From df597fd632da5285e7f70ddcacb25ea0772c2adf Mon Sep 17 00:00:00 2001 From: Bjarke Berg Date: Wed, 19 Jun 2024 20:51:52 +0200 Subject: [PATCH] Simplified how we disable the TransportSecurityRequirement in OpenIddict --- .../Configuration/ConfigureOpenIddict.cs | 15 +++++++ .../Configuration/PostConfigureOpenIddict.cs | 44 ------------------- .../UmbracoBuilderAuthExtensions.cs | 2 +- 3 files changed, 16 insertions(+), 45 deletions(-) create mode 100644 src/Umbraco.Cms.Api.Common/Configuration/ConfigureOpenIddict.cs delete mode 100644 src/Umbraco.Cms.Api.Common/Configuration/PostConfigureOpenIddict.cs diff --git a/src/Umbraco.Cms.Api.Common/Configuration/ConfigureOpenIddict.cs b/src/Umbraco.Cms.Api.Common/Configuration/ConfigureOpenIddict.cs new file mode 100644 index 000000000000..f428957bd97d --- /dev/null +++ b/src/Umbraco.Cms.Api.Common/Configuration/ConfigureOpenIddict.cs @@ -0,0 +1,15 @@ +using Microsoft.Extensions.Options; +using OpenIddict.Server.AspNetCore; +using Umbraco.Cms.Core.Configuration.Models; + +namespace Umbraco.Cms.Api.Common.Configuration; + +internal class ConfigureOpenIddict : IConfigureOptions +{ + private readonly IOptions _globalSettings; + + public ConfigureOpenIddict(IOptions globalSettings) => _globalSettings = globalSettings; + + public void Configure(OpenIddictServerAspNetCoreOptions options) + => options.DisableTransportSecurityRequirement = _globalSettings.Value.UseHttps is false; +} diff --git a/src/Umbraco.Cms.Api.Common/Configuration/PostConfigureOpenIddict.cs b/src/Umbraco.Cms.Api.Common/Configuration/PostConfigureOpenIddict.cs deleted file mode 100644 index f01b71fbb16b..000000000000 --- a/src/Umbraco.Cms.Api.Common/Configuration/PostConfigureOpenIddict.cs +++ /dev/null @@ -1,44 +0,0 @@ -using Microsoft.Extensions.DependencyInjection; -using Microsoft.Extensions.Options; -using OpenIddict.Server; -using OpenIddict.Server.AspNetCore; -using Umbraco.Cms.Core.Configuration.Models; - -namespace Umbraco.Cms.Api.Common.Configuration; - -internal class PostConfigureOpenIddict : IPostConfigureOptions -{ - private readonly IOptions _globalSettings; - - public PostConfigureOpenIddict(IOptions globalSettings) - { - _globalSettings = globalSettings; - } - - public void PostConfigure(string? name, OpenIddictServerOptions options) - { - EnsureHttpsIsNotRequiredWhenConfigAllowHttp(options); - } - - /// - /// Ensures OpenIddict is configured to allow Http requrest, if and only if, the global settings are configured to allow Http. - /// - /// - /// The logic actually allowing http by removing the ValidateTransportSecurityRequirement Descriptor is borrowed from - /// - private void EnsureHttpsIsNotRequiredWhenConfigAllowHttp(OpenIddictServerOptions options) - { - if (_globalSettings.Value.UseHttps is false) - { - OpenIddictServerHandlerDescriptor descriptor = OpenIddictServerAspNetCoreHandlers.ValidateTransportSecurityRequirement.Descriptor; - - for (var index = options.Handlers.Count - 1; index >= 0; index--) - { - if (options.Handlers[index].ServiceDescriptor.ServiceType == descriptor.ServiceDescriptor.ServiceType) - { - options.Handlers.RemoveAt(index); - } - } - } - } -} diff --git a/src/Umbraco.Cms.Api.Common/DependencyInjection/UmbracoBuilderAuthExtensions.cs b/src/Umbraco.Cms.Api.Common/DependencyInjection/UmbracoBuilderAuthExtensions.cs index c215eeecf86b..3619da30711b 100644 --- a/src/Umbraco.Cms.Api.Common/DependencyInjection/UmbracoBuilderAuthExtensions.cs +++ b/src/Umbraco.Cms.Api.Common/DependencyInjection/UmbracoBuilderAuthExtensions.cs @@ -133,6 +133,6 @@ private static void ConfigureOpenIddict(IUmbracoBuilder builder) }); builder.Services.AddRecurringBackgroundJob(); - builder.Services.ConfigureOptions(); + builder.Services.ConfigureOptions(); } }