yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
19,269 Commits 4 Branches 7 Tags
d78dcb51c003d5793acbe5e6726a0cc8a9d31fa7
Commit Graph

62 Commits

Author SHA1 Message Date
Shannon
d78dcb51c0 Gets the invite fully working along with choosing an avatar, adds more security so that the link can't be used again, 2017-06-27 19:55:03 +10:00
Shannon
021e083b75 Fixes issue with email confirmation date, adds invite date, adds user state counts 2017-06-15 16:47:51 +02:00
Shannon
f33d21b8f6 Gets all the localization for the invite setup and error checking based on the password provider information 2017-06-15 12:45:53 +02:00
Shannon
6d22f7f86f Getting the invite password setting done with validation, almost there 2017-06-15 00:05:12 +02:00
Shannon
a62426a763 Gets email sending ensures user is logged in with verifying but is only partially logged in and cannot access the back office, they can only access the verification screen 2017-06-14 16:21:56 +02:00
Shannon
e757868d09 Moves logic back to user service for inviting a user since its much simpler. 2017-06-13 18:47:20 +02:00
Shannon
f09f17e496 getting email invite working and with identity apis 2017-06-13 18:38:16 +02:00
Shannon
121036ebb9 Merge branch 'dev-v7.7' into user-group-permissions 
# Conflicts:
#	build/UmbracoVersion.txt
#	src/SolutionInfo.cs
#	src/Umbraco.Core/Configuration/UmbracoVersion.cs
#	src/Umbraco.Web.UI.Client/src/less/belle.less
#	src/Umbraco.Web.UI/Umbraco.Web.UI.csproj
#	src/Umbraco.Web/Umbraco.Web.csproj
 2017-06-05 10:35:23 +02:00
Shannon
6cd52bbc3c Gets user invite generating the token, sending the email and then verifying the token 2017-05-29 15:55:36 +02:00
Sebastiaan Janssen
b9c418e458 Fix updating the actual lockout 2017-05-22 08:36:02 +02:00
Sebastiaan Janssen
aee06c4574 U4-9898 Reset password should unlock a locked account 2017-05-20 14:33:33 +02:00
Shannon
86021c5052 Adds remaining core methods to make 2FA providers work if you know how to wire it up 2017-02-03 00:47:28 +11:00
Shannon
5060e709d1 Fixed merge conflicts, adds required methods to auth controllers. 2017-02-02 22:11:34 +11:00
AndyButland
9da18d0697 Used configurable application URL when constructing password reset link 2016-09-06 08:42:53 +02:00
Shannon
2ff3ce933b U4-8850 Configuring a custom BackOfficeUserManager type will not work if the type is not specifically BackOfficeUserManager 2016-08-12 12:20:00 +02:00
Shannon
ce0ecd8114 Ensures that the emails sent our are in the culture of the user, fixes issue of logging in after resetting password and then logging out again 2016-04-13 14:35:40 +02:00
Shannon
e610a5ef54 Changes the password reset link to be a real link (not an angular deep link), this means there is less logging of the reset code in a query string and less visibility of it, this also means that the validation of the code happens instantly. The premise for this is the same as how we deal with external authentication requests and uses ViewData/TempData with redirects. Fixes the models to have the correct attributes to be able to directly json serialize them. 2016-04-13 13:51:12 +02:00
Shannon
f279000d00 removes unecessary methods from user.service.js, ensures correct error msg when resetting password on the server, fixes email copy and allows for non-html emails if the copy is plain text, removes the need for more than one email msg in the lang files and uses the correct way to replace tokens, 2016-04-12 19:54:04 +02:00
Shannon
1361e017a2 Merge branch 'u4-222' of https://github.com/AndyButland/Umbraco-CMS into AndyButland-u4-222 
Conflicts:
	src/Umbraco.Core/Security/BackOfficeUserManager.cs
	src/Umbraco.Web.UI.Client/src/less/pages/login.less
	src/Umbraco.Web.UI.Client/src/routes.js
	src/Umbraco.Web.UI.Client/src/views/common/dialogs/login.controller.js
	src/Umbraco.Web.UI/umbraco/config/lang/en_us.xml
	src/Umbraco.Web.UI/web.Template.config
	src/Umbraco.Web/Editors/AuthenticationController.cs
	src/Umbraco.Web/Editors/BackOfficeController.cs
	src/Umbraco.Web/Umbraco.Web.csproj
 2016-04-12 18:07:25 +02:00
Shannon
8598ab565c Fixes: U4-7536 Sign-out in back office will call all ASP.Net identity middleware sign out methods 
publicises a few things too.
 2015-12-15 10:34:11 +01:00
Shannon
555b520a0c Cleans up the usages of auth cookies. OWIN is in charge of auth cookies but because we have Webforms, WebApi, MVC and OWIN, they all like to deal with cookies differently. OWIN should still be solely in charge of the auth cookies, so the auth extensions are cleaned up, the renewal now works by queuing the renewal and we have custom middleware detect if a force renewal has been queued and we renew the auth cookie there. Have obsoleted a few methods that should not be used that write auth tickets directly (this is purely for backwards compat with webforms). All of these changes now ensure that the auth cookie is renewed consistently between Webforms, WebApi, MVC and OWIN. Some changes also include ensuring that OWIN is used to sign out. 2015-11-19 18:12:21 +01:00
Shannon
b0fb892b16 Fixes: U4-6736 Log "logout" from Umbraco and also ensures logging is occuring on timeout, logout, login all with Identity stuff. 2015-07-23 12:03:50 +02:00
Shannon
53a0c55b14 Implements SignInManager, implements lock out policy for user manager, allows for better implementation of 2 factor auth for developers. Updates to latest owin libs. 2015-07-01 17:07:29 +02:00
Shannon
7c96f95491 Fixes: U4-6723 User timeout in the back office is an issue with new ASP.Net identity implementation 2015-06-18 19:16:49 +02:00
Shannon
95ff94c532 Merge branch 'dev-v7' into 7.3.0 
Conflicts:
	src/Umbraco.Core/packages.config
	src/Umbraco.Web.UI/packages.config
	src/Umbraco.Web.UI/umbraco/config/lang/en_us.xml
	src/Umbraco.Web/Editors/AuthenticationController.cs
	src/Umbraco.Web/packages.config
 2015-05-11 12:26:53 +10:00
Shannon
d94b334375 Moves login logging to the provider level 2015-05-11 12:22:56 +10:00
Sebastiaan Janssen
c34605937c U4-6603 Log failed login attempts 
#U4-6603 Fixed
 2015-05-10 17:47:32 +02:00
Shannon
df6bb36876 moves notification logic to umbnotifications.directive instead of in main (not sure why it was there). Updates the AuthorizeUpgrade screen to be able to show YSOD or alert messages when there are server errors. Adds htmlhelper extensions to share between Default.cshtml and AuthorizeUpgrade.cshtml. Adds null check for BackOfficeUserManager. 2015-04-01 16:04:19 +11:00
Shannon
4dcc4807ed Implements IUserSecurityStore and ensures there is a security stamp token in place, have updated the repository layer to manual update this if ASPNet Identity APIs are not used to update users. 2015-04-01 13:42:09 +11:00
Shannon
90b562a0a1 Update the PostLogin method to write the auth ticket the way that webapi is supposed to, not sure how this was actually working before because writing cookies directly with HttpContext and then also using WebApi normally doesn't work (maybe in very specific circumstances), so now the cookie writing is done consistently and it is working, prior to this i was getting lots of issues with the xsrf tokens. Updated some user model mappings for convenience and update naming conventions for some properties of the BackOfficeIdentityUser for consistency. 2015-04-01 13:42:07 +11:00
Shannon
d9cf9cee88 Includes nice social buttons, updates styling on login and user panel, updates logic to un-link accounts 2015-04-01 13:41:40 +11:00
Shannon
52c4d80cfc more identity awesome 2015-04-01 13:41:33 +11:00
Shannon
93df2edec2 Initial install which now uses Identity middleware to perform the back office auth (no longer done in our module). Created custom data secure classes that use the legacy Forms auth logic for backwards compat. This means that the cookie can still be written the old way and still auth the new way if required. Now need to clean a lot of this up. 2015-04-01 13:41:16 +11:00
Shannon
cb7f26c998 Fixes: U4-4197 Error 400 on admin area login 2014-05-13 13:39:18 +10:00
Shannon
6d57afc71a ensures auth controller has IsBackOffice specified 2014-01-15 13:49:37 +11:00
Shannon
9819318060 Fixes up the auth http post 2013-12-11 18:53:00 +11:00
Shannon
2eb5c08825 Fixing: U4-3686 Umbraco 7 - Rich Text Editor and Macro Issues + fixed up the per-controller webapi configuration and more fixes to loading propertyeditors/param editors, this saves a assembly scan. 2013-12-06 15:01:58 +11:00
Shannon
9d90506265 Fixes issue with authcookie on renew - need to ensure its http only and persited for a day remains, ensures the csrf cookies are set when getting the user since that is called before logging in. 2013-12-03 11:57:41 +11:00
Shannon
08100793af completed csrf protection 2013-12-03 11:36:17 +11:00
Shannon
ea35ea1af5 getting csrf stuff coded up, it's pretty much done just need to write a couple tests and add the filter to the necessary controller/actions 2013-12-02 17:20:50 +11:00
Shannon
33c32579c8 Adds AngularJsonMediaTypeFormatter and ensures our controllers all use this formatter in order to enable angular's JSON Vulnerability protection. 2013-12-02 13:31:44 +11:00
Shannon
7e4739956a Ensures that tree requests have section security applied, though it's not perfect until we have security by tree and section it ensures that a user cannot list out tree data when they don't have access to a section in which that tree's data is required. Now the root node requests via the application tree controller have their auth filters applied (that took quite a lot of zany work). Gets AD login working nicely too. 2013-11-20 14:18:03 +11:00
Shannon
2267ac4534 More work on user timeouts, have the login dialog showing when it needs to and updating the user's ticket and correct new timeout seconds value - now to get it to not re-load routes when they log back in so their data is still editable. 2013-10-16 12:00:42 +11:00
Shannon
8d9f741a6a Working on user timeouts - now have the user timeout time being nicely tracked in the back office with a bit of injector magic both on the client side and the server side with filters. Now to wire up the call to get remaining seconds if a request hasn't been made for a specified amount of time, then we can add UI notification about timeout period. 2013-10-15 18:46:44 +11:00
Shannon
917d5b39ec Changes auth controller post login to return an normal validation response instead of 4.3 so the err msg doesn't show up. 2013-10-02 13:42:36 +10:00
Shannon
65f809a0fb chagnes IsAuthenticated to not return a 403 so the warning msg doesn't display. 2013-10-02 09:53:58 +10:00
Shannon
7451e83c73 Integrates authentication within the routes and prevents controllers from being loaded when the user isn't authorized. Ensures we also have a /login route and allows routes to redirect when auth fails. 2013-10-01 13:23:13 +10:00
Shannon
5844c54a1f Fixed build error 2013-08-26 11:28:15 +10:00
perploug
13afb127f4 Whoops, broke build, now fixed 2013-08-23 14:19:16 +02:00
perploug
c076d21151 New users.resource 2013-08-23 12:10:44 +02:00