* Validate email for member models
* Add null check or more test cases
* return invalid when not a valid email
* Cleanup
* remove private method in favor of extension
* Remove non used, using statement
---------
Co-authored-by: Elitsa <elm@umbraco.dk>
* Replace obsolete UserGroup Alias consts to key equivalent in tests
* Update use of usergroup alias consts to key equivalent in IsSystemgroup extension method
* Obsolete (internally) unused helper function which purpose doesn't even seem true
* Prepped EmbedProviders for proper removal of non async methods and unneeded proxy methods
* Remove obsoleted UmbracoPath and updated internal references
* Corrected mistake and updated unittets
* Update usergroup tests that use aliases for "system" groups
* Replace more uses of globalsettings.UmbracoPath
* Remove GetDateType by key non async
* Cleanup some usages of hostingEnvironment.MapPathContentRoot
* More easy obsoletion cleanup
* Small Typeload cleanup
* More obsolete removal
* Deploy obsoletion cleanup
* Remove obsolete methods from OEmbedProviderBase.cs
---------
Co-authored-by: Zeegaan <skrivdetud@gmail.com>
* Fix warnings SA1111, SA1028, SA1500, IDE1270 in Umbraco.Web.Website, and updated rules.
* Remove warnings: IDE0270: Null check can be simplified
* More SqlServer project warnings resolved
* CS0105 namespace appeared already
* Suppress warning until implementation:
#pragma warning disable CS0162 // Unreachable code detected
#pragma warning disable CS0618 // Type or member is obsolete
CS0162 remove unreachable code
SA1028 remove trailing whitespace
SA1106 no empty statements
CS1570 malformed XML
CS1572 corrected xml parameter
CS1573 param tag added
IDE0007 var not explicit
IDE0008 explicit not var
IDE0057 simplify substring
IDE0074 compound assignment
CA1825 array.empty
Down to 3479 warnings
* Rename UserType to UserKind
* Add MemberKind to tell API members from regular ones
* Remove user kind from invite user endpoint
---------
Co-authored-by: Mads Rasmussen <madsr@hey.com>
* First stab
* Delivery API client credentials + a little refactor to ensure unique client IDs
* Introduce user type
* Support user type in the Management API
* Clean up TODOs
* Update API user last login date when issuing a token
* Better error reporting for mismatched user types
* Do not allow password change or reset for API users
* Update OpenApi.json
* Revert change
* Remove obsolete comment
* Make applicable classes abstract or sealed
* Review changes
* Add endpoint for retrieving all user client IDs
* Do not execute query if no macros found
* Request cache the permission lookup
* Unbreak change by adding obsolete ctor
* Clean up
* Wrap indexing for delivery API in a scope
* Do not ask options every time for the timeout, instead listen for updates
* Lookup content types once instead of one by one
* Use TryGetValue instead
* Do a distinct on user ids before building index, to avoid issue with more than 2100 parameters
* Don't map ContentDto (it's unused)
* Introduce request bound block editor element cache
---------
Co-authored-by: kjac <kja@umbraco.dk>
* Amend user start node handling
* Add "has root access" to current user endpoint
* Add document and media root access to user response model
* Update OpenApi.json
* Applied API suggestions
---------
Co-authored-by: Sven Geusens <sge@umbraco.dk>
* Implement using keymap for member
* Remove current usages of GetUserById
* User userId resolver to resolve user key
* Refactor user repository to use GUID not int
* Add happy path test
* Remove user in cache when user gets updated
* Use await in async method
* Fix up according to review
* Update IMetricsConsentService.cs to have async method
* Fix according to review
* Fix more according to comments
* Revert "Fix up according to review"
This reverts commit a75acaaa
* Get current backoffice user from method
* Update user repository delete functionality
* Fix up more test
* Try to get user by id if key fails
* Add user key as required claim
* Fix tests
* Don't set claim in BackofficeController
* Create constant for the Sub claim
---------
Co-authored-by: kjac <kja@umbraco.dk>
* Add additional validation when removing a user from usergroup
* Add additional validation to UpdateUserGroups
* Don't re-implement operation results
* Add additional validation to the update user endpoint
* Complete scopes where it's safe to do so
* Make create user endpoint work with the supplied id
Return 201 instead of 200 with correct resource identifier
* Add ResetPassword endpoint
* Bring changepassword route inline with other resource actions
* Fixed User endpoints not advertising all their possible response codes/ models
Fixed certain endpoints not authorizing targeted user(s) versus the admin needs admin authorization requirement
Fixed a user not found response bug for the update flow
Fix spacing
* Fixed CurrentUser endpoints not advertising all their possible response codes/ models
Fix incorrect responseStatus in UserService.GetPermissionsAsync
* Update OpenApi definition
Fix smal model oversights in previous commits
* Update incorrect Response type
* Check for duplicate id's in user create validation
* Remove unnecasary returnmodel from changepassword
Renamed the model to it's remaining usage
* rename bad constructor parameter
* Renamed method parameters for better readability and usage
* Fixed wrong userkey being passed down because of (refactored) bad naming
Technically doesn't change anything as the two id's should be the same in this case (reset with token is always for self)
* Fixed resetpassword bug
* Update openapi
* Update src/Umbraco.Core/Services/UserService.cs
Co-authored-by: Kenn Jacobsen <kja@umbraco.dk>
* Remove old password from change user password request model
Only makes sense when doing it for the logged in user => current endpoint
---------
Co-authored-by: Sven Geusens <sge@umbraco.dk>
Co-authored-by: Kenn Jacobsen <kja@umbraco.dk>
* It builds..
* Added granular permissions
* Added granular permissions
* Rename content to document
* Added migration
* Fixed issues causing the migration from v13 was not possible.
* Merged Permissions and Granular Permissions in viewmodel
* Prepared the viewmodel to a future where permissions can be more types.
* OpenApi
* Allow to translate a single char to many strings
* Use frontend friendly values for known permissions
* Validate the documents exist
* Allow setting non-document settings
* Add "$type" when required
* Rename to presentation model and update OpenApi.json
* OpenApi.json
* Fix tests
* OpenAPI
* Fixed issues with upgrades
* Add the discriminator name
* Fixed issues that only happended on SqlServer
* Fixed queries for SqlServer
* Clean up
* More cleanup
* Fix issue when migrating sqlserver
* Split fallback permissions into own concept in view model
* Also split on current user
* Added a extenable pattern for mappers between DTO => Granular Permission => ViewModel and ViewModel => Granular Permission
* Fixed issue with new exists method, that did not take duplicate keys into account.
* Added sections to current user response model
* Formatting fixes
* Move class to its own file
* xml comment
---------
Co-authored-by: Zeegaan <skrivdetud@gmail.com>
* chore: Fix XML warnings
* docs: Fix XML warnings
* docs: Fix XML in resource designer
* docs: Fix XML warnings
* Revert "docs: Fix XML in resource designer"
This reverts commit 8ea61c51ac161e1853ae080db7fe1b4d4cb4d2be.
* Added attribute filter to ensure a request is taking a minimum time to response
* Added functionality to management api to send forgot password emails and verify these + do the actual reset using the token
* Renamed UserKey to UserId and updated OpenApi.json
* Update src/Umbraco.Core/Services/IUserService.cs
Co-authored-by: Elitsa Marinovska <21998037+elit0451@users.noreply.github.com>
* Cleanup
* Renaming param
* Fixing send user username instead of email + wrong EmailTypes
* Fixed issue with forgot password functionality after reusing other functionality
* Rename prop
* Adding docs and renaming param
* Handle password validation return types
* More cleanup
---------
Co-authored-by: Elitsa <elm@umbraco.dk>
Co-authored-by: Elitsa Marinovska <21998037+elit0451@users.noreply.github.com>
* Added functionality to verify user invite tokens and create the initial password
* Add response types
* Fail ValidateCredentialsAsync when user is not approved
* Enable user as part of initial password creating using validation token
* Adds documentation to badrequest and changed nocontent to ok, to align with other APIs
* Fixed tests and added a new one
---------
Co-authored-by: nikolajlauridsen <nikolajlauridsen@protonmail.ch>
* Add current user data endpoint
* Add Change password endpoint
* Add SetAvatar
* Add get node permissions
* Add endpoint for getting currently logged in users linked logins
* Add tour service
* Add get tours
* Add set tour endpoint
* Added PermissionNames to IReadOnlyUserGroup
* Only require backend auth on management api
* Use ISet in response model
* Fixed issue with saving null as startMediaId, where it was ignored
* Add get current user endpoint
* Fix missing linebreak
* Append "New" keyword to policies
* Update OpenApi
---------
Co-authored-by: Nikolaj <nikolajlauridsen@protonmail.ch>
* Add current user data endpoint
* Add Change password endpoint
* Add SetAvatar
* Add get node permissions
* Add endpoint for getting currently logged in users linked logins
* Add tour service
* Add get tours
* Add set tour endpoint
* Split permissions endpoint in two, one for media and one for document
* This moves around files and deletes the temp projects with files that are not moved to Core, Infrastructure etc.
Also moves the from new backoffice to static access, and override those with the old views in the legacy executeable
* Removes old files from the new executeable.
* Added missing files
* Added EF Core project to solution file
* fix build
* Add user group keys to constants
* Update migration to assign the right keys
* Update DataCreator
* Fix FIXME with removing ExcludedUserGroupAliases
* Obsolete group aliases
* Add specific not found results
* Add tests for the enable/disable not found tweak
* Cache ids and key in UserIdKeyResolver
* Don't cache null keys
* BackOffice not Backoffice
* Move fetching the user out of the ChangePasswordUsersController
* Move resolving user out of SetAvatar
* Move resolving user out of Update
* Return more specific notfound in bykey
* Use ErrorResult for all endpoints with unknown errors
* Split integration tests
* Add mappers
* Use ?: consistently
* Add reuseable iso code validator
* Validate ISO code
* Update supressions
* Use method from base to get current user key
* Rename ISo to Iso
* Use keys in services instead of user groups + Added a couple of new validations
---------
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
* Add UserResponseModel
* Add factory to created UserResponseModel
* Add GetByKey controller
* Add GetAllUsers endpoint
* User proper response model
* Make naming consistent
* Order by username in GetAll
* Add user filter endpoint
* Fix includer user states
* Remove gravatar from the backend
* Send user avatars in response
* Add create user model
* start working on create
* Validate the create model
* Add authorization to create
* Use UserRepository instead of UserService to ValidateSessíonId
* Create IBackofficeUserStore interface
This is essentially a core-friendly version of the BackOfficeUserStore, additionally it contains basic methods for managing users, I.E. Get users, save users, create users, etc.
* Remove more usages of user service
* Remove usages of IUserService in BackofficeUserStore
* Add documentation
* Fix tests and DI
* add IBackOfficeUserStoreAccessor to resolve it in singleton services
* Resolve circular dependency
* Remove obsolete constructor
* Add core friendly user manager
* Finish createasync in user service
* Add WIP create endpoint
* Save newly creates users user groups
* Use service scope for user service
* Remove now unnecessary accessors
* Add response types
* Add update user endpoint
* Add EmailUserInviteSender
* Add technology free way of creating confirmation token
* Add invite uri provider
* Add invite user to user service
* Add invite user controller
* Add delete endpoint
* Add operation status responses
* Add operation status responses
* Added temporary file uploads including a repository implementation using local temp folder.
* Add Disable users endpoint
* missing files
* Fixed copy paste error
* Fix create users return type
* Updated OpenApi.json
* Updated OpenApi.json
* Handle if created failed in identity
* Add enable user
* Make users plural in enable/disable
We're doing the operation on multiple entities
* Added file extension check
* Add unlock user endpoint
* Clean up. Removed old TemporaryFileService and UploadFileService and updated dictionary items to use this new items
* Clean up
* Add reset password
* Add UpdateUserGroupsOnUsers method
* Add UpdateUserGroups
* Get rid of stream directly on TemporaryFileModel, and use delegate to open stream instead.
* Fix post merge
* Use keys instead of IDs
* Add ClearAvatar endpoint
* Review changes
* Moved models to their own files
* Reverted launch settings
* Move enlist extension to its own namespace
* Create set avatar endpoint
* Add reponse types
* Remove infrastructure extension after merge
* Add Cmapatibility suppressions
* Add test suppression
* Add integration tests
* Fix issue found in tests
* Add invited user to UserInvitationResult
* Add more tests
* Add update tests
* Hide different tests under parent
* Return DuplicatUserName user operation status if username matches an email
* Add update tests
* Change sorted set to HashSet
It doesn't work if it's not IComparable
* Change ID to Key when checking super
* Add get tests
* Add more GetAllTests
* Move tests to the right namespace
* Add filter test
* Fix including disabled users bug found by test
* Add test to ensure invited user state
* Add test case for UserState.All
* Add more filter tests
* Add enable disable tests
* Add resolver for keys and ids
* Replace usages of IUserService with IUserIdKeyResolver
* Add CompatibilitySuppressions
* Add UserIdKeyResolverTests
* Fix UserIdKeyResolver
* Add missing user operation results
* Updates from review
* ID not key
* Post instead of patch
* Use set instead of params for enable/disable
* Don't call to array
* Use sets for usergroup keys and user keys instead
* LanguageIsoCode instead of Language
* Update CompatibilitySuppressions after changin enumerable to set
---------
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: kjac <kja@umbraco.dk>
* Add default super user key to migrations
* Start refactoring all interfaces signatures with ids
* Refactor datatype service to use userKey pattern instead
* Refactor ContentEditingService to use userkeys
* Refactor services to userKey
* Refactor more services to use userkey instead of id
* Refactor RelationService to use userKeys
* Refactor template service to use keys instead of ids
* Refactor fileservice to use keys instead of ids
* Refactor LocalizationService to use keys instead of ids
* Refactor PackagingService to use keys instead of ids
* Refactor TemplateController to use current user keys
* Refactor DataTypeContainerService.cs
* Refactor DataTypeService to use keys instead of ids
* Fix up tests
* Fix up media editing service to use userkey instead of ID
* Update service ctor to avoid ambigious ctors
* refactor DataTypeService
* Refactor DataTypeService to not have a default value for parentKey
* Apply suggestions from code review
Co-authored-by: Elitsa Marinovska <21998037+elit0451@users.noreply.github.com>
* Update comment
* Add suppression file
* Add backoffice CompatibilitySuppressions
---------
Co-authored-by: Zeegaan <nge@umbraco.dk>
Co-authored-by: Elitsa Marinovska <21998037+elit0451@users.noreply.github.com>
* Add MSSQL migration
* Make upgrade possible when user doesn't have a key yet
* Migrate SQLite
* Migrate the external login column
* Fix logging in after migration
* Handle fake GUID correctly
* Make GetByKey async
* Resolve external logins by key instead of id
* Remove usage of naive UserIdToInt
* Dont use ToGuid for property type defaults
* Use constant GUID for user groups
* Ensure that the same GUID is used to create the root user.
* Add migration for two factor logins
* Add default implementations
* Fix unit test
* Remove TODO
* Fix integration tests
* Add default implementation instead of throwing
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
* Make SQLServer migration idempotent
* Add comment about SQLite
* Fix typo
---------
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
* Add key to UserGroupDto
* Fix renaming table in sqlite
The SqliteSyntaxProvider needed an overload to use the correct query
* Start work on user group GUID migration
* Add key index to UserGroupDto
* Copy over data when migrating sqlite
* Make sqlite column migration work
* Remove PostMigrations
These should be replaced with Notification usage
* Remove outer scope from Upgrader
* Remove unececary null check
* Add marker base class for migrations
* Enable scopeless migrations
* Remove unnecessary state check
The final state of the migration is no longer necessarily the final state of the plan.
* Extend ExecutedMigrationPlan
* Ensure that MigrationPlanExecutor.Execute always returns a result.
* Always save final state, regardless of errors
* Remove obsolete Execute
* Add Umbraco specific migration notification
* Publish notification after umbraco migration
* Throw the exception that failed a migration after publishing notification
* Handle notification publishing in DatabaseBuilder
* Fix tests
* Remember to complete scope
* Clean up MigrationPlanExecutor
* Run each package migration in a separate scope
* Add PartialMigrationsTests
* Add unhappy path test
* Fix bug shown by test
* Move PartialMigrationsTests into the correct folder
* Comment out refresh cache in data type migration
Need to add this back again as a notification handler or something.
* Start working on a notification test
* Allow migrations to request a cache rebuild
* Set RebuildCache from MigrateDataTypeConfigurations
* Clean MigrationPlanExecutor
* Add comment explaining the need to partial migration success
* Fix tests
* Allow overriding DefinePlan of UmbracoPlan
This is needed to test the DatabaseBuilder
* Fix notification test
* Don't throw exception to be immediately re-caught
* Assert that scopes notification are always published
* Ensure that scopes are created when requested
* Make test classes internal.
It doesn't really matter, but this way it doesn't show up in intellisense
* Add notification handler for clearing cookies
* Add CompatibilitySuppressions
* Use unscoped migration for adding GUID to user group
* Make sqlite migration work
It's really not pretty, square peg, round hole.
* Don't re-enable foreign keys
This will happen automatically next time a connection is started.
* Scope database when using SQLServer
* Don't call complete transaction
* Tidy up a couple of comment
* Only allow scoping the database from UnscopedMigrationBase
* Fix comment
* Remove remark in UnscopedMigrationBase as it's no longer true
* Add keys when creating default user groups
* Map database value from DTO to entity
* Fix migration
Rename also renamed the foreign keys, making it not work
* Make migration idempotent
* Fix unit test
* Update CompatibilitySuppressions.xml
* Add GetUserGroupByKey to UserService
* Add ByKey endpoint
* Add UniqueId to AppendGroupBy
Otherwise MSSQL grenades
* Ensure that languages are returned by PerformGetByQuery
* add POC displaying model
* Clean up by key controller
* Add GetAllEndpoint
* Add delete endpoint
* Use GetKey to get GUID from id
Instead of pulling up the entire entity.
* Add UserGroup2Permission table
* Fetch the new permissions when getting user groups
* Dont ToString int to parse it to a short
I'm pretty sure this is some way old migration type code that doesn't make any sense anymore
* Add new relation to GetDeleteClauses
* Persist the permissions
* Split UserGroupViewModel into multiple models
This is to make it possible to make endpoints more rest-ish
* Bootstrap create and update endpoints
* Make GetAllUserGroupController paged
* Add method to create IUserGroup from UserGroupSaveModel
* Add sanity check version of endpoint
* Fix persisting permissions
* Map section aliases to the name the frontend expects
This is a temporary fix till we find out how we really want to handle this
* Fix up post merge
* Make naming more consistent
* Implement initial update endpoint
* Fix media start node
* Clean name for XSS when mapping to IUserGroup
* Use a set instead of a list for permission names
We don't want dupes
* Make permission column nvarchar max
* Add UserGroupOperationStatuses
* Add IUserGroupAuthorizationService
* Add specific user group creation method to user service
* Move validating and authorizing into its own methods
* Add operation result to action result mapping
* Update create controller to use the create method
* Fix create end point
* Comment out getting current user untill we have auth
* Add usergroup service
* Obsolete usergroup things from IUserService
* Add update to UserGroupService interface
* User IUserGroupService in controllers
* User async notifications overloads
* Move authorize user group creation into its own service
* Add AuthorizeUserGroupUpdate method
* Make new service implementations internal and sealed
* Add update user
* Add GetAll to usergroup service
* Remove or obsolete usages of GetAllUserGroups
* Add usergroup service to DI
* Remove usage of GetGroupsByAlias
* Remove usages of GetUserGroupByAlias
* Remove usage of GetUserGroupById
* Add new table when creating a new database
* Implement Delete
* Add skip and take to getall
* Move skip take into the service
* Fixup suggestions in user group service
* Fixup unit tests
* Allow admins to change user groups they're not a part of
* Add CompatibilitySuppressions
* Update openapi
* Uppdate OpenApi.json
again
* Add missing compatibility suppression
* Added missing type info in ProducesResponseTypeAttribute
* Added INamedEntityViewModel and added on the relevant view models
* Fixed bug, resulting in serialization not being the same as swagger reported. Now all types objects implementing an interface, is serialized with the $type property
* updated OpenApi.json
* Added missing title in notfound response
* Typo
* .Result to .GetAwaiter().GetResult()
* Update comment to mention it should be implemented on CurrentUserController
* Validate that start nodes actually exists
* Handle not found consistently
* Use iso codes instead of ids
* Update OpenAPI
* Automatically infer statuscode in problemdetails
* Ensure that the language exists
* Fix usergroup 2 permission index
* Validate that group name and alias is not too long
* Only return status from validation
We're just returning the same usergroups, and this is less boilerplate code
* Handle empty and null group names
* Remove group prefix from statuses
* Add some basic validation tests
* Don't allow updating a usergroup to having a duplicate alias
---------
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
