From 10972002d9eb17ae7b7e2c64125a61bc757057d9 Mon Sep 17 00:00:00 2001
From: Stephan <stephane@umbraco.dk>
Date: Wed, 21 Mar 2018 16:01:49 +0100
Subject: [PATCH] Fix install issues with super user

---
 .../Migrations/Install/DatabaseBuilder.cs             |  9 +++++++--
 .../Install/InstallSteps/NewInstallStep.cs            | 11 +++++------
 src/Umbraco.Web/Mvc/AdminTokenAuthorizeAttribute.cs   |  4 ++--
 src/Umbraco.Web/NotificationServiceExtensions.cs      |  8 ++++----
 src/Umbraco.Web/_Legacy/Packager/Installer.cs         |  2 +-
 5 files changed, 19 insertions(+), 15 deletions(-)

diff --git a/src/Umbraco.Core/Migrations/Install/DatabaseBuilder.cs b/src/Umbraco.Core/Migrations/Install/DatabaseBuilder.cs
index f09fecbbef..b39bca7eae 100644
--- a/src/Umbraco.Core/Migrations/Install/DatabaseBuilder.cs
+++ b/src/Umbraco.Core/Migrations/Install/DatabaseBuilder.cs
@@ -10,6 +10,7 @@ using Umbraco.Core.IO;
 using Umbraco.Core.Logging;
 using Umbraco.Core.Migrations.Upgrade;
 using Umbraco.Core.Persistence;
+using Umbraco.Core.Persistence.Dtos;
 using Umbraco.Core.Persistence.SqlSyntax;
 using Umbraco.Core.Scoping;
 using Umbraco.Core.Services;
@@ -94,8 +95,12 @@ namespace Umbraco.Core.Migrations.Install
         {
             using (var scope = _scopeProvider.CreateScope())
             {
-                // look for the default user with default password
-                var result = scope.Database.ExecuteScalar<int>("SELECT COUNT(*) FROM umbracoUser WHERE id=0 AND userPassword='default'");
+                // look for the super user with default password
+                var sql = scope.Database.SqlContext.Sql()
+                    .SelectCount()
+                    .From<UserDto>()
+                    .Where<UserDto>(x => x.Id == Constants.Security.SuperId && x.Password == "default");
+                var result = scope.Database.ExecuteScalar<int>(sql);
                 var has = result != 1;
                 if (has == false)
                 {
diff --git a/src/Umbraco.Web/Install/InstallSteps/NewInstallStep.cs b/src/Umbraco.Web/Install/InstallSteps/NewInstallStep.cs
index cfa8975abe..4878783553 100644
--- a/src/Umbraco.Web/Install/InstallSteps/NewInstallStep.cs
+++ b/src/Umbraco.Web/Install/InstallSteps/NewInstallStep.cs
@@ -21,8 +21,7 @@ namespace Umbraco.Web.Install.InstallSteps
     /// error, etc... and the end-user refreshes the installer then we cannot show the user screen because they've already entered that information so instead we'll
     /// display a simple continue installation view.
     /// </remarks>
-    [InstallSetupStep(InstallationType.NewInstall,
-        "User", 20, "")]
+    [InstallSetupStep(InstallationType.NewInstall, "User", 20, "")]
     internal class NewInstallStep : InstallSetupStep<UserModel>
     {
         private readonly HttpContextBase _http;
@@ -48,16 +47,16 @@ namespace Umbraco.Web.Install.InstallSteps
 
         public override InstallSetupResult Execute(UserModel user)
         {
-            var admin = _userService.GetUserById(0);
+            var admin = _userService.GetUserById(Constants.Security.SuperId);
             if (admin == null)
             {
-                throw new InvalidOperationException("Could not find the admi user!");
+                throw new InvalidOperationException("Could not find the super user!");
             }
 
-            var membershipUser = CurrentProvider.GetUser(0, true);
+            var membershipUser = CurrentProvider.GetUser(Constants.Security.SuperId, true);
             if (membershipUser == null)
             {
-                throw new InvalidOperationException("No user found in membership provider with id of 0");
+                throw new InvalidOperationException($"No user found in membership provider with id of {Constants.Security.SuperId}.");
             }
 
             try
diff --git a/src/Umbraco.Web/Mvc/AdminTokenAuthorizeAttribute.cs b/src/Umbraco.Web/Mvc/AdminTokenAuthorizeAttribute.cs
index 17b09625ff..47a4e7b060 100644
--- a/src/Umbraco.Web/Mvc/AdminTokenAuthorizeAttribute.cs
+++ b/src/Umbraco.Web/Mvc/AdminTokenAuthorizeAttribute.cs
@@ -62,7 +62,7 @@ namespace Umbraco.Web.Mvc
 
         private static string GetAuthHeaderVal(IUserService userService)
         {
-            var admin = userService.GetUserById(0);
+            var admin = userService.GetUserById(Core.Constants.Security.SuperId);
 
             var token = $"{admin.Email}u____u{admin.Username}u____u{admin.RawPasswordValue}";
 
@@ -94,7 +94,7 @@ namespace Umbraco.Web.Mvc
             if (keyVal.Count != 1) return false;
             if (keyVal[0].Groups.Count != 2) return false;
 
-            var admin = UserService.GetUserById(0);
+            var admin = UserService.GetUserById(Core.Constants.Security.SuperId);
             if (admin == null) return false;
 
             try
diff --git a/src/Umbraco.Web/NotificationServiceExtensions.cs b/src/Umbraco.Web/NotificationServiceExtensions.cs
index aa1fd94202..432096546d 100644
--- a/src/Umbraco.Web/NotificationServiceExtensions.cs
+++ b/src/Umbraco.Web/NotificationServiceExtensions.cs
@@ -73,10 +73,10 @@ namespace Umbraco.Web
             if (user == null)
             {
                 Current.Logger.Debug(typeof(NotificationServiceExtensions), "There is no current Umbraco user logged in, the notifications will be sent from the administrator");
-                user = userService.GetUserById(0);
+                user = userService.GetUserById(Constants.Security.SuperId);
                 if (user == null)
                 {
-                    Current.Logger.Warn(typeof(NotificationServiceExtensions), "Noticiations can not be sent, no admin user with id 0 could be resolved");
+                    Current.Logger.Warn(typeof(NotificationServiceExtensions), $"Noticiations can not be sent, no admin user with id {Constants.Security.SuperId} could be resolved");
                     return;
                 }
             }
@@ -98,10 +98,10 @@ namespace Umbraco.Web
             if (user == null)
             {
                 Current.Logger.Debug(typeof(NotificationServiceExtensions), "There is no current Umbraco user logged in, the notifications will be sent from the administrator");
-                user = userService.GetUserById(0);
+                user = userService.GetUserById(Constants.Security.SuperId);
                 if (user == null)
                 {
-                    Current.Logger.Warn(typeof(NotificationServiceExtensions), "Noticiations can not be sent, no admin user with id 0 could be resolved");
+                    Current.Logger.Warn(typeof(NotificationServiceExtensions), $"Noticiations can not be sent, no admin user with id {Constants.Security.SuperId} could be resolved");
                     return;
                 }
             }
diff --git a/src/Umbraco.Web/_Legacy/Packager/Installer.cs b/src/Umbraco.Web/_Legacy/Packager/Installer.cs
index c999b91027..fd339e6ed1 100644
--- a/src/Umbraco.Web/_Legacy/Packager/Installer.cs
+++ b/src/Umbraco.Web/_Legacy/Packager/Installer.cs
@@ -353,7 +353,7 @@ namespace umbraco.cms.businesslogic.packager
                     //bool saveNeeded = false;
 
                     // Get current user, with a fallback
-                    var currentUser = Current.Services.UserService.GetUserById(0);
+                    var currentUser = Current.Services.UserService.GetUserById(Constants.Security.SuperId);
 
                     //TODO: Get rid of this entire class! Until then all packages will be installed by the admin user