Forward merge v11/dev to v12/dev

src/Umbraco.Cms.ManagementApi/Controllers/Security/BackOfficeController.cs

@@ -2,14 +2,19 @@
 using Microsoft.AspNetCore;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Options;
 using OpenIddict.Abstractions;
 using OpenIddict.Server.AspNetCore;
 using Umbraco.Cms.Core;
+using Umbraco.Cms.Core.Configuration.Models;
 using Umbraco.Cms.Core.Security;
 using Umbraco.Cms.Web.BackOffice.Security;
 using Umbraco.Extensions;
 using Umbraco.New.Cms.Web.Common.Routing;
+using SignInResult = Microsoft.AspNetCore.Mvc.SignInResult;
+using IdentitySignInResult = Microsoft.AspNetCore.Identity.SignInResult;
 
 namespace Umbraco.Cms.ManagementApi.Controllers.Security;
 
@@ -21,12 +26,18 @@ public class BackOfficeController : ManagementApiControllerBase
     private readonly IHttpContextAccessor _httpContextAccessor;
     private readonly IBackOfficeSignInManager _backOfficeSignInManager;
     private readonly IBackOfficeUserManager _backOfficeUserManager;
+    private readonly IOptions<SecuritySettings> _securitySettings;
 
-    public BackOfficeController(IHttpContextAccessor httpContextAccessor, IBackOfficeSignInManager backOfficeSignInManager, IBackOfficeUserManager backOfficeUserManager)
+    public BackOfficeController(
+        IHttpContextAccessor httpContextAccessor,
+        IBackOfficeSignInManager backOfficeSignInManager,
+        IBackOfficeUserManager backOfficeUserManager,
+        IOptions<SecuritySettings> securitySettings)
     {
         _httpContextAccessor = httpContextAccessor;
         _backOfficeSignInManager = backOfficeSignInManager;
         _backOfficeUserManager = backOfficeUserManager;
+        _securitySettings = securitySettings;
     }
 
     [HttpGet("authorize")]
@@ -41,36 +52,93 @@ public async Task<IActionResult> Authorize()
             return BadRequest("Unable to obtain OpenID data from the current request");
         }
 
+        return request.IdentityProvider.IsNullOrWhiteSpace()
+            ? await AuthorizeInternal(request)
+            : await AuthorizeExternal(request);
+    }
+
+    private async Task<IActionResult> AuthorizeInternal(OpenIddictRequest request)
+    {
+        // TODO: ensure we handle sign-in notifications for internal logins.
+        // when the new login screen is implemented for internal logins, make sure it still handles
+        // user sign-in notifications (calls BackOfficeSignInManager.HandleSignIn) as part of the
+        // sign-in process
+        // for future reference, notifications are already handled for the external login flow by
+        // by calling BackOfficeSignInManager.ExternalLoginSignInAsync
+
         // retrieve the user principal stored in the authentication cookie.
         AuthenticateResult cookieAuthResult = await HttpContext.AuthenticateAsync(Constants.Security.BackOfficeAuthenticationType);
-        if (cookieAuthResult.Succeeded && cookieAuthResult.Principal?.Identity?.Name != null)
+        var userName = cookieAuthResult.Succeeded
+            ? cookieAuthResult.Principal?.Identity?.Name
+            : null;
+
+        if (userName != null)
         {
-            BackOfficeIdentityUser? backOfficeUser = await _backOfficeUserManager.FindByNameAsync(cookieAuthResult.Principal.Identity.Name);
+            BackOfficeIdentityUser? backOfficeUser = await _backOfficeUserManager.FindByNameAsync(userName);
             if (backOfficeUser != null)
             {
-                ClaimsPrincipal backOfficePrincipal = await _backOfficeSignInManager.CreateUserPrincipalAsync(backOfficeUser);
-                backOfficePrincipal.SetClaim(OpenIddictConstants.Claims.Subject, backOfficeUser.Key.ToString());
-
-                // TODO: it is not optimal to append all claims to the token.
-                // the token size grows with each claim, although it is still smaller than the old cookie.
-                // see if we can find a better way so we do not risk leaking sensitive data in bearer tokens.
-                // maybe work with scopes instead?
-                Claim[] backOfficeClaims = backOfficePrincipal.Claims.ToArray();
-                foreach (Claim backOfficeClaim in backOfficeClaims)
-                {
-                    backOfficeClaim.SetDestinations(OpenIddictConstants.Destinations.AccessToken);
-                }
+                return await SignInBackOfficeUser(backOfficeUser, request);
+            }
+        }
+
+        return DefaultChallengeResult();
+    }
+
+    private async Task<IActionResult> AuthorizeExternal(OpenIddictRequest request)
+    {
+        var provider = request.IdentityProvider ?? throw new ArgumentException("No identity provider found in request", nameof(request));
+
+        ExternalLoginInfo? loginInfo = await _backOfficeSignInManager.GetExternalLoginInfoAsync();
+        if (loginInfo?.Principal != null)
+        {
+            IdentitySignInResult result = await _backOfficeSignInManager.ExternalLoginSignInAsync(loginInfo, false, _securitySettings.Value.UserBypassTwoFactorForExternalLogins);
 
-                if (request.GetScopes().Contains(OpenIddictConstants.Scopes.OfflineAccess))
+            if (result.Succeeded)
+            {
+                // Update any authentication tokens if succeeded
+                await _backOfficeSignInManager.UpdateExternalAuthenticationTokensAsync(loginInfo);
+
+                // sign in the backoffice user associated with the login provider and unique provider key
+                BackOfficeIdentityUser? backOfficeUser = await _backOfficeUserManager.FindByLoginAsync(loginInfo.LoginProvider, loginInfo.ProviderKey);
+                if (backOfficeUser != null)
                 {
-                    // "offline_access" scope is required to use refresh tokens
-                    backOfficePrincipal.SetScopes(OpenIddictConstants.Scopes.OfflineAccess);
+                    return await SignInBackOfficeUser(backOfficeUser, request);
                 }
-
-                return new SignInResult(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme, backOfficePrincipal);
+            }
+            else
+            {
+                // avoid infinite auth loops when something fails by performing the default challenge (default login screen)
+                return DefaultChallengeResult();
             }
         }
 
-        return new ChallengeResult(new[] { Constants.Security.BackOfficeAuthenticationType });
+        AuthenticationProperties properties = _backOfficeSignInManager.ConfigureExternalAuthenticationProperties(provider, null);
+        return new ChallengeResult(provider, properties);
     }
+
+    private async Task<IActionResult> SignInBackOfficeUser(BackOfficeIdentityUser backOfficeUser, OpenIddictRequest request)
+    {
+        ClaimsPrincipal backOfficePrincipal = await _backOfficeSignInManager.CreateUserPrincipalAsync(backOfficeUser);
+        backOfficePrincipal.SetClaim(OpenIddictConstants.Claims.Subject, backOfficeUser.Key.ToString());
+
+        // TODO: it is not optimal to append all claims to the token.
+        // the token size grows with each claim, although it is still smaller than the old cookie.
+        // see if we can find a better way so we do not risk leaking sensitive data in bearer tokens.
+        // maybe work with scopes instead?
+        Claim[] backOfficeClaims = backOfficePrincipal.Claims.ToArray();
+        foreach (Claim backOfficeClaim in backOfficeClaims)
+        {
+            backOfficeClaim.SetDestinations(OpenIddictConstants.Destinations.AccessToken);
+        }
+
+        if (request.GetScopes().Contains(OpenIddictConstants.Scopes.OfflineAccess))
+        {
+            // "offline_access" scope is required to use refresh tokens
+            backOfficePrincipal.SetScopes(OpenIddictConstants.Scopes.OfflineAccess);
+        }
+
+        return new SignInResult(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme, backOfficePrincipal);
+    }
+
+    private static IActionResult DefaultChallengeResult() => new ChallengeResult(Constants.Security.BackOfficeAuthenticationType);
 }

src/Umbraco.Cms.Persistence.SqlServer/Umbraco.Cms.Persistence.SqlServer.csproj

@@ -7,7 +7,7 @@
   <ItemGroup>
     <PackageReference Include="NPoco.SqlServer" Version="5.5.0" />
   </ItemGroup>
-  
+
   <ItemGroup>
     <ProjectReference Include="..\Umbraco.Infrastructure\Umbraco.Infrastructure.csproj" />
   </ItemGroup>

src/Umbraco.Cms.Targets/Umbraco.Cms.Targets.csproj

@@ -50,4 +50,12 @@
   <Target Name="RemoveAppsettingsSchema" AfterTargets="Clean" Condition="Exists('$(_UmbracoCmsJsonSchemaReference)')">
     <Delete Files="$(_UmbracoCmsJsonSchemaReference)" />
   </Target>
+
+  <!-- Create and pack empty file to add TFM dependency -->
+  <Target Name="PackTargetFrameworkFile" BeforeTargets="Build">
+    <WriteLinesToFile File="$(IntermediateOutputPath)_._" />
+    <ItemGroup>
+      <None Include="$(IntermediateOutputPath)_._" Pack="true" PackagePath="lib\$(TargetFramework)" />
+    </ItemGroup>
+  </Target>
 </Project>

src/Umbraco.Cms.Targets/buildTransitive/Umbraco.Cms.Targets.props

@@ -5,7 +5,7 @@
     <DefaultItemExcludes>$(DefaultItemExcludes);umbraco\Logs\**</DefaultItemExcludes>
     <DefaultItemExcludes>$(DefaultItemExcludes);wwwroot\media\**</DefaultItemExcludes>
   </PropertyGroup>
-  <ItemGroup>
+  <ItemGroup Condition="'$(ImplicitUsings)' == 'enable' or '$(ImplicitUsings)' == 'true'">
     <Using Include="Umbraco.Cms.Core.DependencyInjection" />
     <Using Include="Umbraco.Extensions" />
   </ItemGroup>

src/Umbraco.Cms/Umbraco.Cms.csproj

@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
     <Title>Umbraco CMS</Title>
     <Description>Installs Umbraco CMS with all default dependencies in your ASP.NET Core project.</Description>
@@ -12,4 +12,12 @@
     <ProjectReference Include="..\Umbraco.Cms.Persistence.Sqlite\Umbraco.Cms.Persistence.Sqlite.csproj" />
     <ProjectReference Include="..\Umbraco.Cms.Persistence.SqlServer\Umbraco.Cms.Persistence.SqlServer.csproj" />
   </ItemGroup>
+
+  <!-- Create and pack empty file to add TFM dependency -->
+  <Target Name="PackTargetFrameworkFile" BeforeTargets="Build">
+    <WriteLinesToFile File="$(IntermediateOutputPath)_._" />
+    <ItemGroup>
+      <None Include="$(IntermediateOutputPath)_._" Pack="true" PackagePath="lib\$(TargetFramework)" />
+    </ItemGroup>
+  </Target>
 </Project>

src/Umbraco.Core/Configuration/Models/LoggingSettings.cs

@@ -2,6 +2,8 @@
 // See LICENSE for more details.
 
 using System.ComponentModel;
+using Microsoft.Extensions.Hosting;
+using Umbraco.Cms.Core.Extensions;
 
 namespace Umbraco.Cms.Core.Configuration.Models;
 
@@ -12,10 +14,28 @@ namespace Umbraco.Cms.Core.Configuration.Models;
 public class LoggingSettings
 {
     internal const string StaticMaxLogAge = "1.00:00:00"; // TimeSpan.FromHours(24);
+    internal const string StaticDirectory = Constants.SystemDirectories.LogFiles;
 
     /// <summary>
     ///     Gets or sets a value for the maximum age of a log file.
     /// </summary>
     [DefaultValue(StaticMaxLogAge)]
     public TimeSpan MaxLogAge { get; set; } = TimeSpan.Parse(StaticMaxLogAge);
+
+    /// <summary>
+    ///     Gets or sets the folder to use for log files
+    /// </summary>
+    [DefaultValue(StaticDirectory)]
+    public string Directory { get; set; } = StaticDirectory;
+
+    public string GetAbsoluteLoggingPath(IHostEnvironment hostEnvironment)
+    {
+        var dir = Directory;
+        if (dir.StartsWith("~/"))
+        {
+            return hostEnvironment.MapPathContentRoot(dir);
+        }
+
+        return dir;
+    }
 }

src/Umbraco.Core/Constants-Marketplace.cs

@@ -7,6 +7,6 @@ public static partial class Constants
     /// </summary>
     public static class Marketplace
     {
-        public const string Url = "https://dev.marketplace.umbraco.com";
+        public const string Url = "https://marketplace.umbraco.com";
     }
 }

src/Umbraco.Core/Constants-SystemDirectories.cs

@@ -60,6 +60,7 @@ public static class SystemDirectories
         /// <summary>
         ///     The default folder where Umbraco log files are stored
         /// </summary>
+        [Obsolete("Use LoggingSettings.GetLoggingDirectory() instead, will be removed in Umbraco 13.")]
         public const string LogFiles = Umbraco + "/Logs";
 
         [Obsolete("Use PluginIcons instead")]

src/Umbraco.Core/Deploy/DataTypeConfigurationConnectorExtensions.cs

@@ -0,0 +1,48 @@
+using Umbraco.Cms.Core.Models;
+
+namespace Umbraco.Cms.Core.Deploy;
+
+/// <summary>
+/// Extension methods adding backwards-compatability between <see cref="IDataTypeConfigurationConnector" /> and <see cref="IDataTypeConfigurationConnector2" />.
+/// </summary>
+/// <remarks>
+/// These extension methods will be removed in Umbraco 13.
+/// </remarks>
+public static class DataTypeConfigurationConnectorExtensions
+{
+    /// <summary>
+    /// Gets the artifact configuration value corresponding to a data type configuration and gather dependencies.
+    /// </summary>
+    /// <param name="connector">The connector.</param>
+    /// <param name="dataType">The data type.</param>
+    /// <param name="dependencies">The dependencies.</param>
+    /// <param name="contextCache">The context cache.</param>
+    /// <returns>
+    /// The artifact configuration value.
+    /// </returns>
+    /// <remarks>
+    /// This extension method tries to make use of the <see cref="IContextCache" /> on types also implementing <see cref="IDataTypeConfigurationConnector2" />.
+    /// </remarks>
+    public static string? ToArtifact(this IDataTypeConfigurationConnector connector, IDataType dataType, ICollection<ArtifactDependency> dependencies, IContextCache contextCache)
+            => connector is IDataTypeConfigurationConnector2 connector2
+                ? connector2.ToArtifact(dataType, dependencies, contextCache)
+                : connector.ToArtifact(dataType, dependencies);
+
+    /// <summary>
+    /// Gets the data type configuration corresponding to an artifact configuration value.
+    /// </summary>
+    /// <param name="connector">The connector.</param>
+    /// <param name="dataType">The data type.</param>
+    /// <param name="configuration">The artifact configuration value.</param>
+    /// <param name="contextCache">The context cache.</param>
+    /// <returns>
+    /// The data type configuration.
+    /// </returns>
+    /// <remarks>
+    /// This extension method tries to make use of the <see cref="IContextCache" /> on types also implementing <see cref="IDataTypeConfigurationConnector2" />.
+    /// </remarks>
+    public static object? FromArtifact(this IDataTypeConfigurationConnector connector, IDataType dataType, string? configuration, IContextCache contextCache)
+            => connector is IDataTypeConfigurationConnector2 connector2
+                ? connector2.FromArtifact(dataType, configuration, contextCache)
+                : connector.FromArtifact(dataType, configuration);
+}

src/Umbraco.Core/Deploy/IDataTypeConfigurationConnector.cs

@@ -27,41 +27,17 @@ public interface IDataTypeConfigurationConnector
     /// <returns>
     /// The artifact configuration value.
     /// </returns>
-    [Obsolete("Use the overload accepting IContextCache instead. This overload will be removed in a future version.")]
-    string? ToArtifact(IDataType dataType, ICollection<ArtifactDependency> dependencies)
-        => ToArtifact(dataType, dependencies, PassThroughCache.Instance);
-
-    /// <summary>
-    /// Gets the artifact configuration value corresponding to a data type configuration and gather dependencies.
-    /// </summary>
-    /// <param name="dataType">The data type.</param>
-    /// <param name="dependencies">The dependencies.</param>
-    /// <param name="contextCache">The context cache.</param>
-    /// <returns>
-    /// The artifact configuration value.
-    /// </returns>
-    string? ToArtifact(IDataType dataType, ICollection<ArtifactDependency> dependencies, IContextCache contextCache);
-
-    /// <summary>
-    /// Gets the data type configuration corresponding to an artifact configuration value.
-    /// </summary>
-    /// <param name="dataType">The data type.</param>
-    /// <param name="configuration">The artifact configuration value.</param>
-    /// <returns>
-    /// The data type configuration.
-    /// </returns>
-    [Obsolete("Use the overload accepting IContextCache instead. This overload will be removed in a future version.")]
-    object? FromArtifact(IDataType dataType, string? configuration)
-        => FromArtifact(dataType, configuration, PassThroughCache.Instance);
+    [Obsolete($"Implement {nameof(IDataTypeConfigurationConnector2)} and use the overload accepting {nameof(IContextCache)} instead. This overload will be removed in Umbraco 13.")]
+    string? ToArtifact(IDataType dataType, ICollection<ArtifactDependency> dependencies);
 
     /// <summary>
     /// Gets the data type configuration corresponding to an artifact configuration value.
     /// </summary>
     /// <param name="dataType">The data type.</param>
     /// <param name="configuration">The artifact configuration value.</param>
-    /// <param name="contextCache">The context cache.</param>
     /// <returns>
     /// The data type configuration.
     /// </returns>
-    object? FromArtifact(IDataType dataType, string? configuration, IContextCache contextCache);
+    [Obsolete($"Implement {nameof(IDataTypeConfigurationConnector2)} and use the overload accepting {nameof(IContextCache)} instead. This overload will be removed in Umbraco 13.")]
+    object? FromArtifact(IDataType dataType, string? configuration);
 }