diff --git a/src/Umbraco.Core/Configuration/UmbracoSettings/ContentElement.cs b/src/Umbraco.Core/Configuration/UmbracoSettings/ContentElement.cs index 656251f3a0..7f90e55e57 100644 --- a/src/Umbraco.Core/Configuration/UmbracoSettings/ContentElement.cs +++ b/src/Umbraco.Core/Configuration/UmbracoSettings/ContentElement.cs @@ -1,4 +1,5 @@ -using System.Collections.Generic; +using System; +using System.Collections.Generic; using System.Configuration; namespace Umbraco.Core.Configuration.UmbracoSettings @@ -217,6 +218,19 @@ namespace Umbraco.Core.Configuration.UmbracoSettings } } + [Obsolete("This is here so that if this config element exists we won't get a YSOD, it is not used whatsoever and will be removed in future versions")] + [ConfigurationProperty("DocumentTypeIconList")] + internal InnerTextConfigurationElement DocumentTypeIconList + { + get + { + return new OptionalInnerTextConfigurationElement( + (InnerTextConfigurationElement)this["DocumentTypeIconList"], + //set the default + IconPickerBehaviour.HideFileDuplicates); + } + } + [ConfigurationProperty("disallowedUploadFiles")] internal CommaDelimitedConfigurationElement DisallowedUploadFiles { @@ -380,7 +394,7 @@ namespace Umbraco.Core.Configuration.UmbracoSettings { get { return MacroErrors; } } - + IEnumerable IContentSection.DisallowedUploadFiles { get { return DisallowedUploadFiles; } diff --git a/src/Umbraco.Core/Configuration/UmbracoSettings/SecurityElement.cs b/src/Umbraco.Core/Configuration/UmbracoSettings/SecurityElement.cs index 33a8a8584b..d3160a216b 100644 --- a/src/Umbraco.Core/Configuration/UmbracoSettings/SecurityElement.cs +++ b/src/Umbraco.Core/Configuration/UmbracoSettings/SecurityElement.cs @@ -12,7 +12,7 @@ namespace Umbraco.Core.Configuration.UmbracoSettings return new OptionalInnerTextConfigurationElement( (InnerTextConfigurationElement)this["keepUserLoggedIn"], //set the default - true); + false); } } diff --git a/src/Umbraco.Web.UI.Client/src/common/mocks/umbraco.servervariables.js b/src/Umbraco.Web.UI.Client/src/common/mocks/umbraco.servervariables.js index ac43f3488e..a4c31df259 100644 --- a/src/Umbraco.Web.UI.Client/src/common/mocks/umbraco.servervariables.js +++ b/src/Umbraco.Web.UI.Client/src/common/mocks/umbraco.servervariables.js @@ -23,7 +23,8 @@ Umbraco.Sys.ServerVariables = { umbracoSettings: { "umbracoPath": "/umbraco", "appPluginsPath" : "/App_Plugins", - "imageFileTypes": "jpeg,jpg,gif,bmp,png,tiff,tif" + "imageFileTypes": "jpeg,jpg,gif,bmp,png,tiff,tif", + "keepUserLoggedIn": true }, umbracoPlugins: { trees: [ diff --git a/src/Umbraco.Web.UI.Client/src/common/services/user.service.js b/src/Umbraco.Web.UI.Client/src/common/services/user.service.js index 213982b2ba..78a19e979c 100644 --- a/src/Umbraco.Web.UI.Client/src/common/services/user.service.js +++ b/src/Umbraco.Web.UI.Client/src/common/services/user.service.js @@ -93,10 +93,28 @@ angular.module('umbraco.services') //we are either timed out or very close to timing out so we need to show the login dialog. //NOTE: the safeApply because our timeout is set to not run digests (performance reasons) - angularHelper.safeApply($rootScope, function() { - userAuthExpired(); - }); - + if (Umbraco.Sys.ServerVariables.umbracoSettings.keepUserLoggedIn !== true) { + angularHelper.safeApply($rootScope, function() { + userAuthExpired(); + }); + } + else { + //we've got less than 30 seconds remaining so let's check the server + + if (lastServerTimeoutSet != null) { + //first we'll set the lastServerTimeoutSet to null - this is so we don't get back in to this loop while we + // wait for a response from the server otherwise we'll be making double/triple/etc... calls while we wait. + lastServerTimeoutSet = null; + //now go get it from the server + authResource.getRemainingTimeoutSeconds().then(function (result) { + setUserTimeoutInternal(result); + }); + } + + //recurse the countdown! + countdownUserTimeout(); + + } } } }, 2000, //every 2 seconds diff --git a/src/Umbraco.Web.UI/config/umbracoSettings.Release.config b/src/Umbraco.Web.UI/config/umbracoSettings.Release.config index 30526ee2a3..2ccc8a5077 100644 --- a/src/Umbraco.Web.UI/config/umbracoSettings.Release.config +++ b/src/Umbraco.Web.UI/config/umbracoSettings.Release.config @@ -52,7 +52,7 @@ - true + false false diff --git a/src/Umbraco.Web/Editors/BackOfficeController.cs b/src/Umbraco.Web/Editors/BackOfficeController.cs index 40d03ecbb2..2ed33b2f91 100644 --- a/src/Umbraco.Web/Editors/BackOfficeController.cs +++ b/src/Umbraco.Web/Editors/BackOfficeController.cs @@ -172,6 +172,7 @@ namespace Umbraco.Web.Editors "imageFileTypes", string.Join(",", UmbracoConfig.For.UmbracoSettings().Content.ImageFileTypes) }, + {"keepUserLoggedIn", UmbracoConfig.For.UmbracoSettings().Security.KeepUserLoggedIn}, } }, { diff --git a/src/Umbraco.Web/Security/WebSecurity.cs b/src/Umbraco.Web/Security/WebSecurity.cs index 657691dbe8..e4312ea994 100644 --- a/src/Umbraco.Web/Security/WebSecurity.cs +++ b/src/Umbraco.Web/Security/WebSecurity.cs @@ -173,6 +173,9 @@ namespace Umbraco.Web.Security _httpContext.UmbracoLogout(); } + /// + /// Renews the user's login ticket + /// public void RenewLoginTimeout() { _httpContext.RenewUmbracoAuthTicket(); @@ -357,18 +360,6 @@ namespace Umbraco.Web.Security return userApps.Any(uApp => uApp.InvariantEquals(app)); } - internal void UpdateLogin() - { - _httpContext.RenewUmbracoAuthTicket(); - } - - internal long GetTimeout() - { - var ticket = _httpContext.GetUmbracoAuthTicket(); - var ticks = ticket.Expiration.Ticks - DateTime.Now.Ticks; - return ticks; - } - /// /// Gets the user id. /// @@ -409,15 +400,8 @@ namespace Umbraco.Web.Security /// public bool ValidateCurrentUser() { - var ticket = _httpContext.GetUmbracoAuthTicket(); - if (ticket != null) - { - if (ticket.Expired == false) - { - return true; - } - } - return false; + var result = ValidateCurrentUser(false); + return result == ValidateRequestAttempt.Success; } /// @@ -440,8 +424,7 @@ namespace Umbraco.Web.Security { if (throwExceptions) throw new ArgumentException("You have no priviledges to the umbraco console. Please contact your administrator"); return ValidateRequestAttempt.FailedNoPrivileges; - } - UpdateLogin(); + } return ValidateRequestAttempt.Success; } if (throwExceptions) throw new ArgumentException("User has timed out!!"); diff --git a/src/Umbraco.Web/UmbracoModule.cs b/src/Umbraco.Web/UmbracoModule.cs index 3ee5be98b4..f1cbc978db 100644 --- a/src/Umbraco.Web/UmbracoModule.cs +++ b/src/Umbraco.Web/UmbracoModule.cs @@ -225,10 +225,17 @@ namespace Umbraco.Web /// /// /// - /// We do not want to renew the ticket when we are checking for the user's remaining timeout. + /// We do not want to renew the ticket when we are checking for the user's remaining timeout unless - + /// UmbracoConfig.For.UmbracoSettings().Security.KeepUserLoggedIn == true /// internal static bool ShouldIgnoreTicketRenew(Uri url, HttpContextBase httpContext) { + //this setting will renew the ticket for all requests. + if (UmbracoConfig.For.UmbracoSettings().Security.KeepUserLoggedIn) + { + return false; + } + //initialize the ignore ticket urls - we don't need to lock this, it's concurrent and a hashset // we don't want to have to gen the url each request so this will speed things up a teeny bit. if (IgnoreTicketRenewUrls.Any() == false) diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/legacyAjaxCalls.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/legacyAjaxCalls.asmx.cs index 551c859d8b..3ec59bd378 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/legacyAjaxCalls.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/legacyAjaxCalls.asmx.cs @@ -185,6 +185,7 @@ namespace umbraco.presentation.webservices return Application[helper.Request("key")].ToString(); } + [Obsolete("This is no longer used and will be removed in future versions")] [WebMethod] [ScriptMethod] public void RenewUmbracoSession() @@ -195,6 +196,7 @@ namespace umbraco.presentation.webservices } + [Obsolete("This is no longer used and will be removed in future versions")] [WebMethod] [ScriptMethod] public int GetSecondsBeforeUserLogout() diff --git a/src/umbraco.businesslogic/BasePages/BasePage.cs b/src/umbraco.businesslogic/BasePages/BasePage.cs index 73df8927e3..9c60a77fa1 100644 --- a/src/umbraco.businesslogic/BasePages/BasePage.cs +++ b/src/umbraco.businesslogic/BasePages/BasePage.cs @@ -7,6 +7,7 @@ using System.Web.Mvc; using System.Web.Routing; using System.Web.Security; using Umbraco.Core; +using Umbraco.Core.Configuration; using Umbraco.Core.IO; using Umbraco.Core.Cache; using Umbraco.Core.Logging; @@ -30,9 +31,7 @@ namespace umbraco.BasePages private User _user; private bool _userisValidated = false; private ClientTools _clientTools; - - private static readonly int UmbracoTimeOutInMinutes = GlobalSettings.TimeOutInMinutes; - + /// /// The path to the umbraco root folder /// @@ -135,6 +134,7 @@ namespace umbraco.BasePages ClientTools.RefreshAdmin(Seconds); } + //NOTE: This is basically replicated in WebSecurity because this class exists in a poorly placed assembly. - also why it is obsolete. private void ValidateUser() { var ticket = Context.GetUmbracoAuthTicket(); @@ -160,7 +160,7 @@ namespace umbraco.BasePages } else { - throw new InvalidOperationException("The user has no umbraco contextid - try logging in"); + throw new InvalidOperationException("The user has no umbraco contextid - try logging in"); } } @@ -205,13 +205,10 @@ namespace umbraco.BasePages /// public static bool ValidateCurrentUser() { - var ticket = HttpContext.Current.GetUmbracoAuthTicket(); - if (ticket != null) + var identity = HttpContext.Current.GetCurrentIdentity(true); + if (identity != null) { - if (ticket.Expired == false) - { - return true; - } + return true; } return false; } @@ -220,7 +217,8 @@ namespace umbraco.BasePages public static long GetTimeout(bool bypassCache) { var ticket = HttpContext.Current.GetUmbracoAuthTicket(); - var ticks = ticket.Expiration.Ticks - DateTime.Now.Ticks; + if (ticket.Expired) return 0; + var ticks = ticket.Expiration.Ticks - DateTime.Now.Ticks; return ticks; }