yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,217 Commits 4 Branches 7 Tags
cca27e064aa6b4dbced52c7027540ba3f855fb92
Commit Graph

16 Commits

Author SHA1 Message Date
Shannon
d264792e18 Fixes: U4-4819 Publicize AuthenticationExtensions 2014-05-06 18:15:38 +10:00
Shannon
8926e8c7d9 ensures preview cookie is gone on logout. 2014-01-16 20:56:34 +11:00
Shannon
f4b707e928 Merge remote-tracking branch 'origin/6.2.0' into 7.0.2 
Conflicts:
	src/Umbraco.Core/Configuration/UmbracoSettings.cs
	src/Umbraco.Core/Security/AuthenticationExtensions.cs
	src/umbraco.businesslogic/StateHelper.cs
 2014-01-16 20:49:19 +11:00
Shannon
c38030def2 Fixes: U4-3855 Preview cookie should be a session cookie not persisted 2014-01-16 20:47:13 +11:00
Shannon
9d90506265 Fixes issue with authcookie on renew - need to ensure its http only and persited for a day remains, ensures the csrf cookies are set when getting the user since that is called before logging in. 2013-12-03 11:57:41 +11:00
Shannon
ea35ea1af5 getting csrf stuff coded up, it's pretty much done just need to write a couple tests and add the filter to the necessary controller/actions 2013-12-02 17:20:50 +11:00
Shannon
b2c5d7270e Fixes: U4-3286 Using a custom aspx page that inherits from UmbracoEnsuredPage seems to log you out - moves the authentication/ticket logic to one central place, now for all base page validation requests if the ticket is not already there it will attempt to authentication the request. This only occurs when a page is being loaded that requires back office authentication but is not part of the umbraco back office route (so packages mainly) 2013-11-01 15:37:59 +11:00
Shannon
2267ac4534 More work on user timeouts, have the login dialog showing when it needs to and updating the user's ticket and correct new timeout seconds value - now to get it to not re-load routes when they log back in so their data is still editable. 2013-10-16 12:00:42 +11:00
Shannon
8d9f741a6a Working on user timeouts - now have the user timeout time being nicely tracked in the back office with a bit of injector magic both on the client side and the server side with filters. Now to wire up the call to get remaining seconds if a request hasn't been made for a specified amount of time, then we can add UI notification about timeout period. 2013-10-15 18:46:44 +11:00
Shannon
1e9a17babe Fixes merge issues, fixes up some unit tests, removes the For<T> config section stuff and simplifies the singleton, refactors it with methods as per discussion with stephen. 2013-09-25 19:23:41 +10:00
Shannon
f38a6e1561 Makes some massive headway with the real config section, have got all code re-delegated to using it and have migrated the baserest config to the core project, all configs will be shared out of the UmbracoConfiguration singleton, now to get the unit tests all wired up and using mocks for the most part. 2013-09-13 18:11:20 +10:00
Shannon
7806762b80 Implemented a real .Net configuration section for umbracoSettings.config + unit tests for every property. NOTE: This isn't referenced in the codebase yet, going to start setting default values for most of the properties so that we can remove them from the config file for shipping (ship minimal config) then reference these settings in the codebase. 2013-08-31 11:28:19 +10:00
perploug
e825c08901 Added events.Service and xmlhelper.service 2013-08-12 15:17:34 +02:00
Shannon
c40084c625 updates the forms auth stuff to be more inline with how v6 operates. Cookie is always stored for 1 day and we need to ensure that https and httponly is checked. 2013-08-05 15:39:18 +10:00
Shannon
c4b44ea0e3 Fixes: U4-2577 Can't save umbraco user - without re-filling in the password 
Fixes: U4-541 Wrong dictionary key when using in backend template names
This changes the way that the value that is stored in the auth cookie. Previously we just stored a GUID which was the user's contextid stored in the db, now we store encrypted values of a few necessary user objects. In 6.2 we'll actually set a real .Net user object on the HttpContext. For now, the http module will simply just ensure that the culture is set correctly for the currently logged in user.
 2013-08-02 15:16:04 +10:00
Shannon
6f464567bb Implements real FormsAuthentication for back office cookie authentication... finally :) 2013-07-31 17:08:56 +10:00