Clears the auth cookie after install if there is one which forces the login screen to display so that the csrf tokens are created - this is required if you are upgrading from a previous version and are logged in but don't have a version with csrf tokens.

2014-01-20 10:53:14 +11:00
parent 673e24a2ea
commit 1ad05fbfc9
1 changed files with 11 additions and 2 deletions
--- a/src/Umbraco.Web.UI/install/steps/TheEnd.ascx.cs
+++ b/src/Umbraco.Web.UI/install/steps/TheEnd.ascx.cs
@@ -1,5 +1,9 @@
 using System;
+using System.Web;
+using Umbraco.Core;
 using Umbraco.Core.Configuration;
+using Umbraco.Core.Logging;
+using Umbraco.Web.Security;

 namespace Umbraco.Web.UI.Install.Steps
 {
@@ -12,15 +16,20 @@ namespace Umbraco.Web.UI.Install.Steps
            {
                GlobalSettings.ConfigurationStatus = UmbracoVersion.Current.ToString(3);
            }
-            catch (Exception)
+            catch (Exception ex)
            {
-                //errorLiteral.Text = ex.ToString();
+                LogHelper.Error<TheEnd>("An error occurred updating the config status", ex);
            }

            // Update ClientDependency version
            var clientDependencyConfig = new ClientDependencyConfiguration();
            var clientDependencyUpdated = clientDependencyConfig.IncreaseVersionNumber();
            
+            //Clear the auth cookie - this is required so that the login screen is displayed after upgrade and so the 
+            // csrf anti-forgery tokens are created, otherwise there will just be JS errors if the user has an old 
+            // login token from a previous version when we didn't have csrf tokens in place
+            var security = new WebSecurity(new HttpContextWrapper(Context), ApplicationContext.Current);
+            security.ClearCurrentLogin();
        }

    }