Prevent External Users Registration (#17050)

---------

Co-authored-by: Zoltán Lehóczky <[email protected]>

src/OrchardCore.Modules/OrchardCore.Email.Azure/Drivers/AzureEmailSettingsDisplayDriver.cs

@@ -27,7 +27,7 @@ public sealed class AzureEmailSettingsDisplayDriver : SiteDisplayDriver<AzureEma
     private readonly IDataProtectionProvider _dataProtectionProvider;
     private readonly IEmailAddressValidator _emailValidator;
 
-    internal IStringLocalizer S;
+    internal readonly IStringLocalizer S;
 
     public AzureEmailSettingsDisplayDriver(
         IShellReleaseManager shellReleaseManager,

src/OrchardCore.Modules/OrchardCore.Media/GraphQL/MediaAssetQuery.cs

@@ -14,7 +14,7 @@ public sealed class MediaAssetQuery : ISchemaBuilder
 {
     private readonly GraphQLContentOptions _graphQLContentOptions;
 
-    internal IStringLocalizer S;
+    internal readonly IStringLocalizer S;
 
     public MediaAssetQuery(
         IStringLocalizer<MediaAssetQuery> localizer,

src/OrchardCore.Modules/OrchardCore.ReCaptcha/Users/Handlers/LoginFormEventEventHandler.cs

@@ -4,7 +4,7 @@
 
 namespace OrchardCore.ReCaptcha.Users.Handlers;
 
-public class LoginFormEventEventHandler : ILoginFormEvent
+public class LoginFormEventEventHandler : LoginFormEventBase
 {
     private readonly ReCaptchaService _reCaptchaService;
 
@@ -13,17 +13,14 @@ public LoginFormEventEventHandler(ReCaptchaService reCaptchaService)
         _reCaptchaService = reCaptchaService;
     }
 
-    public Task IsLockedOutAsync(IUser user)
-        => Task.CompletedTask;
-
-    public Task LoggedInAsync(IUser user)
+    public override Task LoggedInAsync(IUser user)
     {
         _reCaptchaService.ThisIsAHuman();
 
         return Task.CompletedTask;
     }
 
-    public Task LoggingInAsync(string userName, Action<string, string> reportError)
+    public override Task LoggingInAsync(string userName, Action<string, string> reportError)
     {
         if (_reCaptchaService.IsThisARobot())
         {
@@ -33,14 +30,14 @@ public Task LoggingInAsync(string userName, Action<string, string> reportError)
         return Task.CompletedTask;
     }
 
-    public Task LoggingInFailedAsync(string userName)
+    public override Task LoggingInFailedAsync(string userName)
     {
         _reCaptchaService.MaybeThisIsARobot();
 
         return Task.CompletedTask;
     }
 
-    public Task LoggingInFailedAsync(IUser user)
+    public override Task LoggingInFailedAsync(IUser user)
     {
         _reCaptchaService.MaybeThisIsARobot();
 

src/OrchardCore.Modules/OrchardCore.ReCaptcha/Users/Handlers/RegistrationFormEventHandler.cs

@@ -1,10 +1,9 @@
 using OrchardCore.ReCaptcha.Services;
-using OrchardCore.Users;
 using OrchardCore.Users.Events;
 
 namespace OrchardCore.ReCaptcha.Users.Handlers;
 
-public class RegistrationFormEventHandler : IRegistrationFormEvents
+public class RegistrationFormEventHandler : RegistrationFormEventsBase
 {
     private readonly ReCaptchaService _reCaptchaService;
 
@@ -13,13 +12,6 @@ public RegistrationFormEventHandler(ReCaptchaService recaptchaService)
         _reCaptchaService = recaptchaService;
     }
 
-    public Task RegisteredAsync(IUser user)
-    {
-        return Task.CompletedTask;
-    }
-
-    public Task RegistrationValidationAsync(Action<string, string> reportError)
-    {
-        return _reCaptchaService.ValidateCaptchaAsync(reportError);
-    }
+    public override Task RegistrationValidationAsync(Action<string, string> reportError)
+        => _reCaptchaService.ValidateCaptchaAsync(reportError);
 }

src/OrchardCore.Modules/OrchardCore.Sms/Drivers/SmsSettingsDisplayDriver.cs

@@ -18,7 +18,7 @@ public sealed class SmsSettingsDisplayDriver : SiteDisplayDriver<SmsSettings>
     private readonly IHttpContextAccessor _httpContextAccessor;
     private readonly IAuthorizationService _authorizationService;
 
-    internal IStringLocalizer S;
+    internal readonly IStringLocalizer S;
 
     private readonly SmsProviderOptions _smsProviderOptions;
 

src/OrchardCore.Modules/OrchardCore.Users/AuditTrail/Handlers/UserEventHandler.cs

@@ -1,6 +1,7 @@
 using System.Security.Claims;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.DependencyInjection;
 using OrchardCore.AuditTrail.Services;
 using OrchardCore.AuditTrail.Services.Models;
@@ -11,7 +12,7 @@
 
 namespace OrchardCore.Users.AuditTrail.Handlers;
 
-public class UserEventHandler : ILoginFormEvent, IUserEventHandler
+public class UserEventHandler : UserEventHandlerBase, ILoginFormEvent
 {
     private readonly IAuditTrailManager _auditTrailManager;
     private readonly IHttpContextAccessor _httpContextAccessor;
@@ -35,53 +36,41 @@ public Task LoggingInFailedAsync(IUser user)
         => RecordAuditTrailEventAsync(UserAuditTrailEventConfiguration.LogInFailed, user);
 
     public Task LoggingInFailedAsync(string userName)
-        => _auditTrailManager.RecordEventAsync(
-                new AuditTrailContext<AuditTrailUserEvent>
-                (
-                    name: UserAuditTrailEventConfiguration.LogInFailed,
-                    category: UserAuditTrailEventConfiguration.User,
-                    correlationId: string.Empty,
-                    userId: string.Empty,
-                    userName: userName,
-                    new AuditTrailUserEvent
-                    {
-                        UserId = string.Empty,
-                        UserName = userName
-                    }
-                ));
+    {
+        var context = new AuditTrailContext<AuditTrailUserEvent>
+            (
+                name: UserAuditTrailEventConfiguration.LogInFailed,
+                category: UserAuditTrailEventConfiguration.User,
+                correlationId: string.Empty,
+                userId: string.Empty,
+                userName: userName,
+                new AuditTrailUserEvent
+                {
+                    UserId = string.Empty,
+                    UserName = userName
+                }
+            );
+
+        return _auditTrailManager.RecordEventAsync(context);
+    }
 
     public Task IsLockedOutAsync(IUser user)
         => RecordAuditTrailEventAsync(UserAuditTrailEventConfiguration.LogInFailed, user);
 
-    public Task DisabledAsync(UserContext context)
-        => RecordAuditTrailEventAsync(UserAuditTrailEventConfiguration.Disabled, context.User, _httpContextAccessor.HttpContext.User?.FindFirstValue(ClaimTypes.NameIdentifier), _httpContextAccessor.HttpContext.User?.Identity?.Name);
-
-    public Task EnabledAsync(UserContext context)
-         => RecordAuditTrailEventAsync(UserAuditTrailEventConfiguration.Enabled, context.User, _httpContextAccessor.HttpContext.User?.FindFirstValue(ClaimTypes.NameIdentifier), _httpContextAccessor.HttpContext.User?.Identity?.Name);
-
-    public Task CreatedAsync(UserCreateContext context)
-         => RecordAuditTrailEventAsync(UserAuditTrailEventConfiguration.Created, context.User, _httpContextAccessor.HttpContext.User?.FindFirstValue(ClaimTypes.NameIdentifier), _httpContextAccessor.HttpContext.User?.Identity?.Name);
-
-    public Task UpdatedAsync(UserUpdateContext context)
-         => RecordAuditTrailEventAsync(UserAuditTrailEventConfiguration.Updated, context.User, _httpContextAccessor.HttpContext.User?.FindFirstValue(ClaimTypes.NameIdentifier), _httpContextAccessor.HttpContext.User?.Identity?.Name);
-
-    public Task DeletedAsync(UserDeleteContext context)
-         => RecordAuditTrailEventAsync(UserAuditTrailEventConfiguration.Deleted, context.User, _httpContextAccessor.HttpContext.User?.FindFirstValue(ClaimTypes.NameIdentifier), _httpContextAccessor.HttpContext.User?.Identity?.Name);
+    public override Task DisabledAsync(UserContext context)
+        => RecordAuditTrailEventAsync(UserAuditTrailEventConfiguration.Disabled, context.User, GetCurrentUserId(), GetCurrentUserName());
 
-    #region Unused user events
+    public override Task EnabledAsync(UserContext context)
+         => RecordAuditTrailEventAsync(UserAuditTrailEventConfiguration.Enabled, context.User, GetCurrentUserId(), GetCurrentUserName());
 
-    public Task CreatingAsync(UserCreateContext context) => Task.CompletedTask;
-    public Task UpdatingAsync(UserUpdateContext context) => Task.CompletedTask;
-    public Task DeletingAsync(UserDeleteContext context) => Task.CompletedTask;
-    public Task ConfirmedAsync(UserConfirmContext context) => Task.CompletedTask;
+    public override Task CreatedAsync(UserCreateContext context)
+         => RecordAuditTrailEventAsync(UserAuditTrailEventConfiguration.Created, context.User, GetCurrentUserId(), GetCurrentUserName());
 
-    #endregion
-
-    #region Unused login events
+    public override Task UpdatedAsync(UserUpdateContext context)
+         => RecordAuditTrailEventAsync(UserAuditTrailEventConfiguration.Updated, context.User, GetCurrentUserId(), GetCurrentUserName());
 
-    public Task LoggingInAsync(string userName, Action<string, string> reportError) => Task.CompletedTask;
-
-    #endregion
+    public override Task DeletedAsync(UserDeleteContext context)
+         => RecordAuditTrailEventAsync(UserAuditTrailEventConfiguration.Deleted, context.User, GetCurrentUserId(), GetCurrentUserName());
 
     private async Task RecordAuditTrailEventAsync(string name, IUser user, string userIdActual = "", string userNameActual = "")
     {
@@ -100,8 +89,7 @@ private async Task RecordAuditTrailEventAsync(string name, IUser user, string us
             userNameActual = userName;
         }
 
-        await _auditTrailManager.RecordEventAsync(
-            new AuditTrailContext<AuditTrailUserEvent>
+        var context = new AuditTrailContext<AuditTrailUserEvent>
             (
                 name: name,
                 category: UserAuditTrailEventConfiguration.User,
@@ -113,6 +101,25 @@ await _auditTrailManager.RecordEventAsync(
                     UserId = userId,
                     UserName = userName
                 }
-            ));
+            );
+
+        await _auditTrailManager.RecordEventAsync(context);
     }
+
+    #region Unused login events
+    public Task LoggingInAsync(string userName, Action<string, string> reportError)
+        => Task.CompletedTask;
+
+    public Task<IActionResult> LoggingInAsync()
+        => Task.FromResult<IActionResult>(null);
+
+    public Task<IActionResult> ValidatingLoginAsync(IUser user)
+        => Task.FromResult<IActionResult>(null);
+    #endregion
+
+    private string GetCurrentUserName()
+        => _httpContextAccessor.HttpContext.User?.Identity?.Name;
+
+    private string GetCurrentUserId()
+        => _httpContextAccessor.HttpContext.User?.FindFirstValue(ClaimTypes.NameIdentifier);
 }

src/OrchardCore.Modules/OrchardCore.Users/AuditTrail/Registration/UserRegistrationEventHandler.cs

@@ -1,39 +1,30 @@
 using Microsoft.AspNetCore.Identity;
-using Microsoft.Extensions.DependencyInjection;
 using OrchardCore.AuditTrail.Services;
 using OrchardCore.AuditTrail.Services.Models;
 using OrchardCore.Users.AuditTrail.Models;
 using OrchardCore.Users.Events;
 
 namespace OrchardCore.Users.AuditTrail.Registration;
 
-public class UserRegistrationEventHandler : IRegistrationFormEvents
+public class UserRegistrationEventHandler : RegistrationFormEventsBase
 {
     private readonly IAuditTrailManager _auditTrailManager;
-    private readonly IServiceProvider _serviceProvider;
-    private UserManager<IUser> _userManager;
+    private readonly UserManager<IUser> _userManager;
 
     public UserRegistrationEventHandler(
         IAuditTrailManager auditTrailManager,
-        IServiceProvider serviceProvider)
+        UserManager<IUser> userManager)
     {
         _auditTrailManager = auditTrailManager;
-        _serviceProvider = serviceProvider;
+        _userManager = userManager;
     }
 
-    public Task RegisteredAsync(IUser user) =>
-        RecordAuditTrailEventAsync(UserRegistrationAuditTrailEventConfiguration.Registered, user);
-
-    #region Unused events
-
-    public Task RegistrationValidationAsync(Action<string, string> reportError) => Task.CompletedTask;
-
-    #endregion
+    public override Task RegisteredAsync(IUser user)
+        => RecordAuditTrailEventAsync(UserRegistrationAuditTrailEventConfiguration.Registered, user);
 
     private async Task RecordAuditTrailEventAsync(string name, IUser user)
     {
         var userName = user.UserName;
-        _userManager ??= _serviceProvider.GetRequiredService<UserManager<IUser>>();
 
         var userId = await _userManager.GetUserIdAsync(user);
 

src/OrchardCore.Modules/OrchardCore.Users/Controllers/AccountBaseController.cs

@@ -12,6 +12,7 @@ public abstract class AccountBaseController : Controller
     protected async Task<IActionResult> LoggedInActionResultAsync(IUser user, string returnUrl = null, ExternalLoginInfo info = null)
     {
         var workflowManager = HttpContext.RequestServices.GetService<IWorkflowManager>();
+
         if (workflowManager != null && user is User u)
         {
             var input = new Dictionary<string, object>
@@ -21,8 +22,11 @@ protected async Task<IActionResult> LoggedInActionResultAsync(IUser user, string
                 ["Roles"] = u.RoleNames,
                 ["Provider"] = info?.LoginProvider
             };
-            await workflowManager.TriggerEventAsync(nameof(Workflows.Activities.UserLoggedInEvent),
-                input: input, correlationId: u.UserId);
+
+            await workflowManager.TriggerEventAsync(
+                name: nameof(Workflows.Activities.UserLoggedInEvent),
+                input: input,
+                correlationId: u.UserId);
         }
 
         return RedirectToLocal(returnUrl);