* Force system text json for IJSonSerializer
* Migrate ColorPickerValueConverter
* Move ColorPickerValueConverter
* Clean up ColorPickerValueConverter
* Remove obsoleted property editors
* Migrate FlexibleDropdownPropertyValueConverter to System.Text.Json
* Use IJsonSerializer instead and move the value converter to Core
* Migrate ImageCropperValueConverter to System.Text.Json
* Inject jsonserializer in test and obsolete old constructor
* Migrate JsonValueConverter to System.Text.Json
* Remove ContextualConfigurationEditorJsonSerializer
* Remove JsonNetSerializer
* Remove obsolete DeserializeSubset from JsonSerializer interface
* Fix FlexibleDropdownPropertyValueConverter
* Update test JSON to be actual valid json
* Update more test json
* Update time format to be valid
* Add JsonPropertyName to models
* Members and member types in the Management API
* Add validation endpoints for members
* Include validation result in service response + add unit tests
* Regenerate OpenApi.json
* Regenerate OpenApi.json after merge
* Don't throw an exception when trying to set valid variation levels for member types
* Added missing ProducesResponseType
* Remove TODO, as that works
* Allow creation of member with explicit key
* Do not feature "parent" for member creation + add missing response type
* Do not feature a "Folder" in create member type (folders are not supported)
* Added missing build methods
* Fixed issue with mapping
---------
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
* Now properly checks the lockedoutdate
* Also fix Test (failed constructor)
* Processed feedback
* Added obsolete constructor
---------
Co-authored-by: Ambert van Unen <AvanUnen@ilionx.com>
* Added functionality to verify user invite tokens and create the initial password
* Add response types
* Fail ValidateCredentialsAsync when user is not approved
* Enable user as part of initial password creating using validation token
* Adds documentation to badrequest and changed nocontent to ok, to align with other APIs
* Fixed tests and added a new one
---------
Co-authored-by: nikolajlauridsen <nikolajlauridsen@protonmail.ch>
* Add MSSQL migration
* Make upgrade possible when user doesn't have a key yet
* Migrate SQLite
* Migrate the external login column
* Fix logging in after migration
* Handle fake GUID correctly
* Make GetByKey async
* Resolve external logins by key instead of id
* Remove usage of naive UserIdToInt
* Dont use ToGuid for property type defaults
* Use constant GUID for user groups
* Ensure that the same GUID is used to create the root user.
* Add migration for two factor logins
* Add default implementations
* Fix unit test
* Remove TODO
* Fix integration tests
* Add default implementation instead of throwing
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
* Make SQLServer migration idempotent
* Add comment about SQLite
* Fix typo
---------
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
* Update projects to .NET 7
* Fix nullability errors
* Fix up pipelines to run 7.0
* Update langversion to preview
* Revert "Fix up pipelines to run 7.0"
This reverts commit d0fa8d01b8126a4eaa59832a3814a567705419ae.
* Fix up pipelines again, this time without indentation changes
* Include preview versions
* Versions not Version
* Fix ModelTypeTests
* Fix MemberPasswordHasherTests
Microsoft wants to use SHA512 instead of SHA256, so our old hashes will return SuccessRehashNeeded now
* Use dotnet cli instead of nuget restore
* Update src/Umbraco.Web.UI/Umbraco.Web.UI.csproj
* Update dependencies
* Fix nullability issues
* Fix unit test
* Fix nullability in ChangingPasswordModel
OldPassword can be null, if we're changing the password with password reset enabled. Additionally, we might as well use the new required keyword instead of supressing null.
* Use required keyword instead of supressing null
* Fix up pipelines again
* fix up spelling-error
* Use dotnet cli instead of nuget restore
* Fix up another NuGet command
* Use dotnet version 7 before building
* Include preview versions
* Remove condition
* Use dotnet 7 before running powershell script
* Update templates to .net 7
* Download version 7 before running linux container
* Move use dotnet 7 even earlier in E2E process
* Remove dotnet 7
* Reintroduce .NET 7 task
* Update linux docker container and remove dotnet 7 from yml
* Fix up dockerfile with ARG
* Fix up docker file with nightly builds of dotnet 7
* Reintroduce dotnet 7 so windows can use it
* Use aspnet 7 in docker
Co-authored-by: Nikolaj <nikolajlauridsen@protonmail.ch>
Co-authored-by: Zeegaan <nge@umbraco.dk>
* Separate legacy scope provider interface and explicitly implement.
* Don't rely on legacy scope provider for existing tests.
* Assert correct type returned when using legacy scope provider.
* Further enhancements for legacy password support.
For users - try new style passwords first and fallback on failure seeing
as a valid modern password is the norm, rehash is only one time.
For both users and members also deals with the fact that for
useLegacyEncoding we could store any old thing in passwordConfig
e.g. it's possible to get Umbraco8 to store "HMACSHA384" alongside
the hash even though it's really HMACSHA1 with password used as key
(try it out by tweaking machine key settings and setting
useLegacyEncoding=true).
Has behavioral breaking changes in LegacyPasswordSecurity as the
code now expects consumers to to respect IsSupportedHashAlgorithm
rather than ignoring it.
* Less rushed removals
* Bugfix - Take ufprt from form data if the request has form content type, otherwise fallback to use the query
* External linking for members
* Changed migration to reuse old table
* removed unnecessary web.config files
* Cleanup
* Extracted class to own file
* Clean up
* Rollback changes to Umbraco.Web.UI.csproj
* Fixed migration for SqlCE
* Added 2fa for members
* Change notification handler to be on deleted
* Update src/Umbraco.Infrastructure/Security/MemberUserStore.cs
Co-authored-by: Mole <nikolajlauridsen@protonmail.ch>
* updated snippets
* Fixed issue with errors not shown on member linking
* fixed issue with errors
* clean up
* Fix issue where external logins could not be used to upgrade Umbraco, because the externalLogin table was expected to look different. (Like after the migration)
* Fixed issue in Ignore legacy column now using result column.
* Updated 2fa for members + publish notification when 2fa is requested.
* Changed so only Members out of box supports 2fa
* Cleanup
* rollback of csproj file, that should not have been changed
* Removed confirmed flag from db. It was not used.
Handle case where a user is signed up for 2fa, but the provider do not exist anymore. Then it is just ignored until it shows up again
Reintroduced ProviderName on interface, to ensure the class can be renamed safely
* Bugfix
* Registering DeleteTwoFactorLoginsOnMemberDeletedHandler
* Rollback nuget packages added by mistake
* Update src/Umbraco.Infrastructure/Services/Implement/TwoFactorLoginService.cs
Co-authored-by: Mole <nikolajlauridsen@protonmail.ch>
* Update src/Umbraco.Infrastructure/Persistence/Repositories/Implement/TwoFactorLoginRepository.cs
Co-authored-by: Mole <nikolajlauridsen@protonmail.ch>
* Added providername to snippet
Co-authored-by: Mole <nikolajlauridsen@protonmail.ch>
* Bugfix - Take ufprt from form data if the request has form content type, otherwise fallback to use the query
* External linking for members
* Changed migration to reuse old table
* removed unnecessary web.config files
* Cleanup
* Extracted class to own file
* Clean up
* Rollback changes to Umbraco.Web.UI.csproj
* Fixed migration for SqlCE
* Change notification handler to be on deleted
* Update src/Umbraco.Infrastructure/Security/MemberUserStore.cs
Co-authored-by: Mole <nikolajlauridsen@protonmail.ch>
* Fixed issue with errors not shown on member linking
* fixed issue with errors
* clean up
* Fix issue where external logins could not be used to upgrade Umbraco, because the externalLogin table was expected to look different. (Like after the migration)
* Fixed issue in Ignore legacy column now using result column.
Co-authored-by: Mole <nikolajlauridsen@protonmail.ch>
* https://github.com/umbraco/Umbraco-CMS/issues/11366
Fallback to try login using super legacy HMACSHA1 even when the algorithm is stated as being HMACSHA256. The issue is that v8 saves HMACSHA256 on the user, but when configured to use legacy encoding it actually uses HMACSHA1
* Support migration of members with:
UseLegacyEncoding+Clear
UseLegacyEncoding+Encrypted (Requires machine key)
UseLegacyEncoding+Hashed
* Fixes unit tests
* Avoid exceptions + unit tests
* Save unknown algorithm if we dont know it, instead of persisting a wrong algorithm.
* Added setting to enable clear text password rehashes.
* Removed support for migration of clear text passwords
* Fixed unit test
