Skip to content

V14: Untangle the preview functionality from the auth cookie#16308

Merged
iOvergaard merged 11 commits into
v14/devfrom
v14/feathttps/localhost44339/ure/untagle-preview-cookie-from-auth-cookie
May 17, 2024
Merged

V14: Untangle the preview functionality from the auth cookie#16308
iOvergaard merged 11 commits into
v14/devfrom
v14/feathttps/localhost44339/ure/untagle-preview-cookie-from-auth-cookie

Conversation

@bergmania

Copy link
Copy Markdown
Member

Description

This PR redo how the preview cookie works, because it cannot get the auth cookie, as that is not long living.

Instead the preview cookie, saves a user key in an encrypted way (using IDateProtector). This user key is then used on preview requests to look up and ensure the user is still valid (approved and not locked out).

If the user is valid it is added to as a principal like before.

Test

  • Enter preview mode and ensure you can see draft versions

@bergmania bergmania requested a review from Migaroez May 17, 2024 06:25

@Migaroez Migaroez left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works as described.
Made a few minor improvements

  • Log the error in debug mode when the trycatch fails in UserBasedPreviewTokenGenerator.VerifyAsync
  • Since the tokengenerator can fail to generate, it seems better to bubble this up instead of swallowing it, even if our implementation is unlikely to do it.
  • Return an attempt instead of nullable object for TryGetPreviewClaimsIdentityAsync

@iOvergaard iOvergaard mentioned this pull request May 17, 2024
3 tasks
@iOvergaard

Copy link
Copy Markdown
Contributor

Remember to update the OpenAPI.json file, gents 😎

iOvergaard and others added 5 commits May 17, 2024 11:55
…eathttps/localhost44339/ure/untagle-preview-cookie-from-auth-cookie
…/untagle-preview-cookie-from-auth-cookie' into v14/feathttps/localhost44339/ure/untagle-preview-cookie-from-auth-cookie

# Conflicts:
#	tests/Umbraco.Tests.Integration/ManagementApi/Preview/EnterPreviewTests.cs
@Migaroez

Migaroez commented May 17, 2024

Copy link
Copy Markdown
Contributor

Nice catch on the httpOnly check in the test and updating the delete requirement!
I have also added a backlog item to expand the integration tests

@iOvergaard

Copy link
Copy Markdown
Contributor

Nice catch on the httpOnly check in the test and updating the delete requirement! I have also added a backlog item to expand the integration tests

Apparently, we made the same fixes, so my changes ended up not doing much at all in the end. But it's looking great now!

@iOvergaard iOvergaard changed the title Untable the preview functionality from the auth cookie V14: Untangle the preview functionality from the auth cookie May 17, 2024
…eathttps/localhost44339/ure/untagle-preview-cookie-from-auth-cookie
@iOvergaard iOvergaard merged commit 11e5257 into v14/dev May 17, 2024
@iOvergaard iOvergaard deleted the v14/feathttps/localhost44339/ure/untagle-preview-cookie-from-auth-cookie branch May 17, 2024 14:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants