* Added functionality to enable 2FA for users..
* Do not use the obsolete ctor in tests
* cleanup
* Cleanup
* Convert User view from overlay to infinite editor
* Add support for having additional editors on top of the user (2fa) which overlay does not support
* Add controllerAs syntax in the template
* Remove unused dependencies
* Adjustments to 2fa login view
* organize elements
* add translations
* add a11y helpers
* add autocompletion = one-time-code
* change to controllerAs syntax
* add callback to cancel 2fa and fix error where submit button was not reset when all other validations were
* add a cancel/go back button to the 2fa view
* replace header with something less obstrusive
* move logout button to the footer in the new editor view
* change 'edit profile' to an umb-box and move ng-if for password fields out to reduce amount of checks
* Add umb-box to external login provider section
* add umb-box to user history section
* bug: fix bug where notificationsService would not allow new notifications if removeAll had been called
* add styling and a11y to configureTwoFactor view
- also ensure that the view reloads when changes happen in the custom user view to enable 2fa
- ensure that view updates when disabling 2fa
- add extra button to show options (disable) for each 2fa provider
* add notification when 2fa is disabled
* add data-element to support the intro tour
also changed a minor selector in the cypress test
* correct usage of umb-box with umb-box-content
* do not use the .form class twice to prevent double box-shadow
* make tranlastion for 2fa placeholder shorter
* ensure that field with 2fa provider is always visible when more than 1 provider
* move error state of 2fa field to token field
* update translation of multiple 2fa providers
* move CTA buttons to right side to follow general UI practices
* rename options to disable
* add disabled state
* add helper folders to gitignore so you can work with plugins and custom code without committing it accidentally
* move the disable functionality to its own infinite editor view
* use properties from umb-control-group correctly
* add 'track by' to repeater
* make use of umb-control-group
* remove unused functions
* clean up translations
* add Danish translations
* copy translations to english
* Only return enabled 2fa providers as expected
Co-authored-by: Jacob Overgaard <752371+iOvergaard@users.noreply.github.com>
* Turn SlidingExpiration off and only renew cookie of not RemainingSeconds request
Also adds the TicketExpiresClaim before validating the the security stamp, otherwise the claim won't be merged and "dissappear", leading to the user being instantly logged out
Also only EnsureValidSessionId if not RemainingSeconds request, otherwise the session will always be valid, since the remaining seconds request renews it.
* Don't ignore SessionIdClaimType and Cookiepath when merging claims
Besides what the comment used to state these claims are only issued when logging in, leading you to be logged out once the claims are merged, furthermore when we check the session ID we verify that you session has not expired.
* Manually specify Issued and Expires when renewing token
If we don't we lose 30 minutes of our ExpireTimeSpan every time the principal refreshes
* Re-add ignored claims
And use MergeAllClaims on refreshing principal instead.
* EnsureValidSessionId before updating IssuedUtc
* Fix comment
* Update src/Umbraco.Web.BackOffice/Security/ConfigureBackOfficeCookieOptions.cs
Co-authored-by: nikolajlauridsen <nel@umbraco.dk>
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
* Bugfix - Take ufprt from form data if the request has form content type, otherwise fallback to use the query
* External linking for members
* Changed migration to reuse old table
* removed unnecessary web.config files
* Cleanup
* Extracted class to own file
* Clean up
* Rollback changes to Umbraco.Web.UI.csproj
* Fixed migration for SqlCE
* Change notification handler to be on deleted
* Update src/Umbraco.Infrastructure/Security/MemberUserStore.cs
Co-authored-by: Mole <nikolajlauridsen@protonmail.ch>
* Fixed issue with errors not shown on member linking
* fixed issue with errors
* clean up
* Fix issue where external logins could not be used to upgrade Umbraco, because the externalLogin table was expected to look different. (Like after the migration)
* Fixed issue in Ignore legacy column now using result column.
Co-authored-by: Mole <nikolajlauridsen@protonmail.ch>
* starts cleaning up old test project, removing ones we'll never convert, moves new test to where it should be.
* Makes ContentNodeKit immutable properties, moves first nucache tests over
* Gets the Nucache unit tests working and refactors a bit to use builder pattern for models.
* Migrates first xml based cache test to use nucache.
* Migrates a bunch more
* Migrates remaining tests for PublishedContentTests
* Moves PublishedRouterTests
* Moves PublishedContentExtensionTests
* Moves more tests.
* committing wip
* committing wip
* Gets PublishedContentLanguageVariantTests converted and working.
* Fixes DataTable ext method and moves PublishedContentDataTableTests
* Moves PublishedMediaTests
* wip - moving EntityXmlSerializerTests
* Moves more tests
* moves more tests
* moves more tests
* Move another test
* Moves more tests
* Fix test
* move another test
* Moves more tests
* Moves more tests
* Moves more tests
* wip before merge
* More tests
* More tests
* More tests
* More tests
* More tests
* More tests
* Cleanup and moving classes.
* Remove unused code
* Fixed failing tests, due to new null checks, that did not exist in v8
* Avoid breaking changes
* Unbreak more things, even that it the old solution was crazy..
* Fixed bug where ordering of stream readings was changed..
* cleanup
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
* Gather all notifications in Umbraco.Cms.Core.Notifications
* Rename notifications to match convention
* Move and rename missed notifications
* Move the three remaining public notification into Umbraco.Cms.Core.Notifications
* Getting new netcore PublicAccessChecker in place
* Adds full test coverage for PublicAccessChecker
* remove PublicAccessComposer
* adjust namespaces, ensure RoleManager works, separate public access controller, reduce content controller
* Implements the required methods on IMemberManager, removes old migrated code
* Updates routing to be able to re-route, Fixes middleware ordering ensuring endpoints are last, refactors pipeline options, adds public access middleware, ensures public access follows all hops
* adds note
* adds note
* Cleans up ext methods, ensures that members identity is added on both front-end and back ends. updates how UmbracoApplicationBuilder works in that it explicitly starts endpoints at the time of calling.
* Changes name to IUmbracoEndpointBuilder
* adds note
* Fixing tests, fixing error describers so there's 2x one for back office, one for members, fixes TryConvertTo, fixes login redirect
* fixing build
* Updates user manager to correctly validate password hashing and injects the IBackOfficeUserPasswordChecker
* Merges PR
* Fixes up build and notes
* Implements security stamp and email confirmed for members, cleans up a bunch of repo/service level member groups stuff, shares user store code between members and users and fixes the user identity object so we arent' tracking both groups and roles.
* Security stamp for members is now working
* Fixes keepalive, fixes PublicAccessMiddleware to not throw, updates startup code to be more clear and removes magic that registers middleware.
* adds note
* removes unused filter, fixes build
* fixes WebPath and tests
* Looks up entities in one query
* remove usings
* Fix test, remove stylesheet
* Set status code before we write to response to avoid error
* Ensures that users and members are validated when logging in. Shares more code between users and members.
* merge changes
* oops
* Fixes RepositoryCacheKeys to ensure the keys are normalized
* oops didn't mean to commit this
* Fix casing issues with caching, stop boxing value types for all cache operations, stop re-creating string keys in DefaultRepositoryCachePolicy
* oops didn't mean to comit this
* bah, far out this keeps getting recommitted. sorry
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
* Getting new netcore PublicAccessChecker in place
* Adds full test coverage for PublicAccessChecker
* remove PublicAccessComposer
* adjust namespaces, ensure RoleManager works, separate public access controller, reduce content controller
* Implements the required methods on IMemberManager, removes old migrated code
* Updates routing to be able to re-route, Fixes middleware ordering ensuring endpoints are last, refactors pipeline options, adds public access middleware, ensures public access follows all hops
* adds note
* adds note
* Cleans up ext methods, ensures that members identity is added on both front-end and back ends. updates how UmbracoApplicationBuilder works in that it explicitly starts endpoints at the time of calling.
* Changes name to IUmbracoEndpointBuilder
* adds note
* Fixing tests, fixing error describers so there's 2x one for back office, one for members, fixes TryConvertTo, fixes login redirect
* fixing build
* Fixes keepalive, fixes PublicAccessMiddleware to not throw, updates startup code to be more clear and removes magic that registers middleware.
* adds note
* removes unused filter, fixes build
* fixes WebPath and tests
* Looks up entities in one query
* remove usings
* Fix test, remove stylesheet
* Set status code before we write to response to avoid error
* Ensures that users and members are validated when logging in. Shares more code between users and members.
* Fixes RepositoryCacheKeys to ensure the keys are normalized
* oops didn't mean to commit this
* Fix casing issues with caching, stop boxing value types for all cache operations, stop re-creating string keys in DefaultRepositoryCachePolicy
* bah, far out this keeps getting recommitted. sorry
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
