Merge branch 'v9/dev' into v9/contrib
# Conflicts: # src/Umbraco.Web.UI.Client/src/less/pages/login.less
This commit is contained in:
Sebastiaan Janssen
@@ -678,7 +678,7 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers
|
||||
r = code
|
||||
});
|
||||
|
||||
// Construct full URL using configured application URL (which will fall back to request)
|
||||
// Construct full URL using configured application URL (which will fall back to current request)
|
||||
Uri applicationUri = _httpContextAccessor.GetRequiredHttpContext().Request.GetApplicationUri(_webRoutingSettings);
|
||||
var callbackUri = new Uri(applicationUri, action);
|
||||
return callbackUri.ToString();
|
||||
|
||||
@@ -10,6 +10,7 @@ using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
using Microsoft.AspNetCore.Identity;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Microsoft.Extensions.DependencyInjection;
|
||||
using Microsoft.Extensions.Logging;
|
||||
using Microsoft.Extensions.Options;
|
||||
using Umbraco.Cms.Core;
|
||||
@@ -31,6 +32,7 @@ using Umbraco.Cms.Web.Common.ActionsResults;
|
||||
using Umbraco.Cms.Web.Common.Attributes;
|
||||
using Umbraco.Cms.Web.Common.Authorization;
|
||||
using Umbraco.Cms.Web.Common.Controllers;
|
||||
using Umbraco.Cms.Web.Common.DependencyInjection;
|
||||
using Umbraco.Cms.Web.Common.Filters;
|
||||
using Umbraco.Extensions;
|
||||
using Constants = Umbraco.Cms.Core.Constants;
|
||||
@@ -68,7 +70,10 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers
|
||||
private readonly IBackOfficeTwoFactorOptions _backOfficeTwoFactorOptions;
|
||||
private readonly IManifestParser _manifestParser;
|
||||
private readonly ServerVariablesParser _serverVariables;
|
||||
private readonly IOptions<SecuritySettings> _securitySettings;
|
||||
|
||||
|
||||
[ActivatorUtilitiesConstructor]
|
||||
public BackOfficeController(
|
||||
IBackOfficeUserManager userManager,
|
||||
IRuntimeState runtimeState,
|
||||
@@ -87,7 +92,8 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers
|
||||
IHttpContextAccessor httpContextAccessor,
|
||||
IBackOfficeTwoFactorOptions backOfficeTwoFactorOptions,
|
||||
IManifestParser manifestParser,
|
||||
ServerVariablesParser serverVariables)
|
||||
ServerVariablesParser serverVariables,
|
||||
IOptions<SecuritySettings> securitySettings)
|
||||
{
|
||||
_userManager = userManager;
|
||||
_runtimeState = runtimeState;
|
||||
@@ -107,6 +113,51 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers
|
||||
_backOfficeTwoFactorOptions = backOfficeTwoFactorOptions;
|
||||
_manifestParser = manifestParser;
|
||||
_serverVariables = serverVariables;
|
||||
_securitySettings = securitySettings;
|
||||
}
|
||||
|
||||
[Obsolete("Use ctor with all params. This overload will be removed in Umbraco 10.")]
|
||||
public BackOfficeController(
|
||||
IBackOfficeUserManager userManager,
|
||||
IRuntimeState runtimeState,
|
||||
IRuntimeMinifier runtimeMinifier,
|
||||
IOptions<GlobalSettings> globalSettings,
|
||||
IHostingEnvironment hostingEnvironment,
|
||||
ILocalizedTextService textService,
|
||||
IGridConfig gridConfig,
|
||||
BackOfficeServerVariables backOfficeServerVariables,
|
||||
AppCaches appCaches,
|
||||
IBackOfficeSignInManager signInManager,
|
||||
IBackOfficeSecurityAccessor backofficeSecurityAccessor,
|
||||
ILogger<BackOfficeController> logger,
|
||||
IJsonSerializer jsonSerializer,
|
||||
IBackOfficeExternalLoginProviders externalLogins,
|
||||
IHttpContextAccessor httpContextAccessor,
|
||||
IBackOfficeTwoFactorOptions backOfficeTwoFactorOptions,
|
||||
IManifestParser manifestParser,
|
||||
ServerVariablesParser serverVariables)
|
||||
: this(userManager,
|
||||
runtimeState,
|
||||
runtimeMinifier,
|
||||
globalSettings,
|
||||
hostingEnvironment,
|
||||
textService,
|
||||
gridConfig,
|
||||
backOfficeServerVariables,
|
||||
appCaches,
|
||||
signInManager,
|
||||
backofficeSecurityAccessor,
|
||||
logger,
|
||||
jsonSerializer,
|
||||
externalLogins,
|
||||
httpContextAccessor,
|
||||
backOfficeTwoFactorOptions,
|
||||
manifestParser,
|
||||
serverVariables,
|
||||
StaticServiceProvider.Instance.GetRequiredService<IOptions<SecuritySettings>>()
|
||||
)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
[HttpGet]
|
||||
@@ -458,7 +509,7 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers
|
||||
if (response == null) throw new ArgumentNullException(nameof(response));
|
||||
|
||||
// Sign in the user with this external login provider (which auto links, etc...)
|
||||
SignInResult result = await _signInManager.ExternalLoginSignInAsync(loginInfo, isPersistent: false);
|
||||
SignInResult result = await _signInManager.ExternalLoginSignInAsync(loginInfo, isPersistent: false, bypassTwoFactor: _securitySettings.Value.UserBypassTwoFactorForExternalLogins);
|
||||
|
||||
var errors = new List<string>();
|
||||
|
||||
|
||||
@@ -100,7 +100,7 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers
|
||||
var keepOnlyKeys = new Dictionary<string, string[]>
|
||||
{
|
||||
{"umbracoUrls", new[] {"authenticationApiBaseUrl", "serverVarsJs", "externalLoginsUrl", "currentUserApiBaseUrl", "previewHubUrl", "iconApiBaseUrl"}},
|
||||
{"umbracoSettings", new[] {"allowPasswordReset", "imageFileTypes", "maxFileSize", "loginBackgroundImage", "loginLogoImage", "canSendRequiredEmail", "usernameIsEmail", "minimumPasswordLength", "minimumPasswordNonAlphaNum"}},
|
||||
{"umbracoSettings", new[] {"allowPasswordReset", "imageFileTypes", "maxFileSize", "loginBackgroundImage", "loginLogoImage", "canSendRequiredEmail", "usernameIsEmail", "minimumPasswordLength", "minimumPasswordNonAlphaNum", "hideBackofficeLogo"}},
|
||||
{"application", new[] {"applicationPath", "cacheBuster"}},
|
||||
{"isDebuggingEnabled", new string[] { }},
|
||||
{"features", new [] {"disabledFeatures"}}
|
||||
@@ -408,6 +408,7 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers
|
||||
{"allowPasswordReset", _securitySettings.AllowPasswordReset},
|
||||
{"loginBackgroundImage", _contentSettings.LoginBackgroundImage},
|
||||
{"loginLogoImage", _contentSettings.LoginLogoImage },
|
||||
{"hideBackofficeLogo", _contentSettings.HideBackOfficeLogo },
|
||||
{"showUserInvite", _emailSender.CanSendRequiredEmail()},
|
||||
{"canSendRequiredEmail", _emailSender.CanSendRequiredEmail()},
|
||||
{"showAllowSegmentationForDocumentTypes", false},
|
||||
|
||||
@@ -1,10 +1,17 @@
|
||||
using System.Collections.Generic;
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Net;
|
||||
using System.Net.Http;
|
||||
using System.Runtime.Serialization;
|
||||
using System.Threading.Tasks;
|
||||
using Microsoft.Extensions.DependencyInjection;
|
||||
using Microsoft.Extensions.Logging;
|
||||
using Microsoft.Extensions.Options;
|
||||
using Newtonsoft.Json;
|
||||
using Umbraco.Cms.Core.Configuration.Models;
|
||||
using Umbraco.Cms.Web.Common.Attributes;
|
||||
using Umbraco.Cms.Web.Common.DependencyInjection;
|
||||
using Constants = Umbraco.Cms.Core.Constants;
|
||||
|
||||
namespace Umbraco.Cms.Web.BackOffice.Controllers
|
||||
@@ -13,15 +20,44 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers
|
||||
public class HelpController : UmbracoAuthorizedJsonController
|
||||
{
|
||||
private readonly ILogger<HelpController> _logger;
|
||||
private HelpPageSettings _helpPageSettings;
|
||||
|
||||
[Obsolete("Use constructor that takes IOptions<HelpPageSettings>")]
|
||||
public HelpController(ILogger<HelpController> logger)
|
||||
: this(logger, StaticServiceProvider.Instance.GetRequiredService<IOptionsMonitor<HelpPageSettings>>())
|
||||
{
|
||||
}
|
||||
|
||||
[ActivatorUtilitiesConstructor]
|
||||
public HelpController(
|
||||
ILogger<HelpController> logger,
|
||||
IOptionsMonitor<HelpPageSettings> helpPageSettings)
|
||||
{
|
||||
_logger = logger;
|
||||
|
||||
ResetHelpPageSettings(helpPageSettings.CurrentValue);
|
||||
helpPageSettings.OnChange(ResetHelpPageSettings);
|
||||
}
|
||||
|
||||
private void ResetHelpPageSettings(HelpPageSettings settings)
|
||||
{
|
||||
_helpPageSettings = settings;
|
||||
}
|
||||
|
||||
private static HttpClient _httpClient;
|
||||
|
||||
public async Task<List<HelpPage>> GetContextHelpForPage(string section, string tree, string baseUrl = "https://our.umbraco.com")
|
||||
{
|
||||
if (IsAllowedUrl(baseUrl) is false)
|
||||
{
|
||||
_logger.LogError($"The following URL is not listed in the allowlist for HelpPage in HelpPageSettings: {baseUrl}");
|
||||
HttpContext.Response.StatusCode = (int)HttpStatusCode.BadRequest;
|
||||
|
||||
// Ideally we'd want to return a BadRequestResult here,
|
||||
// however, since we're not returning ActionResult this is not possible and changing it would be a breaking change.
|
||||
return new List<HelpPage>();
|
||||
}
|
||||
|
||||
var url = string.Format(baseUrl + "/Umbraco/Documentation/Lessons/GetContextHelpDocs?sectionAlias={0}&treeAlias={1}", section, tree);
|
||||
|
||||
try
|
||||
@@ -44,6 +80,17 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers
|
||||
|
||||
return new List<HelpPage>();
|
||||
}
|
||||
|
||||
private bool IsAllowedUrl(string url)
|
||||
{
|
||||
if (_helpPageSettings.HelpPageUrlAllowList is null ||
|
||||
_helpPageSettings.HelpPageUrlAllowList.Contains(url))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
[DataContract(Name = "HelpPage")]
|
||||
|
||||
Reference in New Issue
Block a user