public override async Task <IDisplayResult> UpdateAsync(SecuritySettings section, BuildEditorContext context) { var user = _httpContextAccessor.HttpContext?.User; if (!await _authorizationService.AuthorizeAsync(user, SecurityPermissions.ManageSecurityHeadersSettings)) { return(null); } if (context.GroupId == SettingsGroupId) { var model = new SecuritySettingsViewModel(); await context.Updater.TryUpdateModelAsync(model, Prefix); PrepareContentSecurityPolicyValues(model); section.ContentTypeOptions = SecurityHeaderDefaults.ContentTypeOptions; section.ContentSecurityPolicy = model.ContentSecurityPolicy; section.PermissionsPolicy = model.PermissionsPolicy; section.ReferrerPolicy = model.ReferrerPolicy; if (context.Updater.ModelState.IsValid) { await _shellHost.ReleaseShellContextAsync(_shellSettings); } } return(await EditAsync(section, context)); }
public void OnGet() { var settings = _blogConfig.SecuritySettings; ViewModel = new() { WarnExternalLink = settings.WarnExternalLink, AllowScriptsInPage = settings.AllowScriptsInPage, ShowAdminLoginButton = settings.ShowAdminLoginButton }; } }
public IActionResult Security() { var settings = _blogConfig.SecuritySettings; var vm = new SecuritySettingsViewModel { WarnExternalLink = settings.WarnExternalLink, AllowScriptsInPage = settings.AllowScriptsInPage, ShowAdminLoginButton = settings.ShowAdminLoginButton }; return(View(vm)); }
public async Task <IActionResult> Security(SecuritySettingsViewModel model) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var settings = _blogConfig.SecuritySettings; settings.WarnExternalLink = model.WarnExternalLink; settings.AllowScriptsInPage = model.AllowScriptsInPage; settings.ShowAdminLoginButton = model.ShowAdminLoginButton; await _blogConfig.SaveAsync(settings); await _blogAudit.AddAuditEntry(EventType.Settings, AuditEventId.SettingsSavedAdvanced, "Security Settings updated."); return(Ok()); }
private static void PrepareContentSecurityPolicyValues(SecuritySettingsViewModel model) { if (!model.EnableSandbox) { model.ContentSecurityPolicy.Remove(ContentSecurityPolicyValue.Sandbox); } else if (!model.ContentSecurityPolicy.TryGetValue(ContentSecurityPolicyValue.Sandbox, out _)) { model.ContentSecurityPolicy[ContentSecurityPolicyValue.Sandbox] = null; } if (!model.UpgradeInsecureRequests) { model.ContentSecurityPolicy.Remove(ContentSecurityPolicyValue.UpgradeInsecureRequests); } else { model.ContentSecurityPolicy[ContentSecurityPolicyValue.UpgradeInsecureRequests] = null; } }
/// <exception cref="T:System.ArgumentNullException"><paramref name="model"/> is <see langword="null"/></exception> /// <exception cref="T:System.UriFormatException"> /// Note: In the .NET for Windows Store apps or the Portable Class Library, catch the base class exception, /// <see cref="T:System.FormatException"/>, instead. /// uriString is empty. /// -or- /// The scheme specified in uriString is not correctly formed. See /// <see cref="M:System.Uri.CheckSchemeName(System.String)"/>. /// -or- /// uriString contains too many slashes. /// -or- /// The password specified in uriString is not valid. /// -or- /// The host name specified in uriString is not valid. /// -or- /// The file name specified in uriString is not valid. /// -or- /// The user name specified in uriString is not valid. /// -or- /// The host or authority name specified in uriString cannot be terminated by backslashes. /// -or- /// The port number specified in uriString is not valid or cannot be parsed. /// -or- /// The length of uriString exceeds 65519 characters. /// -or- /// The length of the scheme specified in uriString exceeds 1023 characters. /// -or- /// There is an invalid character sequence in uriString. /// -or- /// The MS-DOS path specified in uriString must start with c:\\. /// </exception> #endregion public async Task <AccountSettingsChangeResponse> ChangeLoginAsync(SecuritySettingsViewModel model, string token) { if (model is null) { _logger.LogError($"{nameof(UserSettingsChangeService)}: change login: model was null"); throw new ArgumentNullException(nameof(model)); } if (model.NewLogin is null) { _logger.LogError($"{nameof(UserSettingsChangeService)}: change login: new login was null"); throw new ArgumentNullException(nameof(model.NewLogin)); } if (token is null) { _logger.LogError($"{nameof(UserSettingsChangeService)}: change login: token was null"); throw new ArgumentNullException(nameof(token)); } var client = _httpClientFactory.CreateClient("Change password client"); client.PrepareJsonRequestWithAuthentication(JwtBearerDefaults.AuthenticationScheme, token, MicroservicesUrls.IdentityServer); var mappedModel = _mapper.Map <SecuritySettingsViewModel, ChangeLoginRequest>(model); var changeLoginRequest = await client.PutAsJsonAsync($"{IdentityServerRoutes.Users.SettingsChange.SettingsChangeEndpoint}/{IdentityServerRoutes.Users.SettingsChange.LoginChange}", mappedModel); var responseContent = await changeLoginRequest.Content.ReadFromJsonAsync <AccountSettingsChangeResponse>(); return(responseContent); }
public void NavigateToSecuritySettingsPage(SecuritySettingsViewModel securitySettings) { this.NavigateToPage(new SecuritySettingsPage(), securitySettings); }