From 2b936a6d31079d622895585b10a3bb5f574d4b67 Mon Sep 17 00:00:00 2001 From: Stephan Date: Thu, 8 Mar 2018 13:18:53 +0100 Subject: [PATCH] UAASSCRUM-1441 - fix token identity --- .../Security/UmbracoBackOfficeIdentity.cs | 40 +++++++++---------- 1 file changed, 18 insertions(+), 22 deletions(-) diff --git a/src/Umbraco.Core/Security/UmbracoBackOfficeIdentity.cs b/src/Umbraco.Core/Security/UmbracoBackOfficeIdentity.cs index 022b15c8be..fcb5547027 100644 --- a/src/Umbraco.Core/Security/UmbracoBackOfficeIdentity.cs +++ b/src/Umbraco.Core/Security/UmbracoBackOfficeIdentity.cs @@ -37,15 +37,15 @@ namespace Umbraco.Core.Security var username = identity.GetUserName(); var session = identity.FindFirstValue(Constants.Security.SessionIdClaimType); var securityStamp = identity.FindFirstValue(Microsoft.AspNet.Identity.Constants.DefaultSecurityStampClaimType); - var startContentId = identity.FindFirstValue(Constants.Security.StartContentNodeIdClaimType); + var startContentId = identity.FindFirstValue(Constants.Security.StartContentNodeIdClaimType); var startMediaId = identity.FindFirstValue(Constants.Security.StartMediaNodeIdClaimType); var culture = identity.FindFirstValue(ClaimTypes.Locality); - var id = identity.FindFirstValue(ClaimTypes.NameIdentifier); + var id = identity.FindFirstValue(ClaimTypes.NameIdentifier); var realName = identity.FindFirstValue(ClaimTypes.GivenName); - if (username == null || startContentId == null || startMediaId == null - || culture == null || id == null + if (username == null || startContentId == null || startMediaId == null + || culture == null || id == null || realName == null || session == null) throw new InvalidOperationException("Cannot create a " + typeof(UmbracoBackOfficeIdentity) + " from " + typeof(ClaimsIdentity) + " since there are missing required claims"); @@ -62,7 +62,7 @@ namespace Umbraco.Core.Security catch (Exception e) { throw new InvalidOperationException("Cannot create a " + typeof(UmbracoBackOfficeIdentity) + " from " + typeof(ClaimsIdentity) + " since the data is not formatted correctly - either content or media start Ids could not be parsed as JSON", e); - } + } var roles = identity.FindAll(x => x.Type == DefaultRoleClaimType).Select(role => role.Value).ToList(); var allowedApps = identity.FindAll(x => x.Type == Constants.Security.AllowedApplicationsClaimType).Select(app => app.Value).ToList(); @@ -165,7 +165,7 @@ namespace Umbraco.Core.Security { foreach (var claim in claimsIdentity.Claims) { - //In one special case we will replace a claim if it exists already and that is the + //In one special case we will replace a claim if it exists already and that is the // Forms auth claim for name which automatically gets added TryRemoveClaim(FindFirst(x => x.Type == claim.Type && x.Issuer == "Forms")); @@ -187,15 +187,15 @@ namespace Umbraco.Core.Security { ClaimTypes.NameIdentifier, //id ClaimTypes.Name, //username - ClaimTypes.GivenName, + ClaimTypes.GivenName, Constants.Security.StartContentNodeIdClaimType, - Constants.Security.StartMediaNodeIdClaimType, - ClaimTypes.Locality, + Constants.Security.StartMediaNodeIdClaimType, + ClaimTypes.Locality, Constants.Security.SessionIdClaimType, Microsoft.AspNet.Identity.Constants.DefaultSecurityStampClaimType }; } - } + } /// /// Adds claims based on the UserData data @@ -222,23 +222,19 @@ namespace Umbraco.Core.Security AddClaim(new Claim(ClaimTypes.Locality, Culture, ClaimValueTypes.String, Issuer, Issuer, this)); if (HasClaim(x => x.Type == Constants.Security.SessionIdClaimType) == false && SessionId.IsNullOrWhiteSpace() == false) - { AddClaim(new Claim(Constants.Security.SessionIdClaimType, SessionId, ClaimValueTypes.String, Issuer, Issuer, this)); - //The security stamp claim is also required... this is because this claim type is hard coded - // by the SecurityStampValidator, see: https://katanaproject.codeplex.com/workitem/444 - if (HasClaim(x => x.Type == Microsoft.AspNet.Identity.Constants.DefaultSecurityStampClaimType) == false) - { - AddClaim(new Claim(Microsoft.AspNet.Identity.Constants.DefaultSecurityStampClaimType, SecurityStamp, ClaimValueTypes.String, Issuer, Issuer, this)); - } - } + //The security stamp claim is also required... this is because this claim type is hard coded + // by the SecurityStampValidator, see: https://katanaproject.codeplex.com/workitem/444 + if (HasClaim(x => x.Type == Microsoft.AspNet.Identity.Constants.DefaultSecurityStampClaimType) == false) + AddClaim(new Claim(Microsoft.AspNet.Identity.Constants.DefaultSecurityStampClaimType, SecurityStamp, ClaimValueTypes.String, Issuer, Issuer, this)); //Add each app as a separate claim if (HasClaim(x => x.Type == Constants.Security.AllowedApplicationsClaimType) == false) { foreach (var application in AllowedApplications) { - AddClaim(new Claim(Constants.Security.AllowedApplicationsClaimType, application, ClaimValueTypes.String, Issuer, Issuer, this)); + AddClaim(new Claim(Constants.Security.AllowedApplicationsClaimType, application, ClaimValueTypes.String, Issuer, Issuer, this)); } } @@ -253,8 +249,8 @@ namespace Umbraco.Core.Security } } - - + + } protected internal UserData UserData { get; private set; } @@ -332,4 +328,4 @@ namespace Umbraco.Core.Security } } -} \ No newline at end of file +}