fix #4580 - add logout everywhere support using SecurityStamp

2024-09-17 08:45:27 -04:00
parent 1f2e2148d5
commit 48f2079f88
13 changed files with 242 additions and 216 deletions
--- a/Oqtane.Server/Repository/UserRoleRepository.cs
+++ b/Oqtane.Server/Repository/UserRoleRepository.cs
@ -1,6 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using Microsoft.AspNetCore.Identity;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.Caching.Memory;
 using Oqtane.Infrastructure;
@ -14,13 +15,15 @@ namespace Oqtane.Repository
        private readonly IDbContextFactory<TenantDBContext> _dbContextFactory;
        private readonly IRoleRepository _roles;
        private readonly ITenantManager _tenantManager;
+        private readonly UserManager<IdentityUser> _identityUserManager;
        private readonly IMemoryCache _cache;

-        public UserRoleRepository(IDbContextFactory<TenantDBContext> dbContextFactory, IRoleRepository roles, ITenantManager tenantManager, IMemoryCache cache)
+        public UserRoleRepository(IDbContextFactory<TenantDBContext> dbContextFactory, IRoleRepository roles, ITenantManager tenantManager, UserManager<IdentityUser> identityUserManager, IMemoryCache cache)
        {
            _dbContextFactory = dbContextFactory;
            _roles = roles;
            _tenantManager = tenantManager;
+            _identityUserManager = identityUserManager;
            _cache = cache;
        }

@ -69,10 +72,8 @@ namespace Oqtane.Repository
                DeleteUserRoles(userRole.UserId);
            }

-            var alias = _tenantManager.GetAlias();
-            _cache.Remove($"user:{userRole.UserId}:{alias.SiteKey}");
-            _cache.Remove($"userroles:{userRole.UserId}:{alias.SiteKey}");
-
+            UpdateSecurityStamp(userRole.UserId);
+ 
            return userRole;
        }

@ -82,9 +83,7 @@ namespace Oqtane.Repository
            db.Entry(userRole).State = EntityState.Modified;
            db.SaveChanges();

-            var alias = _tenantManager.GetAlias();
-            _cache.Remove($"user:{userRole.UserId}:{alias.SiteKey}");
-            _cache.Remove($"userroles:{userRole.UserId}:{alias.SiteKey}");
+            UpdateSecurityStamp(userRole.UserId);

            return userRole;
        }
@ -144,9 +143,7 @@ namespace Oqtane.Repository
            db.UserRole.Remove(userRole);
            db.SaveChanges();

-            var alias = _tenantManager.GetAlias();
-            _cache.Remove($"user:{userRole.UserId}:{alias.SiteKey}");
-            _cache.Remove($"userroles:{userRole.UserId}:{alias.SiteKey}");
+            UpdateSecurityStamp(userRole.UserId);
        }

        public void DeleteUserRoles(int userId)
@ -158,9 +155,30 @@ namespace Oqtane.Repository
            }
            db.SaveChanges();

+            UpdateSecurityStamp(userId);
+        }
+
+        private void UpdateSecurityStamp(int userId)
+        {
+            // update user security stamp
+            using var db = _dbContextFactory.CreateDbContext();
+            var user = db.User.Find(userId);
+            if (user != null)
+            {
+                var identityuser = _identityUserManager.FindByNameAsync(user.Username).GetAwaiter().GetResult();
+                if (identityuser != null)
+                {
+                    _identityUserManager.UpdateSecurityStampAsync(identityuser);
+                }
+            }
+
+            // refresh cache
            var alias = _tenantManager.GetAlias();
-            _cache.Remove($"user:{userId}:{alias.SiteKey}");
-            _cache.Remove($"userroles:{userId}:{alias.SiteKey}");
+            if (alias != null)
+            {
+                _cache.Remove($"user:{userId}:{alias.SiteKey}");
+                _cache.Remove($"userroles:{userId}:{alias.SiteKey}");
+            }
        }
    }
 }