ext method for authn back office scheme with null check, fixing tests

2020-12-02 15:49:28 +11:00
parent e297bc8c8d
commit d0e17d16bc
4 changed files with 26 additions and 7 deletions
--- a/src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs
@@ -218,7 +218,7 @@ namespace Umbraco.Web.BackOffice.Controllers
        public async Task<double> GetRemainingTimeoutSeconds()
        {
            // force authentication to occur since this is not an authorized endpoint
-            var result = await HttpContext.AuthenticateAsync(Constants.Security.BackOfficeAuthenticationType);
+            var result = await this.AuthenticateBackOfficeAsync();
            if (!result.Succeeded)
            {
                return 0;
@@ -250,7 +250,7 @@ namespace Umbraco.Web.BackOffice.Controllers
        public async Task<bool> IsAuthenticated()
        {
            // force authentication to occur since this is not an authorized endpoint
-            var result = await HttpContext.AuthenticateAsync(Constants.Security.BackOfficeAuthenticationType);
+            var result = await this.AuthenticateBackOfficeAsync();
            return result.Succeeded;
        }

@@ -572,7 +572,7 @@ namespace Umbraco.Web.BackOffice.Controllers
        public async Task<IActionResult> PostLogout()
        {
            // force authentication to occur since this is not an authorized endpoint
-            var result = await HttpContext.AuthenticateAsync(Constants.Security.BackOfficeAuthenticationType);
+            var result = await this.AuthenticateBackOfficeAsync();
            if (!result.Succeeded) return Ok();

            await _signInManager.SignOutAsync();
--- a/src/Umbraco.Web.BackOffice/Controllers/BackOfficeController.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/BackOfficeController.cs
@@ -104,7 +104,7 @@ namespace Umbraco.Web.BackOffice.Controllers
        public async Task<IActionResult> Default()
        {
            // force authentication to occur since this is not an authorized endpoint
-            var result = await HttpContext.AuthenticateAsync(Constants.Security.BackOfficeAuthenticationType);            
+            var result = await this.AuthenticateBackOfficeAsync();

            var viewPath = Path.Combine(_globalSettings.UmbracoPath , Constants.Web.Mvc.BackOfficeArea, nameof(Default) + ".cshtml")
                .Replace("\\", "/"); // convert to forward slashes since it's a virtual path
@@ -119,7 +119,7 @@ namespace Umbraco.Web.BackOffice.Controllers
        [AllowAnonymous]
        public async Task<IActionResult> VerifyInvite(string invite)
        {
-            var authenticate = await HttpContext.AuthenticateAsync(Constants.Security.BackOfficeAuthenticationType);
+            var authenticate = await this.AuthenticateBackOfficeAsync();

            //if you are hitting VerifyInvite, you're already signed in as a different user, and the token is invalid
            //you'll exit on one of the return RedirectToAction(nameof(Default)) but you're still logged in so you just get
@@ -190,7 +190,7 @@ namespace Umbraco.Web.BackOffice.Controllers
        public async Task<IActionResult> AuthorizeUpgrade()
        {
            // force authentication to occur since this is not an authorized endpoint
-            var result = await HttpContext.AuthenticateAsync(Constants.Security.BackOfficeAuthenticationType);
+            var result = await this.AuthenticateBackOfficeAsync();

            var viewPath = Path.Combine(_globalSettings.UmbracoPath, Constants.Web.Mvc.BackOfficeArea, nameof(AuthorizeUpgrade) + ".cshtml");

--- a/src/Umbraco.Web.Common/Extensions/ControllerExtensions.cs
+++ b/src/Umbraco.Web.Common/Extensions/ControllerExtensions.cs
@@ -1,10 +1,29 @@
 using System;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Mvc;
+using Umbraco.Core;

 namespace Umbraco.Extensions
 {
    public static class ControllerExtensions
    {
+        /// <summary>
+        /// Runs the authentication process 
+        /// </summary>
+        /// <param name="controller"></param>
+        /// <returns></returns>
+        public static async Task<AuthenticateResult> AuthenticateBackOfficeAsync(this ControllerBase controller)
+        {
+            if (controller.HttpContext == null)
+            {
+                return AuthenticateResult.NoResult();
+            }
+
+            var result = await controller.HttpContext.AuthenticateAsync(Constants.Security.BackOfficeAuthenticationType);
+            return result;
+        }
+
        /// <summary>
        /// Return the controller name from the controller type
        /// </summary>
--- a/src/Umbraco.Web.Common/Install/InstallController.cs
+++ b/src/Umbraco.Web.Common/Install/InstallController.cs
@@ -74,7 +74,7 @@ namespace Umbraco.Web.Common.Install
                // Update ClientDependency version and delete its temp directories to make sure we get fresh caches
                _runtimeMinifier.Reset();

-                var authResult = await HttpContext.AuthenticateAsync(Core.Constants.Security.BackOfficeAuthenticationType);
+                var authResult = await this.AuthenticateBackOfficeAsync();

                if (!authResult.Succeeded)
                {