lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-10-15 19:54:57 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

#5315: Adding new settings to configure SSL cookies

Browse Source 
- Creating ISslSettingsProvider to define whether cookies can only be sent over SSL or not
- Implementing DefaultSslSettingsProvider based on Sites.config and web.config
making it configurable per tenant or for the whole site
- Implementing SecureSocketsLayerSettingsProvider in Orchard.SecureSocketsLayerSettingsProvider

Fixes 5315
This commit is contained in:
Sebastien Ros
2015-06-16 18:10:58 -07:00
parent 20c5b494cd
commit 76408da930
8 changed files with 105 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/Orchard.Tests/Utility/Extensions/StringExtensionsTests.cs
View File

@@ -282,5 +282,21 @@ namespace Orchard.Tests.Utility.Extensions {
Assert.That("abc".Translate("d".ToCharArray(), "d".ToCharArray()), Is.StringMatching("abc"));
Assert.That("abc".Translate("abc".ToCharArray(), "def".ToCharArray()), Is.StringMatching("def"));
}
[Test]
public void ShouldEncodeToBase64() {
Assert.That("abc".ToBase64(), Is.EqualTo("YWJj"));
}
[Test]
public void ShouldDecodeFromBase64() {
Assert.That("YWJj".FromBase64(), Is.EqualTo("abc"));
}
[Test]
public void ShouldRoundtripBase64() {
Assert.That("abc".ToBase64().FromBase64(), Is.EqualTo("abc"));
Assert.That("YWJj".FromBase64().ToBase64(), Is.EqualTo("YWJj"));
}
}
}

1
src/Orchard.Web/Modules/Orchard.SecureSocketsLayer/Orchard.SecureSocketsLayer.csproj
View File

@@ -90,6 +90,7 @@
<Compile Include="Filters\SecureSocketsLayersFilter.cs" />
<Compile Include="Handlers\SslSettingsPartHandler.cs" />
<Compile Include="Models\SslSettingsPart.cs" />
<Compile Include="Services\SecureSocketsLayerSettingsProvider.cs" />
<Compile Include="Services\ISecureSocketsLayerService.cs" />
<Compile Include="Services\SecureSocketsLayerService.cs" />
</ItemGroup>

17
src/Orchard.Web/Modules/Orchard.SecureSocketsLayer/Services/SecureSocketsLayerSettingsProvider.cs Normal file
View File

@@ -0,0 +1,17 @@
using Orchard.Environment.Extensions;
using Orchard.Security;
namespace Orchard.SecureSocketsLayer.Services {
[OrchardSuppressDependency("Orchard.Security.Providers.DefaultSslSettingsProvider")]
public class SecureSocketsLayerSettingsProvider : ISslSettingsProvider {
private readonly ISecureSocketsLayerService _secureSocketsLayerService;
public SecureSocketsLayerSettingsProvider(ISecureSocketsLayerService secureSocketsLayerService) {
_secureSocketsLayerService = secureSocketsLayerService;
}
public bool GetRequiresSSL() {
return _secureSocketsLayerService.GetSettings().Enabled;
}
}
}

2
src/Orchard/Orchard.Framework.csproj
View File

@@ -148,6 +148,8 @@
<Reference Include="System.Xml.Linq" />
</ItemGroup>
<ItemGroup>
<Compile Include="Security\ISslSettingsProvider.cs" />
<Compile Include="Security\Providers\DefaultSslSettingsProvider.cs" />
<Compile Include="StaticHttpContextScope.cs" />
<Compile Include="StaticHttpContextScopeFactory.cs" />
<Compile Include="Caching\DefaultCacheContextAccessor.cs" />

11
src/Orchard/Security/ISslSettingsProvider.cs Normal file
View File

@@ -0,0 +1,11 @@
using System;
namespace Orchard.Security {
public interface ISslSettingsProvider : IDependency {
/// <summary>
/// Gets whether authentication cookies should only be transmitted over SSL or not.
/// </summary>
bool GetRequiresSSL();
}
}

15
src/Orchard/Security/Providers/DefaultSslSettingsProvider.cs Normal file
View File

@@ -0,0 +1,15 @@
using System.Web.Security;
namespace Orchard.Security.Providers {
public class DefaultSslSettingsProvider : ISslSettingsProvider {
public bool RequireSSL { get; set; }
public DefaultSslSettingsProvider() {
RequireSSL = FormsAuthentication.RequireSSL;
}
public bool GetRequiresSSL() {
return RequireSSL;
}
}
}

53
src/Orchard/Security/Providers/FormsAuthenticationService.cs
View File

@@ -3,25 +3,34 @@ using System.Web;
using System.Web.Security;
using Orchard.Environment.Configuration;
using Orchard.Logging;
using Orchard.ContentManagement;
using Orchard.Mvc;
using Orchard.Mvc.Extensions;
using Orchard.Services;
using Orchard.Utility.Extensions;
namespace Orchard.Security.Providers {
public class FormsAuthenticationService : IAuthenticationService {
private const int _version = 3;
private readonly ShellSettings _settings;
private readonly IClock _clock;
private readonly IContentManager _contentManager;
private readonly IMembershipService _membershipService;
private readonly IHttpContextAccessor _httpContextAccessor;
private readonly ISslSettingsProvider _sslSettingsProvider;
private IUser _signedInUser;
private bool _isAuthenticated;
public FormsAuthenticationService(ShellSettings settings, IClock clock, IContentManager contentManager, IHttpContextAccessor httpContextAccessor) {
public FormsAuthenticationService(
ShellSettings settings,
IClock clock,
IMembershipService membershipService,
IHttpContextAccessor httpContextAccessor,
ISslSettingsProvider sslSettingsProvider) {
_settings = settings;
_clock = clock;
_contentManager = contentManager;
_membershipService = membershipService;
_httpContextAccessor = httpContextAccessor;
_sslSettingsProvider = sslSettingsProvider;
Logger = NullLogger.Instance;
@@ -35,11 +44,12 @@ namespace Orchard.Security.Providers {
public void SignIn(IUser user, bool createPersistentCookie) {
var now = _clock.UtcNow.ToLocalTime();
// the cookie user data is {userId};{tenant}
var userData = String.Concat(Convert.ToString(user.Id), ";", _settings.Name);
// the cookie user data is {userName.Base64};{tenant}
// the username is encoded to base64 to prevent collisions with the ';' seprarator
var userData = String.Concat(Convert.ToString(user.UserName).ToBase64(), ";", _settings.Name);
var ticket = new FormsAuthenticationTicket(
1 /*version*/,
_version,
user.UserName,
now,
now.Add(ExpirationTimeSpan),
@@ -50,8 +60,8 @@ namespace Orchard.Security.Providers {
var encryptedTicket = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket) {
HttpOnly = true,
Secure = FormsAuthentication.RequireSSL,
HttpOnly = true, // can't retrieve the cookie from JavaScript
Secure = _sslSettingsProvider.GetRequiresSSL(),
Path = FormsAuthentication.FormsCookiePath
};
@@ -108,30 +118,37 @@ namespace Orchard.Security.Providers {
}
var formsIdentity = (FormsIdentity)httpContext.User.Identity;
// if the cookie is from a previous format, ignore
if (formsIdentity.Ticket.Version != _version) {
return null;
}
var userData = formsIdentity.Ticket.UserData ?? "";
// the cookie user data is {userId};{tenant}
// the cookie user data is {userName};{tenant}
var userDataSegments = userData.Split(';');
if (userDataSegments.Length < 2) {
return null;
}
var userDataId = userDataSegments[0];
var userDataName = userDataSegments[0];
var userDataTenant = userDataSegments[1];
try {
userDataName = userDataName.FromBase64();
}
catch {
return null;
}
if (!String.Equals(userDataTenant, _settings.Name, StringComparison.Ordinal)) {
return null;
}
int userId;
if (!int.TryParse(userDataId, out userId)) {
Logger.Error("User id not a parsable integer");
return null;
}
_isAuthenticated = true;
return _signedInUser = _contentManager.Get(userId).As<IUser>();
return _signedInUser = _membershipService.GetUser(userDataName);
}
private string GetCookiePath(HttpContextBase httpContext) {

8
src/Orchard/Utility/Extensions/StringExtensions.cs
View File

@@ -348,5 +348,13 @@ namespace Orchard.Utility.Extensions {
var pattern = String.Format("{0}", String.Join("|", replacements.Keys));
return Regex.Replace(original, pattern, match => replacements[match.Value]);
}
public static string ToBase64(this string value) {
return Convert.ToBase64String(Encoding.UTF8.GetBytes(value));
}
public static string FromBase64(this string value) {
return Encoding.UTF8.GetString(Convert.FromBase64String(value));
}
}
}