From 2666742851c8a4a9bda5f61ab4b76ccc3585cb2f Mon Sep 17 00:00:00 2001
From: Sebastiaan Janssen <sebastiaan@umbraco.com>
Date: Thu, 21 Aug 2014 14:10:54 +0200
Subject: [PATCH] The admin (0) user in UaaS always has password "default"
 (unencrypted), checking for that for

now until we can fix this properly. If we didn't update this scheduled publishing would be broken
---
 .../Mvc/AdminTokenAuthorizeAttribute.cs         | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/src/Umbraco.Web/Mvc/AdminTokenAuthorizeAttribute.cs b/src/Umbraco.Web/Mvc/AdminTokenAuthorizeAttribute.cs
index de8cf65a53..5f79d5ccd7 100644
--- a/src/Umbraco.Web/Mvc/AdminTokenAuthorizeAttribute.cs
+++ b/src/Umbraco.Web/Mvc/AdminTokenAuthorizeAttribute.cs
@@ -1,8 +1,10 @@
 using System;
+using System.Linq;
 using System.Text;
 using System.Text.RegularExpressions;
 using System.Web;
 using System.Web.Mvc;
+using umbraco;
 using Umbraco.Core;
 using Umbraco.Core.Logging;
 
@@ -41,7 +43,12 @@ namespace Umbraco.Web.Mvc
         /// <returns></returns>
         public static string GetAuthHeaderTokenVal(ApplicationContext appContext)
         {
-            var admin = appContext.Services.UserService.GetUserById(0);
+            int numberOfUsers;
+            var users = appContext.Services.UserService.GetAll(0, 25, out numberOfUsers);
+            var admin = users.FirstOrDefault(u => u.UserType.Alias == "admin" && u.RawPasswordValue != string.Empty && u.RawPasswordValue.InvariantEquals("default") == false);
+
+            if (admin == null) 
+                return string.Empty;
 
             var token = string.Format("{0}u____u{1}u____u{2}", admin.Email, admin.Username, admin.RawPasswordValue);
 
@@ -50,7 +57,7 @@ namespace Umbraco.Web.Mvc
             var base64 = Convert.ToBase64String(bytes);
             return "AToken val=\"" + base64 + "\"";
         }
-
+        
         /// <summary>
         /// Ensures that the user must be in the Administrator or the Install role
         /// </summary>
@@ -87,11 +94,11 @@ namespace Umbraco.Web.Mvc
                 var encrypted = Encoding.UTF8.GetString(bytes);
                 //decrypt the string
                 var text = encrypted.DecryptWithMachineKey();
-                
+
                 //split
-                var split = text.Split(new[] {"u____u"}, StringSplitOptions.RemoveEmptyEntries);
+                var split = text.Split(new[] { "u____u" }, StringSplitOptions.RemoveEmptyEntries);
                 if (split.Length != 3) return false;
-                
+
                 //compare
                 return
                     split[0] == admin.Email