* Refactor OpenIddict for shared usage between APIs + implement member authentication and handling within the Delivery API
* Make SwaggerRouteTemplatePipelineFilter UI config overridable
* Enable token revocation + rename logout endpoint to signout
* Add default implementation of SwaggerGenOptions configuration for enabling Delivery API member auth in Swagger
* Correct notification handling when (un)protecting content
* Fixing integration test framework
* Cleanup test to not execute some composers twice
* Update paths to match docs
* Return Forbidden when a member is authorized but not allowed to access the requested resource
* Cleanup
* Rename RequestMemberService to RequestMemberAccessService
* Rename badly named variable
* Review comments
* Hide the auth controller from Swagger
* Remove semaphore
* Add security requirements for content API operations in Swagger
* Hide the back-office auth endpoints from Swagger
* Fix merge
* Update back-office API auth endpoint paths + add revoke and sign-out endpoints (as of now they do not exist, a separate task will fix that)
* Swap endpoint order to maintain backwards compat with the current login screen for new back-office (will be swapped back again to ensure correct .well-known endpoints, see FIXME comment)
* Make "items by IDs" endpoint support member auth
* Add 401 and 403 to "items by IDs" endpoint responses
---------
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: Elitsa <elm@umbraco.dk>
* chore: Fix XML warnings
* docs: Fix XML warnings
* docs: Fix XML in resource designer
* docs: Fix XML warnings
* Revert "docs: Fix XML in resource designer"
This reverts commit 8ea61c51ac161e1853ae080db7fe1b4d4cb4d2be.
* Added attribute filter to ensure a request is taking a minimum time to response
* Added functionality to management api to send forgot password emails and verify these + do the actual reset using the token
* Renamed UserKey to UserId and updated OpenApi.json
* Update src/Umbraco.Core/Services/IUserService.cs
Co-authored-by: Elitsa Marinovska <21998037+elit0451@users.noreply.github.com>
* Cleanup
* Renaming param
* Fixing send user username instead of email + wrong EmailTypes
* Fixed issue with forgot password functionality after reusing other functionality
* Rename prop
* Adding docs and renaming param
* Handle password validation return types
* More cleanup
---------
Co-authored-by: Elitsa <elm@umbraco.dk>
Co-authored-by: Elitsa Marinovska <21998037+elit0451@users.noreply.github.com>
* Use minimal hosting model
* Make CoreRuntime backward compatible to the old hosting model
* Remove unneccessary methods from interface again
* Pushed the timeout for E2E test to 120 minutes instead of 60
* Updated the preview version from 6 to 7
* Explicitly call BootUmbracoAsync
* Add CreateUmbracoBuilder extension method
* Do not add IRuntime as hosted service when using WebApplication/WebApplicationBuilder
* Set StaticServiceProvider.Instance before booting
* Ensure Umbraco is booted and StaticServiceProvider.Instance is set before configuring middleware
* Do not enable static web assets on production environments
* Removed root namespace from viewImports
---------
Co-authored-by: Andreas Zerbst <andr317c@live.dk>
Co-authored-by: Ronald Barendse <ronald@barend.se>
* Obsolete constructor with deprecated IScopeProvider
* Add exclusion setting to typefinder settings
* The old TypeFinder constructor calls the new constructor now instead and excluded duplicates by using Union instead of Concat.
* Revert "The old TypeFinder constructor calls the new constructor now instead and excluded duplicates by using Union instead of Concat."
This reverts commit 87801c6c1cbaa6adab6f29dba1e876a586e05885.
* Add changes to TypeFinder
* Do not use null when type is not nullable
---------
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
* Obsolete constructor with deprecated IScopeProvider
* Add exclusion setting to typefinder settings
* The old TypeFinder constructor calls the new constructor now instead and excluded duplicates by using Union instead of Concat.
* Revert "The old TypeFinder constructor calls the new constructor now instead and excluded duplicates by using Union instead of Concat."
This reverts commit 87801c6c1cbaa6adab6f29dba1e876a586e05885.
* Add changes to TypeFinder
* Do not use null when type is not nullable
---------
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
* Update to .net 8 preview 1
* Update npoco to 5.7.0
* Update pipeline to use .net 8
* Revert "Update npoco to 5.7.0"
This reverts commit f7795afa77a41ef2719f639405f73d9c21e4b12e.
* Fix tests and updated OpenApi.json
* use dotnet 8 in linux container
* Updated templates and docker image to dotnet 8
* Bugfix
* R
Updated docker images to 8.0 preview 1
* linux docker images updated
* Force use c# 11, in hope of the acceptance tests will pass
* Do not use C# 8 :)
* Update to preview 2
* CompatibilitySuppressions
* updated templates
* Disable package validation
* Update to .net8 preview 4
* change EnableStrictModeForCompatibleFrameworksInPackage to false
* Package validation
* Added CompatibilitySuppressions.xml
* Fix up IP networks
* Updated to preview 5
* Update docker images
* Post merge fixes
* Try to update dotnet version of codeql
* Delete empty suppression files
* Remove dependency
* Cleanup
---------
Co-authored-by: Elitsa <elm@umbraco.dk>
* Added functionality to verify user invite tokens and create the initial password
* Add response types
* Fail ValidateCredentialsAsync when user is not approved
* Enable user as part of initial password creating using validation token
* Adds documentation to badrequest and changed nocontent to ok, to align with other APIs
* Fixed tests and added a new one
---------
Co-authored-by: nikolajlauridsen <nikolajlauridsen@protonmail.ch>
* Fix broken CookieAuthenticationRedirect caused by PR #14036 when not in an API controller
* Added Integration Tests for the MemberAuthorizationFilter
* Fix merge conflict
---------
Co-authored-by: Elitsa <elm@umbraco.dk>
(cherry picked from commit 1d239a30ca)
* Fix broken CookieAuthenticationRedirect caused by PR #14036 when not in an API controller
* Added Integration Tests for the MemberAuthorizationFilter
* Fix merge conflict
---------
Co-authored-by: Elitsa <elm@umbraco.dk>
* add extension method to rewrite requests meant for backoffice static assets
* add backoffice rewrites to application builder
* embed the umbraco hash into the static assets requested on the backoffice
* Added a IStaticFileHostGenerator so its possible to replace our logic
* add docs and ensure the path is uniform with single slashes
---------
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
