/// <inheritdoc />
protected override async Task <IdentityUserLogin <string> > FindUserLoginAsync(string userId, string loginProvider, string providerKey, CancellationToken cancellationToken)
{
cancellationToken.ThrowIfCancellationRequested();
ThrowIfDisposed();
BackOfficeIdentityUser user = await FindUserAsync(userId, cancellationToken);
if (user == null)
{
return(null);
}
IList <UserLoginInfo> logins = await GetLoginsAsync(user, cancellationToken);
UserLoginInfo found = logins.FirstOrDefault(x => x.ProviderKey == providerKey && x.LoginProvider == loginProvider);
if (found == null)
{
return(null);
}
return(new IdentityUserLogin <string>
{
LoginProvider = found.LoginProvider,
ProviderKey = found.ProviderKey,
ProviderDisplayName = found.ProviderDisplayName, // TODO: We don't store this value so it will be null
UserId = user.Id
});
}
public void DefineMaps(IUmbracoMapper mapper)
{
mapper.Define <IUser, BackOfficeIdentityUser>(
(source, context) =>
{
var target = new BackOfficeIdentityUser(_globalSettings, source.Id, source.Groups);
target.DisableChangeTracking();
return(target);
},
(source, target, context) =>
{
Map(source, target);
target.ResetDirtyProperties(true);
target.EnableChangeTracking();
});
mapper.Define <IMember, MemberIdentityUser>(
(source, context) =>
{
var target = new MemberIdentityUser(source.Id);
target.DisableChangeTracking();
return(target);
},
(source, target, context) =>
{
Map(source, target);
target.ResetDirtyProperties(true);
target.EnableChangeTracking();
});
}
/// <inheritdoc />
public override async Task SetPasswordHashAsync(BackOfficeIdentityUser user, string passwordHash, CancellationToken cancellationToken = default)
{
await base.SetPasswordHashAsync(user, passwordHash, cancellationToken);
// Clear this so that it's reset at the repository level
user.PasswordConfig = null;
}
/// <summary>
/// Used to construct a new instance without an identity
/// </summary>
/// <param name="email">This is allowed to be null (but would need to be filled in if trying to persist this instance)</param>
public static BackOfficeIdentityUser CreateNew(GlobalSettings globalSettings, string?username, string email, string culture, string?name = null)
{
if (string.IsNullOrWhiteSpace(username))
{
throw new ArgumentException("Value cannot be null or whitespace.", nameof(username));
}
if (string.IsNullOrWhiteSpace(culture))
{
throw new ArgumentException("Value cannot be null or whitespace.", nameof(culture));
}
var user = new BackOfficeIdentityUser(globalSettings, Array.Empty <IReadOnlyUserGroup>());
user.DisableChangeTracking();
user.UserName = username;
user.Email = email;
user.Id = string.Empty;
user.HasIdentity = false;
user._culture = culture;
user.Name = name;
user.EnableChangeTracking();
return(user);
}
/// <inheritdoc />
public override Task AddLoginAsync(BackOfficeIdentityUser user, UserLoginInfo login, CancellationToken cancellationToken = default)
{
cancellationToken.ThrowIfCancellationRequested();
ThrowIfDisposed();
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
if (login == null)
{
throw new ArgumentNullException(nameof(login));
}
ICollection <IIdentityUserLogin> logins = user.Logins;
if (user.Id is not null)
{
var instance = new IdentityUserLogin(login.LoginProvider, login.ProviderKey, user.Id.ToString());
IdentityUserLogin userLogin = instance;
logins.Add(userLogin);
}
return(Task.CompletedTask);
}
/// <inheritdoc />
public override async Task <bool> GetTwoFactorEnabledAsync(BackOfficeIdentityUser user,
CancellationToken cancellationToken = default(CancellationToken))
{
if (!int.TryParse(user.Id, NumberStyles.Integer, CultureInfo.InvariantCulture, out var intUserId))
{
return(await base.GetTwoFactorEnabledAsync(user, cancellationToken));
}
return(await _twoFactorLoginService.IsTwoFactorEnabledAsync(user.Key));
}
/// <inheritdoc />
public override Task <IList <UserLoginInfo> > GetLoginsAsync(BackOfficeIdentityUser user, CancellationToken cancellationToken = default)
{
cancellationToken.ThrowIfCancellationRequested();
ThrowIfDisposed();
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
return(Task.FromResult((IList <UserLoginInfo>)user.Logins.Select(l => new UserLoginInfo(l.LoginProvider, l.ProviderKey, l.LoginProvider)).ToList()));
}
/// <inheritdoc />
public override Task <BackOfficeIdentityUser> FindByEmailAsync(string email, CancellationToken cancellationToken = default)
{
cancellationToken.ThrowIfCancellationRequested();
ThrowIfDisposed();
IUser user = _userService.GetByEmail(email);
BackOfficeIdentityUser result = user == null
? null
: _mapper.Map <BackOfficeIdentityUser>(user);
return(Task.FromResult(AssignLoginsCallback(result)));
}
/// <inheritdoc />
public override Task <IdentityResult> UpdateAsync(BackOfficeIdentityUser user, CancellationToken cancellationToken = default)
{
cancellationToken.ThrowIfCancellationRequested();
ThrowIfDisposed();
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
if (!int.TryParse(user.Id, NumberStyles.Integer, CultureInfo.InvariantCulture, out var asInt))
{
throw new InvalidOperationException("The user id must be an integer to work with the Umbraco");
}
using (IScope scope = _scopeProvider.CreateScope())
{
IUser found = _userService.GetUserById(asInt);
if (found != null)
{
// we have to remember whether Logins property is dirty, since the UpdateMemberProperties will reset it.
var isLoginsPropertyDirty = user.IsPropertyDirty(nameof(BackOfficeIdentityUser.Logins));
var isTokensPropertyDirty = user.IsPropertyDirty(nameof(BackOfficeIdentityUser.LoginTokens));
if (UpdateMemberProperties(found, user))
{
_userService.Save(found);
}
if (isLoginsPropertyDirty)
{
_externalLoginService.Save(
found.Id,
user.Logins.Select(x => new ExternalLogin(
x.LoginProvider,
x.ProviderKey,
x.UserData)));
}
if (isTokensPropertyDirty)
{
_externalLoginService.Save(
found.Id,
user.LoginTokens.Select(x => new ExternalLoginToken(
x.LoginProvider,
x.Name,
x.Value)));
}
}
scope.Complete();
}
return(Task.FromResult(IdentityResult.Success));
}
private BackOfficeIdentityUser AssignLoginsCallback(BackOfficeIdentityUser user)
{
if (user != null)
{
var userId = UserIdToInt(user.Id);
user.SetLoginsCallback(new Lazy <IEnumerable <IIdentityUserLogin> >(() => _externalLoginService.GetExternalLogins(userId)));
user.SetTokensCallback(new Lazy <IEnumerable <IIdentityUserToken> >(() => _externalLoginService.GetExternalLoginTokens(userId)));
}
return(user);
}
/// <inheritdoc/>
protected override async Task <IdentityUserRole <string> > FindUserRoleAsync(string userId, string roleId, CancellationToken cancellationToken)
{
BackOfficeIdentityUser user = await FindUserAsync(userId, cancellationToken);
if (user == null)
{
return(null);
}
IdentityUserRole <string> found = user.Roles.FirstOrDefault(x => x.RoleId.InvariantEquals(roleId));
return(found);
}
/// <summary>
/// Overridden to support Umbraco's own data storage requirements
/// </summary>
/// <remarks>
/// The base class's implementation of this calls into FindTokenAsync, RemoveUserTokenAsync and AddUserTokenAsync, both methods will only work with ORMs that are change
/// tracking ORMs like EFCore.
/// </remarks>
/// <inheritdoc />
public override Task <string> GetTokenAsync(BackOfficeIdentityUser user, string loginProvider, string name, CancellationToken cancellationToken)
{
cancellationToken.ThrowIfCancellationRequested();
ThrowIfDisposed();
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
IIdentityUserToken token = user.LoginTokens.FirstOrDefault(x => x.LoginProvider.InvariantEquals(loginProvider) && x.Name.InvariantEquals(name));
return(Task.FromResult(token?.Value));
}
/// <inheritdoc />
public override Task <BackOfficeIdentityUser> FindByNameAsync(string userName, CancellationToken cancellationToken = default)
{
cancellationToken.ThrowIfCancellationRequested();
ThrowIfDisposed();
IUser user = _userService.GetByUsername(userName);
if (user == null)
{
return(Task.FromResult((BackOfficeIdentityUser)null));
}
BackOfficeIdentityUser result = AssignLoginsCallback(_mapper.Map <BackOfficeIdentityUser>(user));
return(Task.FromResult(result));
}
/// <inheritdoc />
public override Task RemoveLoginAsync(BackOfficeIdentityUser user, string loginProvider, string providerKey, CancellationToken cancellationToken = default)
{
cancellationToken.ThrowIfCancellationRequested();
ThrowIfDisposed();
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
IIdentityUserLogin userLogin = user.Logins.SingleOrDefault(l => l.LoginProvider == loginProvider && l.ProviderKey == providerKey);
if (userLogin != null)
{
user.Logins.Remove(userLogin);
}
return(Task.CompletedTask);
}
/// <summary>
/// Overridden to support Umbraco's own data storage requirements
/// </summary>
/// <remarks>
/// The base class's implementation of this calls into FindTokenAsync, RemoveUserTokenAsync and AddUserTokenAsync, both methods will only work with ORMs that are change
/// tracking ORMs like EFCore.
/// </remarks>
/// <inheritdoc />
public override Task RemoveTokenAsync(BackOfficeIdentityUser user, string loginProvider, string name, CancellationToken cancellationToken)
{
cancellationToken.ThrowIfCancellationRequested();
ThrowIfDisposed();
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
IIdentityUserToken?token = user.LoginTokens.FirstOrDefault(x => x.LoginProvider.InvariantEquals(loginProvider) && x.Name.InvariantEquals(name));
if (token != null)
{
user.LoginTokens.Remove(token);
}
return(Task.CompletedTask);
}
/// <inheritdoc />
public override Task <IdentityResult> DeleteAsync(BackOfficeIdentityUser user, CancellationToken cancellationToken = default)
{
cancellationToken.ThrowIfCancellationRequested();
ThrowIfDisposed();
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
IUser found = _userService.GetUserById(UserIdToInt(user.Id));
if (found != null)
{
_userService.Delete(found);
}
_externalLoginService.DeleteUserLogins(UserIdToInt(user.Id));
return(Task.FromResult(IdentityResult.Success));
}
// Umbraco.Code.MapAll -Id -LockoutEnabled -PhoneNumber -PhoneNumberConfirmed -TwoFactorEnabled -ConcurrencyStamp -NormalizedEmail -NormalizedUserName -Roles
private void Map(IUser source, BackOfficeIdentityUser target)
{
// NOTE: Groups/Roles are set in the BackOfficeIdentityUser ctor
target.CalculatedMediaStartNodeIds = source.CalculateMediaStartNodeIds(_entityService, _appCaches);
target.CalculatedContentStartNodeIds = source.CalculateContentStartNodeIds(_entityService, _appCaches);
target.Email = source.Email;
target.UserName = source.Username;
target.LastPasswordChangeDateUtc = source.LastPasswordChangeDate.ToUniversalTime();
target.LastLoginDateUtc = source.LastLoginDate.ToUniversalTime();
target.InviteDateUtc = source.InvitedDate?.ToUniversalTime();
target.EmailConfirmed = source.EmailConfirmedDate.HasValue;
target.Name = source.Name;
target.AccessFailedCount = source.FailedPasswordAttempts;
target.PasswordHash = GetPasswordHash(source.RawPasswordValue);
target.PasswordConfig = source.PasswordConfiguration;
target.StartContentIds = source.StartContentIds;
target.StartMediaIds = source.StartMediaIds;
target.Culture = source.GetUserCulture(_textService, _globalSettings).ToString(); // project CultureInfo to string
target.IsApproved = source.IsApproved;
target.SecurityStamp = source.SecurityStamp;
target.LockoutEnd = source.IsLockedOut ? DateTime.MaxValue.ToUniversalTime() : (DateTime?)null;
}
/// <inheritdoc />
public override Task <IdentityResult> CreateAsync(BackOfficeIdentityUser user, CancellationToken cancellationToken = default)
{
cancellationToken.ThrowIfCancellationRequested();
ThrowIfDisposed();
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
// the password must be 'something' it could be empty if authenticating
// with an external provider so we'll just generate one and prefix it, the
// prefix will help us determine if the password hasn't actually been specified yet.
// this will hash the guid with a salt so should be nicely random
var aspHasher = new PasswordHasher <BackOfficeIdentityUser>();
var emptyPasswordValue = Cms.Core.Constants.Security.EmptyPasswordPrefix +
aspHasher.HashPassword(user, Guid.NewGuid().ToString("N"));
var userEntity = new User(_globalSettings, user.Name, user.Email, user.UserName, emptyPasswordValue)
{
Language = user.Culture ?? _globalSettings.DefaultUILanguage,
StartContentIds = user.StartContentIds ?? new int[] { },
StartMediaIds = user.StartMediaIds ?? new int[] { },
IsLockedOut = user.IsLockedOut,
};
// we have to remember whether Logins property is dirty, since the UpdateMemberProperties will reset it.
var isLoginsPropertyDirty = user.IsPropertyDirty(nameof(BackOfficeIdentityUser.Logins));
var isTokensPropertyDirty = user.IsPropertyDirty(nameof(BackOfficeIdentityUser.LoginTokens));
UpdateMemberProperties(userEntity, user);
_userService.Save(userEntity);
if (!userEntity.HasIdentity)
{
throw new DataException("Could not create the user, check logs for details");
}
// re-assign id
user.Id = UserIdToString(userEntity.Id);
if (isLoginsPropertyDirty)
{
_externalLoginService.Save(
userEntity.Id,
user.Logins.Select(x => new ExternalLogin(
x.LoginProvider,
x.ProviderKey,
x.UserData)));
}
if (isTokensPropertyDirty)
{
_externalLoginService.Save(
userEntity.Id,
user.LoginTokens.Select(x => new ExternalLoginToken(
x.LoginProvider,
x.Name,
x.Value)));
}
return(Task.FromResult(IdentityResult.Success));
}
private bool UpdateMemberProperties(IUser user, BackOfficeIdentityUser identityUser)
{
var anythingChanged = false;
// don't assign anything if nothing has changed as this will trigger the track changes of the model
if (identityUser.IsPropertyDirty(nameof(BackOfficeIdentityUser.LastLoginDateUtc)) ||
(user.LastLoginDate != default && identityUser.LastLoginDateUtc.HasValue == false) ||
(identityUser.LastLoginDateUtc.HasValue && user.LastLoginDate.ToUniversalTime() != identityUser.LastLoginDateUtc.Value))
{
anythingChanged = true;
// if the LastLoginDate is being set to MinValue, don't convert it ToLocalTime
DateTime dt = identityUser.LastLoginDateUtc == DateTime.MinValue ? DateTime.MinValue : identityUser.LastLoginDateUtc.Value.ToLocalTime();
user.LastLoginDate = dt;
}
if (identityUser.IsPropertyDirty(nameof(BackOfficeIdentityUser.InviteDateUtc)) ||
(user.InvitedDate?.ToUniversalTime() != identityUser.InviteDateUtc))
{
anythingChanged = true;
user.InvitedDate = identityUser.InviteDateUtc?.ToLocalTime();
}
if (identityUser.IsPropertyDirty(nameof(BackOfficeIdentityUser.LastPasswordChangeDateUtc)) ||
(user.LastPasswordChangeDate != default && identityUser.LastPasswordChangeDateUtc.HasValue == false) ||
(identityUser.LastPasswordChangeDateUtc.HasValue && user.LastPasswordChangeDate.ToUniversalTime() != identityUser.LastPasswordChangeDateUtc.Value))
{
anythingChanged = true;
user.LastPasswordChangeDate = identityUser.LastPasswordChangeDateUtc.Value.ToLocalTime();
}
if (identityUser.IsPropertyDirty(nameof(BackOfficeIdentityUser.EmailConfirmed)) ||
(user.EmailConfirmedDate.HasValue && user.EmailConfirmedDate.Value != default && identityUser.EmailConfirmed == false) ||
((user.EmailConfirmedDate.HasValue == false || user.EmailConfirmedDate.Value == default) && identityUser.EmailConfirmed))
{
anythingChanged = true;
user.EmailConfirmedDate = identityUser.EmailConfirmed ? (DateTime?)DateTime.Now : null;
}
if (identityUser.IsPropertyDirty(nameof(BackOfficeIdentityUser.Name)) &&
user.Name != identityUser.Name && identityUser.Name.IsNullOrWhiteSpace() == false)
{
anythingChanged = true;
user.Name = identityUser.Name;
}
if (identityUser.IsPropertyDirty(nameof(BackOfficeIdentityUser.Email)) &&
user.Email != identityUser.Email && identityUser.Email.IsNullOrWhiteSpace() == false)
{
anythingChanged = true;
user.Email = identityUser.Email;
}
if (identityUser.IsPropertyDirty(nameof(BackOfficeIdentityUser.AccessFailedCount)) &&
user.FailedPasswordAttempts != identityUser.AccessFailedCount)
{
anythingChanged = true;
user.FailedPasswordAttempts = identityUser.AccessFailedCount;
}
if (user.IsApproved != identityUser.IsApproved)
{
anythingChanged = true;
user.IsApproved = identityUser.IsApproved;
}
if (user.IsLockedOut != identityUser.IsLockedOut)
{
anythingChanged = true;
user.IsLockedOut = identityUser.IsLockedOut;
if (user.IsLockedOut)
{
// need to set the last lockout date
user.LastLockoutDate = DateTime.Now;
}
}
if (identityUser.IsPropertyDirty(nameof(BackOfficeIdentityUser.UserName)) &&
user.Username != identityUser.UserName && identityUser.UserName.IsNullOrWhiteSpace() == false)
{
anythingChanged = true;
user.Username = identityUser.UserName;
}
if (identityUser.IsPropertyDirty(nameof(BackOfficeIdentityUser.PasswordHash)) &&
user.RawPasswordValue != identityUser.PasswordHash && identityUser.PasswordHash.IsNullOrWhiteSpace() == false)
{
anythingChanged = true;
user.RawPasswordValue = identityUser.PasswordHash;
user.PasswordConfiguration = identityUser.PasswordConfig;
}
if (identityUser.IsPropertyDirty(nameof(BackOfficeIdentityUser.Culture)) &&
user.Language != identityUser.Culture && identityUser.Culture.IsNullOrWhiteSpace() == false)
{
anythingChanged = true;
user.Language = identityUser.Culture;
}
if (identityUser.IsPropertyDirty(nameof(BackOfficeIdentityUser.StartMediaIds)) &&
user.StartMediaIds.UnsortedSequenceEqual(identityUser.StartMediaIds) == false)
{
anythingChanged = true;
user.StartMediaIds = identityUser.StartMediaIds;
}
if (identityUser.IsPropertyDirty(nameof(BackOfficeIdentityUser.StartContentIds)) &&
user.StartContentIds.UnsortedSequenceEqual(identityUser.StartContentIds) == false)
{
anythingChanged = true;
user.StartContentIds = identityUser.StartContentIds;
}
if (user.SecurityStamp != identityUser.SecurityStamp)
{
anythingChanged = true;
user.SecurityStamp = identityUser.SecurityStamp;
}
if (identityUser.IsPropertyDirty(nameof(BackOfficeIdentityUser.Roles)))
{
var identityUserRoles = identityUser.Roles.Select(x => x.RoleId).ToArray();
anythingChanged = true;
// clear out the current groups (need to ToArray since we are modifying the iterator)
user.ClearGroups();
// go lookup all these groups
IReadOnlyUserGroup[] groups = _userService.GetUserGroupsByAlias(identityUserRoles).Select(x => x.ToReadOnlyGroup()).ToArray();
// use all of the ones assigned and add them
foreach (IReadOnlyUserGroup group in groups)
{
user.AddGroup(group);
}
// re-assign
identityUser.SetGroups(groups);
}
// we should re-set the calculated start nodes
identityUser.CalculatedMediaStartNodeIds = user.CalculateMediaStartNodeIds(_entityService, _appCaches);
identityUser.CalculatedContentStartNodeIds = user.CalculateContentStartNodeIds(_entityService, _appCaches);
// reset all changes
identityUser.ResetDirtyProperties(false);
return(anythingChanged);
}
