* Added attribute filter to ensure a request is taking a minimum time to response
* Added functionality to management api to send forgot password emails and verify these + do the actual reset using the token
* Renamed UserKey to UserId and updated OpenApi.json
* Update src/Umbraco.Core/Services/IUserService.cs
Co-authored-by: Elitsa Marinovska <21998037+elit0451@users.noreply.github.com>
* Cleanup
* Renaming param
* Fixing send user username instead of email + wrong EmailTypes
* Fixed issue with forgot password functionality after reusing other functionality
* Rename prop
* Adding docs and renaming param
* Handle password validation return types
* More cleanup
---------
Co-authored-by: Elitsa <elm@umbraco.dk>
Co-authored-by: Elitsa Marinovska <21998037+elit0451@users.noreply.github.com>
* Added secure to the UMB-XSRF-V cookie when global https is true.
* tweaked markdown handling
* added in link handling tweak for simpleMarkdown filter
* tweaked simple markdown filter to modify all links instead of just the first one
* moved transformation of markdown content in description into C# code
* Format of white space
* Reverted unecessary change.
* Removed unwanted framework version lines
* Reduce nesting of if statements.
* Changed to .Contains for readability.
---------
Co-authored-by: Corey Philipp <CPhilipp@dewpoint.com>
Co-authored-by: jaandrews <jaandrews88@gmail.com>
Co-authored-by: Emma Garland <emma.garland@rocksolidknowledge.com>
* Add specific not found results
* Add tests for the enable/disable not found tweak
* Cache ids and key in UserIdKeyResolver
* Don't cache null keys
* BackOffice not Backoffice
* Move fetching the user out of the ChangePasswordUsersController
* Move resolving user out of SetAvatar
* Move resolving user out of Update
* Return more specific notfound in bykey
* Use ErrorResult for all endpoints with unknown errors
* Split integration tests
* Add mappers
* Use ?: consistently
* Add reuseable iso code validator
* Validate ISO code
* Update supressions
* Use method from base to get current user key
* Rename ISo to Iso
* Use keys in services instead of user groups + Added a couple of new validations
---------
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
* Add UserResponseModel
* Add factory to created UserResponseModel
* Add GetByKey controller
* Add GetAllUsers endpoint
* User proper response model
* Make naming consistent
* Order by username in GetAll
* Add user filter endpoint
* Fix includer user states
* Remove gravatar from the backend
* Send user avatars in response
* Add create user model
* start working on create
* Validate the create model
* Add authorization to create
* Use UserRepository instead of UserService to ValidateSessíonId
* Create IBackofficeUserStore interface
This is essentially a core-friendly version of the BackOfficeUserStore, additionally it contains basic methods for managing users, I.E. Get users, save users, create users, etc.
* Remove more usages of user service
* Remove usages of IUserService in BackofficeUserStore
* Add documentation
* Fix tests and DI
* add IBackOfficeUserStoreAccessor to resolve it in singleton services
* Resolve circular dependency
* Remove obsolete constructor
* Add core friendly user manager
* Finish createasync in user service
* Add WIP create endpoint
* Save newly creates users user groups
* Use service scope for user service
* Remove now unnecessary accessors
* Add response types
* Add update user endpoint
* Add EmailUserInviteSender
* Add technology free way of creating confirmation token
* Add invite uri provider
* Add invite user to user service
* Add invite user controller
* Add delete endpoint
* Add operation status responses
* Add operation status responses
* Added temporary file uploads including a repository implementation using local temp folder.
* Add Disable users endpoint
* missing files
* Fixed copy paste error
* Fix create users return type
* Updated OpenApi.json
* Updated OpenApi.json
* Handle if created failed in identity
* Add enable user
* Make users plural in enable/disable
We're doing the operation on multiple entities
* Added file extension check
* Add unlock user endpoint
* Clean up. Removed old TemporaryFileService and UploadFileService and updated dictionary items to use this new items
* Clean up
* Add reset password
* Add UpdateUserGroupsOnUsers method
* Add UpdateUserGroups
* Get rid of stream directly on TemporaryFileModel, and use delegate to open stream instead.
* Fix post merge
* Use keys instead of IDs
* Add ClearAvatar endpoint
* Review changes
* Moved models to their own files
* Reverted launch settings
* Move enlist extension to its own namespace
* Create set avatar endpoint
* Add reponse types
* Remove infrastructure extension after merge
* Add Cmapatibility suppressions
* Add test suppression
* Add integration tests
* Fix issue found in tests
* Add invited user to UserInvitationResult
* Add more tests
* Add update tests
* Hide different tests under parent
* Return DuplicatUserName user operation status if username matches an email
* Add update tests
* Change sorted set to HashSet
It doesn't work if it's not IComparable
* Change ID to Key when checking super
* Add get tests
* Add more GetAllTests
* Move tests to the right namespace
* Add filter test
* Fix including disabled users bug found by test
* Add test to ensure invited user state
* Add test case for UserState.All
* Add more filter tests
* Add enable disable tests
* Add resolver for keys and ids
* Replace usages of IUserService with IUserIdKeyResolver
* Add CompatibilitySuppressions
* Add UserIdKeyResolverTests
* Fix UserIdKeyResolver
* Add missing user operation results
* Updates from review
* ID not key
* Post instead of patch
* Use set instead of params for enable/disable
* Don't call to array
* Use sets for usergroup keys and user keys instead
* LanguageIsoCode instead of Language
* Update CompatibilitySuppressions after changin enumerable to set
---------
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: kjac <kja@umbraco.dk>
* Update projects to .NET 7
* Fix nullability errors
* Fix up pipelines to run 7.0
* Update langversion to preview
* Revert "Fix up pipelines to run 7.0"
This reverts commit d0fa8d01b8126a4eaa59832a3814a567705419ae.
* Fix up pipelines again, this time without indentation changes
* Include preview versions
* Versions not Version
* Fix ModelTypeTests
* Fix MemberPasswordHasherTests
Microsoft wants to use SHA512 instead of SHA256, so our old hashes will return SuccessRehashNeeded now
* Use dotnet cli instead of nuget restore
* Update src/Umbraco.Web.UI/Umbraco.Web.UI.csproj
* Update dependencies
* Fix nullability issues
* Fix unit test
* Fix nullability in ChangingPasswordModel
OldPassword can be null, if we're changing the password with password reset enabled. Additionally, we might as well use the new required keyword instead of supressing null.
* Use required keyword instead of supressing null
* Fix up pipelines again
* fix up spelling-error
* Use dotnet cli instead of nuget restore
* Fix up another NuGet command
* Use dotnet version 7 before building
* Include preview versions
* Remove condition
* Use dotnet 7 before running powershell script
* Update templates to .net 7
* Download version 7 before running linux container
* Move use dotnet 7 even earlier in E2E process
* Remove dotnet 7
* Reintroduce .NET 7 task
* Update linux docker container and remove dotnet 7 from yml
* Fix up dockerfile with ARG
* Fix up docker file with nightly builds of dotnet 7
* Reintroduce dotnet 7 so windows can use it
* Use aspnet 7 in docker
Co-authored-by: Nikolaj <nikolajlauridsen@protonmail.ch>
Co-authored-by: Zeegaan <nge@umbraco.dk>
* Added functionality to enable 2FA for users..
* Do not use the obsolete ctor in tests
* cleanup
* Cleanup
* Convert User view from overlay to infinite editor
* Add support for having additional editors on top of the user (2fa) which overlay does not support
* Add controllerAs syntax in the template
* Remove unused dependencies
* Adjustments to 2fa login view
* organize elements
* add translations
* add a11y helpers
* add autocompletion = one-time-code
* change to controllerAs syntax
* add callback to cancel 2fa and fix error where submit button was not reset when all other validations were
* add a cancel/go back button to the 2fa view
* replace header with something less obstrusive
* move logout button to the footer in the new editor view
* change 'edit profile' to an umb-box and move ng-if for password fields out to reduce amount of checks
* Add umb-box to external login provider section
* add umb-box to user history section
* bug: fix bug where notificationsService would not allow new notifications if removeAll had been called
* add styling and a11y to configureTwoFactor view
- also ensure that the view reloads when changes happen in the custom user view to enable 2fa
- ensure that view updates when disabling 2fa
- add extra button to show options (disable) for each 2fa provider
* add notification when 2fa is disabled
* add data-element to support the intro tour
also changed a minor selector in the cypress test
* correct usage of umb-box with umb-box-content
* do not use the .form class twice to prevent double box-shadow
* make tranlastion for 2fa placeholder shorter
* ensure that field with 2fa provider is always visible when more than 1 provider
* move error state of 2fa field to token field
* update translation of multiple 2fa providers
* move CTA buttons to right side to follow general UI practices
* rename options to disable
* add disabled state
* add helper folders to gitignore so you can work with plugins and custom code without committing it accidentally
* move the disable functionality to its own infinite editor view
* use properties from umb-control-group correctly
* add 'track by' to repeater
* make use of umb-control-group
* remove unused functions
* clean up translations
* add Danish translations
* copy translations to english
* Only return enabled 2fa providers as expected
Co-authored-by: Jacob Overgaard <752371+iOvergaard@users.noreply.github.com>
* Turn SlidingExpiration off and only renew cookie of not RemainingSeconds request
Also adds the TicketExpiresClaim before validating the the security stamp, otherwise the claim won't be merged and "dissappear", leading to the user being instantly logged out
Also only EnsureValidSessionId if not RemainingSeconds request, otherwise the session will always be valid, since the remaining seconds request renews it.
* Don't ignore SessionIdClaimType and Cookiepath when merging claims
Besides what the comment used to state these claims are only issued when logging in, leading you to be logged out once the claims are merged, furthermore when we check the session ID we verify that you session has not expired.
* Manually specify Issued and Expires when renewing token
If we don't we lose 30 minutes of our ExpireTimeSpan every time the principal refreshes
* Re-add ignored claims
And use MergeAllClaims on refreshing principal instead.
* EnsureValidSessionId before updating IssuedUtc
* Fix comment
* Update src/Umbraco.Web.BackOffice/Security/ConfigureBackOfficeCookieOptions.cs
Co-authored-by: nikolajlauridsen <nel@umbraco.dk>
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
* Bugfix - Take ufprt from form data if the request has form content type, otherwise fallback to use the query
* External linking for members
* Changed migration to reuse old table
* removed unnecessary web.config files
* Cleanup
* Extracted class to own file
* Clean up
* Rollback changes to Umbraco.Web.UI.csproj
* Fixed migration for SqlCE
* Change notification handler to be on deleted
* Update src/Umbraco.Infrastructure/Security/MemberUserStore.cs
Co-authored-by: Mole <nikolajlauridsen@protonmail.ch>
* Fixed issue with errors not shown on member linking
* fixed issue with errors
* clean up
* Fix issue where external logins could not be used to upgrade Umbraco, because the externalLogin table was expected to look different. (Like after the migration)
* Fixed issue in Ignore legacy column now using result column.
Co-authored-by: Mole <nikolajlauridsen@protonmail.ch>
* starts cleaning up old test project, removing ones we'll never convert, moves new test to where it should be.
* Makes ContentNodeKit immutable properties, moves first nucache tests over
* Gets the Nucache unit tests working and refactors a bit to use builder pattern for models.
* Migrates first xml based cache test to use nucache.
* Migrates a bunch more
* Migrates remaining tests for PublishedContentTests
* Moves PublishedRouterTests
* Moves PublishedContentExtensionTests
* Moves more tests.
* committing wip
* committing wip
* Gets PublishedContentLanguageVariantTests converted and working.
* Fixes DataTable ext method and moves PublishedContentDataTableTests
* Moves PublishedMediaTests
* wip - moving EntityXmlSerializerTests
* Moves more tests
* moves more tests
* moves more tests
* Move another test
* Moves more tests
* Fix test
* move another test
* Moves more tests
* Moves more tests
* Moves more tests
* wip before merge
* More tests
* More tests
* More tests
* More tests
* More tests
* More tests
* Cleanup and moving classes.
* Remove unused code
* Fixed failing tests, due to new null checks, that did not exist in v8
* Avoid breaking changes
* Unbreak more things, even that it the old solution was crazy..
* Fixed bug where ordering of stream readings was changed..
* cleanup
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
