OpenId Connect authentication for new management API (#13318)

* First attempt at OpenIddict * Making headway and more TODOs * Redo current policies for multiple schemas + clean up auth controller * Fix bad merge * Clean up some more test code * Fix spacing * Include AddAuthentication() in OpenIddict addition * A little more clean-up * Move application creation to its own implementation + prepare for middleware to handle valid callback URL * Enable refresh token flow * Fix bad merge from v11/dev * Support auth for Swagger and Postman in non-production environments + use default login screen for back-office logins * Add workaround to client side login handling so the OAuth return URL is not corrupted before redirection * Add temporary configuration handling for new backoffice * Restructure the code somewhat, move singular responsibility from management API project * Add recurring task for cleaning up old tokens in the DB * Fix bad merge + make auth controller align with the new management API structure * Explicitly handle the new management API path as a backoffice path (NOTE: this is potentially behaviorally breaking!) * Redo handle the new management API requests as backoffice requests, this time in a non-breaking way * Add/update TODOs * Revert duplication of current auth policies for OpenIddict (as it breaks everything for V11 without the new management APIs) and introduce a dedicated PoC policy setup for OpenIddict. * Fix failing unit tests * Update src/Umbraco.Cms.ManagementApi/Security/BackOfficeApplicationManager.cs Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com> * Update src/Umbraco.Cms.ManagementApi/Security/BackOfficeApplicationManager.cs Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com> * Update src/Umbraco.Cms.ManagementApi/Security/BackOfficeApplicationManager.cs Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com> * Update src/Umbraco.Core/Routing/UmbracoRequestPaths.cs Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
2022-11-01 11:15:31 +01:00
parent 746ab4bb23
commit dc9d4155a3
25 changed files with 763 additions and 17 deletions
--- a/src/Umbraco.Web.UI.Client/src/views/common/login.controller.js
+++ b/src/Umbraco.Web.UI.Client/src/views/common/login.controller.js
@@ -11,7 +11,11 @@ angular.module('umbraco').controller("Umbraco.LoginController", function (events
      //check if there's a returnPath query string, if so redirect to it
        var locationObj = $location.search();
        if (locationObj.returnPath) {
-            path = decodeURIComponent(locationObj.returnPath);
+            // decodeURIComponent(...) does not play nice with OAuth redirect URLs, so until we have a
+            // dedicated login screen for the new back-office, we need to hardcode this exception
+            path = locationObj.returnPath.indexOf("/security/back-office/authorize") > 0
+              ? locationObj.returnPath
+              : decodeURIComponent(locationObj.returnPath);
        }

        // Ensure path is not absolute