* Re-add authorization
* Add test plumbing
* Add test helper
* Add happy path test
* Remove usage of negation
* Minor DRYup of test code.
---------
Co-authored-by: Andy Butland <abutland73@gmail.com>
* Fix warnings SA1111, SA1028, SA1500, IDE1270 in Umbraco.Web.Website, and updated rules.
* Remove warnings: IDE0270: Null check can be simplified
* More SqlServer project warnings resolved
* CS0105 namespace appeared already
* Suppress warning until implementation:
#pragma warning disable CS0162 // Unreachable code detected
#pragma warning disable CS0618 // Type or member is obsolete
CS0162 remove unreachable code
SA1028 remove trailing whitespace
SA1106 no empty statements
CS1570 malformed XML
CS1572 corrected xml parameter
CS1573 param tag added
IDE0007 var not explicit
IDE0008 explicit not var
IDE0057 simplify substring
IDE0074 compound assignment
CA1825 array.empty
Down to 3479 warnings
* - SA1116, SA117 params on same line
- IDE0057 substring simplified
Specific warnings for Umbraco.Tests.Benchmarks
* Fixed IDE0074 compound assignment and added specific warnings for Umbraco.Tests.Common
* Specific warnings for Umbraco.Tests.Integration and Umbraco.Tests.Common
Fixed:
- SA1111, SA1116, SA117 params and line formatting (not all as there are many)
- SA1122 string.Empty
- IDE0057 simplify substring
- IDE0044,IDE0044 make field readonly
- IDE1006 naming rule violation (add _)
- SA1111 closing parenthesis on line of last parameter
- SA1649 filename match type name
- SA1312,SA1306 lowercase variable and field names
* Fixed various warnings where they are more straight-forward, including:
- SA1649 file name match type name
- SA111 parenthesis on line of last parameter
- IDE0028 simplify collection initializer
- SA1306 lower-case letter field
- IDE044 readonly field
- SA1122 string.Empty
- SA1116 params same line
- IDE1006 upper casing
- IDE0041 simplify null check
Updated the following projects to only list their remaining specific warning codes:
- Umbraco.Tests.UnitTests
Typo in `Umbraco.Web.Website` project
* Reverted test change
* Now 1556 warnings.
Fixed various warnings where they are more straight-forward, including:
- SA1111/SA1116/SA1119 parenthesis
- SA1117 params
- SA1312 lowercase variable
- SA1121 built-in type
- SA1500/SA1513/SA1503 formatting braces
- SA1400 declare access modifier
- SA1122 string.Empty
- SA1310 no underscore
- IDE0049 name simplified
- IDE0057 simplify substring
- IDE0074 compound assignment
- IDE0032 use auto-property
- IDE0037 simplify member name
- IDE0008 explicit type not var
- IDE0016/IDE0270/IDE0041 simplify null checks
- IDE0048/SA1407 clarity in arithmetic
- IDE1006 correct param names
- IDE0042 deconstruct variable
- IDE0044 readonly
- IDE0018 inline variable declarations
- IDE0074/IDE0054 compound assignment
- IDE1006 naming
- CS1573 param XML
- CS0168 unused variable
Comment formatting in project files for consistency.
Updated all projects to only list remaining specific warning codes as warnings instead of errors (errors is now default).
* Type not var, and more warning exceptions
* Tweaked merge issue, readded comment about rollback
* Readded comment re rollback.
* Readded comments
* Comment tweak
* Comment tweak
* Update to dotnet 9 and update nuget packages
* Update umbraco code version
* Update Directory.Build.props
Co-authored-by: Elitsa Marinovska <21998037+elit0451@users.noreply.github.com>
* Include preview version in pipeline
* update template projects
* update global json with specific version
* Update version.json to v15
* Rename TrimStart and TrimEnd to string specific
* Rename to Exact
* Update global.json
Co-authored-by: Ronald Barendse <ronald@barend.se>
* Remove includePreviewVersion
* Rename to trim exact
---------
Co-authored-by: Elitsa Marinovska <21998037+elit0451@users.noreply.github.com>
Co-authored-by: Ronald Barendse <ronald@barend.se>
* remove the temp login screen
* set login build back to esm
* convert razor entrypoint to show new login screen
* enable loading a user defined stylesheet that can be overridden through RCL mechanics
* remove unused file
* for now, remove the call to the old `localizedtext` endpoint until a replacement has been built
* add fallback font
* remove login to the old backoffice
* change models for twoFactorView
* Send view that have to be used for 2fa.
* get 2fa providers from the login call directly
* Return 2fa providers
* map enabledTwoFactorProviderNames to the view
* use correct endpoints for 2fa
* Send link
* change key to id in querystring
* improve localization
* merge authUrl
* Added flow query parameter
* remove unused getter
* remove debug info
* fix fallback value
* fallback value
* Added invite url to email
* Clean up
* Added password configuration to the verify responses, so the client knows, and have confirmed the user is allwed to see it
* allow reset password
* Allow anonymous on invite create password
* open api
* check for invite
* fix fallback text
* validate invite token
* try to extract the problem details object
* add error logging
* fix invite user parameters
* Use correct id for performing user
* Allow password reset on yourself without the old password, if you are currently invited
* hardcode the authorize endpoint url for now
* fix handlers and disable icons for now
* import icons from backoffice client
* add backoffice path to icons
* fix handler for 2fa custom view
* update image temporarily
* remove old icon registry
* convert login components to UmbLitElement
* convert `UmbAuthContext` into a real context with a token
* cleanup dependencies
* optimise vite
* remove lit
* optimise external login component loader
* use generated resources for reset password
* use generated resources for all methods
* import and register the main bundle
* register localization
* change localization keys
* update all localization keys to new format
* replace tokens
* copy code
* added danish translations
* convert to lowercase
* all languages should have same weight
* added german translations
* add missing variable
* missing text
* added dutch translations
* added swedish translations
* added norwegian translations
* add temporary fix so the login app can be built
* make sure BuildLogin is run only after BuildBellissima has been run to ensure the dependencies are present on disk
* run the real login build in pipelines
* set vite language to en-us
* optimise msw warnings
* wait a bit before rendering the form so we know everything has been loaded
* Add external login endpoint + move models around
* Allow FORM submissions to the external login endpoint
* rename `IdentityProvider` back to `Provider` to avoid a breaking change from V13
* type in url for login-external manually (for now) since route attributes are no longer a thing
* move GET back to POST for external forms
* load in public manifests on boot of the login screen
* Clean up
* handle the case where an external login provider has disabled local login and show a message instead of the login form
* remove external login providers from the server login screen
* add more translations
* use the friendly greeting for the error layout
* show login form
* add mock handler for public manifest endpoint
* remove the external login layout
* fix test
* Added generic English localization
as a fallback language.
---------
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: kjac <kja@umbraco.dk>
Co-authored-by: leekelleher <leekelleher@gmail.com>
* Making ProblemDetails details more generic
* Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy
* Adding method to get the GUID from claims
* Adding service methods to check user group authz
* Porting MustSatisfyRequirementAuthorizationHandler
* Adding controllers authz
* Fix return status code + produced response type
* Moving to folder
* Adding DenyLocalLogin policy scaffold
* Implement a temp DenyLocalLoginHandler
* Introducing a new Fobidden result
* Fix comment
* Introducing a helper class for authorizers
* Changed nullability for GetCurrentUser
* Changes from Attempt to Status + FIXME comments
* Create a UserGroupAuthorizationStatus to be used in the future
* Introduces a new authz status for checking media acess
* Introducing a new permission service for media
* Adding fixme
* Adding more policy configurations
* Adding Media policy requirement and handler
* Adding media authorizer
* Fix order of params
* Adding duplicate code comment
* Adding authz to media controllers
* Migrating more logic from MediaPermissions.cs
* Adding more MediaAuthorizationStatus-es
* Handling of new authorization status
* Fix comment
* Adding NotFound case
* Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled
* Changed Forbid() to Forbidden() to get the correct status code
* Remove policy that is applied on the base controller already
* Implement and apply NewUmbracoFeatureEnabled policy
* Renaming classes to add Permission in the name
* Register permission services
* Add FIXME
* Introduce new IUserGroupPermissionService and refactor accordingly
* Add single overload with default implementation
* Adding user permission policy and related
* Applying admin policy
* Register all new policies
* Better wording
* Add default implementation for a single overload
* Adding remarks to IContentPermissionService.cs
* Supporting null as key in ContentPermissionService
* Fix namespace
* Reverting back to not supporting null as content key, but having dedicated implementation
* Adding content authorizer with null values to represent root item
* Removing null key support and adding dedicated implementation
* Removing remarks
* Adding content resource with null support
* Removing null support
* Adding requirement and status
* Adding content authorizer + handlers
* Applying policies to content controllers
* Update comment
* Handling of Authorization Statuses
* More authz in controllers
* Fix comments
* New branch handler
* Obsolete old implementation
* Adding dedicated policies to root and bin
* Adding a branch specific namespace
* Bin specific requirement and namespace
* Root specific requirement and namespace
* Changing to new root policy
* Refactoring
* Save policies
* Fix null check/reference
* Add TODO comment
* Create media root- and bin-specific policies, handlers, etc.
* Apply correct policy in create and update media controllers
* Apply root policy to move and sort controllers
* Fix wording
* Adding UserGroupAuthorizationStatusResult
* Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus
* Fixing Umbraco feature policy
* Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute
* Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword
* Fix comment
* Renaming performingUser to user and fixing comments
* Rename helper method
* Fix references
* Re-add merge conflict deletion
* Adding Backoffice requirement and relevant
* Registering
* Added a simple policy test
* Fixed small test things and clean up
* Temp solution
* Added one more test and fix another static issue
* Fix another merge conflict
* Remove BackOfficePermissionRequirement and handler as they might not be necessary
* Comment out again [AllowAnonymous]
* Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary
* Fix temp implementation
* Fix reference to correct handler
* Apply authz policy to new publish/unpublish controllers
* Fix comments
* Removing duplicate ProducesResponseTypes
* Added swagger documentation about the 401 and 403
* Added Resources to Media, User and UserGroup
* Handle root, recycle bin and branch in the same handler
* Handle both parent and target when moving
* Check Ids for all sort requests
* Xml docs
* Clean up
* Clean up
* Fix build
* Cleanup
* Remove TODO
* Added missing overload
* Use yield
* Adding some keys to check
---------
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: Andreas Zerbst <andr317c@live.dk>
