From 2a357b6029e8a242b5fb0a86c158c19f1d145204 Mon Sep 17 00:00:00 2001 From: Mike Alhayek Date: Mon, 18 Dec 2023 11:43:36 -0800 Subject: [PATCH 1/3] Maintain claims principal during refresh Fix #14917 --- .../OrchardCore.Users/Startup.cs | 2 +- .../Services/ConfigureSecurityStampOptions.cs | 35 +++++++++++++++++++ 2 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 src/OrchardCore/OrchardCore.Users.Core/Services/ConfigureSecurityStampOptions.cs diff --git a/src/OrchardCore.Modules/OrchardCore.Users/Startup.cs b/src/OrchardCore.Modules/OrchardCore.Users/Startup.cs index 21ec8b3c407..c9fc7d4af45 100644 --- a/src/OrchardCore.Modules/OrchardCore.Users/Startup.cs +++ b/src/OrchardCore.Modules/OrchardCore.Users/Startup.cs @@ -206,7 +206,7 @@ public override void ConfigureServices(IServiceCollection services) options.LogoutPath = "/" + userOptions.Value.LogoffPath; options.AccessDeniedPath = "/Error/403"; }); - + services.AddTransient, ConfigureSecurityStampOptions>(); services.AddDataMigration(); services.AddScoped(); diff --git a/src/OrchardCore/OrchardCore.Users.Core/Services/ConfigureSecurityStampOptions.cs b/src/OrchardCore/OrchardCore.Users.Core/Services/ConfigureSecurityStampOptions.cs new file mode 100644 index 00000000000..b5771416ea6 --- /dev/null +++ b/src/OrchardCore/OrchardCore.Users.Core/Services/ConfigureSecurityStampOptions.cs @@ -0,0 +1,35 @@ +using System.Linq; +using System.Security.Claims; +using System.Threading.Tasks; +using Microsoft.AspNetCore.Identity; +using Microsoft.Extensions.Options; + +namespace OrchardCore.Users.Services; + +public class ConfigureSecurityStampOptions : IConfigureOptions +{ + public void Configure(SecurityStampValidatorOptions options) + { + options.OnRefreshingPrincipal = principalContaxt => + { + var currentIdentity = principalContaxt.CurrentPrincipal?.Identities?.FirstOrDefault(); + + if (currentIdentity is not null && principalContaxt.NewPrincipal.Identities is not null) + { + var newIdentity = principalContaxt.NewPrincipal.Identities.First(); + + foreach (var claim in currentIdentity.Claims) + { + if (newIdentity.HasClaim(claim.Type, claim.Value)) + { + continue; + } + + newIdentity.AddClaim(new Claim(claim.Type, claim.Value)); + } + } + + return Task.CompletedTask; + }; + } +} From 1922b66c634a76462776c6aa3ee1981c02f53eaf Mon Sep 17 00:00:00 2001 From: Mike Alhayek Date: Mon, 18 Dec 2023 11:47:43 -0800 Subject: [PATCH 2/3] use PostConfiguration --- src/OrchardCore.Modules/OrchardCore.Users/Startup.cs | 2 +- .../Services/ConfigureSecurityStampOptions.cs | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/OrchardCore.Modules/OrchardCore.Users/Startup.cs b/src/OrchardCore.Modules/OrchardCore.Users/Startup.cs index c9fc7d4af45..06a547db5ca 100644 --- a/src/OrchardCore.Modules/OrchardCore.Users/Startup.cs +++ b/src/OrchardCore.Modules/OrchardCore.Users/Startup.cs @@ -206,7 +206,7 @@ public override void ConfigureServices(IServiceCollection services) options.LogoutPath = "/" + userOptions.Value.LogoffPath; options.AccessDeniedPath = "/Error/403"; }); - services.AddTransient, ConfigureSecurityStampOptions>(); + services.AddTransient, ConfigureSecurityStampOptions>(); services.AddDataMigration(); services.AddScoped(); diff --git a/src/OrchardCore/OrchardCore.Users.Core/Services/ConfigureSecurityStampOptions.cs b/src/OrchardCore/OrchardCore.Users.Core/Services/ConfigureSecurityStampOptions.cs index b5771416ea6..90cca870d11 100644 --- a/src/OrchardCore/OrchardCore.Users.Core/Services/ConfigureSecurityStampOptions.cs +++ b/src/OrchardCore/OrchardCore.Users.Core/Services/ConfigureSecurityStampOptions.cs @@ -6,9 +6,9 @@ namespace OrchardCore.Users.Services; -public class ConfigureSecurityStampOptions : IConfigureOptions +public class ConfigureSecurityStampOptions : IPostConfigureOptions { - public void Configure(SecurityStampValidatorOptions options) + public void PostConfigure(string name, SecurityStampValidatorOptions options) { options.OnRefreshingPrincipal = principalContaxt => { From dc8f48336682b08b08f562e50f88049a6b2b04b3 Mon Sep 17 00:00:00 2001 From: Mike Alhayek Date: Tue, 19 Dec 2023 12:57:01 -0800 Subject: [PATCH 3/3] Fix typo --- .../Services/ConfigureSecurityStampOptions.cs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/OrchardCore/OrchardCore.Users.Core/Services/ConfigureSecurityStampOptions.cs b/src/OrchardCore/OrchardCore.Users.Core/Services/ConfigureSecurityStampOptions.cs index 90cca870d11..01cc9d179b2 100644 --- a/src/OrchardCore/OrchardCore.Users.Core/Services/ConfigureSecurityStampOptions.cs +++ b/src/OrchardCore/OrchardCore.Users.Core/Services/ConfigureSecurityStampOptions.cs @@ -10,13 +10,13 @@ public class ConfigureSecurityStampOptions : IPostConfigureOptions + options.OnRefreshingPrincipal = principalContext => { - var currentIdentity = principalContaxt.CurrentPrincipal?.Identities?.FirstOrDefault(); + var currentIdentity = principalContext.CurrentPrincipal?.Identities?.FirstOrDefault(); - if (currentIdentity is not null && principalContaxt.NewPrincipal.Identities is not null) + if (currentIdentity is not null && principalContext.NewPrincipal.Identities is not null) { - var newIdentity = principalContaxt.NewPrincipal.Identities.First(); + var newIdentity = principalContext.NewPrincipal.Identities.First(); foreach (var claim in currentIdentity.Claims) {