Account locking

src/Squidex/Controllers/UI/Account/AccountController.cs

@@ -59,14 +59,20 @@ namespace Squidex.Controllers.UI.Account
             this.identityOptions = identityOptions;
             this.signInManager = signInManager;
         }
-
+        
-        [Authorize]
         [HttpGet]
         [Route("account/forbidden")]
         public IActionResult Forbidden()
         {
             return View("Error");
         }
+        
+        [HttpGet]
+        [Route("account/accessdenied")]
+        public IActionResult AccessDenied()
+        {
+            return View("LockedOut");
+        }
 
         [HttpGet]
         [Route("client-callback-silent/")]
@@ -223,16 +229,9 @@ namespace Squidex.Controllers.UI.Account
 
             var user = new IdentityUser { Email = mail, UserName = mail };
 
-            var pictureUrl = externalLogin.Principal.Claims.FirstOrDefault(x => x.Type == SquidexClaimTypes.SquidexPictureUrl);
+            foreach (var squidexClaim in externalLogin.Principal.Claims.Where(c => c.Type.StartsWith(SquidexClaimTypes.Prefix)))
-            if (pictureUrl != null)
-            {
-                user.AddClaim(pictureUrl);
-            }
-
-            var displayName = externalLogin.Principal.Claims.FirstOrDefault(x => x.Type == SquidexClaimTypes.SquidexDisplayName);
-            if (displayName != null)
             {
-                user.AddClaim(displayName);
+                user.AddClaim(squidexClaim);
             }
 
             return user;

src/Squidex/Squidex.csproj

@@ -10,10 +10,12 @@
     <PackageId>Squidex</PackageId>
     <PackageTargetFallback>$(PackageTargetFallback);dnxcore50</PackageTargetFallback>
     <RuntimeFrameworkVersion>1.1.0</RuntimeFrameworkVersion>
+    <TypeScriptCompileBlocked>true</TypeScriptCompileBlocked>
   </PropertyGroup>
 
   <ItemGroup>
     <EmbeddedResource Include="Config\Identity\Cert\*.*" Exclude="bin\**;obj\**;**\*.xproj;packages\**;@(EmbeddedResource)" />
+    <Content Include="wwwroot\styles\static.css" />
     <Content Update="appsettings.json;appsettings.Production.json;dockerfile;Views\**\*;web.config;wwwroot\**\*">
       <CopyToPublishDirectory>PreserveNewest</CopyToPublishDirectory>
     </Content>
@@ -66,5 +68,5 @@
   <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp1.1' ">
     <PackageReference Include="Microsoft.OData.Core" Version="6.15.0" />
   </ItemGroup>
-
+  
 </Project>

src/Squidex/Views/Account/ClientPopup.cshtml

@@ -1,12 +1,15 @@
 <!DOCTYPE html>
 <html>
-<body>
+    <head>
-    <script src='~/scripts/oidc-client.min.js'></script>
+        <link href="/styles/static.css" rel="stylesheet" />
-    <script>
+    </head>
-        Oidc.Log.logger = console;
+    <body>
-        Oidc.Log.logLevel = Oidc.Log.INFO;
+        <script src='~/scripts/oidc-client.min.js'></script>
+        <script>
+            Oidc.Log.logger = console;
+            Oidc.Log.logLevel = Oidc.Log.INFO;
 
-        new Oidc.UserManager().signinPopupCallback();
+            new Oidc.UserManager().signinPopupCallback();
-    </script>
+        </script>
-</body>
+    </body>
 </html>

src/Squidex/Views/Account/ClientSilent.cshtml

@@ -1,12 +1,15 @@
 <!DOCTYPE html>
 <html>
-<body>
+    <head>
-    <script src='~/scripts/oidc-client.min.js'></script>
+        <link href="/styles/static.css" rel="stylesheet" />
-    <script>
+    </head>
-        Oidc.Log.logger = console;
+    <body>
-        Oidc.Log.logLevel = Oidc.Log.INFO;
+        <script src='~/scripts/oidc-client.min.js'></script>
+        <script>
+            Oidc.Log.logger = console;
+            Oidc.Log.logLevel = Oidc.Log.INFO;
 
-        new Oidc.UserManager().signinSilentCallback();
+            new Oidc.UserManager().signinSilentCallback();
-    </script>
+        </script>
-</body>
+    </body>
 </html>

src/Squidex/Views/Account/Error.cshtml

@@ -2,16 +2,8 @@
 <html>
 <head>
     <title>Squidex - Login failed</title>
-
+    
-    <style>
+    <link href="/styles/static.css" rel="stylesheet" />
-        body {
-            padding: 40px;
-        }
-
-        h1, p {
-            text-align: center;
-        }
-    </style>
 </head>
 <body>
     <h1>Login failed</h1>

src/Squidex/Views/Account/LockedOut.cshtml

@@ -3,15 +3,7 @@
     <head>
         <title>Squidex - Account locked</title>
 
-        <style>
+        <link href="/styles/static.css" rel="stylesheet" />
-            body {
-                padding: 40px;
-            }
-
-            h1, p {
-                text-align: center;
-            }
-        </style>
     </head>
     <body>
         <h1>Account locked</h1>

src/Squidex/Views/Account/Login.cshtml

@@ -7,12 +7,8 @@
 <html>
     <head>
         <title>Squidex - Login</title>
-
+        
-        <style>
+        <link href="styles/static.css" rel="stylesheet" />
-            button {
-                display: none;
-            }
-        </style>
     </head>
     <body>
         <form asp-controller="Account" asp-action="External" asp-route-returnurl="@Model.ReturnUrl" method="post">
@@ -20,7 +16,7 @@
                 <p>
                     @foreach (var provider in Model.ExternalProviders)
                     {
-                        <button type="submit" name="provider" id="loginButton" value="@provider.AuthenticationScheme" title="Log in using your @provider.DisplayName account">@provider.AuthenticationScheme</button>
+                        <button class="redirect-button" type="submit" name="provider" id="loginButton" value="@provider.AuthenticationScheme" title="Log in using your @provider.DisplayName account">@provider.AuthenticationScheme</button>
                     }
                 </p>
             </div>

src/Squidex/appsettings.json

@@ -25,7 +25,8 @@
     },
     "identity": {
       "googleClient": "1006817248705-t3lb3ge808m9am4t7upqth79hulk456l.apps.googleusercontent.com",
-      "googleSecret": "QsEi-fHqkGw2_PjJmtNHf2wg"
+      "googleSecret": "QsEi-fHqkGw2_PjJmtNHf2wg",
+      "lockAutomatically": true 
     },
     "handleEvents": true
   }

src/Squidex/wwwroot/index.html

@@ -8,46 +8,7 @@
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1">
     
-    <style>
+    <link href="/styles/static.css" rel="stylesheet" />
-        body {
-            background: #F4F8F9;
-            margin: 0;
-            padding-top: 3.25rem;
-            padding-left: 7rem;
-            line-height: 1.5;
-        }
-
-        img {
-            vertical-align: middle;
-        }
-        
-        .loading {
-            text-align: center;
-        }
-
-        .loading img {
-            height: 60px;
-        }
-
-        .loading div {
-            font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
-            font-size: 30px;
-            font-weight: lighter;
-        }
-
-        .loading, noscript {
-            margin-top: 200px;
-        }
-
-        noscript {
-            display: block;
-            text-align: center;
-            font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
-            font-size: 30px;
-            font-weight: lighter;
-            color: red;
-        }
-    </style>
 
     <noscript>
         <style>

src/Squidex/wwwroot/styles/static.css

@@ -0,0 +1,45 @@
+body {
+    font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
+    background: #F4F8F9;
+    margin: 0;
+    padding-top: 3.25rem;
+    padding-left: 7rem;
+    padding-right: 7rem;
+    line-height: 1.5;
+}
+
+h1, p {
+    text-align: center;
+}
+
+img {
+    vertical-align: middle;
+}
+
+.redirect-button {
+    display: none;
+}
+        
+.loading {
+    text-align: center;
+}
+
+.loading img {
+    height: 60px;
+}
+
+.loading, noscript {
+    margin-top: 200px;
+}
+
+.loading div {
+    font-size: 30px;
+    font-weight: lighter;
+}
+
+noscript {
+    display: block;
+    font-size: 30px;
+    font-weight: lighter;
+    color: red;
+}