kocoded/oqtane.framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sign out the principal when it is rejected due to security stamp changes

Browse Source
This commit is contained in:
sbwalker 2024-09-26 15:53:14 -04:00
parent d468e675c2
commit df71dd14f7
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Oqtane.Server/Extensions/OqtaneServiceCollectionExtensions.cs
View File

@ -169,6 +169,7 @@ namespace Microsoft.Extensions.DependencyInjection
options.Cookie.HttpOnly = true; options.Cookie.HttpOnly = true;
options.Cookie.SameSite = SameSiteMode.Lax; options.Cookie.SameSite = SameSiteMode.Lax;
options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest; options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
options.LoginPath = "/login"; // overrides .NET Identity default of /Account/Login
options.Events.OnRedirectToLogin = context => options.Events.OnRedirectToLogin = context =>
{ {
context.Response.StatusCode = (int)HttpStatusCode.Forbidden; context.Response.StatusCode = (int)HttpStatusCode.Forbidden;

6
Oqtane.Server/Security/PrincipalValidator.cs
View File

@ -7,13 +7,15 @@ using Oqtane.Models;
using Oqtane.Extensions; using Oqtane.Extensions;
using Oqtane.Shared; using Oqtane.Shared;
using Oqtane.Managers; using Oqtane.Managers;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Authentication;
namespace Oqtane.Security namespace Oqtane.Security
{ {
public static class PrincipalValidator public static class PrincipalValidator
{ {
public static Task ValidateAsync(CookieValidatePrincipalContext context) public static async Task ValidateAsync(CookieValidatePrincipalContext context)
{ {
if (context != null && context.Principal.Identity.IsAuthenticated && context.Principal.Identity.Name != null) if (context != null && context.Principal.Identity.IsAuthenticated && context.Principal.Identity.Name != null)
{ {
@ -49,6 +51,7 @@ namespace Oqtane.Security
// remove principal (ie. log user out) // remove principal (ie. log user out)
Log(_logger, alias, "Permissions Removed For User {Username} Accessing {Url}", context.Principal.Identity.Name, path); Log(_logger, alias, "Permissions Removed For User {Username} Accessing {Url}", context.Principal.Identity.Name, path);
context.RejectPrincipal(); context.RejectPrincipal();
await context.HttpContext.SignOutAsync(Constants.AuthenticationScheme);
} }
} }
else else
@ -58,7 +61,6 @@ namespace Oqtane.Security
} }
} }
} }
return Task.CompletedTask;
} }
private static void Log (ILogManager logger, Alias alias, string message, string username, string path) private static void Log (ILogManager logger, Alias alias, string message, string username, string path)