Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

V14: Deny login screen access #16034

Merged
merged 2 commits into from
Apr 11, 2024
Merged

V14: Deny login screen access #16034

merged 2 commits into from
Apr 11, 2024

Conversation

Zeegaan
Copy link
Member

@Zeegaan Zeegaan commented Apr 11, 2024

Notes

  • In some scenarios, you could manually navigate to the login screen (/umbraco/login), where you were not really supposed to be able to do that:
  1. When you are already logged in, you should not be able to see the login screen
  2. When you are resetting a password, and already logged in
  3. When you are invited, but already logged in

From a server perspective, we needed a way to tell the client about the logged in status of the user, thus we have added a property to the model that get's send with, with whether the user is logged in or not.

How to test

  • Log in the backoffice
  • Manually navigate to /umbraco/login, if you set a breakpoint, you should be able to see the UserIsAlreadyLoggedIn property being set to true.

@Zeegaan Zeegaan added project/bellissima AKA "the new backoffice" release/14.0.0 and removed project/bellissima AKA "the new backoffice" labels Apr 11, 2024
@Zeegaan Zeegaan merged commit 0b62df2 into v14/dev Apr 11, 2024
16 checks passed
@Zeegaan Zeegaan deleted the v14/feature/deny-login-screen-access branch April 11, 2024 11:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
release/14.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Zeegaan