* Adds `preview.js`
to replace the legacy `umbraco.websitepreview.min.js` script.
Updates the content's `Id` with `Key`.
* allow any protected route to render the backoffice
* optimise component so it doesn't need to observe its attributes and use the popover API to show it on top of the content
* handle case where the culture could be set to "invariant" - we just want to set the "lang" attribute to the default ui language
* convert 'end preview' into an api request and reset the style of the button
* minimize function
* move static text into constants
---------
Co-authored-by: Jacob Overgaard <752371+iOvergaard@users.noreply.github.com>
* AB40660 - untangle the preview cookie from the auth cookie
* Clean up
* Allow anonymous to end preview sessions
* Some refinements
* update OpenApi.json
* Fix enter preview test
* correct tests to match new expectations of the preview cookie
* sync preview tests with correct expectations of access level
---------
Co-authored-by: Sven Geusens <sge@umbraco.dk>
Co-authored-by: Jacob Overgaard <752371+iOvergaard@users.noreply.github.com>
* Sends GUID instead of the numeric ID for SignalR Preview Hub
* Add possibility to set cookies as HttpOnly
* Set UMB_PREVIEW cookie as HttpOnly
* fixup! Add possibility to set cookies as HttpOnly
* Refactor ContentFinderByIdPath to more readable
* Create ContentFinderByKeyPath reusing logic from ContentFinderByIdPath
* Add a comment to DisableFindContentByIdPath setting
* Append new content finder
* Change ordering of content finders registrations
* Refactor with a base class
* Update/refactor and add tests regarding ContentFindersByIdentifier
* Fix comment
* Avoiding breaking change
* Make usages use non-obsolete implementation
* Fixed todo in config instead of use the one old legacy name even more. Also obsoleted the ContentFinderByIdPath
* add `preview` as an allowed backoffice client route
---------
Co-authored-by: Sven Geusens <sge@umbraco.dk>
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: Jacob Overgaard <752371+iOvergaard@users.noreply.github.com>
* Added endpoint and backing service for backoffice login providers and the status per user.
* Improve link login redirect forming and error handling
* Add responseModel and mapping instead of returning core model
* Moved unlink endpoint logic into a service
* Refactored ExternalLinkLoginCallback logic into BackofficeExternalLoginService method
* typo and minor code style improvements
* async method name alignment
* Add BackOfficeExternalLoginService tests
* Remove helper method that makes less sense that thought.
* Minor formatting, clean-up and conventions
* Replaced cookie authentication in link-login with a short lived secret
Applied PR feedback
* Update openapi
* Changed link login to a form endpoint
* fix broken comment link
* Do not store claimsprinciple in secret + comments
* update redirect paths
---------
Co-authored-by: Sven Geusens <sge@umbraco.dk>
Co-authored-by: kjac <kja@umbraco.dk>
Co-authored-by: Jacob Overgaard <752371+iOvergaard@users.noreply.github.com>
* Revert "v14: Remove mentions of UmbracoApiController (#15863)"
This reverts commit 30e2dea57a.
* Obsolete UmbracoApiController
* Added a few more obsoletion messages
* Removed some of the reintroduced stuff again
* Add obsoletion to FrontEndRoutes controller
---------
Co-authored-by: kjac <kja@umbraco.dk>
* set the default for `AuthorizeCallbackPathName` to "/umbraco/oauth_complete" to allow the server to redirect the user back to a route where we don't load the entire backoffice.
* remove redundant method
* Added mostly working linking methods to the backoffice controller
Cleanup still required
* Added proposed default error handling extionsion methods
* Cleanup, clarification and PR feedback
* More cleanup
* Transformed the OAuthOptionsExtensions into a helper class
this allows for proper DI for the dependencies
---------
Co-authored-by: Sven Geusens <sge@umbraco.dk>
* Implement using keymap for member
* Remove current usages of GetUserById
* User userId resolver to resolve user key
* Refactor user repository to use GUID not int
* Add happy path test
* Remove user in cache when user gets updated
* Use await in async method
* Fix up according to review
* Update IMetricsConsentService.cs to have async method
* Fix according to review
* Fix more according to comments
* Revert "Fix up according to review"
This reverts commit a75acaaa
* Get current backoffice user from method
* Update user repository delete functionality
* Fix up more test
* Try to get user by id if key fails
* Add user key as required claim
* Fix tests
* Don't set claim in BackofficeController
* Create constant for the Sub claim
---------
Co-authored-by: kjac <kja@umbraco.dk>
* Obsoletions related to Delivery API
* Fix TypeLoader and TypeFinder tests
* Remove obsolete and default implementations of IFileSource and IFileTypeCollection
* More Delivery API related obsoletions
* VariationContextAccessor related
* ValueFactories obsoletion and fix references
* ValueSetBuilders obsoletions
* ValueConverters obsoletions
* Other obsolete ctors and methods
* Forgotten VariationContextAccessor obsoletion
* More obsoletions
* XPath related obsoletions
* Revert XmlHelper changes
* Delete RenamedRootNavigator and its tests
* Fix test
* XmlHelper obsoletion
* Return null instead of GetXPathValue
* Obsolete entire class instead
* Remove XPath obsoletions from IPublishedCache
* Remove XPath-related if-block that is no longer needed
* Change obsolete msg for classes needed for NuCache
* Moving classes to NuCache and making them internal
* Remove more XPath-related obsoletions
* Remove NavigableNavigator and its tests
* Cleanup
* Remove Xpath references from tests
* Revert interface deletion in MediaCache
* Using XOR operation
Co-authored-by: Nuklon <Nuklon@users.noreply.github.com>
---------
Co-authored-by: Nuklon <Nuklon@users.noreply.github.com>
* Removed the "New" from all policy names now that the legacy backoffice is gone.
* more policy renaming
* more policy renaming
* Uncommenting tests
* Cleanup
* Removing unused policy names
* Renaming AdminUserEditsRequireAdmin to a more meaningful UserPermissionByResource
* Completing TODO and some alphabetical rearranging
---------
Co-authored-by: Elitsa <elm@umbraco.dk>
* Migrate ObjectJsonExtensions
* Use more generic exception to not use Newtonsoft
It should matter if it's a JsonReaderException, if we can't read we can't read
* Remove obsoleted constructors
* Use more generic exception in ContentValueSetBuilder
* Fix constructors
* Remove UdiRangeJsonConverter
* Remove more legacy newtonsoft stuff
* Migrate away from newtonsoft in CacheInstructionService
* Remove unused model binders
* Remove more newtonsoft
* Remove newtonsoft from DatabaseServerMessenger
* Remove now irrelevant benchmark
* Remove the usage of Newtonsoft from ImageCropperTemplateCoreExtensions
The value converter will never return JObject, JsonDocument, or JsonNode
* Remove usages of newtonsoft in ComplexPropertyEditorContentNotificationHandler
JTokens are no longer returned, so we don't need to check for it
* Remove newtonsoft references
* Re-add newtonsoft dependency to Umbraco.Tests.Common
* Fix package references
* move dependency
---------
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
* Make create user endpoint work with the supplied id
Return 201 instead of 200 with correct resource identifier
* Add ResetPassword endpoint
* Bring changepassword route inline with other resource actions
* Fixed User endpoints not advertising all their possible response codes/ models
Fixed certain endpoints not authorizing targeted user(s) versus the admin needs admin authorization requirement
Fixed a user not found response bug for the update flow
Fix spacing
* Fixed CurrentUser endpoints not advertising all their possible response codes/ models
Fix incorrect responseStatus in UserService.GetPermissionsAsync
* Update OpenApi definition
Fix smal model oversights in previous commits
* Update incorrect Response type
* Check for duplicate id's in user create validation
* Remove unnecasary returnmodel from changepassword
Renamed the model to it's remaining usage
* rename bad constructor parameter
* Renamed method parameters for better readability and usage
* Fixed wrong userkey being passed down because of (refactored) bad naming
Technically doesn't change anything as the two id's should be the same in this case (reset with token is always for self)
* Fixed resetpassword bug
* Update openapi
* Update src/Umbraco.Core/Services/UserService.cs
Co-authored-by: Kenn Jacobsen <kja@umbraco.dk>
* Remove old password from change user password request model
Only makes sense when doing it for the logged in user => current endpoint
---------
Co-authored-by: Sven Geusens <sge@umbraco.dk>
Co-authored-by: Kenn Jacobsen <kja@umbraco.dk>
* Removes lots of files used by the old backoffice and that is not needed for the management api
* A little clean-up
---------
Co-authored-by: kjac <kja@umbraco.dk>
* Move magical route to management api
* Move auth around
* Remove "New" cookies, as they are no longer needed
* Move all installer related
* Remove BackOfficeServerVariables.cs and trees
* Move webhooks to management api
* Remove remainting controllers
* Remove last services
* Move preview to management api
* Remove mroe extensions
* Remove tours
* Remove old Auth handlers
* Remove server variables entirely
* Remove old backoffice controller
* Remove controllers namespace entirely
* Move rest of preview
* move last services
* Move language file extension
* Remove old backoffice entirely (Backoffice and Web.UI projects)
* Clean up unused security classes
* Fix up installer route
* Remove obsolete tests
* Fix up DI in integration test
* Add missing property mapping
* Move core mapping into core
* Add composers to integration test
* remove identity
* Fix up DI
* Outcomment failing test :)
* Fix up remaining test
* Update mapper
* Remove the actual project files
* Remove backoffice cs proj
* Remove old backoffice from yml
* Run belissima before login
* Remove caching
* Refactor file paths
* Remove belle from static assets
* Dont refer to old project in templates
* update gitignore
* Add missing files
* Remove install view as its no longer used
* Fix up failing test
* Remove outcommented code
* Update submodule to latest
* fix build
---------
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
* Force system text json for IJSonSerializer
* Migrate ColorPickerValueConverter
* Move ColorPickerValueConverter
* Clean up ColorPickerValueConverter
* Remove obsoleted property editors
* Migrate FlexibleDropdownPropertyValueConverter to System.Text.Json
* Use IJsonSerializer instead and move the value converter to Core
* Migrate ImageCropperValueConverter to System.Text.Json
* Inject jsonserializer in test and obsolete old constructor
* Migrate JsonValueConverter to System.Text.Json
* Remove ContextualConfigurationEditorJsonSerializer
* Remove JsonNetSerializer
* Remove obsolete DeserializeSubset from JsonSerializer interface
* Fix FlexibleDropdownPropertyValueConverter
* Update test JSON to be actual valid json
* Update more test json
* Update time format to be valid
* Add JsonPropertyName to models
* register a new IPackageManifestReader to allow to scan the /umbraco/backoffice path for umbraco packages
* add constant
* add logic to extract the importmap from umbraco package manifests
* add html helper to render an importmap
* replace static importmap with new dynamic importmap
* update tests and be more specific about scopes
* remove recursion from PackageManifestReader.cs
* add extra test to validate the importmap
* combine all string manipulation to produce an importmap into HtmlHelperBackOfficeExtensions.cs
* rename IStaticFileHostGenerator to something reflecting its actual usage, and also fix the file names
* use auto properties where applicable
* add getter for BackOfficeHash and use to simplify BackofficeAssetsPath
* ensure BackOffice is always spelled with capital O
* add a way to replace the cachebuster for assets imported through an importmap and ensure magic strings are encapsulated into business logic or constants
* Review changes
* convert primary constructors to explicit and add comments
* convert primary constructor to explicit
---------
Co-authored-by: kjac <kja@umbraco.dk>
* show external login errors as a subheadline on the login screen
* fix: migrate error handling from v12 for external login
* cleanup unused client-side javascript
* Implemented culture based authorization for content
* Implemented culture auth for create/update of documents
* Applied culture authorization to dictionary create/update
* Added an integration test to test an assumption about the ContentTypeEditingService.CreateAsync method
* Fix processing when result is already false;
* Apply suggestions from code review
Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
* Refactor method to async + clarify and consilidate comments regarding dictionary locks
---------
Co-authored-by: Sven Geusens <sge@umbraco.dk>
Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
* Updaets `MigrationPlanExecutor.cs` to use serilog convention for strings
* Updaets `ExamineManagementController.cs` to use serilog convention for strings
* Updaets `HelpController.cs` to use serilog convention for strings
* Updaets `PreviewAuthenticationMiddleware.cs` to use serilog convention for strings
* Add item in requestcache when security stamp is already updated in request
* Propagate constructur obsoletion to implementing services and fix unit tests
---------
Co-authored-by: kjac <kja@umbraco.dk>
* Disable transitive package version pinning
* Take top-level dependencies on Azure.Identity and System.Net.Http
* Take top-level dependencies on System.Security.Cryptography.Xml and System.Text.RegularExpressions
