public override async Task <IDisplayResult> UpdateAsync(SecuritySettings section, BuildEditorContext context)
{
var user = _httpContextAccessor.HttpContext?.User;
if (!await _authorizationService.AuthorizeAsync(user, SecurityPermissions.ManageSecurityHeadersSettings))
{
return(null);
}
if (context.GroupId == SettingsGroupId)
{
var model = new SecuritySettingsViewModel();
await context.Updater.TryUpdateModelAsync(model, Prefix);
PrepareContentSecurityPolicyValues(model);
section.ContentTypeOptions = SecurityHeaderDefaults.ContentTypeOptions;
section.ContentSecurityPolicy = model.ContentSecurityPolicy;
section.PermissionsPolicy = model.PermissionsPolicy;
section.ReferrerPolicy = model.ReferrerPolicy;
if (context.Updater.ModelState.IsValid)
{
await _shellHost.ReleaseShellContextAsync(_shellSettings);
}
}
return(await EditAsync(section, context));
}
public void OnGet()
{
var settings = _blogConfig.SecuritySettings;
ViewModel = new()
{
WarnExternalLink = settings.WarnExternalLink,
AllowScriptsInPage = settings.AllowScriptsInPage,
ShowAdminLoginButton = settings.ShowAdminLoginButton
};
}
}
public IActionResult Security()
{
var settings = _blogConfig.SecuritySettings;
var vm = new SecuritySettingsViewModel
{
WarnExternalLink = settings.WarnExternalLink,
AllowScriptsInPage = settings.AllowScriptsInPage,
ShowAdminLoginButton = settings.ShowAdminLoginButton
};
return(View(vm));
}
public async Task <IActionResult> Security(SecuritySettingsViewModel model)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var settings = _blogConfig.SecuritySettings;
settings.WarnExternalLink = model.WarnExternalLink;
settings.AllowScriptsInPage = model.AllowScriptsInPage;
settings.ShowAdminLoginButton = model.ShowAdminLoginButton;
await _blogConfig.SaveAsync(settings);
await _blogAudit.AddAuditEntry(EventType.Settings, AuditEventId.SettingsSavedAdvanced, "Security Settings updated.");
return(Ok());
}
private static void PrepareContentSecurityPolicyValues(SecuritySettingsViewModel model)
{
if (!model.EnableSandbox)
{
model.ContentSecurityPolicy.Remove(ContentSecurityPolicyValue.Sandbox);
}
else if (!model.ContentSecurityPolicy.TryGetValue(ContentSecurityPolicyValue.Sandbox, out _))
{
model.ContentSecurityPolicy[ContentSecurityPolicyValue.Sandbox] = null;
}
if (!model.UpgradeInsecureRequests)
{
model.ContentSecurityPolicy.Remove(ContentSecurityPolicyValue.UpgradeInsecureRequests);
}
else
{
model.ContentSecurityPolicy[ContentSecurityPolicyValue.UpgradeInsecureRequests] = null;
}
}
/// <exception cref="T:System.ArgumentNullException"><paramref name="model"/> is <see langword="null"/></exception>
/// <exception cref="T:System.UriFormatException">
/// Note: In the .NET for Windows Store apps or the Portable Class Library, catch the base class exception,
/// <see cref="T:System.FormatException"/>, instead.
/// uriString is empty.
/// -or-
/// The scheme specified in uriString is not correctly formed. See
/// <see cref="M:System.Uri.CheckSchemeName(System.String)"/>.
/// -or-
/// uriString contains too many slashes.
/// -or-
/// The password specified in uriString is not valid.
/// -or-
/// The host name specified in uriString is not valid.
/// -or-
/// The file name specified in uriString is not valid.
/// -or-
/// The user name specified in uriString is not valid.
/// -or-
/// The host or authority name specified in uriString cannot be terminated by backslashes.
/// -or-
/// The port number specified in uriString is not valid or cannot be parsed.
/// -or-
/// The length of uriString exceeds 65519 characters.
/// -or-
/// The length of the scheme specified in uriString exceeds 1023 characters.
/// -or-
/// There is an invalid character sequence in uriString.
/// -or-
/// The MS-DOS path specified in uriString must start with c:\\.
/// </exception>
#endregion
public async Task <AccountSettingsChangeResponse> ChangeLoginAsync(SecuritySettingsViewModel model,
string token)
{
if (model is null)
{
_logger.LogError($"{nameof(UserSettingsChangeService)}: change login: model was null");
throw new ArgumentNullException(nameof(model));
}
if (model.NewLogin is null)
{
_logger.LogError($"{nameof(UserSettingsChangeService)}: change login: new login was null");
throw new ArgumentNullException(nameof(model.NewLogin));
}
if (token is null)
{
_logger.LogError($"{nameof(UserSettingsChangeService)}: change login: token was null");
throw new ArgumentNullException(nameof(token));
}
var client = _httpClientFactory.CreateClient("Change password client");
client.PrepareJsonRequestWithAuthentication(JwtBearerDefaults.AuthenticationScheme,
token,
MicroservicesUrls.IdentityServer);
var mappedModel = _mapper.Map <SecuritySettingsViewModel, ChangeLoginRequest>(model);
var changeLoginRequest =
await
client.PutAsJsonAsync($"{IdentityServerRoutes.Users.SettingsChange.SettingsChangeEndpoint}/{IdentityServerRoutes.Users.SettingsChange.LoginChange}",
mappedModel);
var responseContent = await changeLoginRequest.Content.ReadFromJsonAsync <AccountSettingsChangeResponse>();
return(responseContent);
}
public void NavigateToSecuritySettingsPage(SecuritySettingsViewModel securitySettings)
{
this.NavigateToPage(new SecuritySettingsPage(), securitySettings);
}
