yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9e7a36865ae4cfe054f667d1e66b5e003fcb4e4f
Umbraco-CMS/src/Umbraco.Web.Common/Security/ConfigureMemberIdentityOptions.cs
jasont0101 095a73132c Review: Allow Duplicate Email for Members (#16202) 
* init

* Aligned default values on security settings.

* Added validator for security settings.

* Provide default implementation for get members by email.

* Refactored constructor of MemberController.

* Validate on unique member email only when configured to do so.

* Further code tidy and use of DI in constructor.

* Used new constructor in tests.

* Add unit test for modified behaviour.

* Removed validator for security settings (it's not necessary, I got confused with users and members).

* Spelling.

---------

Co-authored-by: Andy Butland <abutland73@gmail.com>
2025-02-05 12:38:40 +01:00

41 lines
1.7 KiB
C#
Raw Blame History

using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.Options;
using Umbraco.Cms.Core.Configuration.Models;
using Umbraco.Extensions;
namespace Umbraco.Cms.Web.Common.Security;
public sealed class ConfigureMemberIdentityOptions : IConfigureOptions<IdentityOptions>
{
private readonly MemberPasswordConfigurationSettings _memberPasswordConfiguration;
private readonly SecuritySettings _securitySettings;
public ConfigureMemberIdentityOptions(
IOptions<MemberPasswordConfigurationSettings> memberPasswordConfiguration,
IOptions<SecuritySettings> securitySettings)
{
_memberPasswordConfiguration = memberPasswordConfiguration.Value;
_securitySettings = securitySettings.Value;
}
public void Configure(IdentityOptions options)
{
options.SignIn.RequireConfirmedAccount = true; // uses our custom IUserConfirmation
options.SignIn.RequireConfirmedEmail = false; // not implemented
options.SignIn.RequireConfirmedPhoneNumber = false; // not implemented
options.User.RequireUniqueEmail = _securitySettings.MemberRequireUniqueEmail;
// Support validation of member names using Down-Level Logon Name format
options.User.AllowedUserNameCharacters = _securitySettings.AllowedUserNameCharacters;
options.Lockout.AllowedForNewUsers = true;
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(_securitySettings.MemberDefaultLockoutTimeInMinutes);
options.Password.ConfigurePasswordOptions(_memberPasswordConfiguration);
options.Lockout.MaxFailedAccessAttempts = _memberPasswordConfiguration.MaxFailedAccessAttemptsBeforeLockout;
}
}
Reference in New Issue View Git Blame Copy Permalink