Changes to Basic Auth to support external logins (#12434)

* Fixed issues with basic auth middleware to support Umbraco Cloud usecase * Fix redirects to return url, now allows website urls * Strip potential domain part of returnPath * Fix default value in appsettings schema * Reintroduce check of basic auth enabled. * Fix wrong negation introduced in #12349 * Fixed issues with redirects * Also check external login cookie, while authenticating backoffice
2022-06-02 12:19:22 +02:00
parent f4e333c178
commit faf06be618
9 changed files with 102 additions and 19 deletions
--- a/src/Umbraco.Web.BackOffice/Controllers/BackOfficeController.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/BackOfficeController.cs
@@ -322,7 +322,7 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers
        [AllowAnonymous]
        public ActionResult ExternalLogin(string provider, string? redirectUrl = null)
        {
-            if (redirectUrl == null)
+            if (redirectUrl == null || Uri.TryCreate(redirectUrl, UriKind.Absolute, out _))
            {
                redirectUrl = Url.Action(nameof(Default), this.GetControllerName());
            }