yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #11592 from rickbutterfield/feature/temp-11591

Browse Source 
v9: Fix for OAuth ExternalLogin
This commit is contained in:
Bjarke Berg
2021-11-15 12:54:44 +01:00
committed by GitHub
parent c59d799557 fe396ba0cf
commit cabc30341a
3 changed files with 45 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/Umbraco.Web.BackOffice/Controllers/BackOfficeController.cs
View File

@@ -517,6 +517,11 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers
// Failed only occurs when the user does not exist
errors.Add("The requested provider (" + loginInfo.LoginProvider + ") has not been linked to an account, the provider must be linked from the back office.");
}
else if (result == ExternalLoginSignInResult.NotAllowed)
{
// This occurs when the external provider has approved the login but custom logic in OnExternalLogin has denined it.
errors.Add($"The user {loginInfo.Principal.Identity.Name} for the external provider {loginInfo.ProviderDisplayName} has not been accepted and cannot sign in.");
}
else if (result == AutoLinkSignInResult.FailedNotLinked)
{
errors.Add("The requested provider (" + loginInfo.LoginProvider + ") has not been linked to an account, the provider must be linked from the back office.");

28
src/Umbraco.Web.BackOffice/Security/BackOfficeSignInManager.cs
View File

@@ -77,7 +77,8 @@ namespace Umbraco.Cms.Web.BackOffice.Security
var shouldSignIn = autoLinkOptions.OnExternalLogin(user, loginInfo);
if (shouldSignIn == false)
{
Logger.LogWarning("The AutoLinkOptions of the external authentication provider '{LoginProvider}' have refused the login based on the OnExternalLogin method. Affected user id: '{UserId}'", loginInfo.LoginProvider, user.Id);
LogFailedExternalLogin(loginInfo, user);
return ExternalLoginSignInResult.NotAllowed;
}
}
@@ -192,7 +193,16 @@ namespace Umbraco.Cms.Web.BackOffice.Security
return AutoLinkSignInResult.FailedException(ex.Message);
}
return await LinkUser(autoLinkUser, loginInfo);
var shouldLinkUser = autoLinkOptions.OnExternalLogin == null || autoLinkOptions.OnExternalLogin(autoLinkUser, loginInfo);
if (shouldLinkUser)
{
return await LinkUser(autoLinkUser, loginInfo);
}
else
{
LogFailedExternalLogin(loginInfo, autoLinkUser);
return ExternalLoginSignInResult.NotAllowed;
}
}
else
{
@@ -225,7 +235,16 @@ namespace Umbraco.Cms.Web.BackOffice.Security
}
else
{
return await LinkUser(autoLinkUser, loginInfo);
var shouldLinkUser = autoLinkOptions.OnExternalLogin == null || autoLinkOptions.OnExternalLogin(autoLinkUser, loginInfo);
if (shouldLinkUser)
{
return await LinkUser(autoLinkUser, loginInfo);
}
else
{
LogFailedExternalLogin(loginInfo, autoLinkUser);
return ExternalLoginSignInResult.NotAllowed;
}
}
}
}
@@ -264,5 +283,8 @@ namespace Umbraco.Cms.Web.BackOffice.Security
return AutoLinkSignInResult.FailedLinkingUser(errors);
}
}
private void LogFailedExternalLogin(ExternalLoginInfo loginInfo, BackOfficeIdentityUser user) =>
Logger.LogWarning("The AutoLinkOptions of the external authentication provider '{LoginProvider}' have refused the login based on the OnExternalLogin method. Affected user id: '{UserId}'", loginInfo.LoginProvider, user.Id);
}
}

15
src/Umbraco.Web.BackOffice/Security/ExternalLoginSignInResult.cs Normal file
View File

@@ -0,0 +1,15 @@
using Microsoft.AspNetCore.Identity;
namespace Umbraco.Cms.Web.BackOffice.Security
{
/// <summary>
/// Result returned from signing in when external logins are used.
/// </summary>
public class ExternalLoginSignInResult : SignInResult
{
public static ExternalLoginSignInResult NotAllowed { get; } = new ExternalLoginSignInResult()
{
Succeeded = false
};
}
}