yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixes user lockout with aspnet identity

Browse Source
This commit is contained in:
Shannon
2015-07-01 18:02:58 +02:00
parent 53a0c55b14
commit d0c4b2ab72
5 changed files with 41 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/Umbraco.Core/Models/Identity/BackOfficeIdentityUser.cs
View File

@@ -38,6 +38,30 @@ namespace Umbraco.Core.Models.Identity
public string UserTypeAlias { get; set; }
/// <summary>
/// Lockout is always enabled
/// </summary>
public override bool LockoutEnabled
{
get { return true; }
set
{
//do nothing
}
}
/// <summary>
/// Based on the user's lockout end date, this will determine if they are locked out
/// </summary>
internal bool IsLockedOut
{
get
{
var isLocked = (LockoutEndDateUtc.HasValue && LockoutEndDateUtc.Value.ToLocalTime() >= DateTime.Now);
return isLocked;
}
}
/// <summary>
/// Overridden to make the retrieval lazy
/// </summary>

5
src/Umbraco.Core/Models/Identity/IdentityModelMappings.cs
View File

@@ -14,9 +14,7 @@ namespace Umbraco.Core.Models.Identity
config.CreateMap<IUser, BackOfficeIdentityUser>()
.ForMember(user => user.Email, expression => expression.MapFrom(user => user.Email))
.ForMember(user => user.Id, expression => expression.MapFrom(user => user.Id))
.ForMember(user => user.LockoutEnabled, expression => expression.MapFrom(user => user.IsLockedOut))
//Users currently are locked out for an infinite time, we do not support timed lock outs currently
.ForMember(user => user.LockoutEndDateUtc, expression => expression.UseValue(DateTime.MaxValue.ToUniversalTime()))
.ForMember(user => user.LockoutEndDateUtc, expression => expression.MapFrom(user => user.IsLockedOut ? DateTime.MaxValue.ToUniversalTime() : (DateTime?)null))
.ForMember(user => user.UserName, expression => expression.MapFrom(user => user.Username))
.ForMember(user => user.PasswordHash, expression => expression.MapFrom(user => GetPasswordHash(user.RawPasswordValue)))
.ForMember(user => user.Culture, expression => expression.MapFrom(user => user.GetUserCulture(applicationContext.Services.TextService)))
@@ -24,6 +22,7 @@ namespace Umbraco.Core.Models.Identity
.ForMember(user => user.StartMediaId, expression => expression.MapFrom(user => user.StartMediaId))
.ForMember(user => user.StartContentId, expression => expression.MapFrom(user => user.StartContentId))
.ForMember(user => user.UserTypeAlias, expression => expression.MapFrom(user => user.UserType.Alias))
.ForMember(user => user.AccessFailedCount, expression => expression.MapFrom(user => user.FailedPasswordAttempts))
.ForMember(user => user.AllowedSections, expression => expression.MapFrom(user => user.AllowedSections.ToArray()));
}

4
src/Umbraco.Core/Security/BackOfficeUserManager.cs
View File

@@ -102,6 +102,10 @@ namespace Umbraco.Core.Security
manager.UserLockoutEnabledByDefault = true;
manager.MaxFailedAccessAttemptsBeforeLockout = membershipProvider.MaxInvalidPasswordAttempts;
//NOTE: This just needs to be in the future, we currently don't support a lockout timespan, it's either they are locked
// or they are not locked, but this determines what is set on the account lockout date which corresponds to whether they are
// locked out or not.
manager.DefaultAccountLockoutTimeSpan = TimeSpan.FromDays(30);
//custom identity factory for creating the identity object for which we auth against in the back office
manager.ClaimsIdentityFactory = new BackOfficeClaimsIdentityFactory();

18
src/Umbraco.Core/Security/BackOfficeUserStore.cs
View File

@@ -78,7 +78,7 @@ namespace Umbraco.Core.Security
Username = user.UserName,
StartContentId = user.StartContentId == 0 ? -1 : user.StartContentId,
StartMediaId = user.StartMediaId == 0 ? -1 : user.StartMediaId,
IsLockedOut = user.LockoutEnabled,
IsLockedOut = user.IsLockedOut,
IsApproved = true
};
@@ -540,8 +540,8 @@ namespace Umbraco.Core.Security
if (user == null) throw new ArgumentNullException("user");
return user.LockoutEndDateUtc.HasValue
? Task.FromResult(new DateTimeOffset(user.LockoutEndDateUtc.Value, TimeSpan.FromHours(0)))
: Task.FromResult(DateTimeOffset.MaxValue);
? Task.FromResult(DateTimeOffset.MaxValue)
: Task.FromResult(DateTimeOffset.MinValue);
}
/// <summary>
@@ -576,7 +576,8 @@ namespace Umbraco.Core.Security
public Task ResetAccessFailedCountAsync(BackOfficeIdentityUser user)
{
if (user == null) throw new ArgumentNullException("user");
throw new NotImplementedException();
user.AccessFailedCount = 0;
return Task.FromResult(0);
}
/// <summary>
@@ -592,7 +593,7 @@ namespace Umbraco.Core.Security
}
/// <summary>
/// Returns whether the user can be locked out.
/// Returns true
/// </summary>
/// <param name="user"/>
/// <returns/>
@@ -603,7 +604,7 @@ namespace Umbraco.Core.Security
}
/// <summary>
/// Sets whether the user can be locked out.
/// Doesn't actually perform any function, users can always be locked out
/// </summary>
/// <param name="user"/><param name="enabled"/>
/// <returns/>
@@ -635,10 +636,10 @@ namespace Umbraco.Core.Security
anythingChanged = true;
user.FailedPasswordAttempts = identityUser.AccessFailedCount;
}
if (user.IsLockedOut != identityUser.LockoutEnabled)
if (user.IsLockedOut != identityUser.IsLockedOut)
{
anythingChanged = true;
user.IsLockedOut = identityUser.LockoutEnabled;
user.IsLockedOut = identityUser.IsLockedOut;
}
if (user.Username != identityUser.UserName && identityUser.UserName.IsNullOrWhiteSpace() == false)
{
@@ -671,6 +672,7 @@ namespace Umbraco.Core.Security
anythingChanged = true;
user.SecurityStamp = identityUser.SecurityStamp;
}
if (user.AllowedSections.ContainsAll(identityUser.AllowedSections) == false
|| identityUser.AllowedSections.ContainsAll(user.AllowedSections) == false)
{

2
src/Umbraco.Core/Security/MembershipProviderBase.cs
View File

@@ -225,7 +225,7 @@ namespace Umbraco.Core.Security
_enablePasswordReset = config.GetValue("enablePasswordReset", false);
_requiresQuestionAndAnswer = config.GetValue("requiresQuestionAndAnswer", false);
_requiresUniqueEmail = config.GetValue("requiresUniqueEmail", true);
_maxInvalidPasswordAttempts = GetIntValue(config, "maxInvalidPasswordAttempts", 20, false, 0);
_maxInvalidPasswordAttempts = GetIntValue(config, "maxInvalidPasswordAttempts", 5, false, 0);
_passwordAttemptWindow = GetIntValue(config, "passwordAttemptWindow", 10, false, 0);
_minRequiredPasswordLength = GetIntValue(config, "minRequiredPasswordLength", DefaultMinPasswordLength, true, 0x80);
_minRequiredNonAlphanumericCharacters = GetIntValue(config, "minRequiredNonalphanumericCharacters", DefaultMinNonAlphanumericChars, true, 0x80);