* Move magical route to management api
* Move auth around
* Remove "New" cookies, as they are no longer needed
* Move all installer related
* Remove BackOfficeServerVariables.cs and trees
* Move webhooks to management api
* Remove remainting controllers
* Remove last services
* Move preview to management api
* Remove mroe extensions
* Remove tours
* Remove old Auth handlers
* Remove server variables entirely
* Remove old backoffice controller
* Remove controllers namespace entirely
* Move rest of preview
* move last services
* Move language file extension
* Remove old backoffice entirely (Backoffice and Web.UI projects)
* Clean up unused security classes
* Fix up installer route
* Remove obsolete tests
* Fix up DI in integration test
* Add missing property mapping
* Move core mapping into core
* Add composers to integration test
* remove identity
* Fix up DI
* Outcomment failing test :)
* Fix up remaining test
* Update mapper
* Remove the actual project files
* Remove backoffice cs proj
* Remove old backoffice from yml
* Run belissima before login
* Remove caching
* Refactor file paths
* Remove belle from static assets
* Dont refer to old project in templates
* update gitignore
* Add missing files
* Remove install view as its no longer used
* Fix up failing test
* Remove outcommented code
* Update submodule to latest
* fix build
---------
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
* Adding revoke user auth token handler and registering it
* Maintain method clarity by grouping new calls into its own method
* Rename functions to what they do
* Suggested linq function of tripple nesting
* Reduce nesting by early loop continuation
* Fix PR suggestion async typo
* Review suggestions
* Log msg alignment between members and users
---------
Co-authored-by: Sven Geusens <sge@umbraco.dk>
* Added 2FA management endpoints
* Ensure not found do not lead to forbidden results
* Do not inherit the requirement to have access to users, from the current user base class
* Updated OpenApi.json
* Handle 2FA in login scenario (only backend)
* Added the endpoint to use for client to post 2FA code
* Fixed tests and allow injecting the authentication type settings
* fix test build
* Fallback to use Constants.Security.BackOfficeAuthenticationType
* remove unused variable
* Review fixes
* Build fix
* Update src/Umbraco.Cms.Api.Management/Controllers/User/Current/DisableTwoFactorProviderCurrentUserController.cs
Co-authored-by: Sven Geusens <geusens@gmail.com>
* Handle case where 2fa provider is already setup
---------
Co-authored-by: Sven Geusens <geusens@gmail.com>
* Refactor OpenIddict for shared usage between APIs + implement member authentication and handling within the Delivery API
* Make SwaggerRouteTemplatePipelineFilter UI config overridable
* Enable token revocation + rename logout endpoint to signout
* Add default implementation of SwaggerGenOptions configuration for enabling Delivery API member auth in Swagger
* Correct notification handling when (un)protecting content
* Fixing integration test framework
* Cleanup test to not execute some composers twice
* Update paths to match docs
* Return Forbidden when a member is authorized but not allowed to access the requested resource
* Cleanup
* Rename RequestMemberService to RequestMemberAccessService
* Rename badly named variable
* Review comments
* Hide the auth controller from Swagger
* Remove semaphore
* Add security requirements for content API operations in Swagger
* Hide the back-office auth endpoints from Swagger
* Fix merge
* Update back-office API auth endpoint paths + add revoke and sign-out endpoints (as of now they do not exist, a separate task will fix that)
* Swap endpoint order to maintain backwards compat with the current login screen for new back-office (will be swapped back again to ensure correct .well-known endpoints, see FIXME comment)
* Make "items by IDs" endpoint support member auth
* Add 401 and 403 to "items by IDs" endpoint responses
---------
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: Elitsa <elm@umbraco.dk>
* Add OpenIddict tables to database (#14449)
* Added migrations to install EF Core OpenIddict tables
* Handle Install of ef core data (Needs to be outside of transaction
* Cleanup and renaming, as these things will be reused for more than openiddict in the future
* Cleanup
* Extract db context setup
* Minor cleanup
---------
Co-authored-by: Nikolaj <nikolajlauridsen@protonmail.ch>
* Use OpenIddict from DB instead of InMemoryDb
* Do not try to clean up, while not it run mode
* Fixed tests
* Clean up
---------
Co-authored-by: Nikolaj <nikolajlauridsen@protonmail.ch>
Co-authored-by: Elitsa <elm@umbraco.dk>
* Add current user data endpoint
* Add Change password endpoint
* Add SetAvatar
* Add get node permissions
* Add endpoint for getting currently logged in users linked logins
* Add tour service
* Add get tours
* Add set tour endpoint
* Added PermissionNames to IReadOnlyUserGroup
* Only require backend auth on management api
* Use ISet in response model
* Fixed issue with saving null as startMediaId, where it was ignored
* Add get current user endpoint
* Fix missing linebreak
* Append "New" keyword to policies
* Update OpenApi
---------
Co-authored-by: Nikolaj <nikolajlauridsen@protonmail.ch>
* This moves around files and deletes the temp projects with files that are not moved to Core, Infrastructure etc.
Also moves the from new backoffice to static access, and override those with the old views in the legacy executeable
* Removes old files from the new executeable.
* Added missing files
* Added EF Core project to solution file
* fix build
* Add a dedicated (temporary) cookie setup for new backoffice logins, so old and new backoffice can co-exist behind separate logins
* use temp management api login endpoint for authentication
* Update OpenAPI JSON
---------
Co-authored-by: Jacob Overgaard <752371+iOvergaard@users.noreply.github.com>
* Updated OpenIddict to v4 and when through the migration guide.
(SetAuthorizationEndpointUris and SetTokenEndpointUris should not start with a leading / anymore)
* Fixed issue where the old backoffice did not build
* Fixed build
* Fake a change - hopefully npm can see the file now?
* try using npm install instead of npm ci
* Another trial
* remove build of old backoffice
* Oops build new backoffice - not the old
* rollback changes to static assets
* Foreach csproj file instead. Fix for breaking change in dotnet sdk 7.0.200
