yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

The admin (0) user in UaaS always has password "default" (unencrypted), checking for that for

Browse Source 
now until we can fix this properly. If we didn't update this scheduled publishing would be broken
This commit is contained in:
Sebastiaan Janssen
2014-08-21 14:10:54 +02:00
parent 38c1e154d4
commit 2666742851
1 changed files with 12 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/Umbraco.Web/Mvc/AdminTokenAuthorizeAttribute.cs
View File

@@ -1,8 +1,10 @@
using System;
using System.Linq;
using System.Text;
using System.Text.RegularExpressions;
using System.Web;
using System.Web.Mvc;
using umbraco;
using Umbraco.Core;
using Umbraco.Core.Logging;
@@ -41,7 +43,12 @@ namespace Umbraco.Web.Mvc
/// <returns></returns>
public static string GetAuthHeaderTokenVal(ApplicationContext appContext)
{
var admin = appContext.Services.UserService.GetUserById(0);
int numberOfUsers;
var users = appContext.Services.UserService.GetAll(0, 25, out numberOfUsers);
var admin = users.FirstOrDefault(u => u.UserType.Alias == "admin" && u.RawPasswordValue != string.Empty && u.RawPasswordValue.InvariantEquals("default") == false);
if (admin == null)
return string.Empty;
var token = string.Format("{0}u____u{1}u____u{2}", admin.Email, admin.Username, admin.RawPasswordValue);
@@ -50,7 +57,7 @@ namespace Umbraco.Web.Mvc
var base64 = Convert.ToBase64String(bytes);
return "AToken val=\"" + base64 + "\"";
}
/// <summary>
/// Ensures that the user must be in the Administrator or the Install role
/// </summary>
@@ -87,11 +94,11 @@ namespace Umbraco.Web.Mvc
var encrypted = Encoding.UTF8.GetString(bytes);
//decrypt the string
var text = encrypted.DecryptWithMachineKey();
//split
var split = text.Split(new[] {"u____u"}, StringSplitOptions.RemoveEmptyEntries);
var split = text.Split(new[] { "u____u" }, StringSplitOptions.RemoveEmptyEntries);
if (split.Length != 3) return false;
//compare
return
split[0] == admin.Email