Merge remote-tracking branch 'origin/netcore/netcore' into netcore/feature/contentcontroller_and_related

# Conflicts: # src/Umbraco.Web.BackOffice/Controllers/BackOfficeNotificationsController.cs # src/Umbraco.Web.BackOffice/Filters/ValidateAngularAntiForgeryTokenAttribute.cs
2020-06-17 17:01:45 +02:00
parent 3a33e7bf29 e56f6b71a9
commit d5f2d8456a
13 changed files with 295 additions and 282 deletions
--- a/src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs
@@ -106,7 +106,7 @@ namespace Umbraco.Web.BackOffice.Controllers
        /// cookies which means that the auth cookie could be valid but the csrf cookies are no longer there, in that case we need to re-set the csrf cookies.
        /// </remarks>
        [UmbracoAuthorize]
-        [TypeFilter(typeof(SetAngularAntiForgeryTokens))]
+        [SetAngularAntiForgeryTokens]
        //[CheckIfUserTicketDataIsStale] // TODO: Migrate this, though it will need to be done differently at the cookie auth level
        public UserDetail GetCurrentUser()
        {
@@ -123,7 +123,7 @@ namespace Umbraco.Web.BackOffice.Controllers
        /// Logs a user in
        /// </summary>
        /// <returns></returns>
-        [TypeFilter(typeof(SetAngularAntiForgeryTokens))]
+        [SetAngularAntiForgeryTokens]
        public async Task<UserDetail> PostLogin(LoginModel loginModel)
        {
            // Sign the user in with username/password, this also gives a chance for developers to
@@ -188,7 +188,7 @@ namespace Umbraco.Web.BackOffice.Controllers
        /// Logs the current user out
        /// </summary>
        /// <returns></returns>
-        [TypeFilter(typeof(ValidateAngularAntiForgeryTokenAttribute))]
+        [ValidateAngularAntiForgeryToken]
        public IActionResult PostLogout()
        {
            HttpContext.SignOutAsync(Core.Constants.Security.BackOfficeAuthenticationType);
--- a/src/Umbraco.Web.BackOffice/Controllers/BackOfficeNotificationsController.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/BackOfficeNotificationsController.cs
@@ -1,5 +1,4 @@
-using Microsoft.AspNetCore.Mvc;
-using Umbraco.Web.WebApi.Filters;
+using Umbraco.Web.WebApi.Filters;

 namespace Umbraco.Web.BackOffice.Controllers
 {
@@ -8,10 +7,9 @@ namespace Umbraco.Web.BackOffice.Controllers
    /// resulting message is INotificationModel in which case it will append any Event Messages
    /// currently in the request.
    /// </summary>
-    [TypeFilter(typeof(AppendCurrentEventMessagesAttribute))]
    //[PrefixlessBodyModelValidator] // TODO implement this!!
+    [AppendCurrentEventMessagesAttribute]
    public abstract class BackOfficeNotificationsController : UmbracoAuthorizedJsonController
    {
-
    }
 }
--- a/src/Umbraco.Web.BackOffice/Controllers/DashboardController.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/DashboardController.cs
@@ -67,7 +67,7 @@ namespace Umbraco.Web.BackOffice.Controllers
        private static readonly HttpClient HttpClient = new HttpClient();

        //we have baseurl as a param to make previewing easier, so we can test with a dev domain from client side
-        [TypeFilter(typeof(ValidateAngularAntiForgeryTokenAttribute))]
+        [ValidateAngularAntiForgeryToken]
        public async Task<JObject> GetRemoteDashboardContent(string section, string baseUrl = "https://dashboard.umbraco.org/")
        {
            var user = _umbracoContextAccessor.GetRequiredUmbracoContext().Security.CurrentUser;
@@ -211,7 +211,7 @@ namespace Umbraco.Web.BackOffice.Controllers
        }

        // return IDashboardSlim - we don't need sections nor access rules
-        [TypeFilter(typeof(ValidateAngularAntiForgeryTokenAttribute))]
+        [ValidateAngularAntiForgeryToken]
        [TypeFilter(typeof(OutgoingEditorModelEventAttribute))]
        public IEnumerable<Tab<IDashboardSlim>> GetDashboard(string section)
        {
--- a/src/Umbraco.Web.BackOffice/Controllers/DataTypeController.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/DataTypeController.cs
@@ -265,7 +265,7 @@ namespace Umbraco.Web.BackOffice.Controllers
        /// </summary>
        /// <param name="dataType"></param>
        /// <returns></returns>
-        [TypeFilter(typeof(DataTypeValidateAttribute))]
+        [DataTypeValidate]
        public ActionResult<DataTypeDisplay> PostSave(DataTypeSave dataType)
        {
            //If we've made it here, then everything has been wired up and validated by the attribute
--- a/src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedJsonController.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedJsonController.cs
@@ -1,6 +1,4 @@
-using Microsoft.AspNetCore.Mvc;
-using Umbraco.Web.BackOffice.Controllers;
-using Umbraco.Web.BackOffice.Filters;
+using Umbraco.Web.BackOffice.Filters;
 using Umbraco.Web.Common.Filters;

 namespace Umbraco.Web.BackOffice.Controllers
@@ -12,10 +10,9 @@ namespace Umbraco.Web.BackOffice.Controllers
    /// Inheriting from this controller means that ALL of your methods are JSON methods that are called by Angular,
    /// methods that are not called by Angular or don't contain a valid csrf header will NOT work.
    /// </remarks>
-    [TypeFilter(typeof(ValidateAngularAntiForgeryTokenAttribute))]
+    [ValidateAngularAntiForgeryToken]
    [AngularJsonOnlyConfiguration] // TODO: This could be applied with our Application Model conventions
    public abstract class UmbracoAuthorizedJsonController : UmbracoAuthorizedApiController
    {
-
    }
 }