yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OpenIddict should only handle /umbraco/ requests (#16549)

Browse Source
This commit is contained in:
Kenn Jacobsen
2024-06-10 13:31:51 +02:00
committed by GitHub
parent fe559c20ab
commit a64dbe12a1
2 changed files with 69 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
src/Umbraco.Cms.Api.Common/DependencyInjection/ProcessRequestContextHandler.cs Normal file
View File

@@ -0,0 +1,53 @@
using Microsoft.AspNetCore.Http;
using OpenIddict.Server;
using OpenIddict.Validation;
using Umbraco.Cms.Core;
using Umbraco.Extensions;
namespace Umbraco.Cms.Api.Common.DependencyInjection;
public class ProcessRequestContextHandler
: IOpenIddictServerHandler<OpenIddictServerEvents.ProcessRequestContext>, IOpenIddictValidationHandler<OpenIddictValidationEvents.ProcessRequestContext>
{
private readonly IHttpContextAccessor _httpContextAccessor;
private readonly string _backOfficePathSegment;
public ProcessRequestContextHandler(IHttpContextAccessor httpContextAccessor)
{
_httpContextAccessor = httpContextAccessor;
_backOfficePathSegment = Constants.System.DefaultUmbracoPath.TrimStart(Constants.CharArrays.Tilde)
.EnsureStartsWith('/')
.EnsureEndsWith('/');
}
public ValueTask HandleAsync(OpenIddictServerEvents.ProcessRequestContext context)
{
if (SkipOpenIddictHandlingForRequest())
{
context.SkipRequest();
}
return ValueTask.CompletedTask;
}
public ValueTask HandleAsync(OpenIddictValidationEvents.ProcessRequestContext context)
{
if (SkipOpenIddictHandlingForRequest())
{
context.SkipRequest();
}
return ValueTask.CompletedTask;
}
private bool SkipOpenIddictHandlingForRequest()
{
var requestPath = _httpContextAccessor.HttpContext?.Request.Path.Value;
if (requestPath.IsNullOrWhiteSpace())
{
return false;
}
return requestPath.StartsWith(_backOfficePathSegment) is false;
}
}

16
src/Umbraco.Cms.Api.Common/DependencyInjection/UmbracoBuilderAuthExtensions.cs
View File

@@ -2,6 +2,8 @@ using System.Security.Cryptography;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.IdentityModel.Tokens;
using OpenIddict.Server;
using OpenIddict.Validation;
using Umbraco.Cms.Api.Common.Security;
using Umbraco.Cms.Core;
using Umbraco.Cms.Core.Configuration.Models;
@@ -96,6 +98,13 @@ public static class UmbracoBuilderAuthExtensions
options
.AddEncryptionKey(new SymmetricSecurityKey(RandomNumberGenerator.GetBytes(32))) // generate a cryptographically secure random 256-bits key
.AddSigningKey(new RsaSecurityKey(RSA.Create(keySizeInBits: 2048))); // generate RSA key with recommended size of 2048-bits
// Add custom handler for the "ProcessRequestContext" server event, to stop OpenIddict from handling
// every last request to the server (including front-end requests).
options.AddEventHandler<OpenIddictServerEvents.ProcessRequestContext>(configuration =>
{
configuration.UseSingletonHandler<ProcessRequestContextHandler>().SetOrder(OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers.ResolveRequestUri.Descriptor.Order - 1);
});
})
// Register the OpenIddict validation components.
@@ -113,6 +122,13 @@ public static class UmbracoBuilderAuthExtensions
// Use ASP.NET Core Data Protection for tokens instead of JWT. (see note in AddServer)
options.UseDataProtection();
// Add custom handler for the "ProcessRequestContext" validation event, to stop OpenIddict from handling
// every last request to the server (including front-end requests).
options.AddEventHandler<OpenIddictValidationEvents.ProcessRequestContext>(configuration =>
{
configuration.UseSingletonHandler<ProcessRequestContextHandler>().SetOrder(OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers.ResolveRequestUri.Descriptor.Order - 1);
});
});
builder.Services.AddRecurringBackgroundJob<OpenIddictCleanupJob>();