include SecurityStamp in User object

2024-09-16 13:03:21 -04:00 · 2024-09-16 13:03:21 -04:00 · f2c854b53a
commit f2c854b53a
parent c74065ff26
3 changed files with 11 additions and 2 deletions
--- a/Oqtane.Server/Controllers/UserController.cs
+++ b/Oqtane.Server/Controllers/UserController.cs
@ -123,8 +123,11 @@ namespace Oqtane.Controllers
                filtered.UserId = user.UserId;
                filtered.Username = user.Username;
                filtered.DisplayName = user.DisplayName;
+
+                // restricted properties
                filtered.Password = "";
                filtered.TwoFactorCode = "";
+                filtered.SecurityStamp = "";

                // include private properties if authenticated user is accessing their own user account os is an administrator
                if (_userPermissions.IsAuthorized(User, user.SiteId, EntityNames.User, -1, PermissionNames.Write, RoleNames.Admin) || _userPermissions.GetUser(User).UserId == user.UserId)
--- a/Oqtane.Server/Managers/UserManager.cs
+++ b/Oqtane.Server/Managers/UserManager.cs
@ -64,6 +64,7 @@ namespace Oqtane.Managers
                {
                    user.SiteId = siteid;
                    user.Roles = GetUserRoles(user.UserId, user.SiteId);
+                    user.SecurityStamp = _identityUserManager.FindByNameAsync(user.Username).GetAwaiter().GetResult()?.SecurityStamp;
                    user.Settings = _settings.GetSettings(EntityNames.User, user.UserId)
                        .ToDictionary(setting => setting.SettingName, setting => setting.SettingValue);
                }
--- a/Oqtane.Shared/Models/User.cs
+++ b/Oqtane.Shared/Models/User.cs
@ -59,6 +59,12 @@ namespace Oqtane.Models
        /// </summary>
        public DateTime? TwoFactorExpiry { get; set; }

+        /// <summary>
+        /// A token indicating if a user's security properties have been modified
+        /// </summary>
+        [NotMapped]
+        public string SecurityStamp { get; set; }
+
        /// <summary>
        /// Reference to the <see cref="Site"/> this user belongs to.
        /// </summary>
@ -66,8 +72,7 @@ namespace Oqtane.Models
        public int SiteId { get; set; }

        /// <summary>
-        /// Role names this user has.
-        /// TODO: todoc - is this comma separated?
+        /// Semi-colon delimited list of role names for the user
        /// </summary>
        [NotMapped]
        public string Roles { get; set; }