search

mattbrailsford / umbraco-authu

An Umbraco plugin to add an OAuth API endpoint to allow authenticated Members/Users via OAuth
MIT License
71 stars 22 forks source link

Bug in Umbraco V8.8.0 #54

Closed nikcio closed 3 years ago

nikcio commented 4 years ago

I've encountered a bug when using AuthU in Umbraco 8.8.0.

The bug is described in a post here: https://our.umbraco.com/forum/using-umbraco-and-getting-started/103925-authu-not-working-properly-after-upgrade-to-umbraco-880

The problem stems from the validation of an IUser where an error is thrown from a function called IMembershipMemberService<IUser>.SetLastLogin

I've implemented a fix with another validation function which I was told the new umbraco version wants use in replacement of the current:

var user = this.MemberProvider.GetUser(username, false);
return user != null && user.IsApproved && !user.IsLockedOut;

My solution is posted here: https://our.umbraco.com/forum/using-umbraco-and-getting-started/103925-authu-not-working-properly-after-upgrade-to-umbraco-880#comment-324587

The solution is to change the ValidateUser function of the MembershipProvideOAuthUserService to the following:

public bool ValidateUser(string username, string password) {
    try {
        return Current.UmbracoContext.Security.ValidateBackOfficeCredentials(username, password);
    }
    catch {
         return false;
    }
}

I've also reported this behavior as an issue to the Umbraco CMS repo : https://github.com/umbraco/Umbraco-CMS/issues/9244

somoreingold commented 3 years ago

@nikcio Did you experience this for both backoffice user authentication, and members, or just backoffice users? Thanks!

nikcio commented 3 years ago

As I remember I only tried authenticating backoffice users.

nikcio commented 3 years ago

This error should be fixed in future versions and will only throw a warning instead of an error. See this issue posted on the Umbraco CMS repo for more info: umbraco/Umbraco-CMS#9244