yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
21,935 Commits 4 Branches 7 Tags
ce2e8a147e3d58366aec71af544e3696ead4123c
Commit Graph

80 Commits

Author SHA1 Message Date
Shannon Deminick
43f369f96f Merge pull request #2306 from Sam7/dev-v7 
U4-10453 - Ability to Sync after each external login (using OWIN)
 2017-12-18 14:42:25 +11:00
Shannon
78f6b8d8bc Fixes up more the the session id validation, makes sure that the GetUserSecondsMiddleWare also validates the session since this is what keeps the user logged in if that option is being used. 2017-11-08 23:57:17 +11:00
Sam Sperling
dcdaa8d62d U4-10453 - Ability to Sync after each external login (using OWIN) 
Added a new function OnExternalLogin for the ExternalSignInAutoLinkOptions to enable full syncing capabilities for external logins
 2017-11-06 15:31:36 +11:00
Shannon
019147c1a1 Moves the session generation to the BackOfficeCookieAuthenticationProvider which is where it should be, so it only gets generated before the cookie is written. Writes the checking cookie inside of a lock to prevent multiple db and cookie writes that are unecessary. 2017-11-03 18:07:17 +11:00
Shannon
782d6100f0 Gets user session management tracking via the database including detecting stale sessions, generating and removing them along with cleaning them up. This takes into account legacy code too. The session is revalidated on a one minute threshold per user so that it's not hammering the databse on every request. 2017-11-03 17:27:23 +11:00
Shannon
4b7bd6482e Creates new EmailSender which should take the place throughout the codebase for sending emails in the Core. Have replaced most places where SMTP is used directly (but not the notifications part since that is more complicated right now). Added the internal event and special usage so we can raise an event to send an email if smtp is not configured. 2017-09-05 18:52:03 +10:00
Shannon
5cd314335c formatting 2017-08-02 11:56:11 +10:00
Shannon
241d486e97 Merge remote-tracking branch 'origin/dev-v7' into dev-v7.7 
# Conflicts:
#	src/Umbraco.Web/Security/Identity/FormsAuthenticationSecureDataFormat.cs
 2017-08-02 11:55:15 +10:00
Shannon
1ccc8cc161 U4-10123 Make sure the backoffice login is not susceptible to DOS attacks 2017-07-25 19:40:30 +10:00
Shannon
97471f667d Updates the BackOfficeIdentityUser to property support ASP.NET Identity Roles 2017-07-20 22:02:32 +10:00
Shannon
7aca656919 Merge branch 'user-group-permissions' into temp-U4-10138 
# Conflicts:
#	src/Umbraco.Core/Models/Identity/BackOfficeIdentityUser.cs
#	src/Umbraco.Core/Models/Identity/IdentityModelMappings.cs
 2017-07-20 20:00:05 +10:00
Shannon
8df00d5525 Fixes U4-10111 Changing email on a user doesn't show the username field 2017-07-19 19:22:43 +10:00
Shannon
b32325bbaa Adds all change tracking to the BackOfficeIdentityUser ensures values are not persisted that are not changed, adds required null checks, removes internal method GetOrCreateBackOfficeUser 2017-07-19 14:13:42 +10:00
Shannon
546999e470 U4-9946 Update the ExternalSignInAutoLinkOptions to support groups - currently still using UserType 2017-06-30 16:50:44 +10:00
Shannon
cec829774e Merge remote-tracking branch 'origin/dev-v7' into user-group-permissions 
# Conflicts:
#	src/Umbraco.Core/Persistence/Repositories/ContentRepository.cs
#	src/Umbraco.Web/Cache/DataTypeCacheRefresher.cs
 2017-06-20 17:09:52 +10:00
Shannon
2ee34d5c48 updates user models 2017-06-05 23:25:33 +02:00
Sam Sperling
b5c2fc82bb U4-9973 Remove sealed modifier from ExternalSignInAutoLinkOptions class 2017-06-02 11:43:06 +10:00
Shannon
38837049f0 adds invite user endpoint with a controller test! 2017-05-24 19:01:01 +10:00
Shannon
6b038186be Fixes SignalR registration, the mapping was registered in the wrong place and too early so security was not working, bumps version for MyGet 2017-01-03 13:11:05 +11:00
Shannon
95187becaf bumps to next alpha for MyGet 2017-01-03 11:50:29 +11:00
Stephan
20fc78419e Refactor / fix SignalR integration, add nuspec dependency 2016-10-19 15:07:48 +02:00
Shannon
893c2a99be adds some comments 2016-09-08 09:30:13 +02:00
Shannon
2ff3ce933b U4-8850 Configuring a custom BackOfficeUserManager type will not work if the type is not specifically BackOfficeUserManager 2016-08-12 12:20:00 +02:00
Shannon
e3b9a45435 Updates public APIs to enable umbraco cookie auth so devs can specify their own cookie options if required. 2016-07-18 10:09:46 +02:00
Shannon
506ed9f866 U4-8286 Add OWIN startup events to the UmbracoDefaultOwinStartup class 2016-04-07 17:51:09 +02:00
Shannon
9e3d7a1cce updates default pipeline marker stage for the preview middleware, updates MembershipHelper to not throw an exception if the Role manager is disabled. 2016-03-18 11:05:39 +01:00
Shannon
2f9b526465 Only apply preview auth if Umbraco is fully configured 2016-03-16 10:41:33 +01:00
Shannon
af1fe425a2 udpates ext method to specify an explicit marker stage, updates UmbracoDefaultOwinStartup to be more flexible with the methods to override. 2016-03-09 19:37:37 +01:00
Shannon
22385d40db U4-4219 Can't Preview protected pages 2016-03-09 17:35:50 +01:00
Sebastiaan Janssen
42a68cb770 U4-7494 Installation Fails for 7.3.3 - Intermittent - Value cannot be null. Parameter name: sqlSyntax 2016-02-16 14:00:28 +01:00
Shannon
e423864781 Merge remote-tracking branch 'origin/master-v7' into dev-v7 
Conflicts:
	build/UmbracoVersion.txt
	src/SolutionInfo.cs
	src/Umbraco.Core/Cache/FullDataSetRepositoryCachePolicy.cs
	src/Umbraco.Core/Cache/FullDataSetRepositoryCachePolicyFactory.cs
	src/Umbraco.Core/Configuration/UmbracoVersion.cs
	src/Umbraco.Core/Persistence/Repositories/ContentTypeBaseRepository.cs
	src/Umbraco.Core/Persistence/Repositories/ContentTypeRepository.cs
	src/Umbraco.Core/Persistence/Repositories/DomainRepository.cs
	src/Umbraco.Core/Persistence/Repositories/LanguageRepository.cs
	src/Umbraco.Core/Persistence/Repositories/MediaTypeRepository.cs
	src/Umbraco.Core/Persistence/Repositories/MemberTypeRepository.cs
	src/Umbraco.Core/Persistence/Repositories/PublicAccessRepository.cs
	src/Umbraco.Core/Persistence/Repositories/TemplateRepository.cs
	src/Umbraco.Core/Umbraco.Core.csproj
	src/Umbraco.Tests/Cache/FullDataSetCachePolicyTests.cs
	src/Umbraco.Web.UI.Client/src/common/directives/components/grid/grid.rte.directive.js
	src/Umbraco.Web.UI.Client/src/less/hacks.less
	src/Umbraco.Web.UI/Umbraco.Web.UI.csproj
	src/Umbraco.Web/WebBootManager.cs
 2016-02-03 12:30:11 +01:00
Shannon
6583ff4439 U4-7821 KeepUserLoggedIn with a long umbracoTimeOutInMinutes has logout issues 2016-02-02 12:12:51 +01:00
Shannon
dca6f2b42a fixes build 2016-01-06 10:47:58 +01:00
Shannon
b0060a9592 Merge remote-tracking branch 'origin/dev-v7' into 7.4.0 
Conflicts:
	build/InstallGit.cmd
	build/UmbracoVersion.txt
	src/SolutionInfo.cs
	src/Umbraco.Core/Configuration/UmbracoVersion.cs
	src/Umbraco.Web.UI/Umbraco.Web.UI.csproj
	src/Umbraco.Web.UI/Umbraco/config/lang/nb.xml
	src/Umbraco.Web/Editors/DataTypeValidateAttribute.cs
	src/Umbraco.Web/Security/Identity/UmbracoBackOfficeCookieAuthOptions.cs
	src/Umbraco.Web/WebServices/SaveFileController.cs
 2016-01-06 10:46:38 +01:00
Shannon
d08f4230c8 U4-7538 GetRemainingTimeoutSeconds is double setting the cookie in 7.4 2016-01-05 12:35:06 +01:00
Shannon
3f796791cc uses the main property value instead of the param 2015-12-15 17:17:11 +01:00
Shannon
b74cab6f0b U4-7538 GetRemainingTimeoutSeconds is double setting the cookie in 7.4 2015-12-15 16:56:31 +01:00
Shannon
87100feb3d Fixes: U4-7467 Umbraco 7.3.2 Clean install, OWIN error after database creation and bumps version 2015-11-27 21:23:24 +01:00
Shannon
c4860a490f Ensures that GetUserSecondsMiddleWare uses the SystemClock for UTC Now, ensures that it only extends the ticket when necessary and not everytime this middleware is called - the same logic that OWIN normally renews tickets with, this means the cookie is not written everytime this request is made. 2015-11-27 16:43:02 +01:00
Shannon
8e6bbc3df9 Ensures that written cookies are done so consistently based on the UmbracoBackOfficeCookieAuthOptions. Ensures that when a webforms page requests token renewal that the token is not always renewed for the request, it checks if the tokens expiry correctly and only renews when necessary so the cookie is not written each time. Fixes the ForceRenewalCookieAuthenticationHandler to only write a cookie if the request is for a request that is not normally auth'd (i.e. is a webforms form that exists outside the normal /umbraco path ... legacy). 2015-11-27 16:25:39 +01:00
Shannon
6d0aa824ad U4-7307 Windows Authentication prompts for Windows login after Umbraco login 2015-11-24 16:31:18 +01:00
Shannon
555b520a0c Cleans up the usages of auth cookies. OWIN is in charge of auth cookies but because we have Webforms, WebApi, MVC and OWIN, they all like to deal with cookies differently. OWIN should still be solely in charge of the auth cookies, so the auth extensions are cleaned up, the renewal now works by queuing the renewal and we have custom middleware detect if a force renewal has been queued and we renew the auth cookie there. Have obsoleted a few methods that should not be used that write auth tickets directly (this is purely for backwards compat with webforms). All of these changes now ensure that the auth cookie is renewed consistently between Webforms, WebApi, MVC and OWIN. Some changes also include ensuring that OWIN is used to sign out. 2015-11-19 18:12:21 +01:00
Shannon
71ec09486d Reverts the 'fix' from U4-7118 since it is incorrect. Updates the sliding expiration of the cookie/ticket when the user is supposed to be always logged in to 30 minutes in case the timeout is actually set very low in config. 2015-11-19 14:17:06 +01:00
Stephan
f5f9cb676c Fix CultureInfo leak in UmbracoApplicationBase too. 2015-11-17 16:54:24 +01:00
Shannon
bbbea99ced removes redundant null check. 2015-11-09 10:56:07 +01:00
Shannon
3d213342bf Fixes: U4-7353 OAuth providers for the back office require more flexibility with Challenge Results 2015-11-09 10:42:15 +01:00
Stephan
cfab30a1ef Fix thread CultureInfo issue breaking PetaPoco 2015-10-31 12:47:03 +01:00
m_stodd
7abbfbcfcc Setting UMB_CONTEXT with Domain "FALSE" 
Running Umbraco on localhost, Chrome does not handle received 'Set Cookie's with no domain.  "FALSE" works as noted here:  http://stackoverflow.com/questions/1134290/cookies-on-localhost-with-explicit-domain
 2015-09-18 02:13:12 -05:00
Shannon
779dd26527 Fixes: U4-6969 Property label localization in 7.3 always uses en-US locale 2015-09-16 15:22:40 +02:00
Shannon
b0fb892b16 Fixes: U4-6736 Log "logout" from Umbraco and also ensures logging is occuring on timeout, logout, login all with Identity stuff. 2015-07-23 12:03:50 +02:00