diff --git a/src/Umbraco.Cms.Api.Common/Configuration/ConfigureOpenIddict.cs b/src/Umbraco.Cms.Api.Common/Configuration/ConfigureOpenIddict.cs new file mode 100644 index 0000000000..f428957bd9 --- /dev/null +++ b/src/Umbraco.Cms.Api.Common/Configuration/ConfigureOpenIddict.cs @@ -0,0 +1,15 @@ +using Microsoft.Extensions.Options; +using OpenIddict.Server.AspNetCore; +using Umbraco.Cms.Core.Configuration.Models; + +namespace Umbraco.Cms.Api.Common.Configuration; + +internal class ConfigureOpenIddict : IConfigureOptions +{ + private readonly IOptions _globalSettings; + + public ConfigureOpenIddict(IOptions globalSettings) => _globalSettings = globalSettings; + + public void Configure(OpenIddictServerAspNetCoreOptions options) + => options.DisableTransportSecurityRequirement = _globalSettings.Value.UseHttps is false; +} diff --git a/src/Umbraco.Cms.Api.Common/Configuration/PostConfigureOpenIddict.cs b/src/Umbraco.Cms.Api.Common/Configuration/PostConfigureOpenIddict.cs deleted file mode 100644 index f01b71fbb1..0000000000 --- a/src/Umbraco.Cms.Api.Common/Configuration/PostConfigureOpenIddict.cs +++ /dev/null @@ -1,44 +0,0 @@ -using Microsoft.Extensions.DependencyInjection; -using Microsoft.Extensions.Options; -using OpenIddict.Server; -using OpenIddict.Server.AspNetCore; -using Umbraco.Cms.Core.Configuration.Models; - -namespace Umbraco.Cms.Api.Common.Configuration; - -internal class PostConfigureOpenIddict : IPostConfigureOptions -{ - private readonly IOptions _globalSettings; - - public PostConfigureOpenIddict(IOptions globalSettings) - { - _globalSettings = globalSettings; - } - - public void PostConfigure(string? name, OpenIddictServerOptions options) - { - EnsureHttpsIsNotRequiredWhenConfigAllowHttp(options); - } - - /// - /// Ensures OpenIddict is configured to allow Http requrest, if and only if, the global settings are configured to allow Http. - /// - /// - /// The logic actually allowing http by removing the ValidateTransportSecurityRequirement Descriptor is borrowed from - /// - private void EnsureHttpsIsNotRequiredWhenConfigAllowHttp(OpenIddictServerOptions options) - { - if (_globalSettings.Value.UseHttps is false) - { - OpenIddictServerHandlerDescriptor descriptor = OpenIddictServerAspNetCoreHandlers.ValidateTransportSecurityRequirement.Descriptor; - - for (var index = options.Handlers.Count - 1; index >= 0; index--) - { - if (options.Handlers[index].ServiceDescriptor.ServiceType == descriptor.ServiceDescriptor.ServiceType) - { - options.Handlers.RemoveAt(index); - } - } - } - } -} diff --git a/src/Umbraco.Cms.Api.Common/DependencyInjection/UmbracoBuilderAuthExtensions.cs b/src/Umbraco.Cms.Api.Common/DependencyInjection/UmbracoBuilderAuthExtensions.cs index c215eeecf8..3619da3071 100644 --- a/src/Umbraco.Cms.Api.Common/DependencyInjection/UmbracoBuilderAuthExtensions.cs +++ b/src/Umbraco.Cms.Api.Common/DependencyInjection/UmbracoBuilderAuthExtensions.cs @@ -133,6 +133,6 @@ public static class UmbracoBuilderAuthExtensions }); builder.Services.AddRecurringBackgroundJob(); - builder.Services.ConfigureOptions(); + builder.Services.ConfigureOptions(); } }