Merge branch 'v13/dev' into v14/dev

Revert #18249 as it is reimplemented for v15 Revert #18320 as the new architecture explictly throws an error # Conflicts: # build/azure-pipelines.yml # src/Umbraco.Core/EmbeddedResources/Lang/en.xml # src/Umbraco.Core/EmbeddedResources/Lang/en_us.xml # src/Umbraco.Core/Models/ContentEditing/ContentSaveAction.cs # src/Umbraco.Core/Services/ContentService.cs # src/Umbraco.Core/Services/IContentService.cs # src/Umbraco.Core/Services/MemberService.cs # src/Umbraco.Infrastructure/PropertyEditors/RichTextEditorPastedImages.cs # src/Umbraco.Infrastructure/Security/BackOfficeUserStore.cs # src/Umbraco.Infrastructure/Security/MemberUserStore.cs # src/Umbraco.Web.BackOffice/Controllers/ContentController.cs # src/Umbraco.Web.BackOffice/Controllers/EntityController.cs # src/Umbraco.Web.BackOffice/Controllers/MediaController.cs # src/Umbraco.Web.BackOffice/Controllers/MemberController.cs # src/Umbraco.Web.BackOffice/Controllers/PreviewController.cs # src/Umbraco.Web.BackOffice/Controllers/UsersController.cs # src/Umbraco.Web.BackOffice/DependencyInjection/UmbracoBuilder.BackOfficeAuth.cs # src/Umbraco.Web.BackOffice/Filters/ContentSaveValidationAttribute.cs # src/Umbraco.Web.BackOffice/Filters/MemberSaveModelValidator.cs # src/Umbraco.Web.BackOffice/Filters/MemberSaveValidationAttribute.cs # src/Umbraco.Web.BackOffice/Trees/ContentTreeController.cs # src/Umbraco.Web.Common/RuntimeMinification/SmidgeOptionsSetup.cs # src/Umbraco.Web.Common/RuntimeMinification/SmidgeRuntimeMinifier.cs # src/Umbraco.Web.Common/Views/UmbracoViewPage.cs # src/Umbraco.Web.UI.Client/src/common/directives/components/buttons/umbbuttongroup.directive.js # src/Umbraco.Web.UI.Client/src/common/directives/components/content/edit.controller.js # src/Umbraco.Web.UI.Client/src/common/directives/components/content/umbtabbedcontent.directive.js # src/Umbraco.Web.UI.Client/src/common/directives/components/property/umbproperty.directive.js # src/Umbraco.Web.UI.Client/src/common/resources/content.resource.js # src/Umbraco.Web.UI.Client/src/common/resources/publicaccess.resource.js # src/Umbraco.Web.UI.Client/src/common/resources/users.resource.js # src/Umbraco.Web.UI.Client/src/common/services/assets.service.js # src/Umbraco.Web.UI.Client/src/views/common/drawers/help/help.controller.js # src/Umbraco.Web.UI.Client/src/views/common/infiniteeditors/linkpicker/linkpicker.controller.js # src/Umbraco.Web.UI.Client/src/views/common/infiniteeditors/mediaentryeditor/mediaentryeditor.controller.js # src/Umbraco.Web.UI.Client/src/views/components/content/umb-tabbed-content.html # src/Umbraco.Web.UI.Client/src/views/components/property/umb-property.html # src/Umbraco.Web.UI.Client/src/views/content/content.create.controller.js # src/Umbraco.Web.UI.Client/src/views/content/overlays/publishdescendants.controller.js # src/Umbraco.Web.UI.Client/src/views/content/overlays/publishdescendants.html # src/Umbraco.Web.UI.Client/src/views/propertyeditors/listview/listview.controller.js # src/Umbraco.Web.UI.Client/src/views/propertyeditors/rte/rte.component.js # src/Umbraco.Web.UI.Client/src/views/users/views/user/details.html # src/Umbraco.Web.UI.Client/src/views/webhooks/edit.controller.js # src/Umbraco.Web.UI.Client/src/views/webhooks/edit.html # src/Umbraco.Web.UI.Client/test/unit/app/content/create-content-controller.spec.js # src/Umbraco.Web.UI.Client~HEAD # src/Umbraco.Web.UI.Login/src/auth.element.ts # tests/Umbraco.TestData/UmbracoTestDataController.cs # tests/Umbraco.Tests.Integration/Umbraco.Core/Services/ContentServiceTests.cs # tests/Umbraco.Tests.Integration/Umbraco.Infrastructure/Services/ContentEventsTests.cs # tests/Umbraco.Tests.Integration/Umbraco.Infrastructure/Services/ContentServicePublishBranchTests.cs # tests/Umbraco.Tests.Integration/Umbraco.Infrastructure/Services/ContentServiceTagsTests.cs # tests/Umbraco.Tests.UnitTests/Umbraco.Infrastructure/Security/MemberUserStoreTests.cs # tests/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Controllers/MemberControllerUnitTests.cs # version.json
2025-02-17 17:46:50 +01:00
parent 8056a59a10 db1d999721
commit 9e7a36865a
29 changed files with 480 additions and 82 deletions
--- a/src/Umbraco.Web.Common/Security/MemberManager.cs
+++ b/src/Umbraco.Web.Common/Security/MemberManager.cs
@@ -1,4 +1,5 @@
 using System.Globalization;
+using System.Security.Claims;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.Extensions.Logging;
@@ -113,8 +114,11 @@ public class MemberManager : UmbracoUserManager<MemberIdentityUser, MemberPasswo
    /// <inheritdoc />
    public virtual bool IsLoggedIn()
    {
-        HttpContext? httpContext = _httpContextAccessor.HttpContext;
-        return httpContext?.User.Identity?.IsAuthenticated ?? false;
+        // We have to try and specifically find the member identity, it's entirely possible for there to be both backoffice and member.
+        ClaimsIdentity? memberIdentity = _httpContextAccessor.HttpContext?.User.GetMemberIdentity();
+
+        return memberIdentity is not null &&
+               memberIdentity.IsAuthenticated;
    }

    /// <inheritdoc />
@@ -170,23 +174,27 @@ public class MemberManager : UmbracoUserManager<MemberIdentityUser, MemberPasswo
    /// <inheritdoc />
    public virtual async Task<MemberIdentityUser?> GetCurrentMemberAsync()
    {
-        if (_currentMember == null)
+        if (_currentMember is not null)
        {
-            if (!IsLoggedIn())
-            {
-                return null;
-            }
-
-            _currentMember = await GetUserAsync(_httpContextAccessor.HttpContext?.User!);
+            return _currentMember;
        }

+        if (IsLoggedIn() is false)
+        {
+            return null;
+        }
+
+        // Create a principal the represents the member security context.
+        var memberPrincipal = new ClaimsPrincipal(_httpContextAccessor.HttpContext?.User.GetMemberIdentity()!);
+        _currentMember = await GetUserAsync(memberPrincipal);
+
        return _currentMember;
    }

    public virtual IPublishedContent? AsPublishedMember(MemberIdentityUser user) => _store.GetPublishedMember(user);

    /// <summary>
-    ///     This will check if the member has access to this path
+    /// This will check if the member has access to this path.
    /// </summary>
    /// <param name="path"></param>
    /// <returns></returns>