mattbrailsford
diff --git a/‎.gitignore‎
Lines changed: 1 addition & 0 deletions b/‎.gitignore‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎LICENSE.md‎
Lines changed: 1 addition & 1 deletion b/‎LICENSE.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎README.md‎
Lines changed: 12 additions & 10 deletions b/‎README.md‎
Lines changed: 12 additions & 10 deletions
diff --git a/‎appveyor.yml‎
Lines changed: 2 additions & 2 deletions b/‎appveyor.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎build-appveyor.cmd‎
Lines changed: 1 addition & 1 deletion b/‎build-appveyor.cmd‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎build/package.nuspec‎
Lines changed: 1 addition & 2 deletions b/‎build/package.nuspec‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎src/Our.Umbraco.AuthU/Data/Migrations/BaseMigration.cs‎
Lines changed: 31 additions & 0 deletions b/‎src/Our.Umbraco.AuthU/Data/Migrations/BaseMigration.cs‎
Lines changed: 31 additions & 0 deletions
diff --git a/‎src/Our.Umbraco.AuthU/Data/Migrations/MigrationsRunner.cs‎
Lines changed: 42 additions & 0 deletions b/‎src/Our.Umbraco.AuthU/Data/Migrations/MigrationsRunner.cs‎
Lines changed: 42 additions & 0 deletions
diff --git a/‎src/Our.Umbraco.AuthU/Data/Migrations/UmbracoDbOAuthClientStore/1.0.0/CreateDemoClient.cs‎
Lines changed: 37 additions & 0 deletions b/‎src/Our.Umbraco.AuthU/Data/Migrations/UmbracoDbOAuthClientStore/1.0.0/CreateDemoClient.cs‎
Lines changed: 37 additions & 0 deletions
diff --git a/‎src/Our.Umbraco.AuthU/Data/Migrations/UmbracoDbOAuthClientStore/1.0.0/CreateTable.cs‎
Lines changed: 25 additions & 0 deletions b/‎src/Our.Umbraco.AuthU/Data/Migrations/UmbracoDbOAuthClientStore/1.0.0/CreateTable.cs‎
Lines changed: 25 additions & 0 deletions
@@ -249,4 +249,5 @@ Cached/
 # Custom
 build/_nuget
 src/Our.Umbraco.AuthU.TestHarness
+src/Our.Umbraco.AuthU.Web
 src/Our.Umbraco.AuthU.Matt.*
@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright &copy; 2017 Matt Brialsford, Outfield Digital Ltd   
+Copyright &copy; 2017 Matt Brailsford, Outfield Digital Ltd   
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of
 this software and associated documentation files (the "Software"), to deal in
 
@@ -34,7 +34,7 @@ For the most basic OAuth implementation, the following minimal configuration is
 This will create an endpoint at the path `/oauth/token`, authenticating requests against the Umbraco members store, issuing access tokens with a lifespan of 20 minutes.
 
 ### Advanced Configuration
-For a more advanced OAuth implementation, the following conifguration shows all the supported options.
+For a more advanced OAuth implementation, the following configuration shows all the supported options.
 ````csharp 
     OAuth.ConfigureEndpoint("realm", "/oauth/token", new OAuthOptions {
         UserService = new UmbracoMembersOAuthUserService(),
@@ -52,7 +52,7 @@ This will create an endpoint the same as the basic configuration with added supp
 ### Configuration Options
 * __Realm : string__   
   _[optional, default:"default"]_  
-  A uniqie alias for the configuration, allowing you to configure multiple endpoints.
+  A unique alias for the configuration, allowing you to configure multiple endpoints.
 * __Path : string__  
   _[optional, default:"/oauth/token"]_  
   The path of the endpoint (__IMPORTANT!__ Be sure to add the base of the path to the `umbracoReservedPaths` app setting, ie `~/oauth/`)
@@ -61,7 +61,7 @@ This will create an endpoint the same as the basic configuration with added supp
   The service from which to validate authentication requests against. Out of the box AuthU comes with 2 implementations, `UmbracoMembersOAuthUserService` and `UmbracoUsersOAuthUserService` which authenticate against the Umbraco members and users store respectively. Custom sources can be configured by implementing the `IOAuthUserService` interface yourself.
 * __SymmetricKey : string__  
   _[required]_  
-  A symetric key used to sign the generated access tokens. Must be a string, 32 characters long, BASE64 encoded.
+  A symmetric key used to sign the generated access tokens. Must be a string, 32 characters long, BASE64 encoded.
 * __AccessTokenLifeTime : int__  
   _[optional, default:20]_  
   Sets the lifespan, in minutes, of an access token before re-authentication is required. Should be short lived.
@@ -76,7 +76,7 @@ This will create an endpoint the same as the basic configuration with added supp
  Sets the lifespan, in minutes, of a refresh token before it can no longer be used. Can be long lived. If a client store is configured, this will get overridden by the client settings.
 * __AllowedOrigin : string__  
   _[optional, default:"*"]_  
-  Sets the allowed domain from which authentication requests can be made. If developing a web application, it is strongly recommended to set this to the domain from which your app is hosted at to prevent access from unwanted sources. If developing a mobile app, it can be set to wildcard "*" which will allow any source to access it, however it is strongly recommended you use a client store which requires a secret key to be passed. If a client store is configured, this will get overridden by the client settings.
+  Sets the allowed domain from which authentication requests can be made. If developing a web application, it is strongly recommended to set this to the domain from which your app is hosted at to prevent access from unwanted sources. If developing a mobile app, it can be set to wildcard "*" which will allow any source to access it, however it is strongly recommended you use a client store which requires a secret key to be passed. If a client store is configured, this will get overridden by the client settings. If you are managing CORS headers yourself and you don't want AuthU to set the allowed origins header for you, you will need to explicitly set this to `null`.
 * __AllowInsecureHttp : bool__  
   _[optional, default:false]_  
   Sets whether the api should allow requests over insecure HTTP. You'll probably want to set this to `true` during development, but it is strongly advised to disable this in the live environment.
@@ -89,15 +89,16 @@ With an endpoint configured, initial authentication can be performed by sending
 * __password__ = The users password
 * __client_id__ = A valid client id (Only required if a client store is configured)
 * __client_secret__ = A valid client secret (Only required if a client store is configured, and the client is "secure")
+* __device_id__ = An optional device id to associate the token with, allowing login from multiple devices
 
 Example (with client store and refresh token stores configured):
 
     Request URL:
-    POST https://mydomain.com/oauth/token
+      POST https://mydomain.com/oauth/token
     Request Headers:
       Content-Type: application/x-www-form-urlencoded
     Request POST Body:
-    grant_type=password&username=joebloggs&password=password1234&client_id=myclient&client_secret=myclientsecret
+      grant_type=password&username=joebloggs&password=password1234&client_id=myclient&client_secret=myclientsecret&device_id=edfb6f01-2342-47f8-a5ee-a520969539d0
     Response:
     {
       "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1laWQiOiIxMDgxIiwidW5pcXVlX25hbWUiOiJtZW1iZXIiLCJyb2xlIjoiTWVtYmVyIiwicmVhbG0iOiJkZWZhdWx0IiwiZXhwIjoxNDg3NDk2NzM3LCJuYmYiOjE0ODc0OTU1Mzd9.9uiIxrPggvH5nyLbH4UKIL52V6l5mpOyJ26J12FkXvI",
@@ -111,15 +112,16 @@ A subsequent refresh token authentication request can be performed by sending a
 * __refresh_token__ = The refresh token returned from the original authentication request
 * __client_id__ = A valid client id (Only required if a client store is configured)
 * __client_secret__ = A valid client secret (Only required if a client store is configured, and the client is "secure")
+* __device_id__ = An optional device id to associate the token with, allowing login from multiple devices
 
 Example (with client store and refresh token stores configured):
 
     Request URL:
-    POST https://mydomain.com/oauth/token
+      POST https://mydomain.com/oauth/token
     Request Headers:
       Content-Type: application/x-www-form-urlencoded
     Request POST Body:
-    grant_type=refresh_token&refresh_token=b3cc9c66b86340c5b743f2a7cec9d2f1&client_id=myclient&client_secret=myclientsecret
+      grant_type=refresh_token&refresh_token=b3cc9c66b86340c5b743f2a7cec9d2f1&client_id=myclient&client_secret=myclientsecret&device_id=edfb6f01-2342-47f8-a5ee-a520969539d0
     Response:
     {
       "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1laWQiOiIxMDgxIiwidW5pcXVlX25hbWUiOiJtZW1iZXIiLCJyb2xlIjoiTWVtYmVyIiwicmVhbG0iOiJkZWZhdWx0IiwiZXhwIjoxNDg3NDk2NzM3LCJuYmYiOjE0ODc0OTU1Mzd9.9uiIxrPggvH5nyLbH4UKIL52V6l5mpOyJ26J12FkXvI",
@@ -152,7 +154,7 @@ To access a protected action, an `Authorization` header should be added to the r
 Example:
 
     Request URL:
-    POST https://mydomain.com/umbraco/api/myapi/helloworld
+      POST https://mydomain.com/umbraco/api/myapi/helloworld
     Request Headers:
       Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1laWQiOiIxMDgxIiwidW5pcXVlX25hbWUiOiJtZW1iZXIiLCJyb2xlIjoiTWVtYmVyIiwicmVhbG0iOiJkZWZhdWx0IiwiZXhwIjoxNDg3NDk2NzM3LCJuYmYiOjE0ODc0OTU1Mzd9.9uiIxrPggvH5nyLbH4UKIL52V6l5mpOyJ26J12FkXvI
     Response:
@@ -168,6 +170,6 @@ Anyone and everyone is welcome to contribute. Please take a moment to review the
 
 ## License
 
-Copyright &copy; 2018 Matt Brialsford, Outfield Digital Ltd 
+Copyright &copy; 2018 Matt Brailsford, Outfield Digital Ltd 
 
 Licensed under the [MIT License](LICENSE.md)
@@ -1,7 +1,7 @@
-os: Visual Studio 2015
+image: Visual Studio 2017
 
 # version format
-version: 1.0.2.{build}
+version: 1.0.3.{build}
 
 # UMBRACO_PACKAGE_PRERELEASE_SUFFIX if a rtm release build this should be blank, otherwise if empty will default to alpha
 # example UMBRACO_PACKAGE_PRERELEASE_SUFFIX=beta
 
@@ -4,4 +4,4 @@ ECHO APPVEYOR_BUILD_NUMBER : %APPVEYOR_BUILD_NUMBER%
 ECHO APPVEYOR_BUILD_VERSION : %APPVEYOR_BUILD_VERSION%
 
 CALL src\.nuget\NuGet.exe restore src\Our.Umbraco.AuthU.sln
-CALL "%programfiles(x86)%\MSBuild\14.0\Bin\amd64\MsBuild.exe" build\package.proj
+CALL "%programfiles(x86)%\Microsoft Visual Studio\2017\Community\MSBuild\15.0\Bin\amd64\MsBuild.exe" build\package.proj
@@ -16,8 +16,7 @@
 		<language></language>
 		<tags></tags>
 		<dependencies>
-  			<dependency id="UmbracoCms.Core" version="7.5.0" />
-			<dependency id="System.IdentityModel.Tokens.Jwt" version="4.0.4.402070948" />
+			<dependency id="System.IdentityModel.Tokens.Jwt" version="5.2.4" />
 		</dependencies>
 	</metadata>
 	<files />
 
@@ -0,0 +1,31 @@
+using Umbraco.Core;
+using Umbraco.Core.Logging;
+using Umbraco.Core.Persistence;
+using Umbraco.Core.Persistence.Migrations;
+using Umbraco.Core.Persistence.SqlSyntax;
+
+namespace Our.Umbraco.AuthU.Data.Migrations
+{
+	internal abstract class BaseMigration : MigrationBase
+	{
+		protected Database Database
+		{
+			get
+			{
+				return ApplicationContext.Current.DatabaseContext.Database;
+			}
+		}
+
+		protected DatabaseSchemaHelper SchemaHelper
+		{
+			get
+			{
+				return new DatabaseSchemaHelper(Database, Logger, SqlSyntax);
+			}
+		}
+
+		protected BaseMigration(ISqlSyntaxProvider sqlSyntax, ILogger logger)
+			: base(sqlSyntax, logger)
+		{ }
+	}
+}
@@ -0,0 +1,42 @@
+using Semver;
+using System;
+using System.Linq;
+using Umbraco.Core;
+using Umbraco.Core.Logging;
+using Umbraco.Core.Persistence.Migrations;
+
+namespace Our.Umbraco.AuthU.Data.Migrations
+{
+	internal class MigrationsRunner
+	{
+		public static void RunMigrations(string version, string productName)
+		{
+			var currentVersion = new SemVersion(0, 0, 0);
+
+			var migrations = ApplicationContext.Current.Services.MigrationEntryService.GetAll(productName);
+			var latestMigration = migrations.OrderByDescending(x => x.Version).FirstOrDefault();
+			if (latestMigration != null)
+				currentVersion = latestMigration.Version;
+
+			var targetVersion = SemVersion.Parse(version);
+			if (targetVersion == currentVersion)
+				return;
+
+			var migrationsRunner = new MigrationRunner(
+			  ApplicationContext.Current.Services.MigrationEntryService,
+			  ApplicationContext.Current.ProfilingLogger.Logger,
+			  currentVersion,
+			  targetVersion,
+			  productName);
+
+			try
+			{
+				migrationsRunner.Execute(ApplicationContext.Current.DatabaseContext.Database);
+			}
+			catch (Exception e)
+			{
+				LogHelper.Error<MigrationsRunner>($"Error running {productName} migration", e);
+			}
+		}
+	}
+}
@@ -0,0 +1,37 @@
+using Our.Umbraco.AuthU.Models;
+using Umbraco.Core.Logging;
+using Umbraco.Core.Persistence.Migrations;
+using Umbraco.Core.Persistence.SqlSyntax;
+
+namespace Our.Umbraco.AuthU.Data.Migrations.UmbracoDbOAuthClientStore
+{
+	[Migration("1.0.0", 2, "AuthU_UmbracoDbOAuthClientStore")]
+	internal class CreateDemoClient : BaseMigration
+	{
+		public CreateDemoClient(ISqlSyntaxProvider sqlSyntax, ILogger logger) 
+			: base(sqlSyntax, logger)
+		{ }
+
+		public override void Up()
+		{
+			var existing = Database.SingleOrDefault<OAuthClient>($"SELECT * FROM [OAuthClient] WHERE [ClientId] = @0", "DemoClient");
+			if (existing == null)
+			{
+				Database.Save(new OAuthClient
+				{
+					ClientId = "DemoClient",
+					Name = "Demo Client",
+					Secret = "demo",
+					SecurityLevel = SecurityLevel.Insecure,
+					RefreshTokenLifeTime = 14400,
+					AllowedOrigin = "*"
+				});
+			}
+		}
+
+		public override void Down()
+		{
+			Database.Execute("DELETE [OAuthClient] WHERE [ClientId] = @0", "DemoClient");
+		}
+	}
+}
@@ -0,0 +1,25 @@
+using Our.Umbraco.AuthU.Models;
+using Umbraco.Core.Logging;
+using Umbraco.Core.Persistence.Migrations;
+using Umbraco.Core.Persistence.SqlSyntax;
+
+namespace Our.Umbraco.AuthU.Data.Migrations.UmbracoDbOAuthClientStore
+{
+	[Migration("1.0.0", 1, Data.UmbracoDbOAuthClientStore.SubProductName)]
+	internal class CreateTable : BaseMigration
+	{
+		public CreateTable(ISqlSyntaxProvider sqlSyntax, ILogger logger) 
+			: base(sqlSyntax, logger)
+		{ }
+
+		public override void Up()
+		{
+			SchemaHelper.CreateTable<OAuthClient>(false);
+		}
+
+		public override void Down()
+		{
+			SchemaHelper.DropTable<OAuthClient>();
+		}
+	}
+}