diff --git a/src/Umbraco.Cms.Api.Management/Controllers/BackOfficeLoginController.cs b/src/Umbraco.Cms.Api.Management/Controllers/BackOfficeLoginController.cs
index 9cb134e9a9dd..c0c3fc14bfff 100644
--- a/src/Umbraco.Cms.Api.Management/Controllers/BackOfficeLoginController.cs
+++ b/src/Umbraco.Cms.Api.Management/Controllers/BackOfficeLoginController.cs
@@ -1,13 +1,14 @@
+using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Options;
+using Umbraco.Cms.Core;
using Umbraco.Cms.Core.Configuration.Models;
using Umbraco.Cms.Core.Hosting;
namespace Umbraco.Cms.Api.Management;
[BindProperties]
-public class
- BackOfficeLoginModel
+public class BackOfficeLoginModel
{
///
/// Gets or sets the value of the "ReturnUrl" query parameter or defaults to the configured Umbraco directory.
@@ -19,6 +20,8 @@ public class
/// The configured Umbraco directory.
///
public string? UmbracoUrl { get; set; }
+
+ public bool UserIsAlreadyLoggedIn { get; set; }
}
[ApiExplorerSettings(IgnoreApi=true)]
@@ -38,13 +41,24 @@ public BackOfficeLoginController(
}
// GET
- public IActionResult Index(CancellationToken cancellationToken, BackOfficeLoginModel model)
+ public async Task Index(CancellationToken cancellationToken, BackOfficeLoginModel model)
{
+ AuthenticateResult cookieAuthResult = await HttpContext.AuthenticateAsync(Constants.Security.BackOfficeAuthenticationType);
+ if (cookieAuthResult.Succeeded)
+ {
+ model.UserIsAlreadyLoggedIn = true;
+ }
+
if (string.IsNullOrEmpty(model.UmbracoUrl))
{
model.UmbracoUrl = _hostingEnvironment.ToAbsolute(_globalSettings.UmbracoPath);
}
+ if (Uri.TryCreate(model.ReturnUrl, UriKind.Absolute, out _))
+ {
+ return BadRequest("ReturnUrl must be a relative path.");
+ }
+
if (string.IsNullOrEmpty(model.ReturnUrl))
{
model.ReturnUrl = model.UmbracoUrl;