From e2881e07d1b5f277b3d6efe66bf7e3bb4aa89373 Mon Sep 17 00:00:00 2001 From: Shannon Date: Tue, 18 Mar 2014 17:08:21 +1100 Subject: [PATCH] Ensures that all calls to the members membership provider are done so explicitly with the membership provider alias - this decouples the need to have the umbraco membership provider declared as the default, we were doing both before. --- src/Umbraco.Core/Models/Member.cs | 97 +- .../Models/Membership/IMembershipUser.cs | 14 +- ...ensions.cs => MembershipUserExtensions.cs} | 2 +- src/Umbraco.Core/Models/Membership/User.cs | 20 +- .../Persistence/Factories/MemberFactory.cs | 2 +- .../Factories/MemberReadOnlyFactory.cs | 2 +- .../Persistence/Factories/UserFactory.cs | 4 +- .../Persistence/Mappers/MemberMapper.cs | 4 +- .../Persistence/Mappers/UserMapper.cs | 2 +- .../Repositories/MemberRepository.cs | 2 +- .../Security/MembershipProviderExtensions.cs | 58 + src/Umbraco.Core/Services/IMemberService.cs | 9 + .../Services/IMembershipMemberService.cs | 10 +- src/Umbraco.Core/Services/MemberService.cs | 26 +- src/Umbraco.Core/Services/UserService.cs | 6 +- src/Umbraco.Core/Umbraco.Core.csproj | 2 +- .../Membership/DynamicMemberContentTests.cs | 4 +- .../UmbracoServiceMembershipProviderTests.cs | 12 +- .../Repositories/MemberRepositoryTest.cs | 6 +- .../Repositories/UserRepositoryTest.cs | 6 +- .../Services/ContentServiceTests.cs | 2 +- .../Services/UserServiceTests.cs | 6 +- .../TestHelpers/Entities/MockedMember.cs | 2 +- .../TestHelpers/Entities/MockedUser.cs | 2 +- .../Controllers/UmbProfileController.cs | 3 +- .../Routing/PublishedContentRequestEngine.cs | 5 +- src/Umbraco.Web/Security/MembershipHelper.cs | 79 +- .../Providers/UmbracoMembershipProvider.cs | 16 +- src/Umbraco.Web/UmbracoHelper.cs | 5 +- .../umbraco.presentation/LegacyClasses.cs | 5 +- .../umbraco/Trees/loadMemberTypes.cs | 6 +- .../umbraco/Trees/loadMembers.cs | 8 +- .../umbraco/controls/passwordChanger.ascx.cs | 2 +- .../umbraco/create/member.ascx.cs | 22 +- .../umbraco/create/memberTasks.cs | 16 +- .../umbraco/dialogs/protectPage.aspx.cs | 12 +- .../umbraco/members/EditMember.aspx.cs | 35 +- .../umbraco/members/MemberSearch.ascx.cs | 12 +- .../umbraco/members/ViewMembers.aspx.cs | 47 +- src/umbraco.businesslogic/User.cs | 6 +- .../businesslogic/member/Member.cs | 46 +- src/umbraco.cms/businesslogic/web/Access.cs | 1047 +++++++++-------- .../members/MembershipEventHandler.cs | 3 +- 43 files changed, 969 insertions(+), 706 deletions(-) rename src/Umbraco.Core/Models/Membership/{MembershipExtensions.cs => MembershipUserExtensions.cs} (92%) diff --git a/src/Umbraco.Core/Models/Member.cs b/src/Umbraco.Core/Models/Member.cs index e35efb726b..71fe8aec00 100644 --- a/src/Umbraco.Core/Models/Member.cs +++ b/src/Umbraco.Core/Models/Member.cs @@ -18,7 +18,7 @@ namespace Umbraco.Core.Models private readonly string _contentTypeAlias; private string _username; private string _email; - private string _password; + private string _rawPasswordValue; private object _providerUserKey; private Type _userTypeKey; @@ -30,14 +30,56 @@ namespace Umbraco.Core.Models public Member(string name, IMemberType contentType) : base(name, -1, contentType, new PropertyCollection()) { + Mandate.ParameterNotNull(contentType, "contentType"); + Mandate.ParameterNotNullOrEmpty(name, "name"); + _contentTypeAlias = contentType.Alias; _contentType = contentType; IsApproved = true; + + //this cannot be null but can be empty + _rawPasswordValue = ""; + _email = ""; + _username = ""; } - //TODO: Should we just get rid of this one? no reason to have a level set. - internal Member(string name, string email, string username, string password, int parentId, IMemberType contentType) - : base(name, parentId, contentType, new PropertyCollection()) + /// + /// Constructor for creating a Member object + /// + /// + /// + /// + /// + public Member(string name, string email, string username, IMemberType contentType) + : base(name, -1, contentType, new PropertyCollection()) + { + Mandate.ParameterNotNull(contentType, "contentType"); + Mandate.ParameterNotNullOrEmpty(name, "name"); + Mandate.ParameterNotNullOrEmpty(email, "email"); + Mandate.ParameterNotNullOrEmpty(username, "username"); + + _contentTypeAlias = contentType.Alias; + _contentType = contentType; + _email = email; + _username = username; + IsApproved = true; + + //this cannot be null but can be empty + _rawPasswordValue = ""; + } + + /// + /// Constructor for creating a Member object + /// + /// + /// + /// + /// + /// The password value passed in to this parameter should be the encoded/encrypted/hashed format of the member's password + /// + /// + public Member(string name, string email, string username, string rawPasswordValue, IMemberType contentType) + : base(name, -1, contentType, new PropertyCollection()) { Mandate.ParameterNotNull(contentType, "contentType"); @@ -45,38 +87,13 @@ namespace Umbraco.Core.Models _contentType = contentType; _email = email; _username = username; - _password = password; + _rawPasswordValue = rawPasswordValue; IsApproved = true; } - public Member(string name, string email, string username, string password, IMemberType contentType) - : this(name, email, username, password, -1, contentType) - { - Mandate.ParameterNotNull(contentType, "contentType"); - - _contentTypeAlias = contentType.Alias; - _contentType = contentType; - _email = email; - _username = username; - _password = password; - IsApproved = true; - } - - //public Member(string name, string email, string username, string password, IContentBase parent, IMemberType contentType) - // : base(name, parent, contentType, new PropertyCollection()) - //{ - // Mandate.ParameterNotNull(contentType, "contentType"); - - // _contentType = contentType; - // _email = email; - // _username = username; - // _password = password; - //} - - private static readonly PropertyInfo DefaultContentTypeAliasSelector = ExpressionHelper.GetPropertyInfo(x => x.ContentTypeAlias); private static readonly PropertyInfo UsernameSelector = ExpressionHelper.GetPropertyInfo(x => x.Username); private static readonly PropertyInfo EmailSelector = ExpressionHelper.GetPropertyInfo(x => x.Email); - private static readonly PropertyInfo PasswordSelector = ExpressionHelper.GetPropertyInfo(x => x.Password); + private static readonly PropertyInfo PasswordSelector = ExpressionHelper.GetPropertyInfo(x => x.RawPasswordValue); private static readonly PropertyInfo ProviderUserKeySelector = ExpressionHelper.GetPropertyInfo(x => x.ProviderUserKey); private static readonly PropertyInfo UserTypeKeySelector = ExpressionHelper.GetPropertyInfo(x => x.ProviderUserKeyType); @@ -115,19 +132,19 @@ namespace Umbraco.Core.Models } /// - /// Gets or sets the Password + /// Gets or sets the raw password value /// [DataMember] - public string Password + public string RawPasswordValue { - get { return _password; } + get { return _rawPasswordValue; } set { SetPropertyValueAndDetectChanges(o => { - _password = value; - return _password; - }, _password, PasswordSelector); + _rawPasswordValue = value; + return _rawPasswordValue; + }, _rawPasswordValue, PasswordSelector); } } @@ -167,14 +184,16 @@ namespace Umbraco.Core.Models } /// - /// Gets or sets the Password Answer + /// Gets or sets the raw password answer value /// /// + /// For security reasons this value should be encrypted, the encryption process is handled by the memberhip provider + /// /// Alias: umbracoPasswordRetrievalAnswerPropertyTypeAlias /// Part of the standard properties collection. /// [IgnoreDataMember] - public string PasswordAnswer + public string RawPasswordAnswerValue { get { diff --git a/src/Umbraco.Core/Models/Membership/IMembershipUser.cs b/src/Umbraco.Core/Models/Membership/IMembershipUser.cs index d6e3294c72..6f92982961 100644 --- a/src/Umbraco.Core/Models/Membership/IMembershipUser.cs +++ b/src/Umbraco.Core/Models/Membership/IMembershipUser.cs @@ -9,9 +9,19 @@ namespace Umbraco.Core.Models.Membership object ProviderUserKey { get; set; } string Username { get; set; } string Email { get; set; } - string Password { get; set; } + + /// + /// Gets or sets the raw password value + /// + string RawPasswordValue { get; set; } + string PasswordQuestion { get; set; } - string PasswordAnswer { get; set; } + + /// + /// Gets or sets the raw password answer value + /// + string RawPasswordAnswerValue { get; set; } + string Comments { get; set; } bool IsApproved { get; set; } bool IsLockedOut { get; set; } diff --git a/src/Umbraco.Core/Models/Membership/MembershipExtensions.cs b/src/Umbraco.Core/Models/Membership/MembershipUserExtensions.cs similarity index 92% rename from src/Umbraco.Core/Models/Membership/MembershipExtensions.cs rename to src/Umbraco.Core/Models/Membership/MembershipUserExtensions.cs index 6be0afe441..2f1cc78001 100644 --- a/src/Umbraco.Core/Models/Membership/MembershipExtensions.cs +++ b/src/Umbraco.Core/Models/Membership/MembershipUserExtensions.cs @@ -3,7 +3,7 @@ using System.Web.Security; namespace Umbraco.Core.Models.Membership { - internal static class MembershipExtensions + internal static class MembershipUserExtensions { internal static UmbracoMembershipMember AsConcreteMembershipUser(this IMembershipUser member, string providerName) { diff --git a/src/Umbraco.Core/Models/Membership/User.cs b/src/Umbraco.Core/Models/Membership/User.cs index af70f4d7c4..be7b5d8c8a 100644 --- a/src/Umbraco.Core/Models/Membership/User.cs +++ b/src/Umbraco.Core/Models/Membership/User.cs @@ -40,13 +40,13 @@ namespace Umbraco.Core.Models.Membership _startMediaId = -1; } - public User(string name, string email, string username, string password, IUserType userType) + public User(string name, string email, string username, string rawPasswordValue, IUserType userType) : this(userType) { _name = name; _email = email; _username = username; - _password = password; + _rawPasswordValue = rawPasswordValue; _isApproved = true; _isLockedOut = false; _startContentId = -1; @@ -67,7 +67,7 @@ namespace Umbraco.Core.Models.Membership private string _username; private string _email; - private string _password; + private string _rawPasswordValue; private bool _isApproved; private bool _isLockedOut; private string _language; @@ -84,7 +84,7 @@ namespace Umbraco.Core.Models.Membership private static readonly PropertyInfo UsernameSelector = ExpressionHelper.GetPropertyInfo(x => x.Username); private static readonly PropertyInfo EmailSelector = ExpressionHelper.GetPropertyInfo(x => x.Email); - private static readonly PropertyInfo PasswordSelector = ExpressionHelper.GetPropertyInfo(x => x.Password); + private static readonly PropertyInfo PasswordSelector = ExpressionHelper.GetPropertyInfo(x => x.RawPasswordValue); private static readonly PropertyInfo IsLockedOutSelector = ExpressionHelper.GetPropertyInfo(x => x.IsLockedOut); private static readonly PropertyInfo IsApprovedSelector = ExpressionHelper.GetPropertyInfo(x => x.IsApproved); private static readonly PropertyInfo LanguageSelector = ExpressionHelper.GetPropertyInfo(x => x.Language); @@ -204,16 +204,16 @@ namespace Umbraco.Core.Models.Membership } } [DataMember] - public string Password + public string RawPasswordValue { - get { return _password; } + get { return _rawPasswordValue; } set { SetPropertyValueAndDetectChanges(o => { - _password = value; - return _password; - }, _password, PasswordSelector); + _rawPasswordValue = value; + return _rawPasswordValue; + }, _rawPasswordValue, PasswordSelector); } } @@ -251,7 +251,7 @@ namespace Umbraco.Core.Models.Membership [IgnoreDataMember] public string PasswordQuestion { get; set; } [IgnoreDataMember] - public string PasswordAnswer { get; set; } + public string RawPasswordAnswerValue { get; set; } [IgnoreDataMember] public string Comments { get; set; } [IgnoreDataMember] diff --git a/src/Umbraco.Core/Persistence/Factories/MemberFactory.cs b/src/Umbraco.Core/Persistence/Factories/MemberFactory.cs index 1aa8f70bb8..efa92566a6 100644 --- a/src/Umbraco.Core/Persistence/Factories/MemberFactory.cs +++ b/src/Umbraco.Core/Persistence/Factories/MemberFactory.cs @@ -30,7 +30,7 @@ namespace Umbraco.Core.Persistence.Factories NodeId = entity.Id, Email = entity.Email, LoginName = entity.Username, - Password = entity.Password, + Password = entity.RawPasswordValue, ContentVersionDto = BuildDto(entity as Member) }; return member; diff --git a/src/Umbraco.Core/Persistence/Factories/MemberReadOnlyFactory.cs b/src/Umbraco.Core/Persistence/Factories/MemberReadOnlyFactory.cs index 0cef37ce8b..d2b3d62e85 100644 --- a/src/Umbraco.Core/Persistence/Factories/MemberReadOnlyFactory.cs +++ b/src/Umbraco.Core/Persistence/Factories/MemberReadOnlyFactory.cs @@ -19,7 +19,7 @@ namespace Umbraco.Core.Persistence.Factories { var properties = CreateProperties(_memberTypes[dto.ContentTypeAlias], dto.Properties, dto.CreateDate); - var member = new Member(dto.Text, dto.Email, dto.LoginName, dto.Password, dto.ParentId, _memberTypes[dto.ContentTypeAlias]) + var member = new Member(dto.Text, dto.Email, dto.LoginName, dto.Password, _memberTypes[dto.ContentTypeAlias]) { Id = dto.NodeId, CreateDate = dto.CreateDate, diff --git a/src/Umbraco.Core/Persistence/Factories/UserFactory.cs b/src/Umbraco.Core/Persistence/Factories/UserFactory.cs index 12c303beb4..080776e7fe 100644 --- a/src/Umbraco.Core/Persistence/Factories/UserFactory.cs +++ b/src/Umbraco.Core/Persistence/Factories/UserFactory.cs @@ -26,7 +26,7 @@ namespace Umbraco.Core.Persistence.Factories Key = guidId, StartContentId = dto.ContentStartId, StartMediaId = dto.MediaStartId.HasValue ? dto.MediaStartId.Value : -1, - Password = dto.Password, + RawPasswordValue = dto.Password, Username = dto.Login, Name = dto.UserName, IsLockedOut = dto.NoConsole, @@ -61,7 +61,7 @@ namespace Umbraco.Core.Persistence.Factories Email = entity.Email, Login = entity.Username, NoConsole = entity.IsLockedOut, - Password = entity.Password, + Password = entity.RawPasswordValue, UserLanguage = entity.Language, UserName = entity.Name, Type = short.Parse(entity.UserType.Id.ToString(CultureInfo.InvariantCulture)), diff --git a/src/Umbraco.Core/Persistence/Mappers/MemberMapper.cs b/src/Umbraco.Core/Persistence/Mappers/MemberMapper.cs index d895e1c127..3a318d7136 100644 --- a/src/Umbraco.Core/Persistence/Mappers/MemberMapper.cs +++ b/src/Umbraco.Core/Persistence/Mappers/MemberMapper.cs @@ -48,12 +48,12 @@ namespace Umbraco.Core.Persistence.Mappers CacheMap(src => src.Email, dto => dto.Email); CacheMap(src => src.Username, dto => dto.LoginName); - CacheMap(src => src.Password, dto => dto.Password); + CacheMap(src => src.RawPasswordValue, dto => dto.Password); CacheMap(src => src.IsApproved, dto => dto.Integer); CacheMap(src => src.IsLockedOut, dto => dto.Integer); CacheMap(src => src.Comments, dto => dto.Text); - CacheMap(src => src.PasswordAnswer, dto => dto.VarChar); + CacheMap(src => src.RawPasswordAnswerValue, dto => dto.VarChar); CacheMap(src => src.PasswordQuestion, dto => dto.VarChar); CacheMap(src => src.FailedPasswordAttempts, dto => dto.Integer); CacheMap(src => src.LastLockoutDate, dto => dto.Date); diff --git a/src/Umbraco.Core/Persistence/Mappers/UserMapper.cs b/src/Umbraco.Core/Persistence/Mappers/UserMapper.cs index bdb411fc5a..15825cca84 100644 --- a/src/Umbraco.Core/Persistence/Mappers/UserMapper.cs +++ b/src/Umbraco.Core/Persistence/Mappers/UserMapper.cs @@ -31,7 +31,7 @@ namespace Umbraco.Core.Persistence.Mappers CacheMap(src => src.Id, dto => dto.Id); CacheMap(src => src.Email, dto => dto.Email); CacheMap(src => src.Username, dto => dto.Login); - CacheMap(src => src.Password, dto => dto.Password); + CacheMap(src => src.RawPasswordValue, dto => dto.Password); CacheMap(src => src.Name, dto => dto.UserName); CacheMap(src => src.DefaultPermissions, dto => dto.DefaultPermissions); CacheMap(src => src.StartMediaId, dto => dto.MediaStartId); diff --git a/src/Umbraco.Core/Persistence/Repositories/MemberRepository.cs b/src/Umbraco.Core/Persistence/Repositories/MemberRepository.cs index a99cc47aa5..9fa1c37676 100644 --- a/src/Umbraco.Core/Persistence/Repositories/MemberRepository.cs +++ b/src/Umbraco.Core/Persistence/Repositories/MemberRepository.cs @@ -321,7 +321,7 @@ namespace Umbraco.Core.Persistence.Repositories changedCols.Add("LoginName"); } // DO NOT update the password if it is null or empty - if (dirtyEntity.IsPropertyDirty("Password") && entity.Password.IsNullOrWhiteSpace() == false) + if (dirtyEntity.IsPropertyDirty("Password") && entity.RawPasswordValue.IsNullOrWhiteSpace() == false) { changedCols.Add("Password"); } diff --git a/src/Umbraco.Core/Security/MembershipProviderExtensions.cs b/src/Umbraco.Core/Security/MembershipProviderExtensions.cs index ed64f179b7..24f5bd01c8 100644 --- a/src/Umbraco.Core/Security/MembershipProviderExtensions.cs +++ b/src/Umbraco.Core/Security/MembershipProviderExtensions.cs @@ -1,8 +1,12 @@ using System; using System.Collections.Generic; using System.Linq; +using System.Security.Principal; using System.Text; +using System.Threading; using System.Threading.Tasks; +using System.Web; +using System.Web.Hosting; using System.Web.Security; using Umbraco.Core.Security; @@ -10,6 +14,60 @@ namespace Umbraco.Core.Security { internal static class MembershipProviderExtensions { + public static MembershipUserCollection FindUsersByName(this MembershipProvider provider, string usernameToMatch) + { + int totalRecords = 0; + return provider.FindUsersByName(usernameToMatch, 0, int.MaxValue, out totalRecords); + } + + public static MembershipUserCollection FindUsersByEmail(this MembershipProvider provider, string emailToMatch) + { + int totalRecords = 0; + return provider.FindUsersByEmail(emailToMatch, 0, int.MaxValue, out totalRecords); + } + + public static MembershipUser CreateUser(this MembershipProvider provider, string username, string password, string email) + { + MembershipCreateStatus status; + var user = provider.CreateUser(username, password, email, null, null, true, null, out status); + if (user == null) + throw new MembershipCreateUserException(status); + return user; + } + + /// + /// Method to get the Umbraco Members membership provider based on it's alias + /// + /// + public static MembershipProvider GetMembersMembershipProvider() + { + if (Membership.Providers[Constants.Conventions.Member.UmbracoMemberProviderName] == null) + { + throw new InvalidOperationException("No membership provider found with name " + Constants.Conventions.Member.UmbracoMemberProviderName); + } + return Membership.Providers[Constants.Conventions.Member.UmbracoMemberProviderName]; + } + + /// + /// Just returns the current user's login name (just a wrapper). + /// + /// + /// + public static string GetCurrentUserName(this MembershipProvider membershipProvider) + { + if (HostingEnvironment.IsHosted) + { + HttpContext current = HttpContext.Current; + if (current != null) + return current.User.Identity.Name; + } + IPrincipal currentPrincipal = Thread.CurrentPrincipal; + if (currentPrincipal == null || currentPrincipal.Identity == null) + return string.Empty; + else + return currentPrincipal.Identity.Name; + } + /// /// Returns true if the provider specified is a built-in Umbraco users provider /// diff --git a/src/Umbraco.Core/Services/IMemberService.cs b/src/Umbraco.Core/Services/IMemberService.cs index 6238cf05a8..37d568f599 100644 --- a/src/Umbraco.Core/Services/IMemberService.cs +++ b/src/Umbraco.Core/Services/IMemberService.cs @@ -10,6 +10,15 @@ namespace Umbraco.Core.Services /// public interface IMemberService : IMembershipMemberService { + /// + /// This is simply a helper method which essentially just wraps the MembershipProvider's ChangePassword method + /// + /// + /// + /// This method exists so that Umbraco developers can use one entry point to create/update members if they choose to. + /// + void SavePassword(string password); + /// /// Checks if a member with the id exists /// diff --git a/src/Umbraco.Core/Services/IMembershipMemberService.cs b/src/Umbraco.Core/Services/IMembershipMemberService.cs index c2183bb254..a05065eea7 100644 --- a/src/Umbraco.Core/Services/IMembershipMemberService.cs +++ b/src/Umbraco.Core/Services/IMembershipMemberService.cs @@ -14,8 +14,8 @@ namespace Umbraco.Core.Services /// public interface IMembershipMemberService : IMembershipMemberService, IMembershipRoleService { - IMember CreateMember(string username, string email, string password, string memberType); - IMember CreateMemberWithIdentity(string username, string email, string password, IMemberType memberType); + IMember CreateMember(string username, string email, string memberType); + IMember CreateMemberWithIdentity(string username, string email, IMemberType memberType); } /// @@ -45,10 +45,12 @@ namespace Umbraco.Core.Services /// /// /// - /// + /// + /// This value should be the encoded/encrypted/hashed value for the password that will be stored in the database + /// /// /// - T CreateWithIdentity(string username, string email, string password, string memberTypeAlias); + T CreateWithIdentity(string username, string email, string rawPasswordValue, string memberTypeAlias); /// /// Gets the member by the provider key diff --git a/src/Umbraco.Core/Services/MemberService.cs b/src/Umbraco.Core/Services/MemberService.cs index 60306ba819..d1ff012e58 100644 --- a/src/Umbraco.Core/Services/MemberService.cs +++ b/src/Umbraco.Core/Services/MemberService.cs @@ -88,6 +88,18 @@ namespace Umbraco.Core.Services } } + /// + /// This is simply a helper method which essentially just wraps the MembershipProvider's ChangePassword method + /// + /// + /// + /// This method exists so that Umbraco developers can use one entry point to create/update members if they choose to. + /// + public void SavePassword(string password) + { + + } + /// /// Checks if a member with the id exists /// @@ -576,23 +588,23 @@ namespace Umbraco.Core.Services } } - public IMember CreateMember(string username, string email, string password, string memberTypeAlias) + public IMember CreateMember(string username, string email, string memberTypeAlias) { var memberTypeService = ApplicationContext.Current.Services.MemberTypeService; var memberType = memberTypeService.Get(memberTypeAlias); - var member = new Member(username, email.ToLower().Trim(), username, password, -1, memberType); + var member = new Member(username, email.ToLower().Trim(), username, memberType); Created.RaiseEvent(new NewEventArgs(member, false, memberTypeAlias, -1), this); return member; } - public IMember CreateMemberWithIdentity(string username, string email, string password, IMemberType memberType) + public IMember CreateMemberWithIdentity(string username, string email, IMemberType memberType) { if (memberType == null) throw new ArgumentNullException("memberType"); - var member = new Member(username, email.ToLower().Trim(), username, password, -1, memberType); + var member = new Member(username, email.ToLower().Trim(), username, memberType); if (Saving.IsRaisedEventCancelled(new SaveEventArgs(member), this)) { @@ -622,10 +634,10 @@ namespace Umbraco.Core.Services /// /// /// - /// + /// /// /// - IMember IMembershipMemberService.CreateWithIdentity(string username, string email, string password, string memberTypeAlias) + IMember IMembershipMemberService.CreateWithIdentity(string username, string email, string rawPasswordValue, string memberTypeAlias) { var uow = _uowProvider.GetUnitOfWork(); IMemberType memberType; @@ -641,7 +653,7 @@ namespace Umbraco.Core.Services throw new ArgumentException(string.Format("No MemberType matching the passed in Alias: '{0}' was found", memberTypeAlias)); } - return CreateMemberWithIdentity(username, email, password, memberType); + return CreateMemberWithIdentity(username, email, memberType); } /// diff --git a/src/Umbraco.Core/Services/UserService.cs b/src/Umbraco.Core/Services/UserService.cs index ded1f5bd35..f24ad8ac34 100644 --- a/src/Umbraco.Core/Services/UserService.cs +++ b/src/Umbraco.Core/Services/UserService.cs @@ -94,7 +94,7 @@ namespace Umbraco.Core.Services Email = email, Language = Configuration.GlobalSettings.DefaultUILanguage, Name = username, - Password = password, + RawPasswordValue = password, DefaultPermissions = userType.Permissions, Username = username, StartContentId = -1, @@ -115,7 +115,7 @@ namespace Umbraco.Core.Services } } - IUser IMembershipMemberService.CreateWithIdentity(string username, string email, string password, string memberTypeAlias) + IUser IMembershipMemberService.CreateWithIdentity(string username, string email, string rawPasswordValue, string memberTypeAlias) { var userType = GetUserTypeByAlias(memberTypeAlias); if (userType == null) @@ -123,7 +123,7 @@ namespace Umbraco.Core.Services throw new ArgumentException("The user type " + memberTypeAlias + " could not be resolved"); } - return CreateUserWithIdentity(username, email, password, userType); + return CreateUserWithIdentity(username, email, rawPasswordValue, userType); } public IUser GetById(int id) diff --git a/src/Umbraco.Core/Umbraco.Core.csproj b/src/Umbraco.Core/Umbraco.Core.csproj index a9ea9f3243..8f374c91df 100644 --- a/src/Umbraco.Core/Umbraco.Core.csproj +++ b/src/Umbraco.Core/Umbraco.Core.csproj @@ -278,7 +278,7 @@ - + diff --git a/src/Umbraco.Tests/Membership/DynamicMemberContentTests.cs b/src/Umbraco.Tests/Membership/DynamicMemberContentTests.cs index 66f7d01e00..203477da8b 100644 --- a/src/Umbraco.Tests/Membership/DynamicMemberContentTests.cs +++ b/src/Umbraco.Tests/Membership/DynamicMemberContentTests.cs @@ -66,7 +66,7 @@ namespace Umbraco.Tests.Membership var mpc = new MemberPublishedContent( - new Member("test name", "test@email.com", "test username", "test password", -1, + new Member("test name", "test@email.com", "test username", "test password", Mock.Of(type => type.Alias == "Member")), m); @@ -107,7 +107,7 @@ namespace Umbraco.Tests.Membership var mpc = new MemberPublishedContent( - new Member("test name", "test@email.com", "test username", "test password", -1, + new Member("test name", "test@email.com", "test username", "test password", Mock.Of(type => type.Alias == "Member")) , m); diff --git a/src/Umbraco.Tests/Membership/UmbracoServiceMembershipProviderTests.cs b/src/Umbraco.Tests/Membership/UmbracoServiceMembershipProviderTests.cs index 8ea9665f41..72900351b2 100644 --- a/src/Umbraco.Tests/Membership/UmbracoServiceMembershipProviderTests.cs +++ b/src/Umbraco.Tests/Membership/UmbracoServiceMembershipProviderTests.cs @@ -96,8 +96,8 @@ namespace Umbraco.Tests.Membership MembershipCreateStatus status; provider.CreateUser("test", "test", "testtest$1", "test@test.com", "test", "test", true, "test", out status); - Assert.AreNotEqual("test", createdMember.PasswordAnswer); - Assert.AreEqual(provider.EncryptString("test"), createdMember.PasswordAnswer); + Assert.AreNotEqual("test", createdMember.RawPasswordAnswerValue); + Assert.AreEqual(provider.EncryptString("test"), createdMember.RawPasswordAnswerValue); } [Test] @@ -128,8 +128,8 @@ namespace Umbraco.Tests.Membership MembershipCreateStatus status; provider.CreateUser("test", "test", "testtest$1", "test@test.com", "test", "test", true, "test", out status); - Assert.AreNotEqual("test", createdMember.Password); - var decrypted = provider.DecryptPassword(createdMember.Password); + Assert.AreNotEqual("test", createdMember.RawPasswordValue); + var decrypted = provider.DecryptPassword(createdMember.RawPasswordValue); Assert.AreEqual("testtest$1", decrypted); } @@ -161,10 +161,10 @@ namespace Umbraco.Tests.Membership MembershipCreateStatus status; provider.CreateUser("test", "test", "testtest$1", "test@test.com", "test", "test", true, "test", out status); - Assert.AreNotEqual("test", createdMember.Password); + Assert.AreNotEqual("test", createdMember.RawPasswordValue); string salt; - var storedPassword = provider.StoredPassword(createdMember.Password, out salt); + var storedPassword = provider.StoredPassword(createdMember.RawPasswordValue, out salt); var hashedPassword = provider.EncryptOrHashPassword("testtest$1", salt); Assert.AreEqual(hashedPassword, storedPassword); } diff --git a/src/Umbraco.Tests/Persistence/Repositories/MemberRepositoryTest.cs b/src/Umbraco.Tests/Persistence/Repositories/MemberRepositoryTest.cs index 93226eec4c..02f7d4d0e5 100644 --- a/src/Umbraco.Tests/Persistence/Repositories/MemberRepositoryTest.cs +++ b/src/Umbraco.Tests/Persistence/Repositories/MemberRepositoryTest.cs @@ -200,7 +200,7 @@ namespace Umbraco.Tests.Persistence.Repositories Assert.That(sut.Properties.Any(x => x.HasIdentity == false || x.Id == 0), Is.False); Assert.That(sut.Name, Is.EqualTo("Johnny Hefty")); Assert.That(sut.Email, Is.EqualTo("johnny@example.com")); - Assert.That(sut.Password, Is.EqualTo("123")); + Assert.That(sut.RawPasswordValue, Is.EqualTo("123")); Assert.That(sut.Username, Is.EqualTo("hefty")); } } @@ -258,12 +258,12 @@ namespace Umbraco.Tests.Persistence.Repositories sut = repository.Get(member.Id); //when the password is null it will not overwrite what is already there. - sut.Password = null; + sut.RawPasswordValue = null; repository.AddOrUpdate(sut); unitOfWork.Commit(); sut = repository.Get(member.Id); - Assert.That(sut.Password, Is.EqualTo("123")); + Assert.That(sut.RawPasswordValue, Is.EqualTo("123")); } } diff --git a/src/Umbraco.Tests/Persistence/Repositories/UserRepositoryTest.cs b/src/Umbraco.Tests/Persistence/Repositories/UserRepositoryTest.cs index 40ea5177cf..dd0ebda0db 100644 --- a/src/Umbraco.Tests/Persistence/Repositories/UserRepositoryTest.cs +++ b/src/Umbraco.Tests/Persistence/Repositories/UserRepositoryTest.cs @@ -140,7 +140,7 @@ namespace Umbraco.Tests.Persistence.Repositories //resolved.DefaultPermissions = "ZYX"; resolved.Language = "fr"; resolved.IsApproved = false; - resolved.Password = "new"; + resolved.RawPasswordValue = "new"; resolved.IsLockedOut = true; resolved.StartContentId = 10; resolved.StartMediaId = 11; @@ -159,7 +159,7 @@ namespace Umbraco.Tests.Persistence.Repositories //Assert.That(updatedItem.DefaultPermissions, Is.EqualTo(resolved.DefaultPermissions)); Assert.That(updatedItem.Language, Is.EqualTo(resolved.Language)); Assert.That(updatedItem.IsApproved, Is.EqualTo(resolved.IsApproved)); - Assert.That(updatedItem.Password, Is.EqualTo(resolved.Password)); + Assert.That(updatedItem.RawPasswordValue, Is.EqualTo(resolved.RawPasswordValue)); Assert.That(updatedItem.IsLockedOut, Is.EqualTo(resolved.IsLockedOut)); Assert.That(updatedItem.StartContentId, Is.EqualTo(resolved.StartContentId)); Assert.That(updatedItem.StartMediaId, Is.EqualTo(resolved.StartMediaId)); @@ -516,7 +516,7 @@ namespace Umbraco.Tests.Persistence.Repositories Assert.That(updatedItem.DefaultPermissions, Is.EqualTo(originalUser.DefaultPermissions)); Assert.That(updatedItem.Language, Is.EqualTo(originalUser.Language)); Assert.That(updatedItem.IsApproved, Is.EqualTo(originalUser.IsApproved)); - Assert.That(updatedItem.Password, Is.EqualTo(originalUser.Password)); + Assert.That(updatedItem.RawPasswordValue, Is.EqualTo(originalUser.RawPasswordValue)); Assert.That(updatedItem.IsLockedOut, Is.EqualTo(originalUser.IsLockedOut)); Assert.That(updatedItem.StartContentId, Is.EqualTo(originalUser.StartContentId)); Assert.That(updatedItem.StartMediaId, Is.EqualTo(originalUser.StartMediaId)); diff --git a/src/Umbraco.Tests/Services/ContentServiceTests.cs b/src/Umbraco.Tests/Services/ContentServiceTests.cs index 9a71d78189..41c6086d94 100644 --- a/src/Umbraco.Tests/Services/ContentServiceTests.cs +++ b/src/Umbraco.Tests/Services/ContentServiceTests.cs @@ -90,7 +90,7 @@ namespace Umbraco.Tests.Services Name = "Test", Email = "test@test.com", Username = "test", - Password = "test" + RawPasswordValue = "test" }; ServiceContext.UserService.Save(user); var content = new Content("Test", -1, ServiceContext.ContentTypeService.GetContentType("umbTextpage")); diff --git a/src/Umbraco.Tests/Services/UserServiceTests.cs b/src/Umbraco.Tests/Services/UserServiceTests.cs index b658d46ef0..4e027c7129 100644 --- a/src/Umbraco.Tests/Services/UserServiceTests.cs +++ b/src/Umbraco.Tests/Services/UserServiceTests.cs @@ -379,8 +379,8 @@ namespace Umbraco.Tests.Services // Assert Assert.That(membershipUser.HasIdentity, Is.True); - Assert.That(membershipUser.Password, Is.Not.EqualTo(password)); - Assert.That(membershipUser.Password, Is.EqualTo(encodedPassword)); + Assert.That(membershipUser.RawPasswordValue, Is.Not.EqualTo(password)); + Assert.That(membershipUser.RawPasswordValue, Is.EqualTo(encodedPassword)); IUser user = membershipUser as User; Assert.That(user, Is.Not.Null); Assert.That(user.DefaultPermissions, Is.EqualTo(userType.Permissions)); @@ -463,7 +463,7 @@ namespace Umbraco.Tests.Services Assert.That(updatedItem.DefaultPermissions, Is.EqualTo(originalUser.DefaultPermissions)); Assert.That(updatedItem.Language, Is.EqualTo(originalUser.Language)); Assert.That(updatedItem.IsApproved, Is.EqualTo(originalUser.IsApproved)); - Assert.That(updatedItem.Password, Is.EqualTo(originalUser.Password)); + Assert.That(updatedItem.RawPasswordValue, Is.EqualTo(originalUser.RawPasswordValue)); Assert.That(updatedItem.IsLockedOut, Is.EqualTo(originalUser.IsLockedOut)); Assert.That(updatedItem.StartContentId, Is.EqualTo(originalUser.StartContentId)); Assert.That(updatedItem.StartMediaId, Is.EqualTo(originalUser.StartMediaId)); diff --git a/src/Umbraco.Tests/TestHelpers/Entities/MockedMember.cs b/src/Umbraco.Tests/TestHelpers/Entities/MockedMember.cs index 2bf06ec87a..dfeb2d19cc 100644 --- a/src/Umbraco.Tests/TestHelpers/Entities/MockedMember.cs +++ b/src/Umbraco.Tests/TestHelpers/Entities/MockedMember.cs @@ -13,7 +13,7 @@ namespace Umbraco.Tests.TestHelpers.Entities { CreatorId = 0, Email = email, - Password = password, + RawPasswordValue = password, Username = username }; diff --git a/src/Umbraco.Tests/TestHelpers/Entities/MockedUser.cs b/src/Umbraco.Tests/TestHelpers/Entities/MockedUser.cs index ede356df71..5fc75c9d06 100644 --- a/src/Umbraco.Tests/TestHelpers/Entities/MockedUser.cs +++ b/src/Umbraco.Tests/TestHelpers/Entities/MockedUser.cs @@ -20,7 +20,7 @@ namespace Umbraco.Tests.TestHelpers.Entities Language = "en", IsApproved = true, Name = "TestUser" + suffix, - Password = "testing", + RawPasswordValue = "testing", IsLockedOut = false, DefaultPermissions = new[]{"A", "B", "C"}, StartContentId = -1, diff --git a/src/Umbraco.Web/Controllers/UmbProfileController.cs b/src/Umbraco.Web/Controllers/UmbProfileController.cs index 03a5019610..dfcf17a543 100644 --- a/src/Umbraco.Web/Controllers/UmbProfileController.cs +++ b/src/Umbraco.Web/Controllers/UmbProfileController.cs @@ -16,7 +16,8 @@ namespace Umbraco.Web.Controllers [HttpPost] public ActionResult HandleUpdateProfile([Bind(Prefix = "profileModel")] ProfileModel model) { - if (Membership.Provider.IsUmbracoMembershipProvider() == false) + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + if (provider.IsUmbracoMembershipProvider() == false) { throw new NotSupportedException("Profile editing with the " + typeof(UmbProfileController) + " is not supported when not using the default Umbraco membership provider"); } diff --git a/src/Umbraco.Web/Routing/PublishedContentRequestEngine.cs b/src/Umbraco.Web/Routing/PublishedContentRequestEngine.cs index 40fa86b67b..4265a4e07f 100644 --- a/src/Umbraco.Web/Routing/PublishedContentRequestEngine.cs +++ b/src/Umbraco.Web/Routing/PublishedContentRequestEngine.cs @@ -7,6 +7,7 @@ using System.IO; using Umbraco.Core; using Umbraco.Core.IO; using Umbraco.Core.Logging; +using Umbraco.Core.Security; using UmbracoSettings = Umbraco.Core.Configuration.UmbracoSettings; using Umbraco.Web.Configuration; @@ -520,7 +521,9 @@ namespace Umbraco.Web.Routing System.Web.Security.MembershipUser user = null; try { - user = System.Web.Security.Membership.GetUser(); + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + var username = provider.GetCurrentUserName(); + user = provider.GetUser(username, true); } catch (ArgumentException) { diff --git a/src/Umbraco.Web/Security/MembershipHelper.cs b/src/Umbraco.Web/Security/MembershipHelper.cs index 6625cf9941..1a280374f5 100644 --- a/src/Umbraco.Web/Security/MembershipHelper.cs +++ b/src/Umbraco.Web/Security/MembershipHelper.cs @@ -46,7 +46,8 @@ namespace Umbraco.Web.Security /// public bool IsUmbracoMembershipProviderActive() { - return Membership.Provider.IsUmbracoMembershipProvider(); + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + return provider.IsUmbracoMembershipProvider(); } /// @@ -64,7 +65,9 @@ namespace Umbraco.Web.Security } //get the current membership user - var membershipUser = Membership.GetUser(); + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + var username = provider.GetCurrentUserName(); + var membershipUser = provider.GetUser(username, true); //NOTE: This should never happen since they are logged in if (membershipUser == null) throw new InvalidOperationException("Could not find member with username " + _httpContext.User.Identity.Name); @@ -74,7 +77,7 @@ namespace Umbraco.Web.Security if (model.Email.InvariantEquals(membershipUser.Email) == false) { //Use the membership provider to change the email since that is configured to do the checks to check for unique emails if that is configured. - var requiresUpdating = UpdateMember(membershipUser, Membership.Provider, model.Email); + var requiresUpdating = UpdateMember(membershipUser, provider, model.Email); membershipUser = requiresUpdating.Result; } } @@ -130,11 +133,11 @@ namespace Umbraco.Web.Security model.Username = (model.UsernameIsEmail || model.Username == null) ? model.Email : model.Username; MembershipUser membershipUser; - + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); //update their real name - if (Membership.Provider.IsUmbracoMembershipProvider()) + if (provider.IsUmbracoMembershipProvider()) { - membershipUser = ((UmbracoMembershipProviderBase)Membership.Provider).CreateUser( + membershipUser = ((UmbracoMembershipProviderBase)provider).CreateUser( model.MemberTypeAlias, model.Username, model.Password, model.Email, //TODO: Support q/a http://issues.umbraco.org/issue/U4-3213 @@ -159,16 +162,16 @@ namespace Umbraco.Web.Security } else { - membershipUser = Membership.CreateUser(model.Username, model.Password, model.Email, + membershipUser = provider.CreateUser(model.Username, model.Password, model.Email, //TODO: Support q/a http://issues.umbraco.org/issue/U4-3213 null, null, - true, out status); + true, null, out status); if (status != MembershipCreateStatus.Success) return null; } //Set member online - Membership.GetUser(model.Username, true); + provider.GetUser(model.Username, true); //Log them in FormsAuthentication.SetAuthCookie(membershipUser.UserName, true); @@ -184,13 +187,14 @@ namespace Umbraco.Web.Security /// public bool Login(string username, string password) { + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); //Validate credentials - if (Membership.ValidateUser(username, password) == false) + if (provider.ValidateUser(username, password) == false) { return false; } //Set member online - var member = Membership.GetUser(username, true); + var member = provider.GetUser(username, true); if (member == null) { //this should not happen @@ -206,46 +210,50 @@ namespace Umbraco.Web.Security public IPublishedContent GetByProviderKey(object key) { - if (Membership.Provider.IsUmbracoMembershipProvider() == false) + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + if (provider.IsUmbracoMembershipProvider() == false) { throw new NotSupportedException("Cannot access this method unless the Umbraco membership provider is active"); } var result = _applicationContext.Services.MemberService.GetByProviderKey(key); - return result == null ? null : new MemberPublishedContent(result, Membership.GetUser(result.Username)); + return result == null ? null : new MemberPublishedContent(result, provider.GetUser(result.Username, false)); } public IPublishedContent GetById(int memberId) { - if (Membership.Provider.IsUmbracoMembershipProvider() == false) + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + if (provider.IsUmbracoMembershipProvider() == false) { throw new NotSupportedException("Cannot access this method unless the Umbraco membership provider is active"); } var result = _applicationContext.Services.MemberService.GetById(memberId); - return result == null ? null : new MemberPublishedContent(result, Membership.GetUser(result.Username)); + return result == null ? null : new MemberPublishedContent(result, provider.GetUser(result.Username, false)); } public IPublishedContent GetByUsername(string username) { - if (Membership.Provider.IsUmbracoMembershipProvider() == false) + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + if (provider.IsUmbracoMembershipProvider() == false) { throw new NotSupportedException("Cannot access this method unless the Umbraco membership provider is active"); } var result = _applicationContext.Services.MemberService.GetByUsername(username); - return result == null ? null : new MemberPublishedContent(result, Membership.GetUser(result.Username)); + return result == null ? null : new MemberPublishedContent(result, provider.GetUser(result.Username, false)); } public IPublishedContent GetByEmail(string email) { - if (Membership.Provider.IsUmbracoMembershipProvider() == false) + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + if (provider.IsUmbracoMembershipProvider() == false) { throw new NotSupportedException("Cannot access this method unless the Umbraco membership provider is active"); } var result = _applicationContext.Services.MemberService.GetByEmail(email); - return result == null ? null : new MemberPublishedContent(result, Membership.GetUser(result.Username)); + return result == null ? null : new MemberPublishedContent(result, provider.GetUser(result.Username, false)); } #endregion @@ -263,9 +271,12 @@ namespace Umbraco.Web.Security return null; } - if (Membership.Provider.IsUmbracoMembershipProvider()) + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + + if (provider.IsUmbracoMembershipProvider()) { - var membershipUser = Membership.GetUser(); + var username = provider.GetCurrentUserName(); + var membershipUser = provider.GetUser(username, true); var member = GetCurrentMember(); //this shouldn't happen if (member == null) return null; @@ -308,7 +319,8 @@ namespace Umbraco.Web.Security /// public RegisterModel CreateRegistrationModel(string memberTypeAlias = null) { - if (Membership.Provider.IsUmbracoMembershipProvider()) + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + if (provider.IsUmbracoMembershipProvider()) { memberTypeAlias = memberTypeAlias ?? Constants.Conventions.MemberTypes.Member; var memberType = _applicationContext.Services.MemberTypeService.Get(memberTypeAlias); @@ -400,8 +412,10 @@ namespace Umbraco.Web.Security model.IsLoggedIn = false; return model; } - - if (Membership.Provider.IsUmbracoMembershipProvider()) + + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + + if (provider.IsUmbracoMembershipProvider()) { var member = GetCurrentMember(); //this shouldn't happen @@ -412,7 +426,8 @@ namespace Umbraco.Web.Security } else { - var member = Membership.GetUser(); + var username = provider.GetCurrentUserName(); + var member = provider.GetUser(username, true); //this shouldn't happen if (member == null) return null; model.Name = member.UserName; @@ -467,8 +482,10 @@ namespace Umbraco.Web.Security } else { + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + string username; - if (Membership.Provider.IsUmbracoMembershipProvider()) + if (provider.IsUmbracoMembershipProvider()) { var member = GetCurrentMember(); username = member.Username; @@ -489,7 +506,8 @@ namespace Umbraco.Web.Security } else { - var member = Membership.GetUser(); + var currUsername = provider.GetCurrentUserName(); + var member = provider.GetUser(currUsername, true); username = member.UserName; } @@ -722,11 +740,14 @@ namespace Umbraco.Web.Security /// private IMember GetCurrentMember() { - if (Membership.Provider.IsUmbracoMembershipProvider() == false) + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + + if (provider.IsUmbracoMembershipProvider() == false) { throw new NotSupportedException("An IMember model can only be retreived when using the built-in Umbraco membership providers"); } - var member = _applicationContext.Services.MemberService.GetByUsername(_httpContext.User.Identity.Name); + var username = provider.GetCurrentUserName(); + var member = _applicationContext.Services.MemberService.GetByUsername(username); return member; } diff --git a/src/Umbraco.Web/Security/Providers/UmbracoMembershipProvider.cs b/src/Umbraco.Web/Security/Providers/UmbracoMembershipProvider.cs index 6b6e3e96fa..d2f520b86d 100644 --- a/src/Umbraco.Web/Security/Providers/UmbracoMembershipProvider.cs +++ b/src/Umbraco.Web/Security/Providers/UmbracoMembershipProvider.cs @@ -78,7 +78,7 @@ namespace Umbraco.Web.Security.Providers string salt; var encodedPassword = EncryptOrHashNewPassword(newPassword, out salt); - m.Password = FormatPasswordForStorage(encodedPassword, salt); + m.RawPasswordValue = FormatPasswordForStorage(encodedPassword, salt); m.LastPasswordChangeDate = DateTime.Now; MemberService.Save(m); @@ -105,7 +105,7 @@ namespace Umbraco.Web.Security.Providers } member.PasswordQuestion = newPasswordQuestion; - member.PasswordAnswer = EncryptString(newPasswordAnswer); + member.RawPasswordAnswerValue = EncryptString(newPasswordAnswer); MemberService.Save(member); @@ -157,7 +157,7 @@ namespace Umbraco.Web.Security.Providers memberTypeAlias); member.PasswordQuestion = passwordQuestion; - member.PasswordAnswer = EncryptString(passwordAnswer); + member.RawPasswordAnswerValue = EncryptString(passwordAnswer); member.IsApproved = isApproved; member.LastLoginDate = DateTime.Now; member.LastPasswordChangeDate = DateTime.Now; @@ -287,12 +287,12 @@ namespace Umbraco.Web.Security.Providers var encAnswer = EncryptString(answer); - if (RequiresQuestionAndAnswer && m.PasswordAnswer != encAnswer) + if (RequiresQuestionAndAnswer && m.RawPasswordAnswerValue != encAnswer) { throw new ProviderException("Incorrect password answer"); } - var decodedPassword = DecryptPassword(m.Password); + var decodedPassword = DecryptPassword(m.RawPasswordValue); return decodedPassword; } @@ -406,14 +406,14 @@ namespace Umbraco.Web.Security.Providers var encAnswer = EncryptString(answer); - if (RequiresQuestionAndAnswer && m.PasswordAnswer != encAnswer) + if (RequiresQuestionAndAnswer && m.RawPasswordAnswerValue != encAnswer) { throw new ProviderException("Incorrect password answer"); } string salt; var encodedPassword = EncryptOrHashNewPassword(generatedPassword, out salt); - m.Password = FormatPasswordForStorage(encodedPassword, salt); + m.RawPasswordValue = FormatPasswordForStorage(encodedPassword, salt); m.LastPasswordChangeDate = DateTime.Now; MemberService.Save(m); @@ -507,7 +507,7 @@ namespace Umbraco.Web.Security.Providers return false; } - var authenticated = CheckPassword(password, member.Password); + var authenticated = CheckPassword(password, member.RawPasswordValue); if (authenticated == false) { diff --git a/src/Umbraco.Web/UmbracoHelper.cs b/src/Umbraco.Web/UmbracoHelper.cs index 10e5ce929f..2c41188215 100644 --- a/src/Umbraco.Web/UmbracoHelper.cs +++ b/src/Umbraco.Web/UmbracoHelper.cs @@ -13,6 +13,7 @@ using Umbraco.Core; using Umbraco.Core.Dictionary; using Umbraco.Core.Dynamics; using Umbraco.Core.Models; +using Umbraco.Core.Security; using Umbraco.Core.Xml; using Umbraco.Web.Models; using Umbraco.Web.PublishedCache; @@ -409,7 +410,9 @@ namespace Umbraco.Web { if (IsProtected(nodeId, path)) { - return _membershipHelper.IsLoggedIn() && Access.HasAccess(nodeId, path, Membership.GetUser()); + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + var username = provider.GetCurrentUserName(); + return _membershipHelper.IsLoggedIn() && Access.HasAccess(nodeId, path, provider.GetUser(username, true)); } return true; } diff --git a/src/Umbraco.Web/umbraco.presentation/LegacyClasses.cs b/src/Umbraco.Web/umbraco.presentation/LegacyClasses.cs index c515f5e16f..457db46395 100644 --- a/src/Umbraco.Web/umbraco.presentation/LegacyClasses.cs +++ b/src/Umbraco.Web/umbraco.presentation/LegacyClasses.cs @@ -10,6 +10,7 @@ using System.Web.UI; using System.Xml; using Umbraco.Core; using Umbraco.Core.IO; +using Umbraco.Core.Security; using umbraco.NodeFactory; using umbraco.cms.businesslogic.web; using umbraco.interfaces; @@ -421,7 +422,9 @@ namespace umbraco { HttpContext.Current.Trace.Write("umbracoRequestHandler", "Page protected"); - var user = System.Web.Security.Membership.GetUser(); + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + var username = provider.GetCurrentUserName(); + var user = provider.GetUser(username, true); if (user == null || !library.IsLoggedOn()) { diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/Trees/loadMemberTypes.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/Trees/loadMemberTypes.cs index 19ccefe64d..4da1bd9162 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/Trees/loadMemberTypes.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/Trees/loadMemberTypes.cs @@ -39,9 +39,11 @@ namespace umbraco public loadMemberTypes(string application) : base(application) { } protected override void CreateRootNode(ref XmlTreeNode rootNode) - { + { + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + // only show member types if we're using umbraco members on the website - if (Membership.Provider.IsUmbracoMembershipProvider()) + if (provider.IsUmbracoMembershipProvider()) { rootNode.NodeType = "init" + TreeAlias; rootNode.NodeID = "init"; diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/Trees/loadMembers.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/Trees/loadMembers.cs index dee3940b96..d0ce98941f 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/Trees/loadMembers.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/Trees/loadMembers.cs @@ -92,6 +92,8 @@ function openContentItem(id) { /// The tree. public override void Render(ref XmlDocument Tree) { + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + string letter = ""; string ContentItemParent = ""; if (HttpContext.Current.Request.QueryString.ToString().IndexOf("letter") >= 0) @@ -158,7 +160,7 @@ function openContentItem(id) { } else { - if (Membership.Provider.IsUmbracoMembershipProvider()) + if (provider.IsUmbracoMembershipProvider()) { foreach (Member m in Member.getMemberFromFirstLetter(letter.ToCharArray()[0])) { @@ -178,7 +180,7 @@ function openContentItem(id) { else { int total; - foreach (System.Web.Security.MembershipUser u in System.Web.Security.Membership.Provider.FindUsersByName(letter + "%", 0, 9999, out total)) + foreach (MembershipUser u in provider.FindUsersByName(letter + "%", 0, 9999, out total)) { XmlElement treeElement = Tree.CreateElement("tree"); @@ -222,7 +224,7 @@ function openContentItem(id) { } //Add folder named "Others", only supported by umbraco - if (Membership.Provider.IsUmbracoMembershipProvider()) + if (provider.IsUmbracoMembershipProvider()) { XmlElement treeElementOther = Tree.CreateElement("tree"); treeElementOther.SetAttribute("menu", ""); diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/controls/passwordChanger.ascx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/controls/passwordChanger.ascx.cs index 3582e873a4..a3f76246e0 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/controls/passwordChanger.ascx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/controls/passwordChanger.ascx.cs @@ -15,7 +15,7 @@ using Umbraco.Web.Models; namespace umbraco.controls { - public partial class passwordChanger : System.Web.UI.UserControl + public partial class passwordChanger : UserControl { public string MembershipProviderName { get; set; } diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/create/member.ascx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/create/member.ascx.cs index 4a611add0f..ca87db9600 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/create/member.ascx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/create/member.ascx.cs @@ -1,3 +1,4 @@ +using System.Globalization; using Umbraco.Core.Security; namespace umbraco.cms.presentation.create.controls @@ -22,12 +23,14 @@ namespace umbraco.cms.presentation.create.controls protected void Page_Load(object sender, System.EventArgs e) { + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + sbmt.Text = ui.Text("create"); - if (Membership.Provider.IsUmbracoMembershipProvider()) + if (provider.IsUmbracoMembershipProvider()) { nameLiteral.Text = ui.Text("name"); memberChooser.Attributes.Add("style", "padding-top: 10px"); - foreach (cms.businesslogic.member.MemberType dt in cms.businesslogic.member.MemberType.GetAll) + foreach (var dt in MemberType.GetAll) { ListItem li = new ListItem(); li.Text = dt.Text; @@ -41,9 +44,14 @@ namespace umbraco.cms.presentation.create.controls memberChooser.Visible = false; } - string[] pwRules = { Membership.MinRequiredPasswordLength.ToString(), Membership.MinRequiredNonAlphanumericCharacters.ToString() }; + string[] pwRules = + { + provider.MinRequiredPasswordLength.ToString(CultureInfo.InvariantCulture), + provider.MinRequiredNonAlphanumericCharacters.ToString(CultureInfo.InvariantCulture) + }; + PasswordRules.Text = PasswordRules.Text = ui.Text( - "errorHandling", "", pwRules, BasePages.UmbracoEnsuredPage.CurrentUser); + "errorHandling", "", pwRules, UmbracoEnsuredPage.CurrentUser); if (!IsPostBack) { @@ -55,7 +63,7 @@ namespace umbraco.cms.presentation.create.controls emailExistsCheck.ErrorMessage = ui.Text("errorHandling", "errorExistsWithoutTab", "E-mail", BasePages.UmbracoEnsuredPage.CurrentUser); memberTypeRequired.ErrorMessage = ui.Text("errorHandling", "errorMandatoryWithoutTab", "Member Type", BasePages.UmbracoEnsuredPage.CurrentUser); Password.Text = - Membership.GeneratePassword(Membership.MinRequiredPasswordLength, Membership.MinRequiredNonAlphanumericCharacters); + Membership.GeneratePassword(provider.MinRequiredPasswordLength, provider.MinRequiredNonAlphanumericCharacters); } @@ -105,7 +113,9 @@ namespace umbraco.cms.presentation.create.controls /// protected void EmailExistsCheck(object sender, ServerValidateEventArgs e) { - if (Email.Text != "" && Member.GetMemberFromEmail(Email.Text.ToLower()) != null && Membership.Providers[Member.UmbracoMemberProviderName].RequiresUniqueEmail) + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + + if (Email.Text != "" && Member.GetMemberFromEmail(Email.Text.ToLower()) != null && provider.RequiresUniqueEmail) e.IsValid = false; else e.IsValid = true; diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/create/memberTasks.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/create/memberTasks.cs index cb602098b8..976098a937 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/create/memberTasks.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/create/memberTasks.cs @@ -76,15 +76,18 @@ namespace umbraco string email = nameAndMail.Length > 0 ? nameAndMail[1] : ""; string password = nameAndMail.Length > 1 ? nameAndMail[2] : ""; string loginName = nameAndMail.Length > 2 ? nameAndMail[3] : ""; - if (Membership.Provider.IsUmbracoMembershipProvider() && TypeID != -1) + + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + + if (provider.IsUmbracoMembershipProvider() && TypeID != -1) { var dt = new MemberType(TypeID); - var provider = (UmbracoMembershipProviderBase)Membership.Provider; + var castedProvider = (UmbracoMembershipProviderBase)provider; MembershipCreateStatus status; //First create with the membership provider //TODO: We are not supporting q/a - passing in empty here - var created = provider.CreateUser(dt.Alias, + var created = castedProvider.CreateUser(dt.Alias, loginName.Replace(" ", "").ToLower(), //dunno why we're doing this but that's how it has been so i'll leave it i guess password, email, "", "", true, Guid.NewGuid(), out status); if (status != MembershipCreateStatus.Success) @@ -105,7 +108,7 @@ namespace umbraco else { MembershipCreateStatus mc; - Membership.CreateUser(name, password, email, "empty", "empty", true, out mc); + provider.CreateUser(name, password, email, "empty", "empty", true, null, out mc); if (mc != MembershipCreateStatus.Success) { throw new Exception("Error creating Member: " + mc); @@ -118,9 +121,10 @@ namespace umbraco public bool Delete() { - var u = Membership.GetUser(Alias); + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + var u = provider.GetUser(Alias, false); if (u == null) return false; - Membership.DeleteUser(u.UserName, true); + provider.DeleteUser(u.UserName, true); return true; diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/protectPage.aspx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/protectPage.aspx.cs index 7782ae6654..c658db703f 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/protectPage.aspx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/protectPage.aspx.cs @@ -180,6 +180,8 @@ namespace umbraco.presentation.umbraco.dialogs //reset SimpleLoginNameValidator.IsValid = true; + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + if (Page.IsValid) { int pageId = int.Parse(helper.Request("nodeId")); @@ -188,15 +190,15 @@ namespace umbraco.presentation.umbraco.dialogs { var memberLogin = simpleLogin.Visible ? simpleLogin.Text : SimpleLoginLabel.Text; - var member = Membership.GetUser(memberLogin); + var member = provider.GetUser(memberLogin, false); if (member == null) { var tempEmail = "u" + Guid.NewGuid().ToString("N") + "@example.com"; // this needs to work differently depending on umbraco members or external membership provider - if (Membership.Provider.IsUmbracoMembershipProvider() == false) + if (provider.IsUmbracoMembershipProvider() == false) { - member = Membership.CreateUser(memberLogin, simplePassword.Text, tempEmail); + member = provider.CreateUser(memberLogin, simplePassword.Text, tempEmail); } else { @@ -205,9 +207,9 @@ namespace umbraco.presentation.umbraco.dialogs { MemberType.MakeNew(BusinessLogic.User.GetUser(0), Constants.Conventions.MemberTypes.SystemDefaultProtectType); } - var provider = Membership.Provider.AsUmbracoMembershipProvider(); + var castedProvider = provider.AsUmbracoMembershipProvider(); MembershipCreateStatus status; - member = provider.CreateUser(Constants.Conventions.MemberTypes.SystemDefaultProtectType, + member = castedProvider.CreateUser(Constants.Conventions.MemberTypes.SystemDefaultProtectType, memberLogin, simplePassword.Text, tempEmail, null, null, true, null, out status); if (status != MembershipCreateStatus.Success) { diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/members/EditMember.aspx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/members/EditMember.aspx.cs index 148b6bc861..026e1994d4 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/members/EditMember.aspx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/members/EditMember.aspx.cs @@ -51,9 +51,11 @@ namespace umbraco.cms.presentation.members { _membershipHelper = new MembershipHelper(UmbracoContext.Current); + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + // Add password changer var passwordChanger = (passwordChanger)LoadControl(SystemDirectories.Umbraco + "/controls/passwordChanger.ascx"); - passwordChanger.MembershipProviderName = Membership.Provider.Name; + passwordChanger.MembershipProviderName = Constants.Conventions.Member.UmbracoMemberProviderName; //Add a custom validation message for the password changer var passwordValidation = new CustomValidator { @@ -73,11 +75,11 @@ namespace umbraco.cms.presentation.members MemberPasswordTxt.Controls.Add(passwordChanger); MemberPasswordTxt.Controls.Add(validatorContainer); - if (Membership.Provider.IsUmbracoMembershipProvider()) + if (provider.IsUmbracoMembershipProvider()) { _memberEntity = new Member(int.Parse(Request.QueryString["id"])); - - _membershipUser = Membership.GetUser(_memberEntity.LoginName, false); + + _membershipUser = provider.GetUser(_memberEntity.LoginName, false); _contentControl = new ContentControl(_memberEntity, ContentControl.publishModes.NoPublish, "TabView1"); _contentControl.Width = Unit.Pixel(666); _contentControl.Height = Unit.Pixel(666); @@ -132,7 +134,7 @@ namespace umbraco.cms.presentation.members menuSave.Click += MenuSaveClick; menuSave.AltText = ui.Text("buttons", "save", null); - _membershipUser = Membership.GetUser(Request.QueryString["id"], false); + _membershipUser = provider.GetUser(Request.QueryString["id"], false); MemberLoginNameTxt.Text = _membershipUser.UserName; if (IsPostBack == false) { @@ -177,7 +179,7 @@ namespace umbraco.cms.presentation.members p.addProperty(ui.Text("membergroup"), _memberGroups); - if (Membership.Provider.IsUmbracoMembershipProvider()) + if (provider.IsUmbracoMembershipProvider()) { _contentControl.tpProp.Controls.Add(p); _contentControl.Save += tmp_save; @@ -202,10 +204,12 @@ namespace umbraco.cms.presentation.members void MemberEmailExistCheck_ServerValidate(object source, ServerValidateEventArgs args) { + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + var oldEmail = _memberEntity.Email.ToLower(); var newEmail = MemberEmail.Text.ToLower(); - var requireUniqueEmail = Membership.Provider.RequiresUniqueEmail; + var requireUniqueEmail = provider.RequiresUniqueEmail; var howManyMembersWithEmail = 0; var membersWithEmail = Member.GetMembersFromEmail(newEmail); @@ -256,11 +260,13 @@ namespace umbraco.cms.presentation.members private void ChangePassword(passwordChanger passwordChangerControl, MembershipUser membershipUser, CustomValidator passwordChangerValidator) { //Change the password + + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); if (passwordChangerControl.IsChangingPassword) { var changePassResult = _membershipHelper.ChangePassword( - membershipUser.UserName, passwordChangerControl.ChangingPasswordModel, Membership.Provider); + membershipUser.UserName, passwordChangerControl.ChangingPasswordModel, provider); if (changePassResult.Success) { @@ -279,6 +285,7 @@ namespace umbraco.cms.presentation.members private bool UpdateWithMembershipProvider(MembershipUser membershipUser, string email, IDataType isApprovedDt, IDataType commentsDt, bool performUnlock) { + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); var membershipHelper = new MembershipHelper(ApplicationContext, new HttpContextWrapper(Context)); //set the writable properties that we are editing @@ -305,7 +312,7 @@ namespace umbraco.cms.presentation.members var unlockSuccess = false; if (performUnlock) { - unlockSuccess = Membership.Provider.UnlockUser(membershipUser.UserName); + unlockSuccess = provider.UnlockUser(membershipUser.UserName); if (unlockSuccess == false) { LogHelper.Warn("Could not unlock the member " + membershipUser.UserName); @@ -316,7 +323,7 @@ namespace umbraco.cms.presentation.members } } - return membershipHelper.UpdateMember(membershipUser, Membership.Provider, email, isApproved, comment: comments).Success + return membershipHelper.UpdateMember(membershipUser, provider, email, isApproved, comment: comments).Success || unlockSuccess; } @@ -339,6 +346,8 @@ namespace umbraco.cms.presentation.members protected void tmp_save(object sender, EventArgs e) { + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + Page.Validate(); if (Page.IsValid == false) { @@ -353,14 +362,14 @@ namespace umbraco.cms.presentation.members { // hide validation summaries - if (Membership.Provider.IsUmbracoMembershipProvider()) + if (provider.IsUmbracoMembershipProvider()) { foreach (uicontrols.TabPage tp in _contentControl.GetPanels()) { tp.ErrorControl.Visible = false; } - var memberTypeProvider = (IUmbracoMemberTypeMembershipProvider) Membership.Provider; + var memberTypeProvider = (IUmbracoMemberTypeMembershipProvider)provider; //update the membership provider var commentsProp = _contentControl.DataTypes.GetValue(memberTypeProvider.CommentPropertyTypeAlias); @@ -400,7 +409,7 @@ namespace umbraco.cms.presentation.members var passwordChangerValidator = (CustomValidator)MemberPasswordTxt.Controls[1].Controls[0].Controls[0]; ChangePassword(passwordChangerControl, _membershipUser, passwordChangerValidator); - if (Membership.Provider.IsUmbracoMembershipProvider()) + if (provider.IsUmbracoMembershipProvider()) { //Hrm, with the membership provider you cannot change the login name - I guess this will do that // in the underlying data layer diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/members/MemberSearch.ascx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/members/MemberSearch.ascx.cs index bc95326f49..305bd8bfee 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/members/MemberSearch.ascx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/members/MemberSearch.ascx.cs @@ -14,7 +14,9 @@ namespace umbraco.presentation.umbraco.members { protected void Page_Load(object sender, EventArgs e) { - if (Membership.Provider.IsUmbracoMembershipProvider()) + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + + if (provider.IsUmbracoMembershipProvider()) ButtonSearch.Text = ui.Text("search"); } @@ -22,8 +24,8 @@ namespace umbraco.presentation.umbraco.members protected void ButtonSearch_Click(object sender, EventArgs e) { resultsPane.Visible = true; - - if (Membership.Provider.IsUmbracoMembershipProvider()) + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + if (provider.IsUmbracoMembershipProvider()) { var query = searchQuery.Text.ToLower(); var internalSearcher = UmbracoContext.Current.InternalMemberSearchProvider; @@ -56,7 +58,7 @@ namespace umbraco.presentation.umbraco.members IEnumerable results; if (searchQuery.Text.Contains("@")) { - results = from MembershipUser x in Membership.FindUsersByEmail(searchQuery.Text) + results = from MembershipUser x in provider.FindUsersByEmail(searchQuery.Text) select new MemberSearchResult() { @@ -68,7 +70,7 @@ namespace umbraco.presentation.umbraco.members } else { - results = from MembershipUser x in Membership.FindUsersByName(searchQuery.Text + "%") + results = from MembershipUser x in provider.FindUsersByName(searchQuery.Text + "%") select new MemberSearchResult() { diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/members/ViewMembers.aspx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/members/ViewMembers.aspx.cs index e26847b1e7..562073ecf1 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/members/ViewMembers.aspx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/members/ViewMembers.aspx.cs @@ -6,44 +6,53 @@ using System.Web.UI; using System.Web.UI.WebControls; using Umbraco.Core.Security; -namespace umbraco.presentation.members { - public partial class ViewMembers : BasePages.UmbracoEnsuredPage { +namespace umbraco.presentation.members +{ + public partial class ViewMembers : BasePages.UmbracoEnsuredPage + { public ViewMembers() { CurrentApp = BusinessLogic.DefaultApps.member.ToString(); } - protected void Page_Load(object sender, EventArgs e) { + protected void Page_Load(object sender, EventArgs e) + { panel1.Text = ui.Text("member"); - bindRp(); + BindRp(); } - private void bindRp() { - string _letter = Request.QueryString["letter"]; - if (!string.IsNullOrEmpty(_letter)) { - if (Membership.Provider.IsUmbracoMembershipProvider()) + private void BindRp() + { + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + string letter = Request.QueryString["letter"]; + if (string.IsNullOrEmpty(letter) == false) + { + if (provider.IsUmbracoMembershipProvider()) { - if (_letter == "#") + if (letter == "#") { rp_members.DataSource = cms.businesslogic.member.Member.getAllOtherMembers(); } else { - rp_members.DataSource = cms.businesslogic.member.Member.getMemberFromFirstLetter(_letter.ToCharArray()[0]); + rp_members.DataSource = cms.businesslogic.member.Member.getMemberFromFirstLetter(letter.ToCharArray()[0]); } } else { - rp_members.DataSource = System.Web.Security.Membership.FindUsersByName(_letter + "%"); + rp_members.DataSource = provider.FindUsersByName(letter + "%"); } rp_members.DataBind(); } } - public void bindMember(object sender, RepeaterItemEventArgs e) { - if (e.Item.ItemType == ListItemType.Item || e.Item.ItemType == ListItemType.AlternatingItem) { - if (Membership.Provider.IsUmbracoMembershipProvider()) + public void bindMember(object sender, RepeaterItemEventArgs e) + { + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + if (e.Item.ItemType == ListItemType.Item || e.Item.ItemType == ListItemType.AlternatingItem) + { + if (provider.IsUmbracoMembershipProvider()) { cms.businesslogic.member.Member mem = (cms.businesslogic.member.Member)e.Item.DataItem; Literal _name = (Literal)e.Item.FindControl("lt_name"); @@ -61,7 +70,7 @@ namespace umbraco.presentation.members { } else { - System.Web.Security.MembershipUser mem = (System.Web.Security.MembershipUser)e.Item.DataItem; + var mem = (MembershipUser)e.Item.DataItem; Literal _name = (Literal)e.Item.FindControl("lt_name"); Literal _email = (Literal)e.Item.FindControl("lt_email"); Literal _login = (Literal)e.Item.FindControl("lt_login"); @@ -76,17 +85,19 @@ namespace umbraco.presentation.members { } } - public void deleteMember(object sender, CommandEventArgs e) { + public void deleteMember(object sender, CommandEventArgs e) + { int memid = 0; - if (int.TryParse(e.CommandArgument.ToString(), out memid)) { + if (int.TryParse(e.CommandArgument.ToString(), out memid)) + { cms.businesslogic.member.Member mem = new global::umbraco.cms.businesslogic.member.Member(memid); if (mem != null) mem.delete(); - bindRp(); + BindRp(); } } } diff --git a/src/umbraco.businesslogic/User.cs b/src/umbraco.businesslogic/User.cs index f0ebb4590d..ef1b736d73 100644 --- a/src/umbraco.businesslogic/User.cs +++ b/src/umbraco.businesslogic/User.cs @@ -162,7 +162,7 @@ namespace umbraco.BusinessLogic } set { - _user.Password = value; + _user.RawPasswordValue = value; } } @@ -173,7 +173,7 @@ namespace umbraco.BusinessLogic public string GetPassword() { if (_lazyId.HasValue) SetupUser(_lazyId.Value); - return _user.Password; + return _user.RawPasswordValue; } /// @@ -548,7 +548,7 @@ namespace umbraco.BusinessLogic public static int getUserId(string lname, string passw) { var found = ApplicationContext.Current.Services.UserService.GetByUsername(lname); - return found.Password == passw ? found.Id : -1; + return found.RawPasswordValue == passw ? found.Id : -1; } /// diff --git a/src/umbraco.cms/businesslogic/member/Member.cs b/src/umbraco.cms/businesslogic/member/Member.cs index a9d9050d9c..76329c1ce3 100644 --- a/src/umbraco.cms/businesslogic/member/Member.cs +++ b/src/umbraco.cms/businesslogic/member/Member.cs @@ -221,17 +221,19 @@ namespace umbraco.cms.businesslogic.member { if (mbt == null) throw new ArgumentNullException("mbt"); var loginName = (string.IsNullOrEmpty(LoginName) == false) ? LoginName : Name; - + + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + //NOTE: This check is ONLY for backwards compatibility, this check shouldn't really be here it is up to the Membership provider // logic to deal with this but it was here before so we can't really change that. // Test for e-mail - if (Email != "" && GetMemberFromEmail(Email) != null && Membership.Providers[UmbracoMemberProviderName].RequiresUniqueEmail) + if (Email != "" && GetMemberFromEmail(Email) != null && provider.RequiresUniqueEmail) throw new Exception(string.Format("Duplicate Email! A member with the e-mail {0} already exists", Email)); if (GetMemberFromLoginName(loginName) != null) throw new Exception(string.Format("Duplicate User name! A member with the user name {0} already exists", loginName)); var model = ApplicationContext.Current.Services.MemberService.CreateMemberWithIdentity( - loginName, Email.ToLower(), "", mbt.MemberTypeItem); + loginName, Email.ToLower(), mbt.MemberTypeItem); model.Name = Name; //The content object will only have the 'WasCancelled' flag set to 'True' if the 'Saving' event has been cancelled, so we return null. @@ -315,8 +317,10 @@ namespace umbraco.cms.businesslogic.member { if (IsMember(loginName)) { + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + // validate user via provider - if (Membership.ValidateUser(loginName, password)) + if (provider.ValidateUser(loginName, password)) { return GetMemberFromLoginName(loginName); } @@ -354,7 +358,8 @@ namespace umbraco.cms.businesslogic.member [Obsolete("Use MembershipProviderExtensions.IsUmbracoMembershipProvider instead")] public static bool InUmbracoMemberMode() { - return Membership.Provider.IsUmbracoMembershipProvider(); + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + return provider.IsUmbracoMembershipProvider(); } public static bool IsUsingUmbracoRoles() @@ -478,7 +483,7 @@ namespace umbraco.cms.businesslogic.member { get { - return MemberItem.Password; + return MemberItem.RawPasswordValue; } set { @@ -486,7 +491,8 @@ namespace umbraco.cms.businesslogic.member // To write directly to the db use the ChangePassword method // this is not pretty but nessecary due to a design flaw (the membership provider should have been a part of the cms project) var helper = new MemberShipHelper(); - MemberItem.Password = helper.EncodePassword(value, Membership.Provider.PasswordFormat); + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + MemberItem.RawPasswordValue = helper.EncodePassword(value, provider.PasswordFormat); } } @@ -577,9 +583,10 @@ namespace umbraco.cms.businesslogic.member /// public override void Save() { + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); //Due to backwards compatibility with this API we need to check for duplicate emails here if required. // This check should not be done here, as this logic is based on the MembershipProvider - var requireUniqueEmail = Membership.Providers[UmbracoMemberProviderName].RequiresUniqueEmail; + var requireUniqueEmail = provider.RequiresUniqueEmail; //check if there's anyone with this email in the db that isn't us var membersFromEmail = GetMembersFromEmail(Email); if (requireUniqueEmail && membersFromEmail != null && membersFromEmail.Any(x => x.Id != Id)) @@ -750,7 +757,7 @@ namespace umbraco.cms.businesslogic.member /// public void ChangePassword(string newPassword) { - MemberItem.Password = newPassword; + MemberItem.RawPasswordValue = newPassword; } /// @@ -759,7 +766,7 @@ namespace umbraco.cms.businesslogic.member /// public string GetPassword() { - return MemberItem.Password; + return MemberItem.RawPasswordValue; } /// @@ -1074,7 +1081,14 @@ namespace umbraco.cms.businesslogic.member // For backwards compatibility between umbraco members and .net membership if (HttpContext.Current.User.Identity.IsAuthenticated) { - int.TryParse(Membership.GetUser().ProviderUserKey.ToString(), out currentMemberId); + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + var username = provider.GetCurrentUserName(); + var member = provider.GetUser(username, true); + if (member == null) + { + throw new InvalidOperationException("No member object found with username " + username); + } + int.TryParse(member.ProviderUserKey.ToString(), out currentMemberId); } return currentMemberId; @@ -1090,8 +1104,16 @@ namespace umbraco.cms.businesslogic.member { if (HttpContext.Current.User.Identity.IsAuthenticated) { + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + var username = provider.GetCurrentUserName(); + var member = provider.GetUser(username, true); + if (member == null) + { + throw new InvalidOperationException("No member object found with username " + username); + } + int currentMemberId = 0; - if (int.TryParse(Membership.GetUser().ProviderUserKey.ToString(), out currentMemberId)) + if (int.TryParse(member.ProviderUserKey.ToString(), out currentMemberId)) { var m = new Member(currentMemberId); return m; diff --git a/src/umbraco.cms/businesslogic/web/Access.cs b/src/umbraco.cms/businesslogic/web/Access.cs index 555818952d..e9944784da 100644 --- a/src/umbraco.cms/businesslogic/web/Access.cs +++ b/src/umbraco.cms/businesslogic/web/Access.cs @@ -7,29 +7,30 @@ using System.IO; using System.Web.Security; using Umbraco.Core.IO; +using Umbraco.Core.Security; namespace umbraco.cms.businesslogic.web { - /// - /// Summary description for Access. - /// - public class Access - { - static private readonly Hashtable CheckedPages = new Hashtable(); + /// + /// Summary description for Access. + /// + public class Access + { + static private readonly Hashtable CheckedPages = new Hashtable(); - //must be volatile for double check lock to work - static private volatile XmlDocument _accessXmlContent; - static private string _accessXmlSource; + //must be volatile for double check lock to work + static private volatile XmlDocument _accessXmlContent; + static private string _accessXmlSource; - private static void ClearCheckPages() - { - CheckedPages.Clear(); - } + private static void ClearCheckPages() + { + CheckedPages.Clear(); + } static readonly object Locko = new object(); - public static XmlDocument AccessXml - { + public static XmlDocument AccessXml + { get { if (_accessXmlContent == null) @@ -48,11 +49,11 @@ namespace umbraco.cms.businesslogic.web if (!System.IO.File.Exists(_accessXmlSource)) { - var file = new FileInfo(_accessXmlSource); - if (!Directory.Exists(file.DirectoryName)) - { - Directory.CreateDirectory(file.Directory.FullName); //ensure the folder exists! - } + var file = new FileInfo(_accessXmlSource); + if (!Directory.Exists(file.DirectoryName)) + { + Directory.CreateDirectory(file.Directory.FullName); //ensure the folder exists! + } System.IO.FileStream f = System.IO.File.Open(_accessXmlSource, FileMode.Create); System.IO.StreamWriter sw = new StreamWriter(f); sw.WriteLine(""); @@ -65,577 +66,633 @@ namespace umbraco.cms.businesslogic.web } return _accessXmlContent; } - } + } - public static void AddMembershipRoleToDocument(int documentId, string role) { - //event - AddMemberShipRoleToDocumentEventArgs e = new AddMemberShipRoleToDocumentEventArgs(); - new Access().FireBeforeAddMemberShipRoleToDocument(new Document(documentId), role, e); + public static void AddMembershipRoleToDocument(int documentId, string role) + { + //event + AddMemberShipRoleToDocumentEventArgs e = new AddMemberShipRoleToDocumentEventArgs(); + new Access().FireBeforeAddMemberShipRoleToDocument(new Document(documentId), role, e); - if (!e.Cancel) { - XmlElement x = (XmlElement)GetPage(documentId); + if (!e.Cancel) + { + XmlElement x = (XmlElement)GetPage(documentId); - if (x == null) - throw new Exception("Document is not protected!"); - else { - if (x.SelectSingleNode("group [@id = '" + role + "']") == null) { - XmlElement groupXml = (XmlElement)AccessXml.CreateNode(XmlNodeType.Element, "group", ""); - groupXml.SetAttribute("id", role); - x.AppendChild(groupXml); - Save(); - } - } + if (x == null) + throw new Exception("Document is not protected!"); + else + { + if (x.SelectSingleNode("group [@id = '" + role + "']") == null) + { + XmlElement groupXml = (XmlElement)AccessXml.CreateNode(XmlNodeType.Element, "group", ""); + groupXml.SetAttribute("id", role); + x.AppendChild(groupXml); + Save(); + } + } - new Access().FireAfterAddMemberShipRoleToDocument(new Document(documentId), role, e); - } - } + new Access().FireAfterAddMemberShipRoleToDocument(new Document(documentId), role, e); + } + } - [Obsolete("This method is no longer supported. Use the ASP.NET MemberShip methods instead", true)] - public static void AddMemberGroupToDocument(int DocumentId, int MemberGroupId) - { - XmlElement x = (XmlElement) GetPage(DocumentId); - - if (x == null) - throw new Exception("Document is not protected!"); - else - { - if (x.SelectSingleNode("group [@id = '" + MemberGroupId.ToString() + "']") == null) - { - XmlElement groupXml = (XmlElement) AccessXml.CreateNode(XmlNodeType.Element, "group", ""); - groupXml.SetAttribute("id", MemberGroupId.ToString()); - x.AppendChild(groupXml); - Save(); - } - } - } + [Obsolete("This method is no longer supported. Use the ASP.NET MemberShip methods instead", true)] + public static void AddMemberGroupToDocument(int DocumentId, int MemberGroupId) + { + XmlElement x = (XmlElement)GetPage(DocumentId); - [Obsolete("This method is no longer supported. Use the ASP.NET MemberShip methods instead", true)] - public static void AddMemberToDocument(int DocumentId, int MemberId) - { - XmlElement x = (XmlElement) GetPage(DocumentId); - - if (x == null) - throw new Exception("Document is not protected!"); - else - { - if (x.Attributes.GetNamedItem("memberId") != null) - x.Attributes.GetNamedItem("memberId").Value = MemberId.ToString(); - else - x.SetAttribute("memberId", MemberId.ToString()); - Save(); - } - } - - public static void AddMembershipUserToDocument(int documentId, string membershipUserName) { - //event - AddMembershipUserToDocumentEventArgs e = new AddMembershipUserToDocumentEventArgs(); - new Access().FireBeforeAddMembershipUserToDocument(new Document(documentId), membershipUserName, e); + if (x == null) + throw new Exception("Document is not protected!"); + else + { + if (x.SelectSingleNode("group [@id = '" + MemberGroupId.ToString() + "']") == null) + { + XmlElement groupXml = (XmlElement)AccessXml.CreateNode(XmlNodeType.Element, "group", ""); + groupXml.SetAttribute("id", MemberGroupId.ToString()); + x.AppendChild(groupXml); + Save(); + } + } + } - if (!e.Cancel) { - XmlElement x = (XmlElement)GetPage(documentId); + [Obsolete("This method is no longer supported. Use the ASP.NET MemberShip methods instead", true)] + public static void AddMemberToDocument(int DocumentId, int MemberId) + { + XmlElement x = (XmlElement)GetPage(DocumentId); - if (x == null) - throw new Exception("Document is not protected!"); - else { - if (x.Attributes.GetNamedItem("memberId") != null) - x.Attributes.GetNamedItem("memberId").Value = membershipUserName; - else - x.SetAttribute("memberId", membershipUserName); - Save(); - } + if (x == null) + throw new Exception("Document is not protected!"); + else + { + if (x.Attributes.GetNamedItem("memberId") != null) + x.Attributes.GetNamedItem("memberId").Value = MemberId.ToString(); + else + x.SetAttribute("memberId", MemberId.ToString()); + Save(); + } + } - new Access().FireAfterAddMembershipUserToDocument(new Document(documentId), membershipUserName, e); - } - - } + public static void AddMembershipUserToDocument(int documentId, string membershipUserName) + { + //event + AddMembershipUserToDocumentEventArgs e = new AddMembershipUserToDocumentEventArgs(); + new Access().FireBeforeAddMembershipUserToDocument(new Document(documentId), membershipUserName, e); - [Obsolete("This method is no longer supported. Use the ASP.NET MemberShip methods instead", true)] - public static void RemoveMemberGroupFromDocument(int DocumentId, int MemberGroupId) - { - XmlElement x = (XmlElement) GetPage(DocumentId); - - if (x == null) - throw new Exception("Document is not protected!"); - else - { - XmlNode xGroup = x.SelectSingleNode("group [@id = '" + MemberGroupId.ToString() + "']"); - if (xGroup != null) - { - x.RemoveChild(xGroup); - Save(); - } - } - } + if (!e.Cancel) + { + XmlElement x = (XmlElement)GetPage(documentId); - public static void RemoveMembershipRoleFromDocument(int documentId, string role) { + if (x == null) + throw new Exception("Document is not protected!"); + else + { + if (x.Attributes.GetNamedItem("memberId") != null) + x.Attributes.GetNamedItem("memberId").Value = membershipUserName; + else + x.SetAttribute("memberId", membershipUserName); + Save(); + } - RemoveMemberShipRoleFromDocumentEventArgs e = new RemoveMemberShipRoleFromDocumentEventArgs(); - new Access().FireBeforeRemoveMemberShipRoleFromDocument(new Document(documentId), role, e); + new Access().FireAfterAddMembershipUserToDocument(new Document(documentId), membershipUserName, e); + } - if (!e.Cancel) { - XmlElement x = (XmlElement)GetPage(documentId); + } - if (x == null) - throw new Exception("Document is not protected!"); - else { - XmlNode xGroup = x.SelectSingleNode("group [@id = '" + role + "']"); - if (xGroup != null) { - x.RemoveChild(xGroup); - Save(); - } - } + [Obsolete("This method is no longer supported. Use the ASP.NET MemberShip methods instead", true)] + public static void RemoveMemberGroupFromDocument(int DocumentId, int MemberGroupId) + { + XmlElement x = (XmlElement)GetPage(DocumentId); - new Access().FireAfterRemoveMemberShipRoleFromDocument(new Document(documentId), role, e); - } - } + if (x == null) + throw new Exception("Document is not protected!"); + else + { + XmlNode xGroup = x.SelectSingleNode("group [@id = '" + MemberGroupId.ToString() + "']"); + if (xGroup != null) + { + x.RemoveChild(xGroup); + Save(); + } + } + } - public static bool RenameMemberShipRole(string oldRolename, string newRolename) - { - bool hasChange = false; - if (oldRolename != newRolename) - { + public static void RemoveMembershipRoleFromDocument(int documentId, string role) + { + + RemoveMemberShipRoleFromDocumentEventArgs e = new RemoveMemberShipRoleFromDocumentEventArgs(); + new Access().FireBeforeRemoveMemberShipRoleFromDocument(new Document(documentId), role, e); + + if (!e.Cancel) + { + XmlElement x = (XmlElement)GetPage(documentId); + + if (x == null) + throw new Exception("Document is not protected!"); + else + { + XmlNode xGroup = x.SelectSingleNode("group [@id = '" + role + "']"); + if (xGroup != null) + { + x.RemoveChild(xGroup); + Save(); + } + } + + new Access().FireAfterRemoveMemberShipRoleFromDocument(new Document(documentId), role, e); + } + } + + public static bool RenameMemberShipRole(string oldRolename, string newRolename) + { + bool hasChange = false; + if (oldRolename != newRolename) + { oldRolename = oldRolename.Replace("'", "'"); - foreach (XmlNode x in AccessXml.SelectNodes("//group [@id = '" + oldRolename + "']")) - { - x.Attributes["id"].Value = newRolename; - hasChange = true; - } - if (hasChange) - Save(); - } + foreach (XmlNode x in AccessXml.SelectNodes("//group [@id = '" + oldRolename + "']")) + { + x.Attributes["id"].Value = newRolename; + hasChange = true; + } + if (hasChange) + Save(); + } - return hasChange; - - } - - public static void ProtectPage(bool Simple, int DocumentId, int LoginDocumentId, int ErrorDocumentId) - { - AddProtectionEventArgs e = new AddProtectionEventArgs(); - new Access().FireBeforeAddProtection(new Document(DocumentId), e); + return hasChange; - if (!e.Cancel) { + } - XmlElement x = (XmlElement)GetPage(DocumentId); - if (x == null) { - x = (XmlElement)_accessXmlContent.CreateNode(XmlNodeType.Element, "page", ""); - AccessXml.DocumentElement.AppendChild(x); - } - // if using simple mode, make sure that all existing groups are removed - else if (Simple) { - x.RemoveAll(); - } - x.SetAttribute("id", DocumentId.ToString()); - x.SetAttribute("loginPage", LoginDocumentId.ToString()); - x.SetAttribute("noRightsPage", ErrorDocumentId.ToString()); - x.SetAttribute("simple", Simple.ToString()); - Save(); + public static void ProtectPage(bool Simple, int DocumentId, int LoginDocumentId, int ErrorDocumentId) + { + AddProtectionEventArgs e = new AddProtectionEventArgs(); + new Access().FireBeforeAddProtection(new Document(DocumentId), e); - ClearCheckPages(); + if (!e.Cancel) + { - new Access().FireAfterAddProtection(new Document(DocumentId), e); - } - } + XmlElement x = (XmlElement)GetPage(DocumentId); + if (x == null) + { + x = (XmlElement)_accessXmlContent.CreateNode(XmlNodeType.Element, "page", ""); + AccessXml.DocumentElement.AppendChild(x); + } + // if using simple mode, make sure that all existing groups are removed + else if (Simple) + { + x.RemoveAll(); + } + x.SetAttribute("id", DocumentId.ToString()); + x.SetAttribute("loginPage", LoginDocumentId.ToString()); + x.SetAttribute("noRightsPage", ErrorDocumentId.ToString()); + x.SetAttribute("simple", Simple.ToString()); + Save(); - public static void RemoveProtection(int DocumentId) - { - XmlElement x = (XmlElement) GetPage(DocumentId); - if (x != null) - { - //event - RemoveProtectionEventArgs e = new RemoveProtectionEventArgs(); - new Access().FireBeforeRemoveProtection(new Document(DocumentId), e); + ClearCheckPages(); - if (!e.Cancel) { + new Access().FireAfterAddProtection(new Document(DocumentId), e); + } + } - x.ParentNode.RemoveChild(x); - Save(); - ClearCheckPages(); + public static void RemoveProtection(int DocumentId) + { + XmlElement x = (XmlElement)GetPage(DocumentId); + if (x != null) + { + //event + RemoveProtectionEventArgs e = new RemoveProtectionEventArgs(); + new Access().FireBeforeRemoveProtection(new Document(DocumentId), e); - new Access().FireAfterRemoveProtection(new Document(DocumentId), e); - } + if (!e.Cancel) + { - } - } + x.ParentNode.RemoveChild(x); + Save(); + ClearCheckPages(); - private static void Save() - { - SaveEventArgs e = new SaveEventArgs(); + new Access().FireAfterRemoveProtection(new Document(DocumentId), e); + } - new Access().FireBeforeSave(e); + } + } - if (!e.Cancel) { - System.IO.FileStream f = System.IO.File.Open(_accessXmlSource, FileMode.Create); - AccessXml.Save(f); - f.Close(); + private static void Save() + { + SaveEventArgs e = new SaveEventArgs(); - new Access().FireAfterSave(e); - } - } + new Access().FireBeforeSave(e); - [Obsolete("This method is no longer supported. Use the ASP.NET MemberShip methods instead", true)] - public static bool IsProtectedByGroup(int DocumentId, int GroupId) - { - bool isProtected = false; + if (!e.Cancel) + { + System.IO.FileStream f = System.IO.File.Open(_accessXmlSource, FileMode.Create); + AccessXml.Save(f); + f.Close(); - cms.businesslogic.web.Document d = new Document(DocumentId); + new Access().FireAfterSave(e); + } + } - if (!IsProtected(DocumentId, d.Path)) - isProtected = false; - else - { - XmlNode currentNode = GetPage(GetProtectedPage(d.Path)); - if (currentNode.SelectSingleNode("./group [@id=" + GroupId.ToString() + "]") != null) - { - isProtected = true; - } - } + [Obsolete("This method is no longer supported. Use the ASP.NET MemberShip methods instead", true)] + public static bool IsProtectedByGroup(int DocumentId, int GroupId) + { + bool isProtected = false; - return isProtected; - } + cms.businesslogic.web.Document d = new Document(DocumentId); - public static bool IsProtectedByMembershipRole(int documentId, string role) { - bool isProtected = false; + if (!IsProtected(DocumentId, d.Path)) + isProtected = false; + else + { + XmlNode currentNode = GetPage(GetProtectedPage(d.Path)); + if (currentNode.SelectSingleNode("./group [@id=" + GroupId.ToString() + "]") != null) + { + isProtected = true; + } + } - CMSNode d = new CMSNode(documentId); + return isProtected; + } - if (!IsProtected(documentId, d.Path)) - isProtected = false; - else { - XmlNode currentNode = GetPage(GetProtectedPage(d.Path)); - if (currentNode.SelectSingleNode("./group [@id='" + role + "']") != null) { - isProtected = true; - } - } + public static bool IsProtectedByMembershipRole(int documentId, string role) + { + bool isProtected = false; - return isProtected; - } + CMSNode d = new CMSNode(documentId); - public static string[] GetAccessingMembershipRoles(int documentId, string path) { - ArrayList roles = new ArrayList(); + if (!IsProtected(documentId, d.Path)) + isProtected = false; + else + { + XmlNode currentNode = GetPage(GetProtectedPage(d.Path)); + if (currentNode.SelectSingleNode("./group [@id='" + role + "']") != null) + { + isProtected = true; + } + } - if (!IsProtected(documentId, path)) - return null; - else { - XmlNode currentNode = GetPage(GetProtectedPage(path)); - foreach (XmlNode n in currentNode.SelectNodes("./group")) { - roles.Add(n.Attributes.GetNamedItem("id").Value); - } - return (string[])roles.ToArray(typeof(string)); - } + return isProtected; + } - } + public static string[] GetAccessingMembershipRoles(int documentId, string path) + { + ArrayList roles = new ArrayList(); - [Obsolete("This method is no longer supported. Use the ASP.NET MemberShip methods instead", true)] - public static cms.businesslogic.member.MemberGroup[] GetAccessingGroups(int DocumentId) - { - cms.businesslogic.web.Document d = new Document(DocumentId); + if (!IsProtected(documentId, path)) + return null; + else + { + XmlNode currentNode = GetPage(GetProtectedPage(path)); + foreach (XmlNode n in currentNode.SelectNodes("./group")) + { + roles.Add(n.Attributes.GetNamedItem("id").Value); + } + return (string[])roles.ToArray(typeof(string)); + } - if (!IsProtected(DocumentId, d.Path)) - return null; - else - { - XmlNode currentNode = GetPage(GetProtectedPage(d.Path)); - cms.businesslogic.member.MemberGroup[] mg = new umbraco.cms.businesslogic.member.MemberGroup[currentNode.SelectNodes("./group").Count]; - int count = 0; - foreach (XmlNode n in currentNode.SelectNodes("./group")) - { - mg[count] = new cms.businesslogic.member.MemberGroup(int.Parse(n.Attributes.GetNamedItem("id").Value)); - count++; - } - return mg; - } + } - } + [Obsolete("This method is no longer supported. Use the ASP.NET MemberShip methods instead", true)] + public static cms.businesslogic.member.MemberGroup[] GetAccessingGroups(int DocumentId) + { + cms.businesslogic.web.Document d = new Document(DocumentId); - [Obsolete("This method is no longer supported. Use the ASP.NET MemberShip methods instead", true)] - public static cms.businesslogic.member.Member GetAccessingMember(int DocumentId) { - cms.businesslogic.web.Document d = new Document(DocumentId); + if (!IsProtected(DocumentId, d.Path)) + return null; + else + { + XmlNode currentNode = GetPage(GetProtectedPage(d.Path)); + var mg = new member.MemberGroup[currentNode.SelectNodes("./group").Count]; + int count = 0; + foreach (XmlNode n in currentNode.SelectNodes("./group")) + { + mg[count] = new member.MemberGroup(int.Parse(n.Attributes.GetNamedItem("id").Value)); + count++; + } + return mg; + } - if (!IsProtected(DocumentId, d.Path)) - return null; - else if (GetProtectionType(DocumentId) != ProtectionType.Simple) - throw new Exception("Document isn't protected using Simple mechanism. Use GetAccessingMemberGroups instead"); - else { - XmlNode currentNode = GetPage(GetProtectedPage(d.Path)); - if (currentNode.Attributes.GetNamedItem("memberId") != null) - return new cms.businesslogic.member.Member(int.Parse( - currentNode.Attributes.GetNamedItem("memberId").Value)); - else - throw new Exception("Document doesn't contain a memberId. This might be caused if document is protected using umbraco RC1 or older."); + } - } + [Obsolete("This method is no longer supported. Use the ASP.NET MemberShip methods instead", true)] + public static cms.businesslogic.member.Member GetAccessingMember(int DocumentId) + { + cms.businesslogic.web.Document d = new Document(DocumentId); - } - - public static MembershipUser GetAccessingMembershipUser(int documentId) { - CMSNode d = new CMSNode(documentId); + if (!IsProtected(DocumentId, d.Path)) + return null; + else if (GetProtectionType(DocumentId) != ProtectionType.Simple) + throw new Exception("Document isn't protected using Simple mechanism. Use GetAccessingMemberGroups instead"); + else + { + XmlNode currentNode = GetPage(GetProtectedPage(d.Path)); + if (currentNode.Attributes.GetNamedItem("memberId") != null) + return new cms.businesslogic.member.Member(int.Parse( + currentNode.Attributes.GetNamedItem("memberId").Value)); + else + throw new Exception("Document doesn't contain a memberId. This might be caused if document is protected using umbraco RC1 or older."); - if (!IsProtected(documentId, d.Path)) - return null; - else if (GetProtectionType(documentId) != ProtectionType.Simple) - throw new Exception("Document isn't protected using Simple mechanism. Use GetAccessingMemberGroups instead"); - else { - XmlNode currentNode = GetPage(GetProtectedPage(d.Path)); - if (currentNode.Attributes.GetNamedItem("memberId") != null) - return Membership.GetUser(currentNode.Attributes.GetNamedItem("memberId").Value); - else - throw new Exception("Document doesn't contain a memberId. This might be caused if document is protected using umbraco RC1 or older."); + } - } + } - } + public static MembershipUser GetAccessingMembershipUser(int documentId) + { + CMSNode d = new CMSNode(documentId); + + if (!IsProtected(documentId, d.Path)) + return null; + else if (GetProtectionType(documentId) != ProtectionType.Simple) + throw new Exception("Document isn't protected using Simple mechanism. Use GetAccessingMemberGroups instead"); + else + { + XmlNode currentNode = GetPage(GetProtectedPage(d.Path)); + if (currentNode.Attributes.GetNamedItem("memberId") != null) + { + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); + + return provider.GetUser(currentNode.Attributes.GetNamedItem("memberId").Value, true); + } + else + { + throw new Exception("Document doesn't contain a memberId. This might be caused if document is protected using umbraco RC1 or older."); + } + + } + + } - [Obsolete("This method is no longer supported. Use the ASP.NET MemberShip methods instead", true)] - public static bool HasAccess(int DocumentId, cms.businesslogic.member.Member Member) - { - bool hasAccess = false; + [Obsolete("This method is no longer supported. Use the ASP.NET MemberShip methods instead", true)] + public static bool HasAccess(int DocumentId, cms.businesslogic.member.Member Member) + { + bool hasAccess = false; - cms.businesslogic.web.Document d = new Document(DocumentId); + cms.businesslogic.web.Document d = new Document(DocumentId); - if (!IsProtected(DocumentId, d.Path)) - hasAccess = true; - else - { - XmlNode currentNode = GetPage(GetProtectedPage(d.Path)); - if (Member != null) - { - IDictionaryEnumerator ide = Member.Groups.GetEnumerator(); - while(ide.MoveNext()) - { - cms.businesslogic.member.MemberGroup mg = (cms.businesslogic.member.MemberGroup) ide.Value; - if (currentNode.SelectSingleNode("./group [@id=" + mg.Id.ToString() + "]") != null) - { - hasAccess = true; - break; - } - } - } - } + if (!IsProtected(DocumentId, d.Path)) + hasAccess = true; + else + { + XmlNode currentNode = GetPage(GetProtectedPage(d.Path)); + if (Member != null) + { + IDictionaryEnumerator ide = Member.Groups.GetEnumerator(); + while (ide.MoveNext()) + { + cms.businesslogic.member.MemberGroup mg = (cms.businesslogic.member.MemberGroup)ide.Value; + if (currentNode.SelectSingleNode("./group [@id=" + mg.Id.ToString() + "]") != null) + { + hasAccess = true; + break; + } + } + } + } - return hasAccess; - } + return hasAccess; + } - public static bool HasAccces(int documentId, object memberId) { - bool hasAccess = false; - cms.businesslogic.CMSNode node = new CMSNode(documentId); + public static bool HasAccces(int documentId, object memberId) + { + bool hasAccess = false; + var node = new CMSNode(documentId); - if (!IsProtected(documentId, node.Path)) - return true; - else { - MembershipUser member = Membership.GetUser(memberId); - XmlNode currentNode = GetPage(GetProtectedPage(node.Path)); + if (IsProtected(documentId, node.Path) == false) + return true; - if (member != null) { - foreach(string role in Roles.GetRolesForUser()) { - if (currentNode.SelectSingleNode("./group [@id='" + role + "']") != null) { - hasAccess = true; - break; - } - } - } - } - return hasAccess; - } + var provider = MembershipProviderExtensions.GetMembersMembershipProvider(); - public static bool HasAccess(int documentId, string path, MembershipUser member) { - bool hasAccess = false; + var member = provider.GetUser(memberId, true); + var currentNode = GetPage(GetProtectedPage(node.Path)); - if (!IsProtected(documentId, path)) - hasAccess = true; - else { - XmlNode currentNode = GetPage(GetProtectedPage(path)); - if (member != null) { - string[] roles = Roles.GetRolesForUser(member.UserName); - foreach(string role in roles) { - if (currentNode.SelectSingleNode("./group [@id='" + role + "']") != null) { - hasAccess = true; - break; - } - } - } - } + if (member != null) + { + foreach (string role in Roles.GetRolesForUser()) + { + if (currentNode.SelectSingleNode("./group [@id='" + role + "']") != null) + { + hasAccess = true; + break; + } + } + } + return hasAccess; + } - return hasAccess; - } + public static bool HasAccess(int documentId, string path, MembershipUser member) + { + bool hasAccess = false; - public static ProtectionType GetProtectionType(int DocumentId) - { - XmlNode x = GetPage(DocumentId); - try - { - if (bool.Parse(x.Attributes.GetNamedItem("simple").Value)) - return ProtectionType.Simple; - else - return ProtectionType.Advanced; - } - catch - { - return ProtectionType.NotProtected; - } + if (!IsProtected(documentId, path)) + hasAccess = true; + else + { + XmlNode currentNode = GetPage(GetProtectedPage(path)); + if (member != null) + { + string[] roles = Roles.GetRolesForUser(member.UserName); + foreach (string role in roles) + { + if (currentNode.SelectSingleNode("./group [@id='" + role + "']") != null) + { + hasAccess = true; + break; + } + } + } + } - } + return hasAccess; + } - public static bool IsProtected(int DocumentId, string Path) - { - bool isProtected = false; + public static ProtectionType GetProtectionType(int DocumentId) + { + XmlNode x = GetPage(DocumentId); + try + { + if (bool.Parse(x.Attributes.GetNamedItem("simple").Value)) + return ProtectionType.Simple; + else + return ProtectionType.Advanced; + } + catch + { + return ProtectionType.NotProtected; + } - if (!CheckedPages.ContainsKey(DocumentId)) - { - foreach(string id in Path.Split(',')) - { - if (GetPage(int.Parse(id)) != null) - { - isProtected = true; - break; - } - } + } - // Add thread safe updating to the hashtable + public static bool IsProtected(int DocumentId, string Path) + { + bool isProtected = false; + + if (!CheckedPages.ContainsKey(DocumentId)) + { + foreach (string id in Path.Split(',')) + { + if (GetPage(int.Parse(id)) != null) + { + isProtected = true; + break; + } + } + + // Add thread safe updating to the hashtable if (System.Web.HttpContext.Current != null) - System.Web.HttpContext.Current.Application.Lock(); - if (!CheckedPages.ContainsKey(DocumentId)) - CheckedPages.Add(DocumentId, isProtected); + System.Web.HttpContext.Current.Application.Lock(); + if (!CheckedPages.ContainsKey(DocumentId)) + CheckedPages.Add(DocumentId, isProtected); if (System.Web.HttpContext.Current != null) System.Web.HttpContext.Current.Application.UnLock(); - } - else - isProtected = (bool) CheckedPages[DocumentId]; - - return isProtected; - } + } + else + isProtected = (bool)CheckedPages[DocumentId]; - public static int GetErrorPage(string Path) - { - return int.Parse(GetPage(GetProtectedPage(Path)).Attributes.GetNamedItem("noRightsPage").Value); - } + return isProtected; + } - public static int GetLoginPage(string Path) - { - return int.Parse(GetPage(GetProtectedPage(Path)).Attributes.GetNamedItem("loginPage").Value); - } + public static int GetErrorPage(string Path) + { + return int.Parse(GetPage(GetProtectedPage(Path)).Attributes.GetNamedItem("noRightsPage").Value); + } - private static int GetProtectedPage(string Path) - { - int protectedPage = 0; + public static int GetLoginPage(string Path) + { + return int.Parse(GetPage(GetProtectedPage(Path)).Attributes.GetNamedItem("loginPage").Value); + } - foreach(string id in Path.Split(',')) - if (GetPage(int.Parse(id)) != null) - protectedPage = int.Parse(id); + private static int GetProtectedPage(string Path) + { + int protectedPage = 0; - return protectedPage; - } + foreach (string id in Path.Split(',')) + if (GetPage(int.Parse(id)) != null) + protectedPage = int.Parse(id); - private static XmlNode GetPage(int documentId) - { - XmlNode x = AccessXml.SelectSingleNode("/access/page [@id=" + documentId.ToString() + "]"); - return x; - } + return protectedPage; + } + + private static XmlNode GetPage(int documentId) + { + XmlNode x = AccessXml.SelectSingleNode("/access/page [@id=" + documentId.ToString() + "]"); + return x; + } - //Event delegates - public delegate void SaveEventHandler(Access sender, SaveEventArgs e); + //Event delegates + public delegate void SaveEventHandler(Access sender, SaveEventArgs e); - public delegate void AddProtectionEventHandler(Document sender, AddProtectionEventArgs e); - public delegate void RemoveProtectionEventHandler(Document sender, RemoveProtectionEventArgs e); + public delegate void AddProtectionEventHandler(Document sender, AddProtectionEventArgs e); + public delegate void RemoveProtectionEventHandler(Document sender, RemoveProtectionEventArgs e); - public delegate void AddMemberShipRoleToDocumentEventHandler(Document sender, string role, AddMemberShipRoleToDocumentEventArgs e); - public delegate void RemoveMemberShipRoleFromDocumentEventHandler(Document sender, string role, RemoveMemberShipRoleFromDocumentEventArgs e); + public delegate void AddMemberShipRoleToDocumentEventHandler(Document sender, string role, AddMemberShipRoleToDocumentEventArgs e); + public delegate void RemoveMemberShipRoleFromDocumentEventHandler(Document sender, string role, RemoveMemberShipRoleFromDocumentEventArgs e); - public delegate void RemoveMemberShipUserFromDocumentEventHandler(Document sender, string MembershipUserName, RemoveMemberShipUserFromDocumentEventArgs e); - public delegate void AddMembershipUserToDocumentEventHandler(Document sender, string MembershipUserName, AddMembershipUserToDocumentEventArgs e); + public delegate void RemoveMemberShipUserFromDocumentEventHandler(Document sender, string MembershipUserName, RemoveMemberShipUserFromDocumentEventArgs e); + public delegate void AddMembershipUserToDocumentEventHandler(Document sender, string MembershipUserName, AddMembershipUserToDocumentEventArgs e); - //Events + //Events - public static event SaveEventHandler BeforeSave; - protected virtual void FireBeforeSave(SaveEventArgs e) { - if (BeforeSave != null) - BeforeSave(this, e); - } + public static event SaveEventHandler BeforeSave; + protected virtual void FireBeforeSave(SaveEventArgs e) + { + if (BeforeSave != null) + BeforeSave(this, e); + } - public static event SaveEventHandler AfterSave; - protected virtual void FireAfterSave(SaveEventArgs e) { - if (AfterSave != null) - AfterSave(this, e); - } + public static event SaveEventHandler AfterSave; + protected virtual void FireAfterSave(SaveEventArgs e) + { + if (AfterSave != null) + AfterSave(this, e); + } - public static event AddProtectionEventHandler BeforeAddProtection; - protected virtual void FireBeforeAddProtection(Document doc, AddProtectionEventArgs e) { - if (BeforeAddProtection != null) - BeforeAddProtection(doc, e); - } + public static event AddProtectionEventHandler BeforeAddProtection; + protected virtual void FireBeforeAddProtection(Document doc, AddProtectionEventArgs e) + { + if (BeforeAddProtection != null) + BeforeAddProtection(doc, e); + } - public static event AddProtectionEventHandler AfterAddProtection; - protected virtual void FireAfterAddProtection(Document doc, AddProtectionEventArgs e) { - if (AfterAddProtection != null) - AfterAddProtection(doc, e); - } + public static event AddProtectionEventHandler AfterAddProtection; + protected virtual void FireAfterAddProtection(Document doc, AddProtectionEventArgs e) + { + if (AfterAddProtection != null) + AfterAddProtection(doc, e); + } - public static event RemoveProtectionEventHandler BeforeRemoveProtection; - protected virtual void FireBeforeRemoveProtection(Document doc, RemoveProtectionEventArgs e) { - if (BeforeRemoveProtection != null) - BeforeRemoveProtection(doc, e); - } + public static event RemoveProtectionEventHandler BeforeRemoveProtection; + protected virtual void FireBeforeRemoveProtection(Document doc, RemoveProtectionEventArgs e) + { + if (BeforeRemoveProtection != null) + BeforeRemoveProtection(doc, e); + } - public static event RemoveProtectionEventHandler AfterRemoveProtection; - protected virtual void FireAfterRemoveProtection(Document doc, RemoveProtectionEventArgs e) { - if (AfterRemoveProtection != null) - AfterRemoveProtection(doc, e); - } + public static event RemoveProtectionEventHandler AfterRemoveProtection; + protected virtual void FireAfterRemoveProtection(Document doc, RemoveProtectionEventArgs e) + { + if (AfterRemoveProtection != null) + AfterRemoveProtection(doc, e); + } - public static event AddMemberShipRoleToDocumentEventHandler BeforeAddMemberShipRoleToDocument; - protected virtual void FireBeforeAddMemberShipRoleToDocument(Document doc, string role, AddMemberShipRoleToDocumentEventArgs e) { - if (BeforeAddMemberShipRoleToDocument != null) - BeforeAddMemberShipRoleToDocument(doc, role, e); - } + public static event AddMemberShipRoleToDocumentEventHandler BeforeAddMemberShipRoleToDocument; + protected virtual void FireBeforeAddMemberShipRoleToDocument(Document doc, string role, AddMemberShipRoleToDocumentEventArgs e) + { + if (BeforeAddMemberShipRoleToDocument != null) + BeforeAddMemberShipRoleToDocument(doc, role, e); + } - public static event AddMemberShipRoleToDocumentEventHandler AfterAddMemberShipRoleToDocument; - protected virtual void FireAfterAddMemberShipRoleToDocument(Document doc, string role, AddMemberShipRoleToDocumentEventArgs e) { - if (AfterAddMemberShipRoleToDocument != null) - AfterAddMemberShipRoleToDocument(doc, role, e); - } + public static event AddMemberShipRoleToDocumentEventHandler AfterAddMemberShipRoleToDocument; + protected virtual void FireAfterAddMemberShipRoleToDocument(Document doc, string role, AddMemberShipRoleToDocumentEventArgs e) + { + if (AfterAddMemberShipRoleToDocument != null) + AfterAddMemberShipRoleToDocument(doc, role, e); + } - public static event RemoveMemberShipRoleFromDocumentEventHandler BeforeRemoveMemberShipRoleToDocument; - protected virtual void FireBeforeRemoveMemberShipRoleFromDocument(Document doc, string role, RemoveMemberShipRoleFromDocumentEventArgs e) { - if (BeforeRemoveMemberShipRoleToDocument != null) - BeforeRemoveMemberShipRoleToDocument(doc, role, e); - } + public static event RemoveMemberShipRoleFromDocumentEventHandler BeforeRemoveMemberShipRoleToDocument; + protected virtual void FireBeforeRemoveMemberShipRoleFromDocument(Document doc, string role, RemoveMemberShipRoleFromDocumentEventArgs e) + { + if (BeforeRemoveMemberShipRoleToDocument != null) + BeforeRemoveMemberShipRoleToDocument(doc, role, e); + } - public static event RemoveMemberShipRoleFromDocumentEventHandler AfterRemoveMemberShipRoleToDocument; - protected virtual void FireAfterRemoveMemberShipRoleFromDocument(Document doc, string role, RemoveMemberShipRoleFromDocumentEventArgs e) { - if (AfterRemoveMemberShipRoleToDocument != null) - AfterRemoveMemberShipRoleToDocument(doc, role, e); - } + public static event RemoveMemberShipRoleFromDocumentEventHandler AfterRemoveMemberShipRoleToDocument; + protected virtual void FireAfterRemoveMemberShipRoleFromDocument(Document doc, string role, RemoveMemberShipRoleFromDocumentEventArgs e) + { + if (AfterRemoveMemberShipRoleToDocument != null) + AfterRemoveMemberShipRoleToDocument(doc, role, e); + } - public static event RemoveMemberShipUserFromDocumentEventHandler BeforeRemoveMembershipUserFromDocument; - protected virtual void FireBeforeRemoveMembershipUserFromDocument(Document doc, string username, RemoveMemberShipUserFromDocumentEventArgs e) { - if (BeforeRemoveMembershipUserFromDocument != null) - BeforeRemoveMembershipUserFromDocument(doc, username, e); - } + public static event RemoveMemberShipUserFromDocumentEventHandler BeforeRemoveMembershipUserFromDocument; + protected virtual void FireBeforeRemoveMembershipUserFromDocument(Document doc, string username, RemoveMemberShipUserFromDocumentEventArgs e) + { + if (BeforeRemoveMembershipUserFromDocument != null) + BeforeRemoveMembershipUserFromDocument(doc, username, e); + } - public static event RemoveMemberShipUserFromDocumentEventHandler AfterRemoveMembershipUserFromDocument; - protected virtual void FireAfterRemoveMembershipUserFromDocument(Document doc, string username, RemoveMemberShipUserFromDocumentEventArgs e) { - if (AfterRemoveMembershipUserFromDocument != null) - AfterRemoveMembershipUserFromDocument(doc, username, e); - } + public static event RemoveMemberShipUserFromDocumentEventHandler AfterRemoveMembershipUserFromDocument; + protected virtual void FireAfterRemoveMembershipUserFromDocument(Document doc, string username, RemoveMemberShipUserFromDocumentEventArgs e) + { + if (AfterRemoveMembershipUserFromDocument != null) + AfterRemoveMembershipUserFromDocument(doc, username, e); + } - public static event AddMembershipUserToDocumentEventHandler BeforeAddMembershipUserToDocument; - protected virtual void FireBeforeAddMembershipUserToDocument(Document doc, string username, AddMembershipUserToDocumentEventArgs e) { - if (BeforeAddMembershipUserToDocument != null) - BeforeAddMembershipUserToDocument(doc, username, e); - } + public static event AddMembershipUserToDocumentEventHandler BeforeAddMembershipUserToDocument; + protected virtual void FireBeforeAddMembershipUserToDocument(Document doc, string username, AddMembershipUserToDocumentEventArgs e) + { + if (BeforeAddMembershipUserToDocument != null) + BeforeAddMembershipUserToDocument(doc, username, e); + } - public static event AddMembershipUserToDocumentEventHandler AfterAddMembershipUserToDocument; - protected virtual void FireAfterAddMembershipUserToDocument(Document doc, string username, AddMembershipUserToDocumentEventArgs e) { - if (AfterAddMembershipUserToDocument != null) - AfterAddMembershipUserToDocument(doc, username, e); - } - } + public static event AddMembershipUserToDocumentEventHandler AfterAddMembershipUserToDocument; + protected virtual void FireAfterAddMembershipUserToDocument(Document doc, string username, AddMembershipUserToDocumentEventArgs e) + { + if (AfterAddMembershipUserToDocument != null) + AfterAddMembershipUserToDocument(doc, username, e); + } + } - public enum ProtectionType - { - NotProtected, - Simple, - Advanced - } + public enum ProtectionType + { + NotProtected, + Simple, + Advanced + } } diff --git a/src/umbraco.providers/members/MembershipEventHandler.cs b/src/umbraco.providers/members/MembershipEventHandler.cs index 7d8687f788..28e4b4dbdc 100644 --- a/src/umbraco.providers/members/MembershipEventHandler.cs +++ b/src/umbraco.providers/members/MembershipEventHandler.cs @@ -2,6 +2,7 @@ using System.Web.Security; using Umbraco.Core; using umbraco.cms.businesslogic; using umbraco.cms.businesslogic.member; +using Umbraco.Core.Security; namespace umbraco.providers.members { @@ -20,7 +21,7 @@ namespace umbraco.providers.members //This is a bit of a hack to ensure that the member is approved when created since many people will be using // this old api to create members on the front-end and they need to be approved - which is based on whether or not // the Umbraco membership provider is configured. - var provider = Membership.Provider as UmbracoMembershipProvider; + var provider = MembershipProviderExtensions.GetMembersMembershipProvider() as UmbracoMembershipProvider; if (provider != null) { var approvedField = provider.ApprovedPropertyTypeAlias;