From b0669a3b60fcd339e218bcdddd57525bdc10c302 Mon Sep 17 00:00:00 2001 From: sbwalker Date: Tue, 17 Sep 2024 11:53:34 -0400 Subject: [PATCH] fix external login --- ...taneSiteAuthenticationBuilderExtensions.cs | 25 ++++++++++--------- Oqtane.Server/Security/PrincipalValidator.cs | 2 +- 2 files changed, 14 insertions(+), 13 deletions(-) diff --git a/Oqtane.Server/Extensions/OqtaneSiteAuthenticationBuilderExtensions.cs b/Oqtane.Server/Extensions/OqtaneSiteAuthenticationBuilderExtensions.cs index 0f1cf61d..70a3527a 100644 --- a/Oqtane.Server/Extensions/OqtaneSiteAuthenticationBuilderExtensions.cs +++ b/Oqtane.Server/Extensions/OqtaneSiteAuthenticationBuilderExtensions.cs @@ -20,6 +20,7 @@ using Microsoft.AspNetCore.Authentication.Cookies; using System.Net; using System.Text.Json.Nodes; using System.Globalization; +using System.Collections.Generic; namespace Oqtane.Extensions { @@ -365,7 +366,6 @@ namespace Oqtane.Extensions { user = _users.GetUser(identityuser.UserName); user.SiteId = alias.SiteId; - user.SecurityStamp = identityuser.SecurityStamp; } else { @@ -431,8 +431,6 @@ namespace Oqtane.Extensions var result = await _identityUserManager.CreateAsync(identityuser, password); if (result.Succeeded) { - identityuser = await _identityUserManager.FindByNameAsync(username); - user = new User { SiteId = alias.SiteId, @@ -440,8 +438,7 @@ namespace Oqtane.Extensions DisplayName = displayname, Email = emailaddress, LastLoginOn = null, - LastIPAddress = "", - SecurityStamp = identityuser.SecurityStamp + LastIPAddress = "" }; user = _users.AddUser(user); @@ -531,20 +528,17 @@ namespace Oqtane.Extensions // manage user if (user != null) { - // create claims identity - var _userRoles = httpContext.RequestServices.GetRequiredService(); - var userRoles = _userRoles.GetUserRoles(user.UserId, user.SiteId).ToList(); - identity = UserSecurity.CreateClaimsIdentity(alias, user, userRoles); - identity.Label = ExternalLoginStatus.Success; - // update user user.LastLoginOn = DateTime.UtcNow; user.LastIPAddress = httpContext.Connection.RemoteIpAddress.ToString(); _users.UpdateUser(user); - // external roles + // manage roles + var _userRoles = httpContext.RequestServices.GetRequiredService(); + var userRoles = _userRoles.GetUserRoles(user.UserId, user.SiteId).ToList(); if (!string.IsNullOrEmpty(httpContext.GetSiteSettings().GetValue("ExternalLogin:RoleClaimType", ""))) { + // external roles if (claimsPrincipal.Claims.Any(item => item.Type == httpContext.GetSiteSettings().GetValue("ExternalLogin:RoleClaimType", ""))) { var _roles = httpContext.RequestServices.GetRequiredService(); @@ -590,6 +584,7 @@ namespace Oqtane.Extensions } } } + userRoles = _userRoles.GetUserRoles(user.UserId, user.SiteId).ToList(); } else { @@ -597,6 +592,12 @@ namespace Oqtane.Extensions } } + // create claims identity + identityuser = await _identityUserManager.FindByEmailAsync(user.Username); + user.SecurityStamp = identityuser.SecurityStamp; + identity = UserSecurity.CreateClaimsIdentity(alias, user, userRoles); + identity.Label = ExternalLoginStatus.Success; + // user profile claims if (!string.IsNullOrEmpty(httpContext.GetSiteSettings().GetValue("ExternalLogin:ProfileClaimTypes", ""))) { diff --git a/Oqtane.Server/Security/PrincipalValidator.cs b/Oqtane.Server/Security/PrincipalValidator.cs index 9d7f74e0..032b1f01 100644 --- a/Oqtane.Server/Security/PrincipalValidator.cs +++ b/Oqtane.Server/Security/PrincipalValidator.cs @@ -32,7 +32,7 @@ namespace Oqtane.Security var user = userManager.GetUser(context.Principal.UserId(), alias.SiteId); // cached // check if user is valid, not deleted, has roles, and security stamp has not changed - if (user != null && !user.IsDeleted && user.Roles.Any() && context.Principal.SecurityStamp() == user.SecurityStamp) + if (user != null && !user.IsDeleted && !string.IsNullOrEmpty(user.Roles) && context.Principal.SecurityStamp() == user.SecurityStamp) { // validate sitekey in case user has changed sites in installation if (context.Principal.SiteKey() != alias.SiteKey || !context.Principal.Roles().Any())