diff --git a/Orchard.sln b/Orchard.sln index 9f37e806008..b8f15372be6 100644 --- a/Orchard.sln +++ b/Orchard.sln @@ -1,7 +1,7 @@  Microsoft Visual Studio Solution File, Format Version 12.00 # Visual Studio 15 -VisualStudioVersion = 15.0.26606.0 +VisualStudioVersion = 15.0.26430.12 MinimumVisualStudioVersion = 10.0.40219.1 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "OrchardCore.Modules.Cms", "OrchardCore.Modules.Cms", "{90030E85-0C4F-456F-B879-443E8A3F220D}" EndProject @@ -249,19 +249,19 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Aspects", "Aspects", "{3398 EndProject Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Orchard.Tokens.Content.Abstractions", "src\OrchardCore\Orchard.Tokens.Content.Abstractions\Orchard.Tokens.Content.Abstractions.csproj", "{677113F9-C548-4EB8-B248-E03BF967FA22}" EndProject -Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Orchard.Logging.NLog", "src\OrchardCore\Orchard.Logging.NLog\Orchard.Logging.NLog.csproj", "{00677E44-3048-4BAA-8F97-B577CC0EB788}" +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Orchard.Logging.NLog", "src\OrchardCore\Orchard.Logging.NLog\Orchard.Logging.NLog.csproj", "{00677E44-3048-4BAA-8F97-B577CC0EB788}" EndProject -Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Orchard.Queries", "src\OrchardCore.Modules\Orchard.Queries\Orchard.Queries.csproj", "{4FC00B36-DF0A-400F-8E1A-E700B5D58F98}" +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Orchard.Queries", "src\OrchardCore.Modules\Orchard.Queries\Orchard.Queries.csproj", "{4FC00B36-DF0A-400F-8E1A-E700B5D58F98}" EndProject -Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Orchard.Liquid.Abstractions", "src\OrchardCore\Orchard.Liquid.Abstractions\Orchard.Liquid.Abstractions.csproj", "{2DF44392-8882-46B1-8061-61DDBCA358BD}" +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Orchard.Liquid.Abstractions", "src\OrchardCore\Orchard.Liquid.Abstractions\Orchard.Liquid.Abstractions.csproj", "{2DF44392-8882-46B1-8061-61DDBCA358BD}" EndProject -Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Orchard.Lucene.Abstractions", "src\OrchardCore\Orchard.Lucene.Abstractions\Orchard.Lucene.Abstractions.csproj", "{78F13261-B843-4590-8DD5-E9491874D0CD}" +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Orchard.Lucene.Abstractions", "src\OrchardCore\Orchard.Lucene.Abstractions\Orchard.Lucene.Abstractions.csproj", "{78F13261-B843-4590-8DD5-E9491874D0CD}" EndProject -Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Orchard.Liquid", "src\OrchardCore.Modules\Orchard.Liquid\Orchard.Liquid.csproj", "{F8973BF9-4F56-4A59-9153-72BEDB6AB269}" +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Orchard.Liquid", "src\OrchardCore.Modules\Orchard.Liquid\Orchard.Liquid.csproj", "{F8973BF9-4F56-4A59-9153-72BEDB6AB269}" EndProject -Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Orchard.Lucene.Core", "src\OrchardCore\Orchard.Lucene.Core\Orchard.Lucene.Core.csproj", "{F621B369-15FD-4923-98AD-17740C24CD5C}" +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Orchard.Lucene.Core", "src\OrchardCore\Orchard.Lucene.Core\Orchard.Lucene.Core.csproj", "{F621B369-15FD-4923-98AD-17740C24CD5C}" EndProject -Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Orchard.Queries.Abstractions", "src\OrchardCore\Orchard.Queries.Abstractions\Orchard.Queries.Abstractions.csproj", "{AEB44D2A-1493-4550-8B13-EB611B1FB12C}" +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Orchard.Queries.Abstractions", "src\OrchardCore\Orchard.Queries.Abstractions\Orchard.Queries.Abstractions.csproj", "{AEB44D2A-1493-4550-8B13-EB611B1FB12C}" EndProject Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Orchard.Entities", "src\OrchardCore\Orchard.Entities\Orchard.Entities.csproj", "{875C2E27-A131-44AF-9130-6C6CD93317C9}" EndProject @@ -271,6 +271,8 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Orchard.Tokens.Core", "src\ EndProject Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Orchard.Diagnostics.Elm", "src\OrchardCore.Modules\Orchard.Diagnostics.Elm\Orchard.Diagnostics.Elm.csproj", "{A1B6C857-7844-433E-B28A-9A86600771A2}" EndProject +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Orchard.Cors", "src\OrchardCore.Modules\Orchard.Cors\Orchard.Cors.csproj", "{1D2EF8FF-72D6-48C6-8E2B-54F5E28F90C0}" +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Any CPU = Debug|Any CPU @@ -753,6 +755,10 @@ Global {A1B6C857-7844-433E-B28A-9A86600771A2}.Debug|Any CPU.Build.0 = Debug|Any CPU {A1B6C857-7844-433E-B28A-9A86600771A2}.Release|Any CPU.ActiveCfg = Release|Any CPU {A1B6C857-7844-433E-B28A-9A86600771A2}.Release|Any CPU.Build.0 = Release|Any CPU + {1D2EF8FF-72D6-48C6-8E2B-54F5E28F90C0}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {1D2EF8FF-72D6-48C6-8E2B-54F5E28F90C0}.Debug|Any CPU.Build.0 = Debug|Any CPU + {1D2EF8FF-72D6-48C6-8E2B-54F5E28F90C0}.Release|Any CPU.ActiveCfg = Release|Any CPU + {1D2EF8FF-72D6-48C6-8E2B-54F5E28F90C0}.Release|Any CPU.Build.0 = Release|Any CPU EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE @@ -890,5 +896,6 @@ Global {391F8D42-43B0-4DA5-A727-083ABBA55510} = {F23AC6C2-DE44-4699-999D-3C478EF3D691} {5F6C21D3-7D8B-4CAE-9298-CA6791A13FC0} = {F23AC6C2-DE44-4699-999D-3C478EF3D691} {A1B6C857-7844-433E-B28A-9A86600771A2} = {A066395F-6F73-45DC-B5A6-B4E306110DCE} + {1D2EF8FF-72D6-48C6-8E2B-54F5E28F90C0} = {A066395F-6F73-45DC-B5A6-B4E306110DCE} EndGlobalSection EndGlobal diff --git a/src/OrchardCore.Modules/Orchard.Cors/CorsMvcStartup.cs b/src/OrchardCore.Modules/Orchard.Cors/CorsMvcStartup.cs new file mode 100644 index 00000000000..dfddfcf637f --- /dev/null +++ b/src/OrchardCore.Modules/Orchard.Cors/CorsMvcStartup.cs @@ -0,0 +1,19 @@ +using Microsoft.AspNetCore.Modules; +using Microsoft.AspNetCore.Mvc.ApplicationModels; +using Microsoft.AspNetCore.Mvc.Cors; +using Microsoft.AspNetCore.Mvc.Cors.Internal; +using Microsoft.Extensions.DependencyInjection; +using Microsoft.Extensions.DependencyInjection.Extensions; + +namespace Orchard.Cors +{ + [Feature("Orchard.Cors.Mvc")] + public class CorsMvcStartup : StartupBase + { + public override void ConfigureServices(IServiceCollection services) + { + services.TryAddEnumerable(ServiceDescriptor.Transient()); + services.TryAddTransient(); + } + } +} \ No newline at end of file diff --git a/src/OrchardCore.Modules/Orchard.Cors/CorsStartup.cs b/src/OrchardCore.Modules/Orchard.Cors/CorsStartup.cs new file mode 100644 index 00000000000..d34f8aab2fd --- /dev/null +++ b/src/OrchardCore.Modules/Orchard.Cors/CorsStartup.cs @@ -0,0 +1,13 @@ +using Microsoft.AspNetCore.Modules; +using Microsoft.Extensions.DependencyInjection; + +namespace Orchard.Cors +{ + public class CorsStartup : StartupBase + { + public override void ConfigureServices(IServiceCollection services) + { + services.AddCors(); + } + } +} diff --git a/src/OrchardCore.Modules/Orchard.Cors/Module.txt b/src/OrchardCore.Modules/Orchard.Cors/Module.txt new file mode 100644 index 00000000000..20c9eec4a77 --- /dev/null +++ b/src/OrchardCore.Modules/Orchard.Cors/Module.txt @@ -0,0 +1,19 @@ +Name: Cors +AntiForgery: enabled +Author: The Orchard Team +Website: http://orchardproject.net +Version: 2.0.x +OrchardVersion: 2.0.x +Description: Adds Cross-Origin Resource Sharing +Priority: 1 +Category: Security +Features: + Orchard.Cors: + Name: Cors + Description: Feature Adds CORS services. + Category: Security + Orchard.Cors.Mvc: + Name: Cors Mvc + Description: Feature allows apply CORS policies per Mvc Controller or Action. + Dependencies: Orchard.Cors + Category: Security \ No newline at end of file diff --git a/src/OrchardCore.Modules/Orchard.Cors/Orchard.Cors.csproj b/src/OrchardCore.Modules/Orchard.Cors/Orchard.Cors.csproj new file mode 100644 index 00000000000..028a159906b --- /dev/null +++ b/src/OrchardCore.Modules/Orchard.Cors/Orchard.Cors.csproj @@ -0,0 +1,16 @@ + + + + netstandard1.6 + Cross-Origin Resource Sharing Feature + + + + + + + + + + + \ No newline at end of file diff --git a/src/OrchardCore.Modules/Orchard.OpenId/Constants.cs b/src/OrchardCore.Modules/Orchard.OpenId/Constants.cs new file mode 100644 index 00000000000..cffdcd8cab3 --- /dev/null +++ b/src/OrchardCore.Modules/Orchard.OpenId/Constants.cs @@ -0,0 +1,7 @@ +namespace Orchard.OpenId +{ + public class Constants + { + public const string OpenIdConnectPolicy = "OpenIdConnectPolicy"; + } +} \ No newline at end of file diff --git a/src/OrchardCore.Modules/Orchard.OpenId/Controllers/AccessController.cs b/src/OrchardCore.Modules/Orchard.OpenId/Controllers/AccessController.cs index 26323671902..4dbcc8b687b 100644 --- a/src/OrchardCore.Modules/Orchard.OpenId/Controllers/AccessController.cs +++ b/src/OrchardCore.Modules/Orchard.OpenId/Controllers/AccessController.cs @@ -9,6 +9,8 @@ using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Builder; +using Microsoft.AspNetCore.Cors; +using Microsoft.AspNetCore.Cors.Infrastructure; using Microsoft.AspNetCore.Http.Authentication; using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Mvc; @@ -24,6 +26,7 @@ namespace Orchard.OpenId.Controllers { [Authorize] + [EnableCors(Constants.OpenIdConnectPolicy)] public class AccessController : Controller { private readonly OpenIddictApplicationManager _applicationManager; diff --git a/src/OrchardCore.Modules/Orchard.OpenId/Controllers/UserInfoController.cs b/src/OrchardCore.Modules/Orchard.OpenId/Controllers/UserInfoController.cs index a62a49d5992..671ec8767ab 100644 --- a/src/OrchardCore.Modules/Orchard.OpenId/Controllers/UserInfoController.cs +++ b/src/OrchardCore.Modules/Orchard.OpenId/Controllers/UserInfoController.cs @@ -2,6 +2,7 @@ using AspNet.Security.OAuth.Validation; using AspNet.Security.OpenIdConnect.Primitives; using Microsoft.AspNetCore.Authorization; +using Microsoft.AspNetCore.Cors; using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Localization; @@ -12,6 +13,7 @@ namespace Orchard.OpenId.Controllers { [Authorize(ActiveAuthenticationSchemes = OAuthValidationDefaults.AuthenticationScheme)] + [EnableCors(Constants.OpenIdConnectPolicy)] public class UserInfoController : Controller { private readonly IStringLocalizer T; diff --git a/src/OrchardCore.Modules/Orchard.OpenId/Module.txt b/src/OrchardCore.Modules/Orchard.OpenId/Module.txt index e8741955381..052806022ad 100644 --- a/src/OrchardCore.Modules/Orchard.OpenId/Module.txt +++ b/src/OrchardCore.Modules/Orchard.OpenId/Module.txt @@ -6,5 +6,5 @@ Version: 2.0.x OrchardVersion: 2.0.x Description: The OpenID module enables authentication of external apps through OpenID Connect. FeatureDescription: OpenID Connect apps management and authentication. -Dependencies: Orchard.Users, Orchard.Roles, Orchard.Settings +Dependencies: Orchard.Users, Orchard.Roles, Orchard.Settings, Orchard.Cors.Mvc Category: Security diff --git a/src/OrchardCore.Modules/Orchard.OpenId/Services/OpenIdCorsConfiguration.cs b/src/OrchardCore.Modules/Orchard.OpenId/Services/OpenIdCorsConfiguration.cs new file mode 100644 index 00000000000..75464cf6dd8 --- /dev/null +++ b/src/OrchardCore.Modules/Orchard.OpenId/Services/OpenIdCorsConfiguration.cs @@ -0,0 +1,30 @@ +using System.Linq; +using Microsoft.AspNetCore.Cors.Infrastructure; +using Microsoft.AspNetCore.Modules; +using Microsoft.Extensions.Options; + +namespace Orchard.OpenId.Services +{ + [RequireFeatures("Orchard.Cors.Mvc")] + public class OpenIdCorsConfiguration : IConfigureOptions + { + private readonly IOpenIdService _openIdService; + + public OpenIdCorsConfiguration(IOpenIdService openIdService) + { + _openIdService = openIdService; + } + + public void Configure(CorsOptions options) + { + var openIdSettings = _openIdService.GetOpenIdSettingsAsync().GetAwaiter().GetResult(); + if (openIdSettings.Audiences != null && openIdSettings.Audiences.Any()) + options.AddPolicy(Constants.OpenIdConnectPolicy, builder => builder + .WithOrigins(openIdSettings.Audiences.ToArray()) + .AllowAnyHeader() + .AllowAnyMethod() + .AllowCredentials() + ); + } + } +} \ No newline at end of file diff --git a/src/OrchardCore.Modules/Orchard.OpenId/Startup.cs b/src/OrchardCore.Modules/Orchard.OpenId/Startup.cs index 16a994a84cc..1d6a6699417 100644 --- a/src/OrchardCore.Modules/Orchard.OpenId/Startup.cs +++ b/src/OrchardCore.Modules/Orchard.OpenId/Startup.cs @@ -1,6 +1,7 @@ -using System; +using System; using System.Diagnostics; using Microsoft.AspNetCore.Builder; +using Microsoft.AspNetCore.Cors.Infrastructure; using Microsoft.AspNetCore.DataProtection; using Microsoft.AspNetCore.Modules; using Microsoft.AspNetCore.Routing; @@ -126,6 +127,7 @@ public override void ConfigureServices(IServiceCollection services) }); services.AddScoped, OpenIdConfiguration>(); + services.AddSingleton, OpenIdCorsConfiguration>(); } } } diff --git a/src/OrchardCore/OrchardCore.Cms/OrchardCore.Cms.csproj b/src/OrchardCore/OrchardCore.Cms/OrchardCore.Cms.csproj index 0dd4bddc866..cf9c0b980d0 100644 --- a/src/OrchardCore/OrchardCore.Cms/OrchardCore.Cms.csproj +++ b/src/OrchardCore/OrchardCore.Cms/OrchardCore.Cms.csproj @@ -22,6 +22,7 @@ --> +