yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Moves what is possible for identity back office to Core, configures backoffice identity with IOptions and our password settings

Browse Source
This commit is contained in:
Shannon
2020-05-20 15:25:42 +10:00
parent 4e62573fce
commit 9818b4a14b
14 changed files with 170 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
src/Umbraco.Web.BackOffice/Extensions/UmbracoBackOfficeServiceCollectionExtensions.cs
View File

@@ -3,9 +3,10 @@ using System.Security.Claims;
using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.DependencyInjection.Extensions;
using Microsoft.Extensions.Options;
using Umbraco.Core;
using Umbraco.Core.BackOffice;
using Umbraco.Core.Mapping;
using Umbraco.Core.Configuration;
using Umbraco.Net;
using Umbraco.Web.Common.AspNetCore;
@@ -17,41 +18,52 @@ namespace Umbraco.Extensions
{
services.AddDataProtection();
// UmbracoMapper - hack?
services.TryAddSingleton<IdentityMapDefinition>();
services.TryAddSingleton(s => new MapDefinitionCollection(new[] {s.GetService<IdentityMapDefinition>()}));
services.TryAddSingleton<UmbracoMapper>();
services.TryAddScoped<IIpResolver, AspNetCoreIpResolver>();
services.AddIdentityCore<BackOfficeIdentityUser>(options =>
{
options.User.RequireUniqueEmail = true;
// TODO: Configure password configuration
/*options.Password.RequiredLength = passwordConfiguration.RequiredLength;
options.Password.RequireNonAlphanumeric = passwordConfiguration.RequireNonLetterOrDigit;
options.Password.RequireDigit = passwordConfiguration.RequireDigit;
options.Password.RequireLowercase = passwordConfiguration.RequireLowercase;
options.Password.RequireUppercase = passwordConfiguration.RequireUppercase;
options.Lockout.MaxFailedAccessAttempts = passwordConfiguration.MaxFailedAccessAttemptsBeforeLockout;*/
options.ClaimsIdentity.UserIdClaimType = ClaimTypes.NameIdentifier;
options.ClaimsIdentity.UserNameClaimType = ClaimTypes.Name;
options.ClaimsIdentity.RoleClaimType = ClaimTypes.Role;
options.ClaimsIdentity.SecurityStampClaimType = Constants.Web.SecurityStampClaimType;
options.Lockout.AllowedForNewUsers = true;
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromDays(30);
})
services
.AddIdentityCore<BackOfficeIdentityUser>()
.AddDefaultTokenProviders()
.AddUserStore<BackOfficeUserStore>()
.AddUserManager<BackOfficeUserManager>()
.AddClaimsPrincipalFactory<BackOfficeClaimsPrincipalFactory<BackOfficeIdentityUser>>();
services.ConfigureOptions<UmbracoBackOfficeIdentityOptions>();
services.AddScoped<ILookupNormalizer, NopLookupNormalizer>();
services.TryAddScoped<ISecurityStampValidator, SecurityStampValidator<BackOfficeIdentityUser>>();
}
/// <summary>
/// Used to configure <see cref="IdentityOptions"/> for the Umbraco Back office
/// </summary>
private class UmbracoBackOfficeIdentityOptions : IConfigureOptions<IdentityOptions>
{
private readonly IUserPasswordConfiguration _userPasswordConfiguration;
public UmbracoBackOfficeIdentityOptions(IUserPasswordConfiguration userPasswordConfiguration)
{
_userPasswordConfiguration = userPasswordConfiguration;
}
public void Configure(IdentityOptions options)
{
options.User.RequireUniqueEmail = true;
options.ClaimsIdentity.UserIdClaimType = ClaimTypes.NameIdentifier;
options.ClaimsIdentity.UserNameClaimType = ClaimTypes.Name;
options.ClaimsIdentity.RoleClaimType = ClaimTypes.Role;
options.ClaimsIdentity.SecurityStampClaimType = Constants.Web.SecurityStampClaimType;
options.Lockout.AllowedForNewUsers = true;
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromDays(30);
options.Password.RequiredLength = _userPasswordConfiguration.RequiredLength;
options.Password.RequireNonAlphanumeric = _userPasswordConfiguration.RequireNonLetterOrDigit;
options.Password.RequireDigit = _userPasswordConfiguration.RequireDigit;
options.Password.RequireLowercase = _userPasswordConfiguration.RequireLowercase;
options.Password.RequireUppercase = _userPasswordConfiguration.RequireUppercase;
options.Lockout.MaxFailedAccessAttempts = _userPasswordConfiguration.MaxFailedAccessAttemptsBeforeLockout;
}
}
}
}