Support member names using Down-Level Logon Name format

2021-07-15 01:28:24 +01:00
parent 7e8e96aaa3
commit f978ef15d0
3 changed files with 17 additions and 2 deletions
--- a/src/Umbraco.Core/Configuration/Models/SecuritySettings.cs
+++ b/src/Umbraco.Core/Configuration/Models/SecuritySettings.cs
@@ -15,6 +15,7 @@ namespace Umbraco.Cms.Core.Configuration.Models
        internal const bool StaticHideDisabledUsersInBackOffice = false;
        internal const bool StaticAllowPasswordReset = true;
        internal const string StaticAuthCookieName = "UMB_UCONTEXT";
+        internal const string StaticAllowedUserNameCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+\\";

        /// <summary>
        /// Gets or sets a value indicating whether to keep the user logged in.
@@ -50,6 +51,12 @@ namespace Umbraco.Cms.Core.Configuration.Models
        /// </summary>
        public bool UsernameIsEmail { get; set; } = true;

+        /// <summary>
+        /// Gets or sets the set of allowed characters for a username
+        /// </summary>
+        [DefaultValue(StaticAllowedUserNameCharacters)]
+        public string AllowedUserNameCharacters { get; set; } = StaticAllowedUserNameCharacters;
+
        /// <summary>
        /// Gets or sets a value for the user password settings.
        /// </summary>
--- a/src/Umbraco.Web.Common/Security/ConfigureMemberIdentityOptions.cs
+++ b/src/Umbraco.Web.Common/Security/ConfigureMemberIdentityOptions.cs
@@ -10,9 +10,13 @@ namespace Umbraco.Cms.Web.Common.Security
    public sealed class ConfigureMemberIdentityOptions : IConfigureOptions<IdentityOptions>
    {
        private readonly MemberPasswordConfigurationSettings _memberPasswordConfiguration;
+        private readonly SecuritySettings _securitySettings;

-        public ConfigureMemberIdentityOptions(IOptions<MemberPasswordConfigurationSettings> memberPasswordConfiguration)
-            => _memberPasswordConfiguration = memberPasswordConfiguration.Value;
+        public ConfigureMemberIdentityOptions(IOptions<MemberPasswordConfigurationSettings> memberPasswordConfiguration, IOptions<SecuritySettings> securitySettings)
+        {
+            _memberPasswordConfiguration = memberPasswordConfiguration.Value;
+            _securitySettings = securitySettings.Value;
+        }

        public void Configure(IdentityOptions options)
        {
@@ -22,6 +26,9 @@ namespace Umbraco.Cms.Web.Common.Security

            options.User.RequireUniqueEmail = true;

+            // Support validation of member names using Down-Level Logon Name format
+            options.User.AllowedUserNameCharacters = _securitySettings.AllowedUserNameCharacters;
+
            options.Lockout.AllowedForNewUsers = true;
            // TODO: Implement this
            options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromDays(30);
--- a/src/Umbraco.Web.UI.NetCore/appsettings.json
+++ b/src/Umbraco.Web.UI.NetCore/appsettings.json
@@ -46,6 +46,7 @@
        "KeepUserLoggedIn": false,
        "UsernameIsEmail": true,
        "HideDisabledUsersInBackoffice": false,
+        "AllowedUserNameCharacters": "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+\\",
        "UserPassword": {
          "RequiredLength": 10,
          "RequireNonLetterOrDigit": false,