Merge branch '7.0.2' of https://github.com/umbraco/Umbraco-CMS into 7.0.2

build/Build.bat

@@ -1,5 +1,5 @@
 @ECHO OFF
-SET release=7.0.1
+SET release=7.0.2
 SET comment=
 SET version=%release%
 

src/Umbraco.Core/Configuration/UmbracoVersion.cs

@@ -5,7 +5,7 @@ namespace Umbraco.Core.Configuration
 {
     public class UmbracoVersion
     {
-        private static readonly Version Version = new Version("7.0.1");
+        private static readonly Version Version = new Version("7.0.2");
 
         /// <summary>
         /// Gets the current version of Umbraco.

src/Umbraco.Core/Services/IMemberService.cs

@@ -8,7 +8,7 @@ namespace Umbraco.Core.Services
     /// <summary>
     /// Defines the MemberService, which is an easy access to operations involving (umbraco) members.
     /// </summary>
-    internal interface IMemberService : IMembershipMemberService
+    public interface IMemberService : IMembershipMemberService
     {
         /// <summary>
         /// Checks if a member with the id exists

src/Umbraco.Core/Services/IMembershipMemberService.cs

@@ -10,7 +10,7 @@ namespace Umbraco.Core.Services
     /// <remarks>
     /// Idea is to have this is an isolated interface so that it can be easily 'replaced' in the membership provider impl.
     /// </remarks>
-    internal interface IMembershipMemberService : IService
+    public interface IMembershipMemberService : IService
     {
         /// <summary>
         /// Checks if a member with the username exists

src/Umbraco.Core/Services/MemberService.cs

@@ -18,24 +18,24 @@ namespace Umbraco.Core.Services
     /// <summary>
     /// Represents the MemberService.
     /// </summary>
-    internal class MemberService : IMemberService
+    public class MemberService : IMemberService
     {
         private readonly RepositoryFactory _repositoryFactory;
         private readonly IDatabaseUnitOfWorkProvider _uowProvider;
 
         private static readonly ReaderWriterLockSlim Locker = new ReaderWriterLockSlim();
 
-        public MemberService(RepositoryFactory repositoryFactory)
+        internal MemberService(RepositoryFactory repositoryFactory)
             : this(new PetaPocoUnitOfWorkProvider(), repositoryFactory)
         {
         }
 
-        public MemberService(IDatabaseUnitOfWorkProvider provider)
+        internal MemberService(IDatabaseUnitOfWorkProvider provider)
             : this(provider, new RepositoryFactory())
         {
         }
 
-        public MemberService(IDatabaseUnitOfWorkProvider provider, RepositoryFactory repositoryFactory)
+        internal MemberService(IDatabaseUnitOfWorkProvider provider, RepositoryFactory repositoryFactory)
         {
             _repositoryFactory = repositoryFactory;
             _uowProvider = provider;

src/Umbraco.Web/Editors/EntityController.cs

@@ -132,7 +132,8 @@ namespace Umbraco.Web.Editors
         /// <summary>
         /// Gets an entity by a xpath or css-like query
         /// </summary>
-        /// <param name="id"></param>
+        /// <param name="query"></param>
+        /// <param name="rootNodeId"></param>
         /// <param name="type"></param>
         /// <returns></returns>
         public EntityBasic GetByQuery(string query, int rootNodeId, UmbracoEntityTypes type)
@@ -143,15 +144,28 @@ namespace Umbraco.Web.Editors
             //    query = css2xpath.Converter.CSSToXPath(query, "");
 
                 
-            if(rootNodeId < 0){
-                var nodes = global::umbraco.library.GetXmlNodeByXPath(query);
-                var node = uQuery.GetNodesByXPath(query).FirstOrDefault();
+            if(rootNodeId < 0)
+            {
+                var node = Umbraco.TypedContentSingleAtXPath(query);
 
                 if(node == null)
                     return null;
                     
                 return GetById(node.Id, UmbracoEntityTypes.Document);
-            }else{
+            }
+            else
+            {
+                //SD: This should be done using UmbracoHelper
+
+                //var node = Umbraco.TypedContent(rootNodeId);
+                //if (node != null)
+                //{
+                //    //TODO: Build an Xpath query based on this node ID and the rest of the query
+                //    // var subQuery = [@id=rootNodeId]/query
+                //    // and then get that node with:
+                //    // var result = Umbraco.TypedContentSingleAtXPath(subQuery);
+                //}
+
                 var node = global::umbraco.library.GetXmlNodeById(rootNodeId.ToString());
                 if (node.MoveNext())
                 {

src/Umbraco.Web/HttpCookieExtensions.cs

@@ -1,4 +1,5 @@
-using System.Linq;
+using System;
+using System.Linq;
 using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Web;
@@ -14,6 +15,30 @@ namespace Umbraco.Web
     /// </remarks> 
     internal static class HttpCookieExtensions
     {
+        /// <summary>
+        /// Removes the cookie from the request and the response if it exists
+        /// </summary>
+        /// <param name="http"></param>
+        /// <param name="cookieName"></param>
+        public static void ExpireCookie(this HttpContextBase http, string cookieName)
+        {
+            //remove from the request
+            http.Request.Cookies.Remove(cookieName);
+
+            //expire from the response
+            var angularCookie = http.Response.Cookies[cookieName];
+            if (angularCookie != null)
+            {
+                //this will expire immediately and be removed from the browser
+                angularCookie.Expires = DateTime.Now.AddYears(-1);
+            }
+            else
+            {
+                //ensure there's def an expired cookie
+                http.Response.Cookies.Add(new HttpCookie(cookieName) { Expires = DateTime.Now.AddYears(-1) });
+            }
+        }
+
         public static string GetPreviewCookieValue(this HttpRequestMessage request)
         {
             var cookie = request.Headers.GetCookies(Constants.Web.PreviewCookieName).FirstOrDefault();

src/Umbraco.Web/Strategies/Migrations/ClearCsrfCookiesAfterUpgrade.cs

@@ -0,0 +1,28 @@
+using System.Web;
+using Umbraco.Core.Persistence.Migrations;
+using Umbraco.Web.WebApi.Filters;
+using umbraco.interfaces;
+
+namespace Umbraco.Web.Strategies.Migrations
+{
+    /// <summary>
+    /// After upgrade we clear out the csrf tokens
+    /// </summary>
+    public class ClearCsrfCookiesAfterUpgrade : IApplicationStartupHandler
+    {
+        public ClearCsrfCookiesAfterUpgrade()
+        {
+            MigrationRunner.Migrated += MigrationRunner_Migrated;
+        }
+
+        void MigrationRunner_Migrated(MigrationRunner sender, Core.Events.MigrationEventArgs e)
+        {
+            if (HttpContext.Current == null) return;
+
+            var http = new HttpContextWrapper(HttpContext.Current);
+
+            http.ExpireCookie(AngularAntiForgeryHelper.AngularCookieName);
+            http.ExpireCookie(AngularAntiForgeryHelper.CsrfValidationCookieName);
+        }
+    }
+}

src/Umbraco.Web/Umbraco.Web.csproj

@@ -405,6 +405,7 @@
     <Compile Include="PropertyEditors\PropertyValueEditorWrapper.cs" />
     <Compile Include="PublishedContentQuery.cs" />
     <Compile Include="Routing\UrlProviderExtensions.cs" />
+    <Compile Include="Strategies\Migrations\ClearCsrfCookiesAfterUpgrade.cs" />
     <Compile Include="Strategies\Migrations\ClearMediaXmlCacheForDeletedItemsAfterUpgrade.cs" />
     <Compile Include="TagQuery.cs" />
     <Compile Include="Trees\CoreTreeAttribute.cs" />

src/Umbraco.Web/WebApi/Filters/SetAngularAntiForgeryTokensAttribute.cs

@@ -1,4 +1,5 @@
 using System.Linq;
+using System.Net;
 using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Web.Helpers;
@@ -16,11 +17,19 @@ namespace Umbraco.Web.WebApi.Filters
         {
             if (context.Response == null) return;
 
-            //don't need to set the cookie if they already exist
+            //DO not set the token cookies if the request has failed!!
+            if (context.Response.StatusCode != HttpStatusCode.OK) return;
+
+            //don't need to set the cookie if they already exist and they are valid
             if (context.Request.Headers.GetCookies(AngularAntiForgeryHelper.AngularCookieName).Any()
                 && context.Request.Headers.GetCookies(AngularAntiForgeryHelper.CsrfValidationCookieName).Any())
             {
-                return;
+                //if they are not valid for some strange reason - we need to continue setting valid ones
+                string failedReason;
+                if (AngularAntiForgeryHelper.ValidateHeaders(context.Request.Headers, out failedReason))
+                {                    
+                    return;
+                }
             }
 
             string cookieToken, headerToken;