yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V7: Error upgrading due to SecurityStamp being null (#6343)

Browse Source 
* Allow login with a null SecurityStamp when upgrading

* Added migration to fill in missing SecurityStamp

* Make sure we initialize UmbracoContext as it is needed in some tests that use UmbracoBackOfficeIdentity.AddUserDataClaims

* Moved check for null SecurityStamp

* Generate new SecurityStamp in C#

* Bump version to 7.15.4
This commit is contained in:
stevemegson
2019-09-20 10:38:44 +01:00
committed by Elitsa Marinovska
parent b4495d0ae5
commit 98e39ed3ef
7 changed files with 59 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/SolutionInfo.cs
View File

@@ -11,5 +11,5 @@ using System.Resources;
[assembly: AssemblyVersion("1.0.*")]
[assembly: AssemblyFileVersion("7.15.3")]
[assembly: AssemblyInformationalVersion("7.15.3")]
[assembly: AssemblyFileVersion("7.15.4")]
[assembly: AssemblyInformationalVersion("7.15.4")]

2
src/Umbraco.Core/Configuration/UmbracoVersion.cs
View File

@@ -6,7 +6,7 @@ namespace Umbraco.Core.Configuration
{
public class UmbracoVersion
{
private static readonly Version Version = new Version("7.15.3");
private static readonly Version Version = new Version("7.15.4");
/// <summary>
/// Gets the current version of Umbraco.

24
src/Umbraco.Core/Persistence/Migrations/Upgrades/TargetVersionSevenFifteenFour/PopulateMissingSecurityStamps.cs Normal file
View File

@@ -0,0 +1,24 @@
using System;
using Umbraco.Core.Logging;
using Umbraco.Core.Persistence.SqlSyntax;
namespace Umbraco.Core.Persistence.Migrations.Upgrades.TargetVersionSevenFifteenFour
{
[Migration("7.15.4", 1, Constants.System.UmbracoMigrationName)]
public class PopulateMissingSecurityStamps : MigrationBase
{
public PopulateMissingSecurityStamps(ISqlSyntaxProvider sqlSyntax, ILogger logger) : base(sqlSyntax, logger)
{
}
public override void Up()
{
// A user with a NULL securityStampToken can't log in after v7.8.0
Execute.Sql($@"UPDATE umbracoUser SET securityStampToken = '{Guid.NewGuid().ToString()}' WHERE securityStampToken IS NULL");
}
public override void Down()
{
}
}
}

8
src/Umbraco.Core/Security/UmbracoBackOfficeIdentity.cs
View File

@@ -115,6 +115,12 @@ namespace Umbraco.Core.Security
AddClaim(new Claim(ClaimTypes.CookiePath, "/", ClaimValueTypes.String, Issuer, Issuer, this));
}
// if upgrading from a pre-7.3.0 version, SecurityStamp will be null
if (userdata.SecurityStamp == null && ApplicationContext.Current.IsUpgrading)
{
userdata.SecurityStamp = Guid.NewGuid().ToString();
}
_currentIssuer = claimsIdentity.AuthenticationType;
UserData = userdata;
AddExistingClaims(claimsIdentity);
@@ -227,7 +233,9 @@ namespace Umbraco.Core.Security
//The security stamp claim is also required... this is because this claim type is hard coded
// by the SecurityStampValidator, see: https://katanaproject.codeplex.com/workitem/444
if (HasClaim(x => x.Type == Microsoft.AspNet.Identity.Constants.DefaultSecurityStampClaimType) == false)
{
AddClaim(new Claim(Microsoft.AspNet.Identity.Constants.DefaultSecurityStampClaimType, SecurityStamp, ClaimValueTypes.String, Issuer, Issuer, this));
}
//Add each app as a separate claim
if (HasClaim(x => x.Type == Constants.Security.AllowedApplicationsClaimType) == false)

1
src/Umbraco.Core/Umbraco.Core.csproj
View File

@@ -576,6 +576,7 @@
<Compile Include="Persistence\Migrations\Upgrades\TargetVersionSevenEightZero\AddInstructionCountColumn.cs" />
<Compile Include="Persistence\Migrations\Upgrades\TargetVersionSevenEightZero\AddCmsMediaTable.cs" />
<Compile Include="Persistence\Migrations\Upgrades\TargetVersionSevenEightZero\AddUserLoginTable.cs" />
<Compile Include="Persistence\Migrations\Upgrades\TargetVersionSevenFifteenFour\PopulateMissingSecurityStamps.cs" />
<Compile Include="Persistence\Migrations\Upgrades\TargetVersionSevenFourteenZero\UpdateMemberGroupPickerData.cs" />
<Compile Include="Persistence\Migrations\Upgrades\TargetVersionSevenTwelveZero\RenameTrueFalseField.cs" />
<Compile Include="Persistence\Migrations\Upgrades\TargetVersionSevenTwelveZero\SetDefaultTagsStorageType.cs" />

22
src/Umbraco.Tests/Security/UmbracoBackOfficeIdentityTests.cs
View File

@@ -4,9 +4,14 @@ using System.Security.Claims;
using System.Text;
using System.Threading.Tasks;
using System.Web.Security;
using Moq;
using Newtonsoft.Json;
using NUnit.Framework;
using Umbraco.Core;
using Umbraco.Core.Logging;
using Umbraco.Core.Persistence.SqlSyntax;
using Umbraco.Core.Profiling;
using Umbraco.Core.Scoping;
using Umbraco.Core.Security;
using Umbraco.Core.Services;
@@ -15,9 +20,24 @@ namespace Umbraco.Tests.Security
[TestFixture]
public class UmbracoBackOfficeIdentityTests
{
public const string TestIssuer = "TestIssuer";
[SetUp]
public void Initialize()
{
var sqlSyntax = new SqlCeSyntaxProvider();
//This is needed because the Migration resolver is creating migration instances with their full ctors
ApplicationContext.EnsureContext(
new ApplicationContext(
new DatabaseContext(Mock.Of<IScopeProviderInternal>(), Mock.Of<ILogger>(), sqlSyntax, "test"),
new ServiceContext(),
CacheHelper.CreateDisabledCacheHelper(),
new ProfilingLogger(Mock.Of<ILogger>(), Mock.Of<IProfiler>())),
true);
}
[Test]
public void Create_From_Claims_Identity()
{

4
src/Umbraco.Web.UI/Umbraco.Web.UI.csproj
View File

@@ -1028,9 +1028,9 @@ xcopy "$(ProjectDir)"..\packages\SqlServerCE.4.0.0.1\x86\*.* "$(TargetDir)x86\"
<WebProjectProperties>
<UseIIS>True</UseIIS>
<AutoAssignPort>True</AutoAssignPort>
<DevelopmentServerPort>7153</DevelopmentServerPort>
<DevelopmentServerPort>7154</DevelopmentServerPort>
<DevelopmentServerVPath>/</DevelopmentServerVPath>
<IISUrl>http://localhost:7153</IISUrl>
<IISUrl>http://localhost:7154</IISUrl>
<NTLMAuthentication>False</NTLMAuthentication>
<UseCustomServer>False</UseCustomServer>
<CustomServerUrl>