yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,435 Commits 4 Branches 7 Tags
fc2b3d7fc7f659077504510e30dd0cdd7d67fa6d
Commit Graph

23 Commits

Author SHA1 Message Date
Shannon
8c51e8bad8 Implements IExternalLoginService and the db table, implements more logic to start enabling this to work in the back office, need to implement the rest of the userstore and then implement a way once logged in to the back office to allow users to link their accounts with external logins. Currently if an external login is detected during startup and it has not been linked we'll throw an exception. Very very close to making this all work nicely. 2015-04-01 13:41:26 +11:00
Shannon
d4b21243ca Allows external logins to be listed on login page, updates BackOfficeController with actions for invoking them. 2015-04-01 13:41:24 +11:00
Shannon
48317d7e61 massively simplifies the cookie handling, we don't use our own and just use the defaults, the trick to not validating everything is to use the cookie path. This does mean that each clientside request will also be validated but there's no way to override this behavior in identity currently, the cookie handler is internal so unless we copy/paste all of it's code can't do much about that. 2015-04-01 13:41:18 +11:00
Shannon
93df2edec2 Initial install which now uses Identity middleware to perform the back office auth (no longer done in our module). Created custom data secure classes that use the legacy Forms auth logic for backwards compat. This means that the cookie can still be written the old way and still auth the new way if required. Now need to clean a lot of this up. 2015-04-01 13:41:16 +11:00
Shannon
da778e277f Fixes: U4-6093 ContentService.SaveAndPublishDo changes Culture 2015-01-12 21:45:52 +11:00
Shannon
ad66613011 Updates ValidateCurrentUser so that it doesn't re-decrypt the cookie since that is already done, it just needs to check if the current user is authenticated and if it is a back office identity. Added lots of notes for extension points when we start looking at extending how the back office auth works. 2014-12-05 10:29:18 +11:00
Shannon
ac88da4188 Fixes: U4-4856 ApplicationContext.Current.Services.ContentService.Save throw exception 2014-05-12 14:32:34 +10:00
Shannon
d264792e18 Fixes: U4-4819 Publicize AuthenticationExtensions 2014-05-06 18:15:38 +10:00
Shannon
8926e8c7d9 ensures preview cookie is gone on logout. 2014-01-16 20:56:34 +11:00
Shannon
f4b707e928 Merge remote-tracking branch 'origin/6.2.0' into 7.0.2 
Conflicts:
	src/Umbraco.Core/Configuration/UmbracoSettings.cs
	src/Umbraco.Core/Security/AuthenticationExtensions.cs
	src/umbraco.businesslogic/StateHelper.cs
 2014-01-16 20:49:19 +11:00
Shannon
c38030def2 Fixes: U4-3855 Preview cookie should be a session cookie not persisted 2014-01-16 20:47:13 +11:00
Shannon
9d90506265 Fixes issue with authcookie on renew - need to ensure its http only and persited for a day remains, ensures the csrf cookies are set when getting the user since that is called before logging in. 2013-12-03 11:57:41 +11:00
Shannon
ea35ea1af5 getting csrf stuff coded up, it's pretty much done just need to write a couple tests and add the filter to the necessary controller/actions 2013-12-02 17:20:50 +11:00
Shannon
b2c5d7270e Fixes: U4-3286 Using a custom aspx page that inherits from UmbracoEnsuredPage seems to log you out - moves the authentication/ticket logic to one central place, now for all base page validation requests if the ticket is not already there it will attempt to authentication the request. This only occurs when a page is being loaded that requires back office authentication but is not part of the umbraco back office route (so packages mainly) 2013-11-01 15:37:59 +11:00
Shannon
2267ac4534 More work on user timeouts, have the login dialog showing when it needs to and updating the user's ticket and correct new timeout seconds value - now to get it to not re-load routes when they log back in so their data is still editable. 2013-10-16 12:00:42 +11:00
Shannon
8d9f741a6a Working on user timeouts - now have the user timeout time being nicely tracked in the back office with a bit of injector magic both on the client side and the server side with filters. Now to wire up the call to get remaining seconds if a request hasn't been made for a specified amount of time, then we can add UI notification about timeout period. 2013-10-15 18:46:44 +11:00
Shannon
1e9a17babe Fixes merge issues, fixes up some unit tests, removes the For<T> config section stuff and simplifies the singleton, refactors it with methods as per discussion with stephen. 2013-09-25 19:23:41 +10:00
Shannon
f38a6e1561 Makes some massive headway with the real config section, have got all code re-delegated to using it and have migrated the baserest config to the core project, all configs will be shared out of the UmbracoConfiguration singleton, now to get the unit tests all wired up and using mocks for the most part. 2013-09-13 18:11:20 +10:00
Shannon
7806762b80 Implemented a real .Net configuration section for umbracoSettings.config + unit tests for every property. NOTE: This isn't referenced in the codebase yet, going to start setting default values for most of the properties so that we can remove them from the config file for shipping (ship minimal config) then reference these settings in the codebase. 2013-08-31 11:28:19 +10:00
perploug
e825c08901 Added events.Service and xmlhelper.service 2013-08-12 15:17:34 +02:00
Shannon
c40084c625 updates the forms auth stuff to be more inline with how v6 operates. Cookie is always stored for 1 day and we need to ensure that https and httponly is checked. 2013-08-05 15:39:18 +10:00
Shannon
c4b44ea0e3 Fixes: U4-2577 Can't save umbraco user - without re-filling in the password 
Fixes: U4-541 Wrong dictionary key when using in backend template names
This changes the way that the value that is stored in the auth cookie. Previously we just stored a GUID which was the user's contextid stored in the db, now we store encrypted values of a few necessary user objects. In 6.2 we'll actually set a real .Net user object on the HttpContext. For now, the http module will simply just ensure that the culture is set correctly for the currently logged in user.
 2013-08-02 15:16:04 +10:00
Shannon
6f464567bb Implements real FormsAuthentication for back office cookie authentication... finally :) 2013-07-31 17:08:56 +10:00