Umbraco-CMS

Author	SHA1	Message	Date
Bjarke Berg	1dac8779c2	https://dev.azure.com/umbraco/D-Team%20Tracker/_workitems/edit/7619 - Added request localization from the current user	2020-08-04 12:54:54 +02:00
Shannon	b75fba71f5	Cleaning up websecurity and implementing it, migrates security stamp and session id validation for cookie auth	2020-06-02 13:28:30 +10:00
Bjarke Berg	c6c0d7df54	AB4234 - Moved stuff from core into web, that used identity.	2020-01-07 13:50:38 +01:00
Warren Buckley	20b9bb1032	Gets rid of a couple of VS SLN Warnings - due to dupe'd using's decared (done a tidy up)	2018-10-25 21:55:44 +01:00
Shannon	edc9744397	manual merge pass #1	2018-10-02 11:14:04 +02:00
Shannon	b96ba05d22	Merge remote-tracking branch 'origin/dev-v7' into temp8 # Conflicts: # build/Modules/Umbraco.Build/Get-UmbracoBuildEnv.ps1 # build/NuSpecs/UmbracoCms.Core.nuspec # build/NuSpecs/UmbracoCms.nuspec # build/NuSpecs/tools/Readme.txt # src/Umbraco.Core/Configuration/UmbracoConfig.cs # src/Umbraco.Core/Configuration/UmbracoSettings/ContentElement.cs # src/Umbraco.Core/Configuration/UmbracoSettings/IContentSection.cs # src/Umbraco.Core/Constants-Conventions.cs # src/Umbraco.Core/Constants-System.cs # src/Umbraco.Core/IO/MediaFileSystem.cs # src/Umbraco.Core/Media/Exif/ImageFile.cs # src/Umbraco.Core/Models/Property.cs # src/Umbraco.Core/Models/PropertyTagBehavior.cs # src/Umbraco.Core/Models/PropertyTags.cs # src/Umbraco.Core/Persistence/Migrations/Upgrades/TargetVersionSevenTwelveZero/SetDefaultTagsStorageType.cs # src/Umbraco.Core/Persistence/Repositories/AuditRepository.cs # src/Umbraco.Core/Persistence/Repositories/UserRepository.cs # src/Umbraco.Core/Persistence/Repositories/VersionableRepositoryBase.cs # src/Umbraco.Core/Security/AuthenticationExtensions.cs # src/Umbraco.Core/Security/BackOfficeCookieAuthenticationProvider.cs # src/Umbraco.Core/Services/Implement/PackagingService.cs # src/Umbraco.Core/Services/ServerRegistrationService.cs # src/Umbraco.Core/StringExtensions.cs # src/Umbraco.Core/packages.config # src/Umbraco.Tests/ApplicationUrlHelperTests.cs # src/Umbraco.Tests/Persistence/Repositories/AuditRepositoryTest.cs # src/Umbraco.Tests/Persistence/Repositories/UserRepositoryTest.cs # src/Umbraco.Tests/Web/TemplateUtilitiesTests.cs # src/Umbraco.Tests/packages.config # src/Umbraco.Web.UI.Client/package.json # src/Umbraco.Web.UI.Client/src/common/directives/components/content/umbcontentnodeinfo.directive.js # src/Umbraco.Web.UI.Client/src/common/directives/components/imaging/umbimagegravity.directive.js # src/Umbraco.Web.UI.Client/src/common/directives/components/tree/umbtreeitem.directive.js # src/Umbraco.Web.UI.Client/src/common/resources/log.resource.js # src/Umbraco.Web.UI.Client/src/common/services/user.service.js # src/Umbraco.Web.UI.Client/src/less/belle.less # src/Umbraco.Web.UI.Client/src/less/components/card.less # src/Umbraco.Web.UI.Client/src/less/navs.less # src/Umbraco.Web.UI.Client/src/less/panel.less # src/Umbraco.Web.UI.Client/src/less/property-editors.less # src/Umbraco.Web.UI.Client/src/less/tree.less # src/Umbraco.Web.UI.Client/src/views/common/dialogs/login.controller.js # src/Umbraco.Web.UI.Client/src/views/common/dialogs/login.html # src/Umbraco.Web.UI.Client/src/views/common/infiniteeditors/mediapicker/mediapicker.controller.js # src/Umbraco.Web.UI.Client/src/views/common/overlays/iconpicker/iconpicker.controller.js # src/Umbraco.Web.UI.Client/src/views/common/overlays/iconpicker/iconpicker.html # src/Umbraco.Web.UI.Client/src/views/common/overlays/linkpicker/linkpicker.controller.js # src/Umbraco.Web.UI.Client/src/views/common/overlays/mediaPicker/mediapicker.html # src/Umbraco.Web.UI.Client/src/views/components/content/umb-content-node-info.html # src/Umbraco.Web.UI.Client/src/views/components/notifications/umb-notifications.html # src/Umbraco.Web.UI.Client/src/views/components/umb-color-swatches.html # src/Umbraco.Web.UI.Client/src/views/components/umb-table.html # src/Umbraco.Web.UI.Client/src/views/propertyeditors/colorpicker/colorpicker.html # src/Umbraco.Web.UI.Client/src/views/propertyeditors/contentpicker/contentpicker.controller.js # src/Umbraco.Web.UI.Client/src/views/propertyeditors/fileupload/fileupload.controller.js # src/Umbraco.Web.UI.Client/src/views/propertyeditors/imagecropper/imagecropper.html # src/Umbraco.Web.UI.Client/src/views/propertyeditors/listview/listview.controller.js # src/Umbraco.Web.UI.Client/src/views/propertyeditors/mediapicker/mediapicker.html # src/Umbraco.Web.UI.Client/src/views/propertyeditors/rte/rte.controller.js # src/Umbraco.Web.UI.Client/src/views/propertyeditors/textarea/textarea.html # src/Umbraco.Web.UI/Umbraco/config/lang/en.xml # src/Umbraco.Web.UI/Umbraco/config/lang/en_us.xml # src/Umbraco.Web.UI/config/umbracoSettings.Release.config # src/Umbraco.Web.UI/packages.config # src/Umbraco.Web.UI/web.Template.Debug.config # src/Umbraco.Web.UI/web.Template.config # src/Umbraco.Web/Editors/AuthenticationController.cs # src/Umbraco.Web/Editors/BackOfficeController.cs # src/Umbraco.Web/Editors/CanvasDesignerController.cs # src/Umbraco.Web/Editors/ContentController.cs # src/Umbraco.Web/Editors/DashboardController.cs # src/Umbraco.Web/Editors/LogController.cs # src/Umbraco.Web/Editors/MediaController.cs # src/Umbraco.Web/Install/InstallHelper.cs # src/Umbraco.Web/Install/InstallSteps/NewInstallStep.cs # src/Umbraco.Web/Media/EmbedProviders/AbstractOEmbedProvider.cs # src/Umbraco.Web/Models/Mapping/DataTypeModelMapper.cs # src/Umbraco.Web/Models/Mapping/PreValueDisplayResolver.cs # src/Umbraco.Web/Mvc/MasterControllerFactory.cs # src/Umbraco.Web/PropertyEditors/FileUploadPropertyValueEditor.cs # src/Umbraco.Web/PropertyEditors/ImageCropperPropertyValueEditor.cs # src/Umbraco.Web/PropertyEditors/TextAreaPropertyEditor.cs # src/Umbraco.Web/PropertyEditors/ValueConverters/MultiNodeTreePickerPropertyConverter.cs # src/Umbraco.Web/PublishedCache/MemberPublishedContent.cs # src/Umbraco.Web/Routing/RedirectTrackingEventHandler.cs # src/Umbraco.Web/Scheduling/HealthCheckNotifier.cs # src/Umbraco.Web/Scheduling/KeepAlive.cs # src/Umbraco.Web/Scheduling/LogScrubber.cs # src/Umbraco.Web/Scheduling/ScheduledPublishing.cs # src/Umbraco.Web/Scheduling/ScheduledTasks.cs # src/Umbraco.Web/Scheduling/Scheduler.cs # src/Umbraco.Web/Templates/TemplateUtilities.cs # src/Umbraco.Web/Trees/DataTypeTreeController.cs # src/Umbraco.Web/UmbracoModule.cs # src/Umbraco.Web/_Legacy/Packager/Installer.cs # src/Umbraco.Web/packages.config # src/Umbraco.Web/umbraco.presentation/keepAliveService.cs # src/Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs # src/umbraco.businesslogic/IO/IOHelper.cs # src/umbraco.cms/packages.config # src/umbraco.cms/umbraco.cms.csproj # src/umbraco.controls/packages.config # src/umbraco.controls/umbraco.controls.csproj # src/umbraco.editorControls/packages.config # src/umbraco.editorControls/umbraco.editorControls.csproj	2018-10-01 14:32:46 +02:00
Sebastiaan Janssen	540e4f17d6	Fixes #3042 Code comes from v8, commit: `9bfe9e6bbf`	2018-09-26 09:48:24 +02:00
Shannon	262c4afb16	Removes FormsAuthentication cookie format and replaces with standard aspnet identity format, removes a bunch of old obsolete and unused code, fixes the culture setting issue, simplifies the UmbracoBackOfficeIdentity since it no longer needs to be a FormsIdentity and just a straight forward ClaimsIdentity	2018-04-05 23:10:51 +10:00
Shannon	9bfe9e6bbf	Ensures that the thread culture is set both in owin and in aspnet	2018-04-05 18:11:15 +10:00
Stephan	a2a4edb3be	Port v7@2aa0dfb2c5 - WIP	2018-03-22 17:41:13 +01:00
Stephan	41948607d0	Port v7@2aa0dfb2c5 - WIP	2018-03-22 11:25:25 +01:00
Shannon	782d6100f0	Gets user session management tracking via the database including detecting stale sessions, generating and removing them along with cleaning them up. This takes into account legacy code too. The session is revalidated on a one minute threshold per user so that it's not hammering the databse on every request.	2017-11-03 17:27:23 +11:00
Stephan	ac1e4bdfe3	Port 7.7 - WIP	2017-08-25 17:55:26 +02:00
Stephan	c76403077f	Normalize cr/lf/tab	2017-07-20 11:21:28 +02:00
Shannon	8df00d5525	Fixes U4-10111 Changing email on a user doesn't show the username field	2017-07-19 19:22:43 +10:00
Stephan	81234cd702	Rename DI to Composing	2017-05-30 15:46:25 +02:00
Stephan	8561d85f7a	porting 7.6-rc1 into 8	2017-05-24 12:25:39 +02:00
Shannon	46dd86c745	Moves logic for checking if the current user (based on the current thread) is an admin and in which case can reset the password to an extension method	2017-04-18 20:09:27 +10:00
Stephan	b26b415096	Merge origin/dev-v7-deploy into dev-v8-zbwip (builds)	2016-11-03 10:31:44 +01:00
Stephan	a00ee8d275	Rename DependencyInjection into DI, cleanup components, compose	2016-10-17 11:00:12 +02:00
Stephan	5c2232aa3b	Refactor logging and profiling, boot reporting	2016-09-19 16:33:47 +02:00
Asbjørn Riis-Knudsen	cbd980357b	Fix U4-8968: Add missing check for backoffice session in ClaimsIdentity (like the comment says)	2016-09-13 22:36:14 +02:00
Stephan	77c2766d55	Merge branch origin/dev-v7 into dev-v8	2016-07-18 14:42:06 +02:00
Shannon	0450cdd550	removes some old notes	2016-07-12 13:36:08 +02:00
Shannon	4defc881d4	Removes lots of dead methods	2016-03-23 12:00:58 +01:00
Shannon	22385d40db	U4-4219 Can't Preview protected pages	2016-03-09 17:35:50 +01:00
Shannon	08e9579481	U4-7863 Remove Nuget requirement: Microsoft.Net.Http - this is not used, nor is it required (it also installs a bunch of other packages we don't need)	2016-02-03 10:14:53 +01:00
Shannon	8598ab565c	Fixes: U4-7536 Sign-out in back office will call all ASP.Net identity middleware sign out methods publicises a few things too.	2015-12-15 10:34:11 +01:00
Shannon	555b520a0c	Cleans up the usages of auth cookies. OWIN is in charge of auth cookies but because we have Webforms, WebApi, MVC and OWIN, they all like to deal with cookies differently. OWIN should still be solely in charge of the auth cookies, so the auth extensions are cleaned up, the renewal now works by queuing the renewal and we have custom middleware detect if a force renewal has been queued and we renew the auth cookie there. Have obsoleted a few methods that should not be used that write auth tickets directly (this is purely for backwards compat with webforms). All of these changes now ensure that the auth cookie is renewed consistently between Webforms, WebApi, MVC and OWIN. Some changes also include ensuring that OWIN is used to sign out.	2015-11-19 18:12:21 +01:00
Shannon	442160bb7a	fixes identity conversion when it's just a generic identity and not auth'd, we can never convert to back office identity if it's not auth'd	2015-04-15 17:03:12 +10:00
Shannon	f2e319a01f	Updates the UmbracoBackOfficeIdentity to have better support for claims and adds unit tests for it. Creates OwinLogger's and methods to apply them. Updates security methods to ensure that a UmbracoBackOfficeIdentity is returned even from a normal ClaimsIdentity which will be the case with bearer tokens. Updates the angular anti-forgery checker to be ignore if the auth type is not cookie based. Adds a simple token server provider that people can use if they want. Now token authentication is working.	2015-04-10 14:22:09 +10:00
Shannon	86833aa8bf	Updates the back office external cookie name to be consistently cased with the other back office cookie names	2015-04-01 13:42:11 +11:00
Shannon	90b562a0a1	Update the PostLogin method to write the auth ticket the way that webapi is supposed to, not sure how this was actually working before because writing cookies directly with HttpContext and then also using WebApi normally doesn't work (maybe in very specific circumstances), so now the cookie writing is done consistently and it is working, prior to this i was getting lots of issues with the xsrf tokens. Updated some user model mappings for convenience and update naming conventions for some properties of the BackOfficeIdentityUser for consistency.	2015-04-01 13:42:07 +11:00
Shannon	8c51e8bad8	Implements IExternalLoginService and the db table, implements more logic to start enabling this to work in the back office, need to implement the rest of the userstore and then implement a way once logged in to the back office to allow users to link their accounts with external logins. Currently if an external login is detected during startup and it has not been linked we'll throw an exception. Very very close to making this all work nicely.	2015-04-01 13:41:26 +11:00
Shannon	d4b21243ca	Allows external logins to be listed on login page, updates BackOfficeController with actions for invoking them.	2015-04-01 13:41:24 +11:00
Shannon	48317d7e61	massively simplifies the cookie handling, we don't use our own and just use the defaults, the trick to not validating everything is to use the cookie path. This does mean that each clientside request will also be validated but there's no way to override this behavior in identity currently, the cookie handler is internal so unless we copy/paste all of it's code can't do much about that.	2015-04-01 13:41:18 +11:00
Shannon	93df2edec2	Initial install which now uses Identity middleware to perform the back office auth (no longer done in our module). Created custom data secure classes that use the legacy Forms auth logic for backwards compat. This means that the cookie can still be written the old way and still auth the new way if required. Now need to clean a lot of this up.	2015-04-01 13:41:16 +11:00
Shannon	da778e277f	Fixes: U4-6093 ContentService.SaveAndPublishDo changes Culture	2015-01-12 21:45:52 +11:00
Shannon	ad66613011	Updates ValidateCurrentUser so that it doesn't re-decrypt the cookie since that is already done, it just needs to check if the current user is authenticated and if it is a back office identity. Added lots of notes for extension points when we start looking at extending how the back office auth works.	2014-12-05 10:29:18 +11:00
Shannon	ac88da4188	Fixes: U4-4856 ApplicationContext.Current.Services.ContentService.Save throw exception	2014-05-12 14:32:34 +10:00
Shannon	d264792e18	Fixes: U4-4819 Publicize AuthenticationExtensions	2014-05-06 18:15:38 +10:00
Shannon	8926e8c7d9	ensures preview cookie is gone on logout.	2014-01-16 20:56:34 +11:00
Shannon	f4b707e928	Merge remote-tracking branch 'origin/6.2.0' into 7.0.2 Conflicts: src/Umbraco.Core/Configuration/UmbracoSettings.cs src/Umbraco.Core/Security/AuthenticationExtensions.cs src/umbraco.businesslogic/StateHelper.cs	2014-01-16 20:49:19 +11:00
Shannon	c38030def2	Fixes: U4-3855 Preview cookie should be a session cookie not persisted	2014-01-16 20:47:13 +11:00
Shannon	9d90506265	Fixes issue with authcookie on renew - need to ensure its http only and persited for a day remains, ensures the csrf cookies are set when getting the user since that is called before logging in.	2013-12-03 11:57:41 +11:00
Shannon	ea35ea1af5	getting csrf stuff coded up, it's pretty much done just need to write a couple tests and add the filter to the necessary controller/actions	2013-12-02 17:20:50 +11:00
Shannon	b2c5d7270e	Fixes: U4-3286 Using a custom aspx page that inherits from UmbracoEnsuredPage seems to log you out - moves the authentication/ticket logic to one central place, now for all base page validation requests if the ticket is not already there it will attempt to authentication the request. This only occurs when a page is being loaded that requires back office authentication but is not part of the umbraco back office route (so packages mainly)	2013-11-01 15:37:59 +11:00
Shannon	2267ac4534	More work on user timeouts, have the login dialog showing when it needs to and updating the user's ticket and correct new timeout seconds value - now to get it to not re-load routes when they log back in so their data is still editable.	2013-10-16 12:00:42 +11:00
Shannon	8d9f741a6a	Working on user timeouts - now have the user timeout time being nicely tracked in the back office with a bit of injector magic both on the client side and the server side with filters. Now to wire up the call to get remaining seconds if a request hasn't been made for a specified amount of time, then we can add UI notification about timeout period.	2013-10-15 18:46:44 +11:00
Shannon	1e9a17babe	Fixes merge issues, fixes up some unit tests, removes the For<T> config section stuff and simplifies the singleton, refactors it with methods as per discussion with stephen.	2013-09-25 19:23:41 +10:00

1 2

56 Commits