fix #4965 - improve user/site management
This commit is contained in:
sbwalker
@ -217,7 +217,7 @@ namespace Oqtane.Controllers
|
||||
|
||||
// DELETE api/<controller>/5?siteid=x
|
||||
[HttpDelete("{id}")]
|
||||
[Authorize(Policy = $"{EntityNames.User}:{PermissionNames.Write}:{RoleNames.Admin}")]
|
||||
[Authorize(Policy = $"{EntityNames.User}:{PermissionNames.Write}:{RoleNames.Host}")]
|
||||
public async Task Delete(int id, string siteid)
|
||||
{
|
||||
User user = _users.GetUser(id, false);
|
||||
|
||||
@ -524,11 +524,6 @@ namespace Oqtane.Extensions
|
||||
// manage user
|
||||
if (user != null)
|
||||
{
|
||||
// update user
|
||||
user.LastLoginOn = DateTime.UtcNow;
|
||||
user.LastIPAddress = httpContext.Connection.RemoteIpAddress.ToString();
|
||||
_users.UpdateUser(user);
|
||||
|
||||
// manage roles
|
||||
var _userRoles = httpContext.RequestServices.GetRequiredService<IUserRoleRepository>();
|
||||
var userRoles = _userRoles.GetUserRoles(user.UserId, user.SiteId).ToList();
|
||||
@ -588,64 +583,78 @@ namespace Oqtane.Extensions
|
||||
}
|
||||
}
|
||||
|
||||
// create claims identity
|
||||
identityuser = await _identityUserManager.FindByNameAsync(user.Username);
|
||||
user.SecurityStamp = identityuser.SecurityStamp;
|
||||
identity = UserSecurity.CreateClaimsIdentity(alias, user, userRoles);
|
||||
identity.Label = ExternalLoginStatus.Success;
|
||||
|
||||
// user profile claims
|
||||
if (!string.IsNullOrEmpty(httpContext.GetSiteSettings().GetValue("ExternalLogin:ProfileClaimTypes", "")))
|
||||
var userrole = userRoles.FirstOrDefault(item => item.Role.Name == RoleNames.Registered);
|
||||
if (!user.IsDeleted && userrole != null && Utilities.IsEffectiveAndNotExpired(userrole.EffectiveDate, userrole.ExpiryDate))
|
||||
{
|
||||
var _settings = httpContext.RequestServices.GetRequiredService<ISettingRepository>();
|
||||
var _profiles = httpContext.RequestServices.GetRequiredService<IProfileRepository>();
|
||||
var profiles = _profiles.GetProfiles(alias.SiteId).ToList();
|
||||
foreach (var mapping in httpContext.GetSiteSettings().GetValue("ExternalLogin:ProfileClaimTypes", "").Split(',', StringSplitOptions.RemoveEmptyEntries))
|
||||
// update user
|
||||
user.LastLoginOn = DateTime.UtcNow;
|
||||
user.LastIPAddress = httpContext.Connection.RemoteIpAddress.ToString();
|
||||
_users.UpdateUser(user);
|
||||
|
||||
// create claims identity
|
||||
identityuser = await _identityUserManager.FindByNameAsync(user.Username);
|
||||
user.SecurityStamp = identityuser.SecurityStamp;
|
||||
identity = UserSecurity.CreateClaimsIdentity(alias, user, userRoles);
|
||||
identity.Label = ExternalLoginStatus.Success;
|
||||
|
||||
// user profile claims
|
||||
if (!string.IsNullOrEmpty(httpContext.GetSiteSettings().GetValue("ExternalLogin:ProfileClaimTypes", "")))
|
||||
{
|
||||
if (mapping.Contains(":"))
|
||||
var _settings = httpContext.RequestServices.GetRequiredService<ISettingRepository>();
|
||||
var _profiles = httpContext.RequestServices.GetRequiredService<IProfileRepository>();
|
||||
var profiles = _profiles.GetProfiles(alias.SiteId).ToList();
|
||||
foreach (var mapping in httpContext.GetSiteSettings().GetValue("ExternalLogin:ProfileClaimTypes", "").Split(',', StringSplitOptions.RemoveEmptyEntries))
|
||||
{
|
||||
var claim = claimsPrincipal.Claims.FirstOrDefault(item => item.Type == mapping.Split(":")[0]);
|
||||
if (claim != null)
|
||||
if (mapping.Contains(":"))
|
||||
{
|
||||
var profile = profiles.FirstOrDefault(item => item.Name == mapping.Split(":")[1]);
|
||||
if (profile != null)
|
||||
var claim = claimsPrincipal.Claims.FirstOrDefault(item => item.Type == mapping.Split(":")[0]);
|
||||
if (claim != null)
|
||||
{
|
||||
if (!string.IsNullOrEmpty(claim.Value))
|
||||
var profile = profiles.FirstOrDefault(item => item.Name == mapping.Split(":")[1]);
|
||||
if (profile != null)
|
||||
{
|
||||
var setting = _settings.GetSetting(EntityNames.User, user.UserId, profile.Name);
|
||||
if (setting != null)
|
||||
if (!string.IsNullOrEmpty(claim.Value))
|
||||
{
|
||||
setting.SettingValue = claim.Value;
|
||||
_settings.UpdateSetting(setting);
|
||||
}
|
||||
else
|
||||
{
|
||||
setting = new Setting { EntityName = EntityNames.User, EntityId = user.UserId, SettingName = profile.Name, SettingValue = claim.Value, IsPrivate = profile.IsPrivate };
|
||||
_settings.AddSetting(setting);
|
||||
var setting = _settings.GetSetting(EntityNames.User, user.UserId, profile.Name);
|
||||
if (setting != null)
|
||||
{
|
||||
setting.SettingValue = claim.Value;
|
||||
_settings.UpdateSetting(setting);
|
||||
}
|
||||
else
|
||||
{
|
||||
setting = new Setting { EntityName = EntityNames.User, EntityId = user.UserId, SettingName = profile.Name, SettingValue = claim.Value, IsPrivate = profile.IsPrivate };
|
||||
_settings.AddSetting(setting);
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
_logger.Log(LogLevel.Error, "ExternalLogin", Enums.LogFunction.Security, "The User Profile {ProfileName} Does Not Exist For The Site. Please Verify Your User Profile Definitions.", mapping.Split(":")[1]);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
_logger.Log(LogLevel.Error, "ExternalLogin", Enums.LogFunction.Security, "The User Profile {ProfileName} Does Not Exist For The Site. Please Verify Your User Profile Definitions.", mapping.Split(":")[1]);
|
||||
_logger.Log(LogLevel.Error, "ExternalLogin", Enums.LogFunction.Security, "The User Profile Claim {ClaimType} Does Not Exist. Please Use The Review Claims Feature To View The Claims Returned By Your Provider.", mapping.Split(":")[0]);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
_logger.Log(LogLevel.Error, "ExternalLogin", Enums.LogFunction.Security, "The User Profile Claim {ClaimType} Does Not Exist. Please Use The Review Claims Feature To View The Claims Returned By Your Provider.", mapping.Split(":")[0]);
|
||||
_logger.Log(LogLevel.Error, "ExternalLogin", Enums.LogFunction.Security, "The User Profile Claim Mapping {Mapping} Is Not Specified Correctly. It Should Be In The Format 'ClaimType:ProfileName'.", mapping);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
_logger.Log(LogLevel.Error, "ExternalLogin", Enums.LogFunction.Security, "The User Profile Claim Mapping {Mapping} Is Not Specified Correctly. It Should Be In The Format 'ClaimType:ProfileName'.", mapping);
|
||||
}
|
||||
}
|
||||
|
||||
var _syncManager = httpContext.RequestServices.GetRequiredService<ISyncManager>();
|
||||
_syncManager.AddSyncEvent(alias, EntityNames.User, user.UserId, "Login");
|
||||
|
||||
_logger.Log(LogLevel.Information, "ExternalLogin", Enums.LogFunction.Security, "External User Login Successful For {Username} From IP Address {IPAddress} Using Provider {Provider}", user.Username, httpContext.Connection.RemoteIpAddress.ToString(), providerName);
|
||||
}
|
||||
else
|
||||
{
|
||||
identity.Label = ExternalLoginStatus.AccessDenied;
|
||||
_logger.Log(LogLevel.Error, "ExternalLogin", Enums.LogFunction.Security, "External User Login Denied For {Username}. User Account Is Deleted Or Not An Active Member Of Site {SiteId}.", user.Username, user.SiteId);
|
||||
}
|
||||
|
||||
var _syncManager = httpContext.RequestServices.GetRequiredService<ISyncManager>();
|
||||
_syncManager.AddSyncEvent(alias, EntityNames.User, user.UserId, "Login");
|
||||
|
||||
_logger.Log(LogLevel.Information, "ExternalLogin", Enums.LogFunction.Security, "External User Login Successful For {Username} From IP Address {IPAddress} Using Provider {Provider}", user.Username, httpContext.Connection.RemoteIpAddress.ToString(), providerName);
|
||||
}
|
||||
}
|
||||
else // claims invalid
|
||||
|
||||
@ -363,28 +363,36 @@ namespace Oqtane.Managers
|
||||
}
|
||||
else
|
||||
{
|
||||
user = _users.GetUser(identityuser.UserName);
|
||||
if (user != null)
|
||||
if (await _identityUserManager.IsEmailConfirmedAsync(identityuser))
|
||||
{
|
||||
if (await _identityUserManager.IsEmailConfirmedAsync(identityuser))
|
||||
user = GetUser(identityuser.UserName, alias.SiteId);
|
||||
if (user != null)
|
||||
{
|
||||
user.IsAuthenticated = true;
|
||||
user.LastLoginOn = DateTime.UtcNow;
|
||||
user.LastIPAddress = LastIPAddress;
|
||||
_users.UpdateUser(user);
|
||||
_logger.Log(LogLevel.Information, this, LogFunction.Security, "User Login Successful For {Username} From IP Address {IPAddress}", user.Username, LastIPAddress);
|
||||
|
||||
_syncManager.AddSyncEvent(alias, EntityNames.User, user.UserId, "Login");
|
||||
|
||||
if (setCookie)
|
||||
// ensure user is registered for site
|
||||
if (user.Roles.Contains(RoleNames.Registered))
|
||||
{
|
||||
await _identitySignInManager.SignInAsync(identityuser, isPersistent);
|
||||
user.IsAuthenticated = true;
|
||||
user.LastLoginOn = DateTime.UtcNow;
|
||||
user.LastIPAddress = LastIPAddress;
|
||||
_users.UpdateUser(user);
|
||||
_logger.Log(LogLevel.Information, this, LogFunction.Security, "User Login Successful For {Username} From IP Address {IPAddress}", user.Username, LastIPAddress);
|
||||
|
||||
_syncManager.AddSyncEvent(alias, EntityNames.User, user.UserId, "Login");
|
||||
|
||||
if (setCookie)
|
||||
{
|
||||
await _identitySignInManager.SignInAsync(identityuser, isPersistent);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
_logger.Log(LogLevel.Information, this, LogFunction.Security, "User {Username} Is Not An Active Member Of Site {SiteId}", user.Username, alias.SiteId);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
_logger.Log(LogLevel.Information, this, LogFunction.Security, "User Email Address Not Verified {Username}", user.Username);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
_logger.Log(LogLevel.Information, this, LogFunction.Security, "User Email Address Not Verified {Username}", user.Username);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user