yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
17,173 Commits 4 Branches 7 Tags
ee9deacf92d3263f2f87b9c0e2d31dac9e3a01cd
Commit Graph

115 Commits

Author SHA1 Message Date
Shannon
a70f37a53e U4-9185 lastLockoutDate does not get set when too many invalid password attempts are made 2016-11-17 16:46:06 +01:00
Asbjørn Riis-Knudsen
cbd980357b Fix U4-8968: Add missing check for backoffice session in ClaimsIdentity (like the comment says) 2016-09-13 22:36:14 +02:00
Shannon
6bcadfea44 Removes the explicit castings to (BackOfficeUserManager) since that isn't actually the base class! The base class is BackOfficeUserManager<BackOfficeIdentityUser>, all of this identity stuff is a bit of a generics nightmare but that also do to the generic nightmare that is OWIN. Moves more logic to the base class so it can be used by sub classes, fixes the base class to use a generic user type 2016-08-12 16:17:14 +02:00
Shannon
2ff3ce933b U4-8850 Configuring a custom BackOfficeUserManager type will not work if the type is not specifically BackOfficeUserManager 2016-08-12 12:20:00 +02:00
Sebastiaan Janssen
177b61bbf5 Merge pull request #1292 from darrenferguson/dev-v7 
Fix U4-8532 - No built in Active Directory authentication in Umbraco
 2016-08-04 16:25:22 +02:00
Shannon
67cd4aeb59 fixes user mgr logic 2016-08-03 14:04:25 +02:00
Shannon
0450cdd550 removes some old notes 2016-07-12 13:36:08 +02:00
Sebastiaan Janssen
7c485dcd50 Forgot password email sent as raw text, but contains html 
#U4-8703 Fixed
 2016-07-07 15:24:53 +02:00
Darren Ferguson
def690b8c3 Fix U4-8532 - No built in Active Directory authentication in Umbraco 7.3+ 2016-05-30 11:15:03 +01:00
Darren Ferguson
b168923d5f http://issues.umbraco.org/issue/U4-7032 : Include a password checker for Active Directory - as ability to authenticate via AD was removed in 7.3 2016-05-29 15:46:42 +01:00
Shannon
f279000d00 removes unecessary methods from user.service.js, ensures correct error msg when resetting password on the server, fixes email copy and allows for non-html emails if the copy is plain text, removes the need for more than one email msg in the lang files and uses the correct way to replace tokens, 2016-04-12 19:54:04 +02:00
Shannon
1361e017a2 Merge branch 'u4-222' of https://github.com/AndyButland/Umbraco-CMS into AndyButland-u4-222 
Conflicts:
	src/Umbraco.Core/Security/BackOfficeUserManager.cs
	src/Umbraco.Web.UI.Client/src/less/pages/login.less
	src/Umbraco.Web.UI.Client/src/routes.js
	src/Umbraco.Web.UI.Client/src/views/common/dialogs/login.controller.js
	src/Umbraco.Web.UI/umbraco/config/lang/en_us.xml
	src/Umbraco.Web.UI/web.Template.config
	src/Umbraco.Web/Editors/AuthenticationController.cs
	src/Umbraco.Web/Editors/BackOfficeController.cs
	src/Umbraco.Web/Umbraco.Web.csproj
 2016-04-12 18:07:25 +02:00
Shannon
22385d40db U4-4219 Can't Preview protected pages 2016-03-09 17:35:50 +01:00
Shannon
9978b0d8ea Merge branch 'dev-v7' into temp-U4-3447 2016-02-04 18:30:58 +01:00
Robert Foster
c9d2d574f8 brought PasswordFormat switch in DecryptPassword in line with other useages. 2016-02-05 03:29:33 +11:00
Shannon
08e9579481 U4-7863 Remove Nuget requirement: Microsoft.Net.Http - this is not used, nor is it required (it also installs a bunch of other packages we don't need) 2016-02-03 10:14:53 +01:00
Shannon
b2cd5dfb85 adds null check to session id - might not exist in old cookies 2016-02-02 18:01:36 +01:00
Shannon
42a7ed6877 U4-7821 KeepUserLoggedIn with a long umbracoTimeOutInMinutes has logout issues 2016-02-02 15:14:47 +01:00
Shannon
8d2e708d1c Adds exception handling for the BackOfficeUserStore - this will occur if the external OAuth provider doesn't return the Email or Name correctly, then an exception is swallowed at the service level and the user is not actually created, but the BackOfficeUserStore could not detect this, so it's detecting this now. 2016-01-05 11:36:52 +01:00
Shannon
8598ab565c Fixes: U4-7536 Sign-out in back office will call all ASP.Net identity middleware sign out methods 
publicises a few things too.
 2015-12-15 10:34:11 +01:00
Shannon
555b520a0c Cleans up the usages of auth cookies. OWIN is in charge of auth cookies but because we have Webforms, WebApi, MVC and OWIN, they all like to deal with cookies differently. OWIN should still be solely in charge of the auth cookies, so the auth extensions are cleaned up, the renewal now works by queuing the renewal and we have custom middleware detect if a force renewal has been queued and we renew the auth cookie there. Have obsoleted a few methods that should not be used that write auth tickets directly (this is purely for backwards compat with webforms). All of these changes now ensure that the auth cookie is renewed consistently between Webforms, WebApi, MVC and OWIN. Some changes also include ensuring that OWIN is used to sign out. 2015-11-19 18:12:21 +01:00
Shannon
f472f5d950 Ensures that OWIN signout method is called - this ensures that any auth middleware configured for the current user is called for sign out. Updates our cookie middleware provider to also ensure that our custom cookies are cleared when signing out with OWIN. 2015-11-19 11:57:24 +01:00
Shannon
9b054eaa47 Adds native ability to be able to fallback to default password checking if specifying a custom IBackOfficeUserPasswordChecker 2015-10-26 14:51:19 +01:00
Shannon
96c087d00f adds a ctor to the BackOfficeUserManager to allow better inheritance so that all settings are initialized by default, changes init method to be protected so other devs can use it. Adds a new property for devs to use to more easily extend the logic to just validate the username/password. 2015-10-22 18:40:20 +02:00
Shannon
779dd26527 Fixes: U4-6969 Property label localization in 7.3 always uses en-US locale 2015-09-16 15:22:40 +02:00
Shannon
b0fb892b16 Fixes: U4-6736 Log "logout" from Umbraco and also ensures logging is occuring on timeout, logout, login all with Identity stuff. 2015-07-23 12:03:50 +02:00
Shannon
d0c4b2ab72 Fixes user lockout with aspnet identity 2015-07-01 18:02:58 +02:00
Shannon
53a0c55b14 Implements SignInManager, implements lock out policy for user manager, allows for better implementation of 2 factor auth for developers. Updates to latest owin libs. 2015-07-01 17:07:29 +02:00
Shannon
b42959f663 Gets U4-6753 Identity support must have an option to enable auto-linked accounts working 2015-06-26 16:59:40 +02:00
Shannon
95ff94c532 Merge branch 'dev-v7' into 7.3.0 
Conflicts:
	src/Umbraco.Core/packages.config
	src/Umbraco.Web.UI/packages.config
	src/Umbraco.Web.UI/umbraco/config/lang/en_us.xml
	src/Umbraco.Web/Editors/AuthenticationController.cs
	src/Umbraco.Web/packages.config
 2015-05-11 12:26:53 +10:00
Shannon
d94b334375 Moves login logging to the provider level 2015-05-11 12:22:56 +10:00
Shannon
5a3b97c669 puts the claim validation back in (needs to be there, took it out for testing) 2015-04-15 20:38:04 +10:00
Shannon
442160bb7a fixes identity conversion when it's just a generic identity and not auth'd, we can never convert to back office identity if it's not auth'd 2015-04-15 17:03:12 +10:00
Shannon
f2e319a01f Updates the UmbracoBackOfficeIdentity to have better support for claims and adds unit tests for it. Creates OwinLogger's and methods to apply them. Updates security methods to ensure that a UmbracoBackOfficeIdentity is returned even from a normal ClaimsIdentity which will be the case with bearer tokens. Updates the angular anti-forgery checker to be ignore if the auth type is not cookie based. Adds a simple token server provider that people can use if they want. Now token authentication is working. 2015-04-10 14:22:09 +10:00
Shannon
6efd14eff3 Updates the startup auth code extension methods to better support extensibility so people could override the default user store or manager in order to implement some interfaces that we currently don't. 2015-04-01 13:42:31 +11:00
Shannon
86833aa8bf Updates the back office external cookie name to be consistently cased with the other back office cookie names 2015-04-01 13:42:11 +11:00
Shannon
4dcc4807ed Implements IUserSecurityStore and ensures there is a security stamp token in place, have updated the repository layer to manual update this if ASPNet Identity APIs are not used to update users. 2015-04-01 13:42:09 +11:00
Shannon
90b562a0a1 Update the PostLogin method to write the auth ticket the way that webapi is supposed to, not sure how this was actually working before because writing cookies directly with HttpContext and then also using WebApi normally doesn't work (maybe in very specific circumstances), so now the cookie writing is done consistently and it is working, prior to this i was getting lots of issues with the xsrf tokens. Updated some user model mappings for convenience and update naming conventions for some properties of the BackOfficeIdentityUser for consistency. 2015-04-01 13:42:07 +11:00
Shannon
5a88ff774c adds overload to specify custom backoffice user store for custom implementations (i.e. 2 factor auth, etc...) 2015-04-01 13:41:57 +11:00
Shannon
b269760b21 removes the BackOfficeRoleManager since we don't use roles in the back office (sections i suppose) and we can't dynamically just create them, that doesn't make sense. 2015-04-01 13:41:55 +11:00
Shannon
3efd038906 implements IUserRoleStore for sections for users 2015-04-01 13:41:52 +11:00
Shannon
4b156ba27e Starts stubbing out role manager code 2015-04-01 13:41:43 +11:00
Shannon
52c4d80cfc more identity awesome 2015-04-01 13:41:33 +11:00
Shannon
d9f453d860 Gets the user store up to date with the correct queries. 2015-04-01 13:41:28 +11:00
Shannon
8c51e8bad8 Implements IExternalLoginService and the db table, implements more logic to start enabling this to work in the back office, need to implement the rest of the userstore and then implement a way once logged in to the back office to allow users to link their accounts with external logins. Currently if an external login is detected during startup and it has not been linked we'll throw an exception. Very very close to making this all work nicely. 2015-04-01 13:41:26 +11:00
Shannon
d4b21243ca Allows external logins to be listed on login page, updates BackOfficeController with actions for invoking them. 2015-04-01 13:41:24 +11:00
Shannon
927add6f44 Updates UmbracoBackOfficeIdentity to add claims and adds a new ctor so people can create an identity manually - this is really the key, by doing this we'd already be able to have 3rd party authentication happening. Ensures our custom secure data format persists the user data 2015-04-01 13:41:21 +11:00
Shannon
48317d7e61 massively simplifies the cookie handling, we don't use our own and just use the defaults, the trick to not validating everything is to use the cookie path. This does mean that each clientside request will also be validated but there's no way to override this behavior in identity currently, the cookie handler is internal so unless we copy/paste all of it's code can't do much about that. 2015-04-01 13:41:18 +11:00
Shannon
93df2edec2 Initial install which now uses Identity middleware to perform the back office auth (no longer done in our module). Created custom data secure classes that use the legacy Forms auth logic for backwards compat. This means that the cookie can still be written the old way and still auth the new way if required. Now need to clean a lot of this up. 2015-04-01 13:41:16 +11:00
Shannon
da778e277f Fixes: U4-6093 ContentService.SaveAndPublishDo changes Culture 2015-01-12 21:45:52 +11:00