Merge remote-tracking branch 'origin/netcore/netcore' into netcore/feature/migrate-remaining-trees
This commit is contained in:
Bjarke Berg
@@ -1,13 +1,17 @@
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Microsoft.AspNetCore.Authentication;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using System;
|
||||
using System.Net;
|
||||
using System.Threading.Tasks;
|
||||
using Umbraco.Core;
|
||||
using Umbraco.Core.BackOffice;
|
||||
using Umbraco.Core.Configuration;
|
||||
using Umbraco.Core.Logging;
|
||||
using Umbraco.Core.Mapping;
|
||||
using Umbraco.Core.Models.Membership;
|
||||
using Umbraco.Core.Services;
|
||||
using Umbraco.Extensions;
|
||||
using Umbraco.Net;
|
||||
using Umbraco.Web.BackOffice.Filters;
|
||||
using Umbraco.Web.Common.Attributes;
|
||||
using Umbraco.Web.Common.Controllers;
|
||||
@@ -33,6 +37,8 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
private readonly IUserService _userService;
|
||||
private readonly UmbracoMapper _umbracoMapper;
|
||||
private readonly IGlobalSettings _globalSettings;
|
||||
private readonly ILogger _logger;
|
||||
private readonly IIpResolver _ipResolver;
|
||||
|
||||
// TODO: We need to import the logic from Umbraco.Web.Editors.AuthenticationController
|
||||
// TODO: We need to review all _userManager.Raise calls since many/most should be on the usermanager or signinmanager, very few should be here
|
||||
@@ -43,7 +49,8 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
BackOfficeSignInManager signInManager,
|
||||
IUserService userService,
|
||||
UmbracoMapper umbracoMapper,
|
||||
IGlobalSettings globalSettings)
|
||||
IGlobalSettings globalSettings,
|
||||
ILogger logger, IIpResolver ipResolver)
|
||||
{
|
||||
_webSecurity = webSecurity;
|
||||
_userManager = backOfficeUserManager;
|
||||
@@ -51,6 +58,27 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
_userService = userService;
|
||||
_umbracoMapper = umbracoMapper;
|
||||
_globalSettings = globalSettings;
|
||||
_logger = logger;
|
||||
_ipResolver = ipResolver;
|
||||
}
|
||||
|
||||
[HttpGet]
|
||||
public double GetRemainingTimeoutSeconds()
|
||||
{
|
||||
var backOfficeIdentity = HttpContext.User.GetUmbracoIdentity();
|
||||
var remainingSeconds = HttpContext.User.GetRemainingAuthSeconds();
|
||||
if (remainingSeconds <= 30 && backOfficeIdentity != null)
|
||||
{
|
||||
//NOTE: We are using 30 seconds because that is what is coded into angular to force logout to give some headway in
|
||||
// the timeout process.
|
||||
|
||||
_logger.Info<AuthenticationController>(
|
||||
"User logged will be logged out due to timeout: {Username}, IP Address: {IPAddress}",
|
||||
backOfficeIdentity.Name,
|
||||
_ipResolver.GetCurrentRequestIpAddress());
|
||||
}
|
||||
|
||||
return remainingSeconds;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
@@ -78,7 +106,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// cookies which means that the auth cookie could be valid but the csrf cookies are no longer there, in that case we need to re-set the csrf cookies.
|
||||
/// </remarks>
|
||||
[UmbracoAuthorize]
|
||||
[TypeFilter(typeof(SetAngularAntiForgeryTokens))]
|
||||
[SetAngularAntiForgeryTokens]
|
||||
//[CheckIfUserTicketDataIsStale] // TODO: Migrate this, though it will need to be done differently at the cookie auth level
|
||||
public UserDetail GetCurrentUser()
|
||||
{
|
||||
@@ -95,7 +123,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// Logs a user in
|
||||
/// </summary>
|
||||
/// <returns></returns>
|
||||
[TypeFilter(typeof(SetAngularAntiForgeryTokens))]
|
||||
[SetAngularAntiForgeryTokens]
|
||||
public async Task<UserDetail> PostLogin(LoginModel loginModel)
|
||||
{
|
||||
// Sign the user in with username/password, this also gives a chance for developers to
|
||||
@@ -156,6 +184,22 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
throw new HttpResponseException(HttpStatusCode.BadRequest);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Logs the current user out
|
||||
/// </summary>
|
||||
/// <returns></returns>
|
||||
[ValidateAngularAntiForgeryToken]
|
||||
public IActionResult PostLogout()
|
||||
{
|
||||
HttpContext.SignOutAsync(Core.Constants.Security.BackOfficeAuthenticationType);
|
||||
|
||||
_logger.Info<AuthenticationController>("User {UserName} from IP address {RemoteIpAddress} has logged out", User.Identity == null ? "UNKNOWN" : User.Identity.Name, HttpContext.Connection.RemoteIpAddress);
|
||||
|
||||
_userManager.RaiseLogoutSuccessEvent(User, int.Parse(User.Identity.GetUserId()));
|
||||
|
||||
return Ok();
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Return the <see cref="UserDetail"/> for the given <see cref="IUser"/>
|
||||
/// </summary>
|
||||
|
||||
@@ -3,6 +3,7 @@ using System.Collections.Generic;
|
||||
using System.IO;
|
||||
using System.Linq;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Umbraco.Core;
|
||||
using Umbraco.Core.Configuration;
|
||||
using Umbraco.Core.Hosting;
|
||||
using Umbraco.Core.IO;
|
||||
@@ -11,7 +12,7 @@ using Umbraco.Web.Common.Attributes;
|
||||
|
||||
namespace Umbraco.Web.BackOffice.Controllers
|
||||
{
|
||||
[PluginController("UmbracoApi")]
|
||||
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
|
||||
public class BackOfficeAssetsController : UmbracoAuthorizedJsonController
|
||||
{
|
||||
private readonly IFileSystem _jsLibFileSystem;
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Umbraco.Web.WebApi.Filters;
|
||||
using Umbraco.Web.WebApi.Filters;
|
||||
|
||||
namespace Umbraco.Web.BackOffice.Controllers
|
||||
{
|
||||
@@ -8,9 +7,8 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// resulting message is INotificationModel in which case it will append any Event Messages
|
||||
/// currently in the request.
|
||||
/// </summary>
|
||||
[TypeFilter(typeof(AppendCurrentEventMessagesAttribute))]
|
||||
[AppendCurrentEventMessagesAttribute]
|
||||
public abstract class BackOfficeNotificationsController : UmbracoAuthorizedJsonController
|
||||
{
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@@ -29,7 +29,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
{
|
||||
// TODO: Put some exception filters in our webapi to return 404 instead of 500 when we throw ArgumentNullException
|
||||
// ref: https://www.exceptionnotfound.net/the-asp-net-web-api-exception-handling-pipeline-a-guided-tour/
|
||||
[PluginController("UmbracoApi")]
|
||||
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
|
||||
//[PrefixlessBodyModelValidator]
|
||||
[UmbracoApplicationAuthorizeAttribute(Constants.Applications.Settings)]
|
||||
public class CodeFileController : BackOfficeNotificationsController
|
||||
|
||||
@@ -25,7 +25,7 @@ using Umbraco.Web.WebApi.Filters;
|
||||
namespace Umbraco.Web.BackOffice.Controllers
|
||||
{
|
||||
//we need to fire up the controller like this to enable loading of remote css directly from this controller
|
||||
[PluginController("UmbracoApi")]
|
||||
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
|
||||
[ValidationFilter]
|
||||
[AngularJsonOnlyConfiguration] // TODO: This could be applied with our Application Model conventions
|
||||
[IsBackOffice]
|
||||
@@ -67,7 +67,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
private static readonly HttpClient HttpClient = new HttpClient();
|
||||
|
||||
//we have baseurl as a param to make previewing easier, so we can test with a dev domain from client side
|
||||
[TypeFilter(typeof(ValidateAngularAntiForgeryTokenAttribute))]
|
||||
[ValidateAngularAntiForgeryToken]
|
||||
public async Task<JObject> GetRemoteDashboardContent(string section, string baseUrl = "https://dashboard.umbraco.org/")
|
||||
{
|
||||
var user = _umbracoContextAccessor.GetRequiredUmbracoContext().Security.CurrentUser;
|
||||
@@ -211,7 +211,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
}
|
||||
|
||||
// return IDashboardSlim - we don't need sections nor access rules
|
||||
[TypeFilter(typeof(ValidateAngularAntiForgeryTokenAttribute))]
|
||||
[ValidateAngularAntiForgeryToken]
|
||||
[TypeFilter(typeof(OutgoingEditorModelEventAttribute))]
|
||||
public IEnumerable<Tab<IDashboardSlim>> GetDashboard(string section)
|
||||
{
|
||||
|
||||
@@ -27,7 +27,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// The security for this controller is defined to allow full CRUD access to data types if the user has access to either:
|
||||
/// Content Types, Member Types or Media Types ... and of course to Data Types
|
||||
/// </remarks>
|
||||
[PluginController("UmbracoApi")]
|
||||
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
|
||||
[UmbracoTreeAuthorizeAttribute(Constants.Trees.DataTypes, Constants.Trees.DocumentTypes, Constants.Trees.MediaTypes, Constants.Trees.MemberTypes)]
|
||||
public class DataTypeController : BackOfficeNotificationsController
|
||||
{
|
||||
@@ -264,7 +264,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// </summary>
|
||||
/// <param name="dataType"></param>
|
||||
/// <returns></returns>
|
||||
[TypeFilter(typeof(DataTypeValidateAttribute))]
|
||||
[DataTypeValidate]
|
||||
public ActionResult<DataTypeDisplay> PostSave(DataTypeSave dataType)
|
||||
{
|
||||
//If we've made it here, then everything has been wired up and validated by the attribute
|
||||
|
||||
@@ -26,7 +26,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// The security for this controller is defined to allow full CRUD access to dictionary if the user has access to either:
|
||||
/// Dictionary
|
||||
/// </remarks>
|
||||
[PluginController("UmbracoApi")]
|
||||
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
|
||||
[UmbracoTreeAuthorize(Constants.Trees.Dictionary)]
|
||||
public class DictionaryController : BackOfficeNotificationsController
|
||||
{
|
||||
|
||||
@@ -18,7 +18,7 @@ using SearchResult = Umbraco.Web.Models.ContentEditing.SearchResult;
|
||||
|
||||
namespace Umbraco.Web.BackOffice.Controllers
|
||||
{
|
||||
[PluginController("UmbracoApi")]
|
||||
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
|
||||
public class ExamineManagementController : UmbracoAuthorizedJsonController
|
||||
{
|
||||
private readonly IExamineManager _examineManager;
|
||||
|
||||
@@ -3,6 +3,7 @@ using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Text;
|
||||
using System.Threading.Tasks;
|
||||
using Umbraco.Core;
|
||||
using Umbraco.Core.Media;
|
||||
using Umbraco.Core.Models;
|
||||
using Umbraco.Web.Common.Attributes;
|
||||
@@ -22,7 +23,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// building to generate correct URLs
|
||||
/// </para>
|
||||
/// </remarks>
|
||||
[PluginController("UmbracoApi")]
|
||||
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
|
||||
public class ImageUrlGeneratorController : UmbracoAuthorizedJsonController
|
||||
{
|
||||
private readonly IImageUrlGenerator _imageUrlGenerator;
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
using System;
|
||||
using System.IO;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Umbraco.Core;
|
||||
using Umbraco.Core.Configuration.UmbracoSettings;
|
||||
using Umbraco.Core.IO;
|
||||
using Umbraco.Core.Media;
|
||||
@@ -13,7 +14,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// <summary>
|
||||
/// A controller used to return images for media
|
||||
/// </summary>
|
||||
[PluginController("UmbracoApi")]
|
||||
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
|
||||
public class ImagesController : UmbracoAuthorizedApiController
|
||||
{
|
||||
private readonly IMediaFileSystem _mediaFileSystem;
|
||||
|
||||
@@ -19,7 +19,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// <summary>
|
||||
/// Backoffice controller supporting the dashboard for language administration.
|
||||
/// </summary>
|
||||
[PluginController("UmbracoApi")]
|
||||
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
|
||||
//[PrefixlessBodyModelValidator]
|
||||
public class LanguageController : UmbracoAuthorizedJsonController
|
||||
{
|
||||
|
||||
@@ -19,7 +19,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// <summary>
|
||||
/// The API controller used for getting log history
|
||||
/// </summary>
|
||||
[PluginController("UmbracoApi")]
|
||||
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
|
||||
public class LogController : UmbracoAuthorizedJsonController
|
||||
{
|
||||
private readonly IMediaFileSystem _mediaFileSystem;
|
||||
|
||||
@@ -13,7 +13,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// <summary>
|
||||
/// Backoffice controller supporting the dashboard for viewing logs with some simple graphs & filtering
|
||||
/// </summary>
|
||||
[PluginController("UmbracoApi")]
|
||||
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
|
||||
public class LogViewerController : UmbracoAuthorizedJsonController
|
||||
{
|
||||
private readonly ILogViewer _logViewer;
|
||||
|
||||
@@ -12,7 +12,7 @@ using Umbraco.Core;
|
||||
using Umbraco.Core.Mapping;
|
||||
using Umbraco.Core.Models;
|
||||
using Umbraco.Core.Models.PublishedContent;
|
||||
using Umbraco.Core.Net;
|
||||
using Umbraco.Core.Templates;
|
||||
using Umbraco.Core.Services;
|
||||
using Umbraco.Core.Strings;
|
||||
using Umbraco.Web.Common.Attributes;
|
||||
|
||||
@@ -237,7 +237,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// <returns>
|
||||
/// The <see cref="HttpResponseMessage"/>.
|
||||
/// </returns>
|
||||
public List<string> GetPartialViews()
|
||||
public IEnumerable<string> GetPartialViews()
|
||||
{
|
||||
var views = new List<string>();
|
||||
|
||||
|
||||
@@ -22,7 +22,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// <summary>
|
||||
/// A controller used for managing packages in the back office
|
||||
/// </summary>
|
||||
[PluginController("UmbracoApi")]
|
||||
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
|
||||
[UmbracoApplicationAuthorizeAttribute(Constants.Applications.Packages)]
|
||||
public class PackageController : UmbracoAuthorizedJsonController
|
||||
{
|
||||
|
||||
@@ -27,7 +27,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// <summary>
|
||||
/// A controller used for installing packages and managing all of the data in the packages section in the back office
|
||||
/// </summary>
|
||||
[PluginController("UmbracoApi")]
|
||||
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
|
||||
[UmbracoApplicationAuthorizeAttribute(Constants.Applications.Packages)]
|
||||
public class PackageInstallController : UmbracoAuthorizedJsonController
|
||||
{
|
||||
|
||||
@@ -15,7 +15,7 @@ using Umbraco.Web.Security;
|
||||
|
||||
namespace Umbraco.Web.BackOffice.Controllers
|
||||
{
|
||||
[PluginController("UmbracoApi")]
|
||||
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
|
||||
public class RedirectUrlManagementController : UmbracoAuthorizedApiController
|
||||
{
|
||||
private readonly ILogger _logger;
|
||||
|
||||
@@ -17,7 +17,7 @@ using Constants = Umbraco.Core.Constants;
|
||||
|
||||
namespace Umbraco.Web.BackOffice.Controllers
|
||||
{
|
||||
[PluginController("UmbracoApi")]
|
||||
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
|
||||
[UmbracoApplicationAuthorizeAttribute(Constants.Applications.Content)]
|
||||
public class RelationController : UmbracoAuthorizedJsonController
|
||||
{
|
||||
|
||||
@@ -22,7 +22,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// <summary>
|
||||
/// The API controller for editing relation types.
|
||||
/// </summary>
|
||||
[PluginController("UmbracoApi")]
|
||||
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
|
||||
[UmbracoTreeAuthorizeAttribute(Constants.Trees.RelationTypes)]
|
||||
public class RelationTypeController : BackOfficeNotificationsController
|
||||
{
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using Microsoft.AspNetCore.Mvc.Controllers;
|
||||
using Umbraco.Core;
|
||||
using Umbraco.Core.Mapping;
|
||||
using Umbraco.Core.Models;
|
||||
using Umbraco.Core.Services;
|
||||
@@ -17,7 +18,7 @@ namespace Umbraco.Web.Editors
|
||||
/// <summary>
|
||||
/// The API controller used for using the list of sections
|
||||
/// </summary>
|
||||
[PluginController("UmbracoApi")]
|
||||
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
|
||||
public class SectionController : UmbracoAuthorizedJsonController
|
||||
{
|
||||
private readonly IControllerFactory _controllerFactory;
|
||||
|
||||
@@ -11,7 +11,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// <summary>
|
||||
/// The API controller used for retrieving available stylesheets
|
||||
/// </summary>
|
||||
[PluginController("UmbracoApi")]
|
||||
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
|
||||
public class StylesheetController : UmbracoAuthorizedJsonController
|
||||
{
|
||||
private readonly IFileService _fileService;
|
||||
|
||||
@@ -16,7 +16,7 @@ using Constants = Umbraco.Core.Constants;
|
||||
|
||||
namespace Umbraco.Web.BackOffice.Controllers
|
||||
{
|
||||
[PluginController("UmbracoApi")]
|
||||
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
|
||||
[UmbracoTreeAuthorizeAttribute(Constants.Trees.Templates)]
|
||||
public class TemplateController : BackOfficeNotificationsController
|
||||
{
|
||||
|
||||
@@ -19,7 +19,7 @@ using Constants = Umbraco.Core.Constants;
|
||||
|
||||
namespace Umbraco.Web.BackOffice.Controllers
|
||||
{
|
||||
[PluginController("UmbracoApi")]
|
||||
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
|
||||
[UmbracoApplicationAuthorize(
|
||||
Constants.Applications.Content,
|
||||
Constants.Applications.Media,
|
||||
|
||||
@@ -3,6 +3,7 @@ using System.Collections.Generic;
|
||||
using System.IO;
|
||||
using System.Linq;
|
||||
using Newtonsoft.Json;
|
||||
using Umbraco.Core;
|
||||
using Umbraco.Core.Configuration.UmbracoSettings;
|
||||
using Umbraco.Core.Hosting;
|
||||
using Umbraco.Core.Services;
|
||||
@@ -13,7 +14,7 @@ using Umbraco.Web.Tour;
|
||||
|
||||
namespace Umbraco.Web.BackOffice.Controllers
|
||||
{
|
||||
[PluginController("UmbracoApi")]
|
||||
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
|
||||
public class TourController : UmbracoAuthorizedJsonController
|
||||
{
|
||||
private readonly TourFilterCollection _filters;
|
||||
|
||||
@@ -1,6 +1,4 @@
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Umbraco.Web.BackOffice.Controllers;
|
||||
using Umbraco.Web.BackOffice.Filters;
|
||||
using Umbraco.Web.BackOffice.Filters;
|
||||
using Umbraco.Web.Common.Filters;
|
||||
|
||||
namespace Umbraco.Web.BackOffice.Controllers
|
||||
@@ -12,10 +10,9 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// Inheriting from this controller means that ALL of your methods are JSON methods that are called by Angular,
|
||||
/// methods that are not called by Angular or don't contain a valid csrf header will NOT work.
|
||||
/// </remarks>
|
||||
[TypeFilter(typeof(ValidateAngularAntiForgeryTokenAttribute))]
|
||||
[ValidateAngularAntiForgeryToken]
|
||||
[AngularJsonOnlyConfiguration] // TODO: This could be applied with our Application Model conventions
|
||||
public abstract class UmbracoAuthorizedJsonController : UmbracoAuthorizedApiController
|
||||
{
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@@ -15,7 +15,7 @@ using Umbraco.Web.Security;
|
||||
|
||||
namespace Umbraco.Web.BackOffice.Controllers
|
||||
{
|
||||
[PluginController("UmbracoApi")]
|
||||
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
|
||||
public class UpdateCheckController : UmbracoAuthorizedJsonController
|
||||
{
|
||||
private readonly IUpgradeService _upgradeService;
|
||||
|
||||
Reference in New Issue
Block a user