Cleaned up some low-hanging FIXMEs (#16010)

* Cleaned up some low-hanging FIXMEs * Fixed merge
2024-04-11 10:50:31 +02:00
parent a982df97a6
commit faee63627f
5 changed files with 15 additions and 38 deletions
--- a/src/Umbraco.Cms.Api.Common/DependencyInjection/UmbracoBuilderAuthExtensions.cs
+++ b/src/Umbraco.Cms.Api.Common/DependencyInjection/UmbracoBuilderAuthExtensions.cs
@@ -30,7 +30,6 @@ public static class UmbracoBuilderAuthExtensions
            {
                // Enable the authorization and token endpoints.
                // - important: member endpoints MUST be added before backoffice endpoints to ensure that auto-discovery works for members
-                // FIXME: swap paths here so member API is first (see comment above)
                options
                    .SetAuthorizationEndpointUris(
                        Paths.MemberApi.AuthorizationEndpoint.TrimStart(Constants.CharArrays.ForwardSlash),
--- a/src/Umbraco.Cms.Api.Management/Controllers/AuditLog/CurrentUserAuditLogController.cs
+++ b/src/Umbraco.Cms.Api.Management/Controllers/AuditLog/CurrentUserAuditLogController.cs
@@ -5,9 +5,9 @@ using Umbraco.Cms.Api.Common.ViewModels.Pagination;
 using Umbraco.Cms.Api.Management.Factories;
 using Umbraco.Cms.Api.Management.ViewModels.AuditLogs;
 using Umbraco.Cms.Core;
-using Umbraco.Cms.Core.Exceptions;
 using Umbraco.Cms.Core.Models;
 using Umbraco.Cms.Core.Models.Membership;
+using Umbraco.Cms.Core.Security;
 using Umbraco.Cms.Core.Services;

 namespace Umbraco.Cms.Api.Management.Controllers.AuditLog;
@@ -17,16 +17,16 @@ public class CurrentUserAuditLogController : AuditLogControllerBase
 {
    private readonly IAuditService _auditService;
    private readonly IAuditLogPresentationFactory _auditLogPresentationFactory;
-    private readonly IUserService _userService;
+    private readonly IBackOfficeSecurityAccessor _backOfficeSecurityAccessor;

    public CurrentUserAuditLogController(
        IAuditService auditService,
        IAuditLogPresentationFactory auditLogPresentationFactory,
-        IUserService userService)
+        IBackOfficeSecurityAccessor backOfficeSecurityAccessor)
    {
        _auditService = auditService;
        _auditLogPresentationFactory = auditLogPresentationFactory;
-        _userService = userService;
+        _backOfficeSecurityAccessor = backOfficeSecurityAccessor;
    }

    [HttpGet]
@@ -34,17 +34,7 @@ public class CurrentUserAuditLogController : AuditLogControllerBase
    [ProducesResponseType(typeof(PagedViewModel<AuditLogWithUsernameResponseModel>), StatusCodes.Status200OK)]
    public async Task<IActionResult> CurrentUser(CancellationToken cancellationToken, Direction orderDirection = Direction.Descending, DateTime? sinceDate = null, int skip = 0, int take = 100)
    {
-        // FIXME: Pull out current backoffice user when its implemented.
-        // var userId = _backOfficeSecurityAccessor.BackOfficeSecurity?.GetUserId().Result ?? -1;
-        var userId = Constants.Security.SuperUserId;
-
-        IUser? user = _userService.GetUserById(userId);
-
-        if (user is null)
-        {
-            throw new PanicException("Could not find current user");
-        }
-
+        IUser user = CurrentUser(_backOfficeSecurityAccessor);
        PagedModel<IAuditItem> result = await _auditService.GetPagedItemsByUserAsync(
            user.Key,
            skip,
--- a/src/Umbraco.Cms.Api.Management/Controllers/UserGroup/CreateUserGroupController.cs
+++ b/src/Umbraco.Cms.Api.Management/Controllers/UserGroup/CreateUserGroupController.cs
@@ -34,13 +34,6 @@ public class CreateUserGroupController : UserGroupControllerBase
    [ProducesResponseType(StatusCodes.Status201Created)]
    public async Task<IActionResult> Create(CancellationToken cancellationToken, CreateUserGroupRequestModel createUserGroupRequestModel)
    {
-        // FIXME: Comment this in when auth is in place and we can get a currently logged in user.
-        // IUser? currentUser = _backOfficeSecurityAccessor.BackOfficeSecurity?.CurrentUser;
-        // if (currentUser is null)
-        // {
-        //     return UserGroupOperationStatusResult(UserGroupOperationStatus.MissingUser);
-        // }
-
        Attempt<IUserGroup, UserGroupOperationStatus> userGroupCreationAttempt = await _userGroupPresentationFactory.CreateAsync(createUserGroupRequestModel);
        if (userGroupCreationAttempt.Success is false)
        {
--- a/src/Umbraco.Cms.Api.Management/Security/BackOfficeApplicationManager.cs
+++ b/src/Umbraco.Cms.Api.Management/Security/BackOfficeApplicationManager.cs
@@ -97,20 +97,22 @@ public class BackOfficeApplicationManager : OpenIdDictApplicationManagerBase, IB
        }
    }

-    public OpenIddictApplicationDescriptor BackofficeOpenIddictApplicationDescriptor(Uri backOfficeUrl) =>
-        new()
+    public OpenIddictApplicationDescriptor BackofficeOpenIddictApplicationDescriptor(Uri backOfficeUrl)
+    {
+        Uri CallbackUrl(string path) => CallbackUrlFor(_backOfficeHost ?? backOfficeUrl, path);
+        return new OpenIddictApplicationDescriptor
        {
            DisplayName = "Umbraco back-office access",
            ClientId = Constants.OAuthClientIds.BackOffice,
            RedirectUris =
            {
-                CallbackUrlFor(_backOfficeHost ?? backOfficeUrl, _authorizeCallbackPathName),
+                CallbackUrl(_authorizeCallbackPathName),
            },
            ClientType = OpenIddictConstants.ClientTypes.Public,
            PostLogoutRedirectUris =
            {
-                CallbackUrlFor(_backOfficeHost ?? backOfficeUrl, _authorizeCallbackPathName),
-                CallbackUrlFor(_backOfficeHost ?? backOfficeUrl, _authorizeCallbackPathName.EnsureEndsWith("/") + "logout"),
+                CallbackUrl(_authorizeCallbackPathName),
+                CallbackUrl($"{_authorizeCallbackPathName.EnsureEndsWith("/")}logout")
            },
            Permissions =
            {
@@ -123,6 +125,7 @@ public class BackOfficeApplicationManager : OpenIdDictApplicationManagerBase, IB
                OpenIddictConstants.Permissions.ResponseTypes.Code
            }
        };
+    }

    private static Uri CallbackUrlFor(Uri url, string relativePath) => new Uri($"{url.GetLeftPart(UriPartial.Authority)}/{relativePath.TrimStart(Constants.CharArrays.ForwardSlash)}");
 }
--- a/src/Umbraco.Web.Common/Profiler/ConfigureMiniProfilerOptions.cs
+++ b/src/Umbraco.Web.Common/Profiler/ConfigureMiniProfilerOptions.cs
@@ -7,24 +7,16 @@ using StackExchange.Profiling;
 using Umbraco.Cms.Core.Configuration.Models;
 using Umbraco.Cms.Core.Hosting;
 using Umbraco.Cms.Core.Routing;
-using Umbraco.Cms.Core.Security;
 using Umbraco.Extensions;

 namespace Umbraco.Cms.Web.Common.Profiler;

 internal sealed class ConfigureMiniProfilerOptions : IConfigureOptions<MiniProfilerOptions>
 {
-    private readonly IBackOfficeSecurityAccessor _backOfficeSecurityAccessor;
    private readonly string _backOfficePath;

-    public ConfigureMiniProfilerOptions(
-        IBackOfficeSecurityAccessor backOfficeSecurityAccessor,
-        IOptions<GlobalSettings> globalSettings,
-        IHostingEnvironment hostingEnvironment)
-    {
-        _backOfficeSecurityAccessor = backOfficeSecurityAccessor;
-        _backOfficePath = globalSettings.Value.GetBackOfficePath(hostingEnvironment);
-    }
+    public ConfigureMiniProfilerOptions(IOptions<GlobalSettings> globalSettings, IHostingEnvironment hostingEnvironment)
+        => _backOfficePath = globalSettings.Value.GetBackOfficePath(hostingEnvironment);

    public void Configure(MiniProfilerOptions options)
    {