// Copyright (c) Umbraco.
// See LICENSE for more details.
using System.ComponentModel;
namespace Umbraco.Cms.Core.Configuration.Models;
///
/// Typed configuration options for security settings.
///
[UmbracoOptions(Constants.Configuration.ConfigSecurity)]
public class SecuritySettings
{
internal const bool StaticMemberBypassTwoFactorForExternalLogins = true;
internal const bool StaticUserBypassTwoFactorForExternalLogins = true;
internal const bool StaticKeepUserLoggedIn = false;
internal const bool StaticHideDisabledUsersInBackOffice = false;
internal const bool StaticAllowPasswordReset = true;
internal const bool StaticAllowEditInvariantFromNonDefault = false;
internal const bool StaticAllowConcurrentLogins = false;
internal const string StaticAuthCookieName = "UMB_UCONTEXT";
internal const bool StaticUsernameIsEmail = true;
internal const bool StaticMemberRequireUniqueEmail = true;
internal const string StaticAllowedUserNameCharacters =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+\\";
internal const int StaticMemberDefaultLockoutTimeInMinutes = 30 * 24 * 60;
internal const int StaticUserDefaultLockoutTimeInMinutes = 30 * 24 * 60;
internal const string StaticAuthorizeCallbackPathName = "/umbraco/oauth_complete";
internal const string StaticAuthorizeCallbackLogoutPathName = "/umbraco/logout";
internal const string StaticAuthorizeCallbackErrorPathName = "/umbraco/error";
///
/// Gets or sets a value indicating whether to keep the user logged in.
///
[DefaultValue(StaticKeepUserLoggedIn)]
public bool KeepUserLoggedIn { get; set; } = StaticKeepUserLoggedIn;
///
/// Gets or sets a value indicating whether to hide disabled users in the back-office.
///
[DefaultValue(StaticHideDisabledUsersInBackOffice)]
public bool HideDisabledUsersInBackOffice { get; set; } = StaticHideDisabledUsersInBackOffice;
///
/// Gets or sets a value indicating whether to allow user password reset.
///
[DefaultValue(StaticAllowPasswordReset)]
public bool AllowPasswordReset { get; set; } = StaticAllowPasswordReset;
///
/// Gets or sets a value for the authorization cookie name.
///
[DefaultValue(StaticAuthCookieName)]
public string AuthCookieName { get; set; } = StaticAuthCookieName;
///
/// Gets or sets a value for the authorization cookie domain.
///
public string? AuthCookieDomain { get; set; }
///
/// Gets or sets a value indicating whether the user's email address is to be considered as their username.
///
[DefaultValue(StaticUsernameIsEmail)]
public bool UsernameIsEmail { get; set; } = StaticUsernameIsEmail;
///
/// Gets or sets a value indicating whether the member's email address must be unique.
///
[DefaultValue(StaticMemberRequireUniqueEmail)]
public bool MemberRequireUniqueEmail { get; set; } = StaticMemberRequireUniqueEmail;
///
/// Gets or sets the set of allowed characters for a username
///
[DefaultValue(StaticAllowedUserNameCharacters)]
public string AllowedUserNameCharacters { get; set; } = StaticAllowedUserNameCharacters;
///
/// Gets or sets a value indicating whether to bypass the two factor requirement in Umbraco when using external login
/// for members. Thereby rely on the External login and potential 2FA at that provider.
///
[DefaultValue(StaticMemberBypassTwoFactorForExternalLogins)]
public bool MemberBypassTwoFactorForExternalLogins { get; set; } = StaticMemberBypassTwoFactorForExternalLogins;
///
/// Gets or sets a value indicating whether to bypass the two factor requirement in Umbraco when using external login
/// for users. Thereby rely on the External login and potential 2FA at that provider.
///
[DefaultValue(StaticUserBypassTwoFactorForExternalLogins)]
public bool UserBypassTwoFactorForExternalLogins { get; set; } = StaticUserBypassTwoFactorForExternalLogins;
///
/// Gets or sets a value for how long (in minutes) a member is locked out when a lockout occurs.
///
[DefaultValue(StaticMemberDefaultLockoutTimeInMinutes)]
public int MemberDefaultLockoutTimeInMinutes { get; set; } = StaticMemberDefaultLockoutTimeInMinutes;
///
/// Gets or sets a value for how long (in minutes) a user is locked out when a lockout occurs.
///
[DefaultValue(StaticUserDefaultLockoutTimeInMinutes)]
public int UserDefaultLockoutTimeInMinutes { get; set; } = StaticUserDefaultLockoutTimeInMinutes;
///
/// Gets or sets a value indicating whether to allow editing invariant properties from a non-default language variation.
///
[Obsolete("Use ContentSettings.AllowEditFromInvariant instead")]
[DefaultValue(StaticAllowEditInvariantFromNonDefault)]
public bool AllowEditInvariantFromNonDefault { get; set; } = StaticAllowEditInvariantFromNonDefault;
///
/// Gets or sets a value indicating whether to allow concurrent logins.
///
[DefaultValue(StaticAllowConcurrentLogins)]
public bool AllowConcurrentLogins { get; set; } = StaticAllowConcurrentLogins;
///
/// Gets or sets a value of the back-office host URI. Use this when running the back-office client and the Management API on different hosts. Leave empty when running both on the same host.
///
public Uri? BackOfficeHost { get; set; }
///
/// Gets or sets the path to use for authorization callback. Will be appended to the BackOfficeHost.
///
[DefaultValue(StaticAuthorizeCallbackPathName)]
public string AuthorizeCallbackPathName { get; set; } = StaticAuthorizeCallbackPathName;
///
/// Gets or sets the path to use for authorization callback logout. Will be appended to the BackOfficeHost.
///
[DefaultValue(StaticAuthorizeCallbackLogoutPathName)]
public string AuthorizeCallbackLogoutPathName { get; set; } = StaticAuthorizeCallbackLogoutPathName;
///
/// Gets or sets the path to use for authorization callback error. Will be appended to the BackOfficeHost.
///
[DefaultValue(StaticAuthorizeCallbackErrorPathName)]
public string AuthorizeCallbackErrorPathName { get; set; } = StaticAuthorizeCallbackErrorPathName;
}