diff --git a/Lombiq.LoginAsAnybody.Tests.UI/Extensions/TestCaseUITestContextExtensions.cs b/Lombiq.LoginAsAnybody.Tests.UI/Extensions/TestCaseUITestContextExtensions.cs index 6b95205..70f02a4 100644 --- a/Lombiq.LoginAsAnybody.Tests.UI/Extensions/TestCaseUITestContextExtensions.cs +++ b/Lombiq.LoginAsAnybody.Tests.UI/Extensions/TestCaseUITestContextExtensions.cs @@ -34,8 +34,7 @@ public static async Task TestLoginAsAnybodyAuthorizationAsync(this UITestContext await context.SignInDirectlyAndGoToDashboardAsync(userParameters.UserName); await context.GoToUsersAsync(); - context.Missing(By.XPath("//a[contains(.,'Log in as user')]")); - await context.GoToAdminRelativeUrlAsync("/Users/SwitchUser/userId"); + await context.ClickReliablyOnAsync(By.XPath("//a[contains(.,'Log in as user')]")); context.Exists(By.XPath("//h1[contains(text(),'You are not authorized to view this content.')]")); } } diff --git a/Lombiq.LoginAsAnybody/Controllers/UserSwitcherController.cs b/Lombiq.LoginAsAnybody/Controllers/UserSwitcherController.cs index dc73b13..67082d4 100644 --- a/Lombiq.LoginAsAnybody/Controllers/UserSwitcherController.cs +++ b/Lombiq.LoginAsAnybody/Controllers/UserSwitcherController.cs @@ -33,6 +33,8 @@ public UserSwitcherController( H = htmlLocalizer; } + [HttpPost] + [ValidateAntiForgeryToken] public async Task SwitchUser(string id) { if (!await _authorizationService.AuthorizeAsync(User, StandardPermissions.SiteOwner)) return Unauthorized(); @@ -44,7 +46,7 @@ public async Task SwitchUser(string id) await _signInManager.SignOutAsync(); await _signInManager.SignInAsync(selectedUser, isPersistent: false); - await _notifier.InformationAsync(H["Successfully logged in as {0}.", selectedUser.UserName]); + await _notifier.SuccessAsync(H["Successfully logged in as {0}.", selectedUser.UserName]); return Redirect("~/"); } diff --git a/Lombiq.LoginAsAnybody/Drivers/UserSwitcherDisplayDriver.cs b/Lombiq.LoginAsAnybody/Drivers/UserSwitcherDisplayDriver.cs index e7e4fb9..4be8b21 100644 --- a/Lombiq.LoginAsAnybody/Drivers/UserSwitcherDisplayDriver.cs +++ b/Lombiq.LoginAsAnybody/Drivers/UserSwitcherDisplayDriver.cs @@ -1,30 +1,21 @@ -using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; using OrchardCore.DisplayManagement.Handlers; using OrchardCore.DisplayManagement.ModelBinding; using OrchardCore.DisplayManagement.Views; -using OrchardCore.Security; using OrchardCore.Users.Models; using OrchardCore.Users.ViewModels; -using System.Threading.Tasks; namespace Lombiq.LoginAsAnybody.Drivers; public class UserSwitcherDisplayDriver : DisplayDriver { private readonly IHttpContextAccessor _hca; - private readonly IAuthorizationService _authorizationService; - public UserSwitcherDisplayDriver(IHttpContextAccessor hca, IAuthorizationService authorizationService) - { - _hca = hca; - _authorizationService = authorizationService; - } + public UserSwitcherDisplayDriver(IHttpContextAccessor hca) => _hca = hca; - public override async Task DisplayAsync(User model, IUpdateModel updater) => - await _authorizationService.AuthorizeAsync(_hca.HttpContext.User, StandardPermissions.SiteOwner) && - _hca.HttpContext.User.Identity.Name != model.UserName - ? Initialize("UserSwitcherButton", summaryModel => summaryModel.User = model) - .Location("SummaryAdmin", "Actions:2") - : null; + public override IDisplayResult Display(User model, IUpdateModel updater) => + _hca.HttpContext.User.Identity.Name != model.UserName + ? Initialize("UserSwitcherButton", summaryModel => summaryModel.User = model) + .Location("SummaryAdmin", "Actions:2") + : null; } diff --git a/Lombiq.LoginAsAnybody/Views/UserSwitcherButton.cshtml b/Lombiq.LoginAsAnybody/Views/UserSwitcherButton.cshtml index c926746..3d44044 100644 --- a/Lombiq.LoginAsAnybody/Views/UserSwitcherButton.cshtml +++ b/Lombiq.LoginAsAnybody/Views/UserSwitcherButton.cshtml @@ -10,4 +10,4 @@ } @T["Log in as user"] + data-url-af="UnsafeUrl" class="btn btn-success btn-sm">@T["Log in as user"]