diff --git a/src/Umbraco.Abstractions/Constants-Conventions.cs b/src/Umbraco.Abstractions/Constants-Conventions.cs
index 37275b156a..0bfb890abd 100644
--- a/src/Umbraco.Abstractions/Constants-Conventions.cs
+++ b/src/Umbraco.Abstractions/Constants-Conventions.cs
@@ -137,7 +137,7 @@ namespace Umbraco.Core
public static readonly string UmbracoMemberProviderName = "UmbracoMembershipProvider";
public static readonly string UmbracoRoleProviderName = "UmbracoRoleProvider";
-
+
///
/// Property alias for the Comments on a Member
///
@@ -285,6 +285,7 @@ namespace Umbraco.Core
//TODO: return a list of built in types so we can use that to prevent deletion in the uI
}
+
}
}
}
diff --git a/src/Umbraco.Abstractions/IUmbracoContext.cs b/src/Umbraco.Abstractions/IUmbracoContext.cs
index 3bc51f224f..b38a031f88 100644
--- a/src/Umbraco.Abstractions/IUmbracoContext.cs
+++ b/src/Umbraco.Abstractions/IUmbracoContext.cs
@@ -88,8 +88,6 @@ namespace Umbraco.Web
///
bool InPreviewMode { get; }
- string PreviewToken { get; }
-
///
/// Gets the url of a content identified by its identifier.
///
diff --git a/src/Umbraco.Abstractions/Routing/IPublishedRequest.cs b/src/Umbraco.Abstractions/Routing/IPublishedRequest.cs
index 6856b09127..f357108a4e 100644
--- a/src/Umbraco.Abstractions/Routing/IPublishedRequest.cs
+++ b/src/Umbraco.Abstractions/Routing/IPublishedRequest.cs
@@ -123,14 +123,6 @@ namespace Umbraco.Web.Routing
/// should use the specified description. The description will or will not be used, in due time.
string ResponseStatusDescription { get; }
- ///
- /// Gets or sets the System.Web.HttpCacheability
- ///
-// Note: we used to set a default value here but that would then be the default
-// for ALL requests, we shouldn't overwrite it though if people are using [OutputCache] for example
-// see: https://our.umbraco.com/forum/using-umbraco-and-getting-started/79715-output-cache-in-umbraco-752
- //HttpCacheability Cacheability { get; set; }
-
///
/// Gets or sets a list of Extensions to append to the Response.Cache object.
///
diff --git a/src/Umbraco.Abstractions/Routing/IPublishedUrlProvider.cs b/src/Umbraco.Abstractions/Routing/IPublishedUrlProvider.cs
index a26f3efaff..45faf76772 100644
--- a/src/Umbraco.Abstractions/Routing/IPublishedUrlProvider.cs
+++ b/src/Umbraco.Abstractions/Routing/IPublishedUrlProvider.cs
@@ -12,11 +12,6 @@ namespace Umbraco.Web.Routing
///
UrlMode Mode { get; set; }
- UrlMode GetMode(bool absolute);
- IPublishedContent GetDocument(int id);
- IPublishedContent GetDocument(Guid id);
- IPublishedContent GetMedia(Guid id);
-
///
/// Gets the url of a published content.
///
@@ -107,4 +102,4 @@ namespace Umbraco.Web.Routing
///
string GetMediaUrl(IPublishedContent content, UrlMode mode = UrlMode.Default, string culture = null, string propertyAlias = Constants.Conventions.Media.File, Uri current = null);
}
-}
\ No newline at end of file
+}
diff --git a/src/Umbraco.Abstractions/Security/IWebSecurity.cs b/src/Umbraco.Abstractions/Security/IWebSecurity.cs
index cc268b87b4..0822b5cb69 100644
--- a/src/Umbraco.Abstractions/Security/IWebSecurity.cs
+++ b/src/Umbraco.Abstractions/Security/IWebSecurity.cs
@@ -1,3 +1,4 @@
+using System;
using Umbraco.Core;
using Umbraco.Core.Models.Membership;
@@ -11,41 +12,18 @@ namespace Umbraco.Web.Security
/// The current user.
IUser CurrentUser { get; }
- ///
- /// Logs a user in.
- ///
- /// The user Id
- /// returns the number of seconds until their session times out
+ [Obsolete("This needs to be removed, ASP.NET Identity should always be used for this operation, this is currently only used in the installer which needs to be updated")]
double PerformLogin(int userId);
- ///
- /// Clears the current login for the currently logged in user
- ///
+ [Obsolete("This needs to be removed, ASP.NET Identity should always be used for this operation, this is currently only used in the installer which needs to be updated")]
void ClearCurrentLogin();
- ///
- /// Validates credentials for a back office user
- ///
- ///
- ///
- ///
- ///
- /// This uses ASP.NET Identity to perform the validation
- ///
- bool ValidateBackOfficeCredentials(string username, string password);
-
///
/// Gets the current user's id.
///
///
Attempt GetUserId();
- ///
- /// Returns the current user's unique session id - used to mitigate csrf attacks or any other reason to validate a request
- ///
- ///
- string GetSessionId();
-
///
/// Validates the currently logged in user and ensures they are not timed out
///
@@ -75,14 +53,6 @@ namespace Umbraco.Web.Security
///
bool UserHasSectionAccess(string section, IUser user);
- ///
- /// Checks if the specified user by username as access to the app
- ///
- ///
- ///
- ///
- bool UserHasSectionAccess(string section, string username);
-
///
/// Ensures that a back office user is logged in
///
diff --git a/src/Umbraco.Tests/TestHelpers/BaseWebTest.cs b/src/Umbraco.Tests/TestHelpers/BaseWebTest.cs
index 6f07b1ecd2..06879c1647 100644
--- a/src/Umbraco.Tests/TestHelpers/BaseWebTest.cs
+++ b/src/Umbraco.Tests/TestHelpers/BaseWebTest.cs
@@ -42,10 +42,6 @@ namespace Umbraco.Tests.TestHelpers
// need to specify a custom callback for unit tests
// AutoPublishedContentTypes generates properties automatically
- var dataTypeService = new TestObjects.TestDataTypeService(
- new DataType(new VoidEditor(Mock.Of(), Mock.Of(), Mock.Of(),Mock.Of(), Mock.Of())) { Id = 1 });
-
- var factory = new PublishedContentTypeFactory(Mock.Of(), new PropertyValueConverterCollection(Array.Empty()), dataTypeService);
var type = new AutoPublishedContentType(0, "anything", new PublishedPropertyType[] { });
ContentTypesCache.GetPublishedContentTypeByAlias = alias => GetPublishedContentTypeByAlias(alias) ?? type;
}
diff --git a/src/Umbraco.Web/Routing/UrlProvider.cs b/src/Umbraco.Web/Routing/UrlProvider.cs
index 693482db76..2ce673dcce 100644
--- a/src/Umbraco.Web/Routing/UrlProvider.cs
+++ b/src/Umbraco.Web/Routing/UrlProvider.cs
@@ -73,10 +73,9 @@ namespace Umbraco.Web.Routing
#region GetUrl
- public UrlMode GetMode(bool absolute) => absolute ? UrlMode.Absolute : Mode;
- public IPublishedContent GetDocument(int id) => _umbracoContext.Content.GetById(id);
- public IPublishedContent GetDocument(Guid id) => _umbracoContext.Content.GetById(id);
- public IPublishedContent GetMedia(Guid id) => _umbracoContext.Media.GetById(id);
+ private IPublishedContent GetDocument(int id) => _umbracoContext.Content.GetById(id);
+ private IPublishedContent GetDocument(Guid id) => _umbracoContext.Content.GetById(id);
+ private IPublishedContent GetMedia(Guid id) => _umbracoContext.Media.GetById(id);
///
/// Gets the url of a published content.
diff --git a/src/Umbraco.Web/Security/WebSecurity.cs b/src/Umbraco.Web/Security/WebSecurity.cs
index 842ec47962..fd936eba39 100644
--- a/src/Umbraco.Web/Security/WebSecurity.cs
+++ b/src/Umbraco.Web/Security/WebSecurity.cs
@@ -10,9 +10,7 @@ using Microsoft.Owin;
using Umbraco.Core.Configuration;
using Umbraco.Core.IO;
using Umbraco.Core.Models;
-using Umbraco.Core.Models.Identity;
using Umbraco.Web.Models.Identity;
-using Current = Umbraco.Web.Composing.Current;
namespace Umbraco.Web.Security
{
@@ -41,7 +39,7 @@ namespace Umbraco.Web.Security
/// Gets the current user.
///
/// The current user.
- public virtual IUser CurrentUser
+ public IUser CurrentUser
{
get
{
@@ -78,12 +76,8 @@ namespace Umbraco.Web.Security
protected BackOfficeUserManager UserManager
=> _userManager ?? (_userManager = _httpContextAccessor.HttpContext.GetOwinContext().GetBackOfficeUserManager());
- ///
- /// Logs a user in.
- ///
- /// The user Id
- /// returns the number of seconds until their session times out
- public virtual double PerformLogin(int userId)
+ [Obsolete("This needs to be removed, ASP.NET Identity should always be used for this operation, this is currently only used in the installer which needs to be updated")]
+ public double PerformLogin(int userId)
{
var owinCtx = _httpContextAccessor.HttpContext.GetOwinContext();
//ensure it's done for owin too
@@ -98,10 +92,8 @@ namespace Umbraco.Web.Security
return TimeSpan.FromMinutes(_globalSettings.TimeOutInMinutes).TotalSeconds;
}
- ///
- /// Clears the current login for the currently logged in user
- ///
- public virtual void ClearCurrentLogin()
+ [Obsolete("This needs to be removed, ASP.NET Identity should always be used for this operation, this is currently only used in the installer which needs to be updated")]
+ public void ClearCurrentLogin()
{
_httpContextAccessor.HttpContext.UmbracoLogout();
_httpContextAccessor.HttpContext.GetOwinContext().Authentication.SignOut(
@@ -112,67 +104,26 @@ namespace Umbraco.Web.Security
///
/// Renews the user's login ticket
///
- public virtual void RenewLoginTimeout()
+ public void RenewLoginTimeout()
{
_httpContextAccessor.HttpContext.RenewUmbracoAuthTicket();
}
- ///
- /// Validates credentials for a back office user
- ///
- ///
- ///
- ///
- ///
- /// This uses ASP.NET Identity to perform the validation
- ///
- public virtual bool ValidateBackOfficeCredentials(string username, string password)
- {
- //find the user by username
- var user = UserManager.FindByNameAsync(username).Result;
- return user != null && UserManager.CheckPasswordAsync(user, password).Result;
- }
-
- ///
- /// Validates the current user to see if they have access to the specified app
- ///
- ///
- ///
- internal bool ValidateUserApp(string app)
- {
- //if it is empty, don't validate
- if (app.IsNullOrWhiteSpace())
- {
- return true;
- }
- return CurrentUser.AllowedSections.Any(uApp => uApp.InvariantEquals(app));
- }
-
///
/// Gets the current user's id.
///
///
- public virtual Attempt GetUserId()
+ public Attempt GetUserId()
{
var identity = _httpContextAccessor.HttpContext.GetCurrentIdentity(false);
return identity == null ? Attempt.Fail() : Attempt.Succeed(Convert.ToInt32(identity.Id));
}
- ///
- /// Returns the current user's unique session id - used to mitigate csrf attacks or any other reason to validate a request
- ///
- ///
- public virtual string GetSessionId()
- {
- var identity = _httpContextAccessor.HttpContext.GetCurrentIdentity(false);
- return identity?.SessionId;
- }
-
///
/// Validates the currently logged in user and ensures they are not timed out
///
///
- public virtual bool ValidateCurrentUser()
+ public bool ValidateCurrentUser()
{
return ValidateCurrentUser(false, true) == ValidateRequestAttempt.Success;
}
@@ -183,7 +134,7 @@ namespace Umbraco.Web.Security
/// set to true if you want exceptions to be thrown if failed
/// If true requires that the user is approved to be validated
///
- public virtual ValidateRequestAttempt ValidateCurrentUser(bool throwExceptions, bool requiresApproval = true)
+ public ValidateRequestAttempt ValidateCurrentUser(bool throwExceptions, bool requiresApproval = true)
{
//This will first check if the current user is already authenticated - which should be the case in nearly all circumstances
// since the authentication happens in the Module, that authentication also checks the ticket expiry. We don't
@@ -235,27 +186,11 @@ namespace Umbraco.Web.Security
///
///
///
- public virtual bool UserHasSectionAccess(string section, IUser user)
+ public bool UserHasSectionAccess(string section, IUser user)
{
return user.HasSectionAccess(section);
}
- ///
- /// Checks if the specified user by username as access to the app
- ///
- ///
- ///
- ///
- public bool UserHasSectionAccess(string section, string username)
- {
- var user = _userService.GetByUsername(username);
- if (user == null)
- {
- return false;
- }
- return user.HasSectionAccess(section);
- }
-
///
/// Ensures that a back office user is logged in
///
diff --git a/src/Umbraco.Web/Templates/TemplateRenderer.cs b/src/Umbraco.Web/Templates/TemplateRenderer.cs
index b76dc569b8..da5de1055c 100644
--- a/src/Umbraco.Web/Templates/TemplateRenderer.cs
+++ b/src/Umbraco.Web/Templates/TemplateRenderer.cs
@@ -99,7 +99,7 @@ namespace Umbraco.Web.Templates
//First, save all of the items locally that we know are used in the chain of execution, we'll need to restore these
//after this page has rendered.
- SaveExistingItems(out var oldPublishedRequest, out var oldAltTemplate);
+ SaveExistingItems(out var oldPublishedRequest);
try
{
@@ -112,7 +112,7 @@ namespace Umbraco.Web.Templates
finally
{
//restore items on context objects to continuing rendering the parent template
- RestoreItems(oldPublishedRequest, oldAltTemplate);
+ RestoreItems(oldPublishedRequest);
}
}
@@ -175,28 +175,25 @@ namespace Umbraco.Web.Templates
private void SetNewItemsOnContextObjects(IPublishedRequest request)
{
//now, set the new ones for this page execution
- _httpContextAccessor.HttpContext.Items[Core.Constants.Conventions.Url.AltTemplate] = null;
_umbracoContextAccessor.UmbracoContext.PublishedRequest = request;
}
///
/// Save all items that we know are used for rendering execution to variables so we can restore after rendering
///
- private void SaveExistingItems(out IPublishedRequest oldPublishedRequest, out object oldAltTemplate)
+ private void SaveExistingItems(out IPublishedRequest oldPublishedRequest)
{
//Many objects require that these legacy items are in the http context items... before we render this template we need to first
//save the values in them so that we can re-set them after we render so the rest of the execution works as per normal
oldPublishedRequest = _umbracoContextAccessor.UmbracoContext.PublishedRequest;
- oldAltTemplate = _httpContextAccessor.HttpContext.Items[Core.Constants.Conventions.Url.AltTemplate];
}
///
/// Restores all items back to their context's to continue normal page rendering execution
///
- private void RestoreItems(IPublishedRequest oldPublishedRequest, object oldAltTemplate)
+ private void RestoreItems(IPublishedRequest oldPublishedRequest)
{
_umbracoContextAccessor.UmbracoContext.PublishedRequest = oldPublishedRequest;
- _httpContextAccessor.HttpContext.Items[Core.Constants.Conventions.Url.AltTemplate] = oldAltTemplate;
}
}
}
diff --git a/src/Umbraco.Web/Umbraco.Web.csproj b/src/Umbraco.Web/Umbraco.Web.csproj
index a26d4a565a..7f40c33dda 100755
--- a/src/Umbraco.Web/Umbraco.Web.csproj
+++ b/src/Umbraco.Web/Umbraco.Web.csproj
@@ -678,7 +678,6 @@
True
Reference.map
-
Component
diff --git a/src/Umbraco.Web/UmbracoAuthorizedHttpHandler.cs b/src/Umbraco.Web/UmbracoAuthorizedHttpHandler.cs
deleted file mode 100644
index 394c25dc6f..0000000000
--- a/src/Umbraco.Web/UmbracoAuthorizedHttpHandler.cs
+++ /dev/null
@@ -1,100 +0,0 @@
-using System;
-using System.Security;
-using Umbraco.Core;
-using Umbraco.Core.Cache;
-using Umbraco.Core.Logging;
-using Umbraco.Web.Security;
-using Umbraco.Core.Models.Membership;
-using Umbraco.Core.Services;
-
-namespace Umbraco.Web
-{
- public abstract class UmbracoAuthorizedHttpHandler : UmbracoHttpHandler
- {
- protected UmbracoAuthorizedHttpHandler()
- {
- }
-
- protected UmbracoAuthorizedHttpHandler(IUmbracoContextAccessor umbracoContextAccessor, UmbracoHelper umbracoHelper, ServiceContext service, IProfilingLogger plogger) : base(umbracoContextAccessor, umbracoHelper, service, plogger)
- {
- }
-
- ///
- /// Checks if the umbraco context id is valid
- ///
- ///
- ///
- protected bool ValidateUserContextId(string currentUmbracoUserContextId)
- {
- return Security.ValidateCurrentUser();
- }
-
- ///
- /// Checks if the username/password credentials are valid
- ///
- ///
- ///
- ///
- protected bool ValidateCredentials(string username, string password)
- {
- return Security.ValidateBackOfficeCredentials(username, password);
- }
-
- ///
- /// Validates the user for access to a certain application
- ///
- /// The application alias.
- /// true if an exception should be thrown if authorization fails
- ///
- protected bool AuthorizeRequest(string app, bool throwExceptions = false)
- {
- //ensure we have a valid user first!
- if (!AuthorizeRequest(throwExceptions)) return false;
-
- //if it is empty, don't validate
- if (app.IsNullOrWhiteSpace())
- {
- return true;
- }
- var hasAccess = UserHasAppAccess(app, Security.CurrentUser);
- if (!hasAccess && throwExceptions)
- throw new SecurityException("The user does not have access to the required application");
- return hasAccess;
- }
-
- ///
- /// Checks if the specified user as access to the app
- ///
- ///
- ///
- ///
- protected bool UserHasAppAccess(string app, IUser user)
- {
- return Security.UserHasSectionAccess(app, user);
- }
-
- ///
- /// Checks if the specified user by username as access to the app
- ///
- ///
- ///
- ///
- protected bool UserHasAppAccess(string app, string username)
- {
- return Security.UserHasSectionAccess(app, username);
- }
-
- ///
- /// Returns true if there is a valid logged in user and that ssl is enabled if required
- ///
- /// true if an exception should be thrown if authorization fails
- ///
- protected bool AuthorizeRequest(bool throwExceptions = false)
- {
- var result = Security.AuthorizeRequest(throwExceptions);
- return result == ValidateRequestAttempt.Success;
- }
-
-
- }
-}