + True - ..\packages\Microsoft.AspNet.Mvc.4.0.40804.0\lib\net40\System.Web.Mvc.dll + ..\packages\Microsoft.AspNet.Mvc.4.0.30506.0\lib\net40\System.Web.Mvc.dll True diff --git a/src/umbraco.businesslogic/app.config b/src/umbraco.businesslogic/app.config index 3a3e923d5b..b77bae14a4 100644 --- a/src/umbraco.businesslogic/app.config +++ b/src/umbraco.businesslogic/app.config @@ -4,7 +4,7 @@ - + diff --git a/src/umbraco.businesslogic/packages.config b/src/umbraco.businesslogic/packages.config index 63fd1fb7c3..59350953ba 100644 --- a/src/umbraco.businesslogic/packages.config +++ b/src/umbraco.businesslogic/packages.config @@ -1,7 +1,7 @@  - + diff --git a/src/umbraco.businesslogic/umbraco.businesslogic.csproj b/src/umbraco.businesslogic/umbraco.businesslogic.csproj index 8f1a26c8fb..d74e2dc92e 100644 --- a/src/umbraco.businesslogic/umbraco.businesslogic.csproj +++ b/src/umbraco.businesslogic/umbraco.businesslogic.csproj @@ -136,9 +136,9 @@ True ..\packages\Microsoft.AspNet.WebPages.2.0.30506.0\lib\net40\System.Web.Helpers.dll - + True - ..\packages\Microsoft.AspNet.Mvc.4.0.40804.0\lib\net40\System.Web.Mvc.dll + ..\packages\Microsoft.AspNet.Mvc.4.0.30506.0\lib\net40\System.Web.Mvc.dll True diff --git a/src/umbraco.cms/app.config b/src/umbraco.cms/app.config index 3a3e923d5b..b77bae14a4 100644 --- a/src/umbraco.cms/app.config +++ b/src/umbraco.cms/app.config @@ -4,7 +4,7 @@ - + diff --git a/src/umbraco.controls/app.config b/src/umbraco.controls/app.config index 3a3e923d5b..b77bae14a4 100644 --- a/src/umbraco.controls/app.config +++ b/src/umbraco.controls/app.config @@ -4,7 +4,7 @@ - + diff --git a/src/umbraco.datalayer/app.config b/src/umbraco.datalayer/app.config index 53f3b4c80b..8f828418f3 100644 --- a/src/umbraco.datalayer/app.config +++ b/src/umbraco.datalayer/app.config @@ -8,7 +8,7 @@ - + diff --git a/src/umbraco.editorControls/app.config b/src/umbraco.editorControls/app.config index baa57f9ff7..734aeed7b8 100644 --- a/src/umbraco.editorControls/app.config +++ b/src/umbraco.editorControls/app.config @@ -4,7 +4,7 @@ - + diff --git a/src/umbraco.providers/app.config b/src/umbraco.providers/app.config index 3a3e923d5b..b77bae14a4 100644 --- a/src/umbraco.providers/app.config +++ b/src/umbraco.providers/app.config @@ -4,7 +4,7 @@ - + From d94b334375b7b1ba5fffba699e4eeb89418f147f Mon Sep 17 00:00:00 2001 From: Shannon Date: Mon, 11 May 2015 12:22:56 +1000 Subject: [PATCH 4/4] Moves login logging to the provider level --- src/Umbraco.Core/HttpContextExtensions.cs | 45 +++++++++++++++++ .../Security/MembershipProviderBase.cs | 11 +++++ src/Umbraco.Core/Umbraco.Core.csproj | 1 + .../Editors/AuthenticationController.cs | 21 +------- .../Providers/UmbracoMembershipProvider.cs | 48 +++++++++++++++++-- .../UsersMembershipProvider.cs | 27 ++++++++++- 6 files changed, 128 insertions(+), 25 deletions(-) create mode 100644 src/Umbraco.Core/HttpContextExtensions.cs diff --git a/src/Umbraco.Core/HttpContextExtensions.cs b/src/Umbraco.Core/HttpContextExtensions.cs new file mode 100644 index 0000000000..b4e420dc42 --- /dev/null +++ b/src/Umbraco.Core/HttpContextExtensions.cs @@ -0,0 +1,45 @@ +using System.Web; + +namespace Umbraco.Core +{ + public static class HttpContextExtensions + { + public static string GetCurrentRequestIpAddress(this HttpContextBase httpContext) + { + if (httpContext == null) + { + return "Unknown, httpContext is null"; + } + if (httpContext.Request == null) + { + return "Unknown, httpContext.Request is null"; + } + if (httpContext.Request.ServerVariables == null) + { + return "Unknown, httpContext.Request.ServerVariables is null"; + } + + // From: http://stackoverflow.com/a/740431/5018 + + try + { + var ipAddress = httpContext.Request.ServerVariables["HTTP_X_FORWARDED_FOR"]; + + if (string.IsNullOrEmpty(ipAddress)) + return httpContext.Request.ServerVariables["REMOTE_ADDR"]; + + var addresses = ipAddress.Split(','); + if (addresses.Length != 0) + return addresses[0]; + + return httpContext.Request.ServerVariables["REMOTE_ADDR"]; + } + catch (System.Exception ex) + { + //This try catch is to just always ensure that no matter what we're not getting any exceptions caused since + // that would cause people to not be able to login + return string.Format("Unknown, exception occurred trying to resolve IP {0}", ex); + } + } + } +} \ No newline at end of file diff --git a/src/Umbraco.Core/Security/MembershipProviderBase.cs b/src/Umbraco.Core/Security/MembershipProviderBase.cs index ebcd967cc2..d12b9a952e 100644 --- a/src/Umbraco.Core/Security/MembershipProviderBase.cs +++ b/src/Umbraco.Core/Security/MembershipProviderBase.cs @@ -4,6 +4,7 @@ using System.Configuration.Provider; using System.Security.Cryptography; using System.Text; using System.Text.RegularExpressions; +using System.Web; using System.Web.Configuration; using System.Web.Hosting; using System.Web.Security; @@ -893,5 +894,15 @@ namespace Umbraco.Core.Security return sb.ToString(); } + /// + /// Returns the current request IP address for logging if there is one + /// + /// + protected string GetCurrentRequestIpAddress() + { + var httpContext = HttpContext.Current == null ? (HttpContextBase) null : new HttpContextWrapper(HttpContext.Current); + return httpContext.GetCurrentRequestIpAddress(); + } + } } \ No newline at end of file diff --git a/src/Umbraco.Core/Umbraco.Core.csproj b/src/Umbraco.Core/Umbraco.Core.csproj index bc272d351e..070090d8c7 100644 --- a/src/Umbraco.Core/Umbraco.Core.csproj +++ b/src/Umbraco.Core/Umbraco.Core.csproj @@ -313,6 +313,7 @@ + diff --git a/src/Umbraco.Web/Editors/AuthenticationController.cs b/src/Umbraco.Web/Editors/AuthenticationController.cs index 378306fdb4..43236226a1 100644 --- a/src/Umbraco.Web/Editors/AuthenticationController.cs +++ b/src/Umbraco.Web/Editors/AuthenticationController.cs @@ -107,8 +107,6 @@ namespace Umbraco.Web.Editors if (http.Success == false) throw new InvalidOperationException("This method requires that an HttpContext be active"); - var ipAddress = GetIPAddress(http.Result); - if (UmbracoContext.Security.ValidateBackOfficeCredentials(loginModel.Username, loginModel.Password)) { var user = Security.GetBackOfficeUser(loginModel.Username); @@ -121,16 +119,13 @@ namespace Umbraco.Web.Editors //set their remaining seconds result.SecondsUntilTimeout = ticket.GetRemainingAuthSeconds(); - LogHelper.Info(string.Format("Login attempt succeeded for username {0} from IP address {1}", loginModel.Username, ipAddress)); return result; } //return BadRequest (400), we don't want to return a 401 because that get's intercepted // by our angular helper because it thinks that we need to re-perform the request once we are // authorized and we don't want to return a 403 because angular will show a warning msg indicating - // that the user doesn't have access to perform this function, we just want to return a normal invalid msg. - - LogHelper.Info(string.Format("Login attempt failed for username {0} from IP address {1}", loginModel.Username, ipAddress)); + // that the user doesn't have access to perform this function, we just want to return a normal invalid msg. throw new HttpResponseException(HttpStatusCode.BadRequest); } @@ -147,19 +142,5 @@ namespace Umbraco.Web.Editors return Request.CreateResponse(HttpStatusCode.OK); } - // From: http://stackoverflow.com/a/740431/5018 - protected string GetIPAddress(HttpContextBase httpContext) - { - var ipAddress = httpContext.Request.ServerVariables["HTTP_X_FORWARDED_FOR"]; - - if (string.IsNullOrEmpty(ipAddress)) - return httpContext.Request.ServerVariables["REMOTE_ADDR"]; - - var addresses = ipAddress.Split(','); - if (addresses.Length != 0) - return addresses[0]; - - return httpContext.Request.ServerVariables["REMOTE_ADDR"]; - } } } \ No newline at end of file diff --git a/src/Umbraco.Web/Security/Providers/UmbracoMembershipProvider.cs b/src/Umbraco.Web/Security/Providers/UmbracoMembershipProvider.cs index 16641e5f91..65f90d8127 100644 --- a/src/Umbraco.Web/Security/Providers/UmbracoMembershipProvider.cs +++ b/src/Umbraco.Web/Security/Providers/UmbracoMembershipProvider.cs @@ -511,16 +511,35 @@ namespace Umbraco.Web.Security.Providers { var member = MemberService.GetByUsername(username); - if (member == null) return false; + if (member == null) + { + LogHelper.Info( + string.Format( + "Login attempt failed for username {0} from IP address {1}, the user does not exist", + username, + GetCurrentRequestIpAddress())); + + return false; + } if (member.IsApproved == false) { - LogHelper.Info>("Cannot validate member " + username + " because they are not approved"); + LogHelper.Info( + string.Format( + "Login attempt failed for username {0} from IP address {1}, the user is not approved", + username, + GetCurrentRequestIpAddress())); + return false; } if (member.IsLockedOut) { - LogHelper.Info>("Cannot validate member " + username + " because they are currently locked out"); + LogHelper.Info( + string.Format( + "Login attempt failed for username {0} from IP address {1}, the user is locked", + username, + GetCurrentRequestIpAddress())); + return false; } @@ -538,18 +557,39 @@ namespace Umbraco.Web.Security.Providers { member.IsLockedOut = true; member.LastLockoutDate = DateTime.Now; - LogHelper.Info>("Member " + username + " is now locked out, max invalid password attempts exceeded"); + + LogHelper.Info( + string.Format( + "Login attempt failed for username {0} from IP address {1}, the user is now locked out, max invalid password attempts exceeded", + username, + GetCurrentRequestIpAddress())); + } + else + { + LogHelper.Info( + string.Format( + "Login attempt failed for username {0} from IP address {1}", + username, + GetCurrentRequestIpAddress())); } } else { member.FailedPasswordAttempts = 0; member.LastLoginDate = DateTime.Now; + + LogHelper.Info( + string.Format( + "Login attempt succeeded for username {0} from IP address {1}", + username, + GetCurrentRequestIpAddress())); } //don't raise events for this! It just sets the member dates, if we do raise events this will // cause all distributed cache to execute - which will clear out some caches we don't want. // http://issues.umbraco.org/issue/U4-3451 + //TODO: In v8 we aren't going to have an overload to disable events, so we'll need to make a different method + // for this type of thing (i.e. UpdateLastLogin or similar). MemberService.Save(member, false); return authenticated; diff --git a/src/umbraco.providers/UsersMembershipProvider.cs b/src/umbraco.providers/UsersMembershipProvider.cs index df190a8ac0..93f5327cbb 100644 --- a/src/umbraco.providers/UsersMembershipProvider.cs +++ b/src/umbraco.providers/UsersMembershipProvider.cs @@ -9,6 +9,8 @@ using umbraco.BusinessLogic; using System.Web.Util; using System.Configuration.Provider; using System.Linq; +using Umbraco.Core.Logging; + #endregion namespace umbraco.providers @@ -491,10 +493,33 @@ namespace umbraco.providers { if (user.Disabled) { + LogHelper.Info( + string.Format( + "Login attempt failed for username {0} from IP address {1}, the user is locked", + username, + GetCurrentRequestIpAddress())); + return false; } - return CheckPassword(password, user.Password); + var result = CheckPassword(password, user.Password); + if (result == false) + { + LogHelper.Info( + string.Format( + "Login attempt failed for username {0} from IP address {1}", + username, + GetCurrentRequestIpAddress())); + } + else + { + LogHelper.Info( + string.Format( + "Login attempt succeeded for username {0} from IP address {1}", + username, + GetCurrentRequestIpAddress())); + } + return result; } } return false;