From 724651ac07af45f2994357191076695728eec353 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zolt=C3=A1n=20M=C3=A1t=C3=A9?= Date: Mon, 19 Feb 2024 18:29:14 +0100 Subject: [PATCH 1/6] Utilizing HttpPost on controller action --- .../Controllers/UserSwitcherController.cs | 2 ++ Lombiq.LoginAsAnybody/Views/UserSwitcherButton.cshtml | 8 ++++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/Lombiq.LoginAsAnybody/Controllers/UserSwitcherController.cs b/Lombiq.LoginAsAnybody/Controllers/UserSwitcherController.cs index dc73b13..e4d91bd 100644 --- a/Lombiq.LoginAsAnybody/Controllers/UserSwitcherController.cs +++ b/Lombiq.LoginAsAnybody/Controllers/UserSwitcherController.cs @@ -33,6 +33,8 @@ public UserSwitcherController( H = htmlLocalizer; } + [HttpPost] + [ValidateAntiForgeryToken] public async Task SwitchUser(string id) { if (!await _authorizationService.AuthorizeAsync(User, StandardPermissions.SiteOwner)) return Unauthorized(); diff --git a/Lombiq.LoginAsAnybody/Views/UserSwitcherButton.cshtml b/Lombiq.LoginAsAnybody/Views/UserSwitcherButton.cshtml index c926746..e1adfb8 100644 --- a/Lombiq.LoginAsAnybody/Views/UserSwitcherButton.cshtml +++ b/Lombiq.LoginAsAnybody/Views/UserSwitcherButton.cshtml @@ -9,5 +9,9 @@ var user = Model.User as User; } -@T["Log in as user"] +
+ + +
From b9c60a03d5d4e62f72ab65b3c6a3cdaff7cff7c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zolt=C3=A1n=20M=C3=A1t=C3=A9?= Date: Mon, 19 Feb 2024 23:26:56 +0100 Subject: [PATCH 2/6] Success notification instead of information --- Lombiq.LoginAsAnybody/Controllers/UserSwitcherController.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Lombiq.LoginAsAnybody/Controllers/UserSwitcherController.cs b/Lombiq.LoginAsAnybody/Controllers/UserSwitcherController.cs index e4d91bd..67082d4 100644 --- a/Lombiq.LoginAsAnybody/Controllers/UserSwitcherController.cs +++ b/Lombiq.LoginAsAnybody/Controllers/UserSwitcherController.cs @@ -46,7 +46,7 @@ public async Task SwitchUser(string id) await _signInManager.SignOutAsync(); await _signInManager.SignInAsync(selectedUser, isPersistent: false); - await _notifier.InformationAsync(H["Successfully logged in as {0}.", selectedUser.UserName]); + await _notifier.SuccessAsync(H["Successfully logged in as {0}.", selectedUser.UserName]); return Redirect("~/"); } From 63ea5df9be549a9ee152881dc512ce87747e7d1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zolt=C3=A1n=20M=C3=A1t=C3=A9?= Date: Tue, 20 Feb 2024 19:01:59 +0100 Subject: [PATCH 3/6] Fixing tests --- .../Extensions/TestCaseUITestContextExtensions.cs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Lombiq.LoginAsAnybody.Tests.UI/Extensions/TestCaseUITestContextExtensions.cs b/Lombiq.LoginAsAnybody.Tests.UI/Extensions/TestCaseUITestContextExtensions.cs index 6b95205..e15ef76 100644 --- a/Lombiq.LoginAsAnybody.Tests.UI/Extensions/TestCaseUITestContextExtensions.cs +++ b/Lombiq.LoginAsAnybody.Tests.UI/Extensions/TestCaseUITestContextExtensions.cs @@ -17,7 +17,7 @@ public static async Task TestLoginAsAnybodyAsync(this UITestContext context) await context.CreateUserAsync(userParameters.UserName, userParameters.Password, userParameters.Email); await context.GoToUsersAsync(); - await context.ClickReliablyOnAsync(By.XPath("//a[contains(.,'Log in as user')]")); + await context.ClickReliablyOnAsync(By.XPath("//button[contains(.,'Log in as user')]")); (await context.GetCurrentUserNameAsync()).ShouldBe(userParameters.UserName); } @@ -34,7 +34,7 @@ public static async Task TestLoginAsAnybodyAuthorizationAsync(this UITestContext await context.SignInDirectlyAndGoToDashboardAsync(userParameters.UserName); await context.GoToUsersAsync(); - context.Missing(By.XPath("//a[contains(.,'Log in as user')]")); + context.Missing(By.XPath("//button[contains(.,'Log in as user')]")); await context.GoToAdminRelativeUrlAsync("/Users/SwitchUser/userId"); context.Exists(By.XPath("//h1[contains(text(),'You are not authorized to view this content.')]")); } From 54603c6c6132c57a7beb6a7de0e20f1d8e00948d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zolt=C3=A1n=20M=C3=A1t=C3=A9?= Date: Wed, 21 Feb 2024 12:58:53 +0100 Subject: [PATCH 4/6] Updating test --- .../Extensions/TestCaseUITestContextExtensions.cs | 3 +-- .../Drivers/UserSwitcherDisplayDriver.cs | 13 +++++-------- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/Lombiq.LoginAsAnybody.Tests.UI/Extensions/TestCaseUITestContextExtensions.cs b/Lombiq.LoginAsAnybody.Tests.UI/Extensions/TestCaseUITestContextExtensions.cs index e15ef76..77329a8 100644 --- a/Lombiq.LoginAsAnybody.Tests.UI/Extensions/TestCaseUITestContextExtensions.cs +++ b/Lombiq.LoginAsAnybody.Tests.UI/Extensions/TestCaseUITestContextExtensions.cs @@ -34,8 +34,7 @@ public static async Task TestLoginAsAnybodyAuthorizationAsync(this UITestContext await context.SignInDirectlyAndGoToDashboardAsync(userParameters.UserName); await context.GoToUsersAsync(); - context.Missing(By.XPath("//button[contains(.,'Log in as user')]")); - await context.GoToAdminRelativeUrlAsync("/Users/SwitchUser/userId"); + await context.ClickReliablyOnAsync(By.XPath("//button[contains(.,'Log in as user')]")); context.Exists(By.XPath("//h1[contains(text(),'You are not authorized to view this content.')]")); } } diff --git a/Lombiq.LoginAsAnybody/Drivers/UserSwitcherDisplayDriver.cs b/Lombiq.LoginAsAnybody/Drivers/UserSwitcherDisplayDriver.cs index e7e4fb9..c7a5149 100644 --- a/Lombiq.LoginAsAnybody/Drivers/UserSwitcherDisplayDriver.cs +++ b/Lombiq.LoginAsAnybody/Drivers/UserSwitcherDisplayDriver.cs @@ -3,10 +3,8 @@ using OrchardCore.DisplayManagement.Handlers; using OrchardCore.DisplayManagement.ModelBinding; using OrchardCore.DisplayManagement.Views; -using OrchardCore.Security; using OrchardCore.Users.Models; using OrchardCore.Users.ViewModels; -using System.Threading.Tasks; namespace Lombiq.LoginAsAnybody.Drivers; @@ -21,10 +19,9 @@ public UserSwitcherDisplayDriver(IHttpContextAccessor hca, IAuthorizationService _authorizationService = authorizationService; } - public override async Task DisplayAsync(User model, IUpdateModel updater) => - await _authorizationService.AuthorizeAsync(_hca.HttpContext.User, StandardPermissions.SiteOwner) && - _hca.HttpContext.User.Identity.Name != model.UserName - ? Initialize("UserSwitcherButton", summaryModel => summaryModel.User = model) - .Location("SummaryAdmin", "Actions:2") - : null; + public override IDisplayResult Display(User model, IUpdateModel updater) => + _hca.HttpContext.User.Identity.Name != model.UserName + ? Initialize("UserSwitcherButton", summaryModel => summaryModel.User = model) + .Location("SummaryAdmin", "Actions:2") + : null; } From 8eb77a1f2c263185cb33d879c010d5ca22c85bf4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zolt=C3=A1n=20M=C3=A1t=C3=A9?= Date: Wed, 21 Feb 2024 13:18:36 +0100 Subject: [PATCH 5/6] Using link instead of form --- .../Extensions/TestCaseUITestContextExtensions.cs | 4 ++-- .../Drivers/UserSwitcherDisplayDriver.cs | 8 +------- Lombiq.LoginAsAnybody/Views/UserSwitcherButton.cshtml | 8 ++------ 3 files changed, 5 insertions(+), 15 deletions(-) diff --git a/Lombiq.LoginAsAnybody.Tests.UI/Extensions/TestCaseUITestContextExtensions.cs b/Lombiq.LoginAsAnybody.Tests.UI/Extensions/TestCaseUITestContextExtensions.cs index 77329a8..70f02a4 100644 --- a/Lombiq.LoginAsAnybody.Tests.UI/Extensions/TestCaseUITestContextExtensions.cs +++ b/Lombiq.LoginAsAnybody.Tests.UI/Extensions/TestCaseUITestContextExtensions.cs @@ -17,7 +17,7 @@ public static async Task TestLoginAsAnybodyAsync(this UITestContext context) await context.CreateUserAsync(userParameters.UserName, userParameters.Password, userParameters.Email); await context.GoToUsersAsync(); - await context.ClickReliablyOnAsync(By.XPath("//button[contains(.,'Log in as user')]")); + await context.ClickReliablyOnAsync(By.XPath("//a[contains(.,'Log in as user')]")); (await context.GetCurrentUserNameAsync()).ShouldBe(userParameters.UserName); } @@ -34,7 +34,7 @@ public static async Task TestLoginAsAnybodyAuthorizationAsync(this UITestContext await context.SignInDirectlyAndGoToDashboardAsync(userParameters.UserName); await context.GoToUsersAsync(); - await context.ClickReliablyOnAsync(By.XPath("//button[contains(.,'Log in as user')]")); + await context.ClickReliablyOnAsync(By.XPath("//a[contains(.,'Log in as user')]")); context.Exists(By.XPath("//h1[contains(text(),'You are not authorized to view this content.')]")); } } diff --git a/Lombiq.LoginAsAnybody/Drivers/UserSwitcherDisplayDriver.cs b/Lombiq.LoginAsAnybody/Drivers/UserSwitcherDisplayDriver.cs index c7a5149..4be8b21 100644 --- a/Lombiq.LoginAsAnybody/Drivers/UserSwitcherDisplayDriver.cs +++ b/Lombiq.LoginAsAnybody/Drivers/UserSwitcherDisplayDriver.cs @@ -1,4 +1,3 @@ -using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; using OrchardCore.DisplayManagement.Handlers; using OrchardCore.DisplayManagement.ModelBinding; @@ -11,13 +10,8 @@ namespace Lombiq.LoginAsAnybody.Drivers; public class UserSwitcherDisplayDriver : DisplayDriver { private readonly IHttpContextAccessor _hca; - private readonly IAuthorizationService _authorizationService; - public UserSwitcherDisplayDriver(IHttpContextAccessor hca, IAuthorizationService authorizationService) - { - _hca = hca; - _authorizationService = authorizationService; - } + public UserSwitcherDisplayDriver(IHttpContextAccessor hca) => _hca = hca; public override IDisplayResult Display(User model, IUpdateModel updater) => _hca.HttpContext.User.Identity.Name != model.UserName diff --git a/Lombiq.LoginAsAnybody/Views/UserSwitcherButton.cshtml b/Lombiq.LoginAsAnybody/Views/UserSwitcherButton.cshtml index e1adfb8..2532933 100644 --- a/Lombiq.LoginAsAnybody/Views/UserSwitcherButton.cshtml +++ b/Lombiq.LoginAsAnybody/Views/UserSwitcherButton.cshtml @@ -9,9 +9,5 @@ var user = Model.User as User; } -
- - -
+@T["Log in as user"] From 52dba7f4f0f37482c8af8338d450f3e79a300ce5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zolt=C3=A1n=20M=C3=A1t=C3=A9?= Date: Wed, 21 Feb 2024 13:22:10 +0100 Subject: [PATCH 6/6] Indentation --- Lombiq.LoginAsAnybody/Views/UserSwitcherButton.cshtml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Lombiq.LoginAsAnybody/Views/UserSwitcherButton.cshtml b/Lombiq.LoginAsAnybody/Views/UserSwitcherButton.cshtml index 2532933..3d44044 100644 --- a/Lombiq.LoginAsAnybody/Views/UserSwitcherButton.cshtml +++ b/Lombiq.LoginAsAnybody/Views/UserSwitcherButton.cshtml @@ -10,4 +10,4 @@ } @T["Log in as user"] + data-url-af="UnsafeUrl" class="btn btn-success btn-sm">@T["Log in as user"]