852305b7d1
* Added functionality to enable 2FA for users.. * Do not use the obsolete ctor in tests * cleanup * Cleanup * Convert User view from overlay to infinite editor * Add support for having additional editors on top of the user (2fa) which overlay does not support * Add controllerAs syntax in the template * Remove unused dependencies * Adjustments to 2fa login view * organize elements * add translations * add a11y helpers * add autocompletion = one-time-code * change to controllerAs syntax * add callback to cancel 2fa and fix error where submit button was not reset when all other validations were * add a cancel/go back button to the 2fa view * replace header with something less obstrusive * move logout button to the footer in the new editor view * change 'edit profile' to an umb-box and move ng-if for password fields out to reduce amount of checks * Add umb-box to external login provider section * add umb-box to user history section * bug: fix bug where notificationsService would not allow new notifications if removeAll had been called * add styling and a11y to configureTwoFactor view - also ensure that the view reloads when changes happen in the custom user view to enable 2fa - ensure that view updates when disabling 2fa - add extra button to show options (disable) for each 2fa provider * add notification when 2fa is disabled * add data-element to support the intro tour also changed a minor selector in the cypress test * correct usage of umb-box with umb-box-content * do not use the .form class twice to prevent double box-shadow * make tranlastion for 2fa placeholder shorter * ensure that field with 2fa provider is always visible when more than 1 provider * move error state of 2fa field to token field * update translation of multiple 2fa providers * move CTA buttons to right side to follow general UI practices * rename options to disable * add disabled state * add helper folders to gitignore so you can work with plugins and custom code without committing it accidentally * move the disable functionality to its own infinite editor view * use properties from umb-control-group correctly * add 'track by' to repeater * make use of umb-control-group * remove unused functions * clean up translations * add Danish translations * copy translations to english * Only return enabled 2fa providers as expected Co-authored-by: Jacob Overgaard <752371+iOvergaard@users.noreply.github.com>
123 lines
5.0 KiB
C#
123 lines
5.0 KiB
C#
using System;
|
|
using System.Collections.Generic;
|
|
using System.Linq;
|
|
using System.Runtime.Serialization;
|
|
using System.Threading.Tasks;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.Extensions.Logging;
|
|
using Microsoft.Extensions.Options;
|
|
using Umbraco.Cms.Core.Models;
|
|
using Umbraco.Cms.Core.Security;
|
|
using Umbraco.Cms.Core.Services;
|
|
using Umbraco.Cms.Web.BackOffice.Security;
|
|
using Umbraco.Cms.Web.Common.Authorization;
|
|
|
|
namespace Umbraco.Cms.Web.BackOffice.Controllers
|
|
{
|
|
public class TwoFactorLoginController : UmbracoAuthorizedJsonController
|
|
{
|
|
private readonly IBackOfficeSecurityAccessor _backOfficeSecurityAccessor;
|
|
private readonly ILogger<TwoFactorLoginController> _logger;
|
|
private readonly ITwoFactorLoginService2 _twoFactorLoginService;
|
|
private readonly IBackOfficeSignInManager _backOfficeSignInManager;
|
|
private readonly IBackOfficeUserManager _backOfficeUserManager;
|
|
private readonly IOptionsSnapshot<TwoFactorLoginViewOptions> _twoFactorLoginViewOptions;
|
|
|
|
public TwoFactorLoginController(
|
|
IBackOfficeSecurityAccessor backOfficeSecurityAccessor,
|
|
ILogger<TwoFactorLoginController> logger,
|
|
ITwoFactorLoginService twoFactorLoginService,
|
|
IBackOfficeSignInManager backOfficeSignInManager,
|
|
IBackOfficeUserManager backOfficeUserManager,
|
|
IOptionsSnapshot<TwoFactorLoginViewOptions> twoFactorLoginViewOptions)
|
|
{
|
|
_backOfficeSecurityAccessor = backOfficeSecurityAccessor;
|
|
_logger = logger;
|
|
|
|
if (twoFactorLoginService is not ITwoFactorLoginService2 twoFactorLoginService2)
|
|
{
|
|
throw new ArgumentException("twoFactorLoginService needs to implement ITwoFactorLoginService2 until the interfaces are merged", nameof(twoFactorLoginService));
|
|
}
|
|
_twoFactorLoginService = twoFactorLoginService2;
|
|
_backOfficeSignInManager = backOfficeSignInManager;
|
|
_backOfficeUserManager = backOfficeUserManager;
|
|
_twoFactorLoginViewOptions = twoFactorLoginViewOptions;
|
|
}
|
|
|
|
/// <summary>
|
|
/// Used to retrieve the 2FA providers for code submission
|
|
/// </summary>
|
|
/// <returns></returns>
|
|
[HttpGet]
|
|
[AllowAnonymous]
|
|
public async Task<ActionResult<IEnumerable<string>>> GetEnabled2FAProvidersForCurrentUser()
|
|
{
|
|
var user = await _backOfficeSignInManager.GetTwoFactorAuthenticationUserAsync();
|
|
if (user == null)
|
|
{
|
|
_logger.LogWarning("No verified user found, returning 404");
|
|
return NotFound();
|
|
}
|
|
|
|
var userFactors = await _backOfficeUserManager.GetValidTwoFactorProvidersAsync(user);
|
|
return new ObjectResult(userFactors);
|
|
}
|
|
|
|
|
|
[HttpGet]
|
|
public async Task<ActionResult<IEnumerable<UserTwoFactorProviderModel>>> Get2FAProvidersForUser(int userId)
|
|
{
|
|
var user = await _backOfficeUserManager.FindByIdAsync(userId.ToString());
|
|
|
|
var enabledProviderNameHashSet = new HashSet<string>(await _twoFactorLoginService.GetEnabledTwoFactorProviderNamesAsync(user.Key));
|
|
|
|
var providerNames = await _backOfficeUserManager.GetValidTwoFactorProvidersAsync(user);
|
|
|
|
return providerNames.Select(providerName =>
|
|
new UserTwoFactorProviderModel(providerName, enabledProviderNameHashSet.Contains(providerName))).ToArray();
|
|
}
|
|
|
|
[HttpGet]
|
|
public async Task<ActionResult<object>> SetupInfo(string providerName)
|
|
{
|
|
var user = _backOfficeSecurityAccessor?.BackOfficeSecurity.CurrentUser;
|
|
|
|
var setupInfo = await _twoFactorLoginService.GetSetupInfoAsync(user.Key, providerName);
|
|
|
|
return setupInfo;
|
|
}
|
|
|
|
|
|
[HttpPost]
|
|
public async Task<ActionResult<bool>> ValidateAndSave(string providerName, string secret, string code)
|
|
{
|
|
var user = _backOfficeSecurityAccessor?.BackOfficeSecurity.CurrentUser;
|
|
|
|
return await _twoFactorLoginService.ValidateAndSaveAsync(providerName, user.Key, secret, code);
|
|
}
|
|
|
|
[HttpPost]
|
|
[Authorize(Policy = AuthorizationPolicies.SectionAccessUsers)]
|
|
public async Task<ActionResult<bool>> Disable(string providerName, Guid userKey)
|
|
{
|
|
return await _twoFactorLoginService.DisableAsync(userKey, providerName);
|
|
}
|
|
|
|
[HttpPost]
|
|
public async Task<ActionResult<bool>> DisableWithCode(string providerName, string code)
|
|
{
|
|
Guid key = _backOfficeSecurityAccessor.BackOfficeSecurity.CurrentUser.Key;
|
|
|
|
return await _twoFactorLoginService.DisableWithCodeAsync(providerName, key, code);
|
|
}
|
|
|
|
[HttpGet]
|
|
public ActionResult<string> ViewPathForProviderName(string providerName)
|
|
{
|
|
var options = _twoFactorLoginViewOptions.Get(providerName);
|
|
return options.SetupViewPath;
|
|
}
|
|
}
|
|
}
|