From 39ace698790c7e80c0ed930b3ec0fd04cdd99bfc Mon Sep 17 00:00:00 2001
From: Bjarke Berg <mail@bergmania.dk>
Date: Fri, 5 Jun 2020 12:50:26 +0200
Subject: [PATCH] Added runtime compilation of views

---
 .../Controllers/MacrosController.cs                  |  2 +-
 .../Controllers/UmbracoAuthorizedApiController.cs    |  2 +-
 .../Controllers/UmbracoAuthorizedJsonController.cs   |  2 +-
 .../UmbracoBackOfficeServiceCollectionExtensions.cs  | 12 ++++++++----
 .../Umbraco.Web.BackOffice.csproj                    |  1 +
 src/Umbraco.Web.UI.NetCore/Startup.cs                |  3 ---
 6 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/src/Umbraco.Web.BackOffice/Controllers/MacrosController.cs b/src/Umbraco.Web.BackOffice/Controllers/MacrosController.cs
index 47352c1616..5b61b91c66 100644
--- a/src/Umbraco.Web.BackOffice/Controllers/MacrosController.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/MacrosController.cs
@@ -26,7 +26,7 @@ namespace Umbraco.Web.BackOffice.Controllers
     /// The API controller used for editing dictionary items
     /// </summary>
     [PluginController("UmbracoApi")]
-   // [UmbracoTreeAuthorize(Constants.Trees.Macros)]
+    [UmbracoTreeAuthorize(Constants.Trees.Macros)]
     public class MacrosController : BackOfficeNotificationsController
     {
         private readonly ParameterEditorCollection _parameterEditorCollection;
diff --git a/src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedApiController.cs b/src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedApiController.cs
index 29816ab751..c3e1a71b86 100644
--- a/src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedApiController.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedApiController.cs
@@ -15,7 +15,7 @@ namespace Umbraco.Web.BackOffice.Controllers
     /// </remarks>
     [IsBackOffice]
     //[UmbracoUserTimeoutFilter] //TODO reintroduce
-    //[UmbracoAuthorize]
+    [UmbracoAuthorize]
     [DisableBrowserCache]
     [UmbracoWebApiRequireHttps]
     //[CheckIfUserTicketDataIsStale] //TODO reintroduce
diff --git a/src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedJsonController.cs b/src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedJsonController.cs
index 5d138884f2..6a68651a50 100644
--- a/src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedJsonController.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedJsonController.cs
@@ -12,7 +12,7 @@ namespace Umbraco.Web.BackOffice.Controllers
     /// Inheriting from this controller means that ALL of your methods are JSON methods that are called by Angular,
     /// methods that are not called by Angular or don't contain a valid csrf header will NOT work.
     /// </remarks>
-    //[TypeFilter(typeof(ValidateAngularAntiForgeryTokenAttribute))]
+    [TypeFilter(typeof(ValidateAngularAntiForgeryTokenAttribute))]
     [TypeFilter(typeof(AngularJsonOnlyConfigurationAttribute))] // TODO: This could be applied with our Application Model conventions
     public abstract class UmbracoAuthorizedJsonController : UmbracoAuthorizedApiController
     {
diff --git a/src/Umbraco.Web.BackOffice/Extensions/UmbracoBackOfficeServiceCollectionExtensions.cs b/src/Umbraco.Web.BackOffice/Extensions/UmbracoBackOfficeServiceCollectionExtensions.cs
index a0704da14c..f3875a8f18 100644
--- a/src/Umbraco.Web.BackOffice/Extensions/UmbracoBackOfficeServiceCollectionExtensions.cs
+++ b/src/Umbraco.Web.BackOffice/Extensions/UmbracoBackOfficeServiceCollectionExtensions.cs
@@ -22,6 +22,10 @@ namespace Umbraco.Extensions
         {
             services.AddAntiforgery();
 
+            //We need to have runtime compilation of views when using backoffice. We could consider having only this when a specific config is set.
+            //But as far as I can see, there are still precompiled views, even when this is activated, so maybe it is okay.
+            services.AddControllersWithViews().AddRazorRuntimeCompilation();
+
             services
                 .AddAuthentication(Constants.Security.BackOfficeAuthenticationType)
                 .AddCookie(Constants.Security.BackOfficeAuthenticationType);
@@ -32,7 +36,7 @@ namespace Umbraco.Extensions
         /// <summary>
         /// Adds the services required for using Umbraco back office Identity
         /// </summary>
-        /// <param name="services"></param>        
+        /// <param name="services"></param>
         public static void AddUmbracoBackOfficeIdentity(this IServiceCollection services)
         {
             services.AddDataProtection();
@@ -48,7 +52,7 @@ namespace Umbraco.Extensions
 
             // Configure the options specifically for the UmbracoBackOfficeIdentityOptions instance
             services.ConfigureOptions<ConfigureUmbracoBackOfficeIdentityOptions>();
-            //services.TryAddScoped<ISecurityStampValidator, SecurityStampValidator<BackOfficeIdentityUser>>();            
+            //services.TryAddScoped<ISecurityStampValidator, SecurityStampValidator<BackOfficeIdentityUser>>();
         }
 
         private static IdentityBuilder BuildUmbracoBackOfficeIdentity(this IServiceCollection services)
@@ -56,7 +60,7 @@ namespace Umbraco.Extensions
             // Borrowed from https://github.com/dotnet/aspnetcore/blob/master/src/Identity/Extensions.Core/src/IdentityServiceCollectionExtensions.cs#L33
             // The reason we need our own is because the Identity system doesn't cater easily for multiple identity systems and particularly being
             // able to configure IdentityOptions to a specific provider since there is no named options. So we have strongly typed options
-            // and strongly typed ILookupNormalizer and IdentityErrorDescriber since those are 'global' and we need to be unintrusive. 
+            // and strongly typed ILookupNormalizer and IdentityErrorDescriber since those are 'global' and we need to be unintrusive.
 
             // TODO: Could move all of this to BackOfficeComposer?
 
@@ -71,7 +75,7 @@ namespace Umbraco.Extensions
             services.TryAddScoped<IUserClaimsPrincipalFactory<BackOfficeIdentityUser>, UserClaimsPrincipalFactory<BackOfficeIdentityUser>>();
             services.TryAddScoped<UserManager<BackOfficeIdentityUser>>();
 
-            // CUSTOM:            
+            // CUSTOM:
             services.TryAddScoped<BackOfficeLookupNormalizer>();
             services.TryAddScoped<BackOfficeIdentityErrorDescriber>();
 
diff --git a/src/Umbraco.Web.BackOffice/Umbraco.Web.BackOffice.csproj b/src/Umbraco.Web.BackOffice/Umbraco.Web.BackOffice.csproj
index f2b4e79ba0..0895fcdd1c 100644
--- a/src/Umbraco.Web.BackOffice/Umbraco.Web.BackOffice.csproj
+++ b/src/Umbraco.Web.BackOffice/Umbraco.Web.BackOffice.csproj
@@ -11,6 +11,7 @@
     </ItemGroup>
 
     <ItemGroup>
+      <PackageReference Include="Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation" Version="3.1.4" />
       <PackageReference Include="Serilog.AspNetCore" Version="3.2.0" />
     </ItemGroup>
 
diff --git a/src/Umbraco.Web.UI.NetCore/Startup.cs b/src/Umbraco.Web.UI.NetCore/Startup.cs
index c8dd845546..3ff9d0cff2 100644
--- a/src/Umbraco.Web.UI.NetCore/Startup.cs
+++ b/src/Umbraco.Web.UI.NetCore/Startup.cs
@@ -47,9 +47,6 @@ namespace Umbraco.Web.UI.BackOffice
             services.AddUmbracoRuntimeMinifier(_config);
             services.AddUmbracoBackOffice();
             services.AddUmbracoBackOfficeIdentity();
-
-            services.AddMvc();
-
             services.AddMiniProfiler(options =>
             {
                 options.ShouldProfile = request => false; // WebProfiler determine and start profiling. We should not use the MiniProfilerMiddleware to also profile