yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FIxes more of the auth procedure

Browse Source
This commit is contained in:
Shannon
2020-11-27 15:58:00 +11:00
parent 47ab15f457
commit ec6ac41e56
2 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs
View File

@@ -216,7 +216,7 @@ namespace Umbraco.Web.BackOffice.Controllers
return 0;
}
var remainingSeconds = HttpContext.User.GetRemainingAuthSeconds();
var remainingSeconds = result.Principal.GetRemainingAuthSeconds();
if (remainingSeconds <= 30)
{
var username = result.Principal.FindFirst(ClaimTypes.Name)?.Value;
@@ -572,13 +572,17 @@ namespace Umbraco.Web.BackOffice.Controllers
/// </summary>
/// <returns></returns>
[ValidateAngularAntiForgeryToken]
public IActionResult PostLogout()
public async Task<IActionResult> PostLogout()
{
HttpContext.SignOutAsync(Constants.Security.BackOfficeAuthenticationType);
// force authentication to occur since this is not an authorized endpoint
var result = await HttpContext.AuthenticateAsync(Constants.Security.BackOfficeAuthenticationType);
if (!result.Succeeded) return Ok();
await _signInManager.SignOutAsync();
_logger.LogInformation("User {UserName} from IP address {RemoteIpAddress} has logged out", User.Identity == null ? "UNKNOWN" : User.Identity.Name, HttpContext.Connection.RemoteIpAddress);
var userId = int.Parse(User.Identity.GetUserId());
var userId = int.Parse(result.Principal.Identity.GetUserId());
var args = _userManager.RaiseLogoutSuccessEvent(User, userId);
if (!args.SignOutRedirectUrl.IsNullOrWhiteSpace())
{

3
src/Umbraco.Web.BackOffice/Security/BackOfficeSignInManager.cs
View File

@@ -200,7 +200,8 @@ namespace Umbraco.Web.Common.Security
await Context.SignOutAsync(Constants.Security.BackOfficeAuthenticationType);
await Context.SignOutAsync(Constants.Security.BackOfficeExternalAuthenticationType);
await Context.SignOutAsync(Constants.Security.BackOfficeTwoFactorAuthenticationType);
// TODO: Put this back in when we implement it
//await Context.SignOutAsync(Constants.Security.BackOfficeTwoFactorAuthenticationType);
}