Merge pull request #4677 from sbwalker/dev
sign out the principal when it is rejected due to security stamp changes
This commit is contained in:
		| @ -169,6 +169,7 @@ namespace Microsoft.Extensions.DependencyInjection | ||||
|                 options.Cookie.HttpOnly = true; | ||||
|                 options.Cookie.SameSite = SameSiteMode.Lax; | ||||
|                 options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest; | ||||
|                 options.LoginPath = "/login"; // overrides .NET Identity default of /Account/Login | ||||
|                 options.Events.OnRedirectToLogin = context => | ||||
|                 { | ||||
|                     context.Response.StatusCode = (int)HttpStatusCode.Forbidden; | ||||
|  | ||||
| @ -7,13 +7,15 @@ using Oqtane.Models; | ||||
| using Oqtane.Extensions; | ||||
| using Oqtane.Shared; | ||||
| using Oqtane.Managers; | ||||
| using Microsoft.AspNetCore.Http; | ||||
| using Microsoft.AspNetCore.Authentication; | ||||
|  | ||||
|  | ||||
| namespace Oqtane.Security | ||||
| { | ||||
|     public static class PrincipalValidator | ||||
|     { | ||||
|         public static Task ValidateAsync(CookieValidatePrincipalContext context) | ||||
|         public static async Task ValidateAsync(CookieValidatePrincipalContext context) | ||||
|         { | ||||
|             if (context != null && context.Principal.Identity.IsAuthenticated && context.Principal.Identity.Name != null) | ||||
|             { | ||||
| @ -49,6 +51,7 @@ namespace Oqtane.Security | ||||
|                             // remove principal (ie. log user out) | ||||
|                             Log(_logger, alias, "Permissions Removed For User {Username} Accessing {Url}", context.Principal.Identity.Name, path); | ||||
|                             context.RejectPrincipal(); | ||||
|                             await context.HttpContext.SignOutAsync(Constants.AuthenticationScheme); | ||||
|                         } | ||||
|                     } | ||||
|                     else | ||||
| @ -58,7 +61,6 @@ namespace Oqtane.Security | ||||
|                     } | ||||
|                 } | ||||
|             } | ||||
|             return Task.CompletedTask; | ||||
|         } | ||||
|  | ||||
|         private static void Log (ILogManager logger, Alias alias, string message, string username, string path) | ||||
|  | ||||
		Reference in New Issue
	
	Block a user
	 Shaun Walker
					Shaun Walker