From 51bbf7ceb53a34cfc9a65a2967ed9ed88ff4c175 Mon Sep 17 00:00:00 2001
From: Shannon <sdeminick@gmail.com>
Date: Tue, 16 Feb 2016 14:22:59 +0100
Subject: [PATCH 1/2] U4-7494 Installation Fails for 7.3.3 - Intermittent -
 Value cannot be null. Parameter name: sqlSyntax

---
 .../Security/Identity/BackOfficeCookieManager.cs       | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/Umbraco.Web/Security/Identity/BackOfficeCookieManager.cs b/src/Umbraco.Web/Security/Identity/BackOfficeCookieManager.cs
index 76bd80037c..598309161e 100644
--- a/src/Umbraco.Web/Security/Identity/BackOfficeCookieManager.cs
+++ b/src/Umbraco.Web/Security/Identity/BackOfficeCookieManager.cs
@@ -73,6 +73,16 @@ namespace Umbraco.Web.Security.Identity
         /// </remarks>
         internal bool ShouldAuthenticateRequest(IOwinContext ctx, Uri originalRequestUrl, bool checkForceAuthTokens = true)
         {
+            if (_umbracoContextAccessor.Value.Application.IsConfigured == false
+                && _umbracoContextAccessor.Value.Application.DatabaseContext.IsDatabaseConfigured == false)
+            {
+                //Do not authenticate the request if we don't have a db and we are not configured - since we will never need
+                // to know a current user in this scenario - we treat it as a new install. Without this we can have some issues
+                // when people have older invalid cookies on the same domain since our user managers might attempt to lookup a user
+                // and we don't even have a db.
+                return false;
+            }
+
             var request = ctx.Request;
             var httpCtx = ctx.TryGetHttpContext();
             

From 7002291c4170c848ab25dad85c92d17f7c122dd4 Mon Sep 17 00:00:00 2001
From: Shannon <sdeminick@gmail.com>
Date: Tue, 16 Feb 2016 14:51:15 +0100
Subject: [PATCH 2/2] adds tests for ShouldAuthenticateRequest for app
 configurations

---
 .../Security/BackOfficeCookieManagerTests.cs  | 81 +++++++++++++++++++
 .../UmbracoBackOfficeIdentityTests.cs         |  2 +-
 src/Umbraco.Tests/Umbraco.Tests.csproj        |  9 +++
 src/Umbraco.Tests/packages.config             |  2 +
 4 files changed, 93 insertions(+), 1 deletion(-)
 create mode 100644 src/Umbraco.Tests/Security/BackOfficeCookieManagerTests.cs

diff --git a/src/Umbraco.Tests/Security/BackOfficeCookieManagerTests.cs b/src/Umbraco.Tests/Security/BackOfficeCookieManagerTests.cs
new file mode 100644
index 0000000000..f93fd355ed
--- /dev/null
+++ b/src/Umbraco.Tests/Security/BackOfficeCookieManagerTests.cs
@@ -0,0 +1,81 @@
+using System;
+using System.Collections.Generic;
+using System.Web;
+using Microsoft.Owin;
+using Moq;
+using NUnit.Framework;
+using Umbraco.Core;
+using Umbraco.Core.Configuration.UmbracoSettings;
+using Umbraco.Core.Logging;
+using Umbraco.Core.Persistence;
+using Umbraco.Core.Persistence.SqlSyntax;
+using Umbraco.Core.Profiling;
+using Umbraco.Tests.TestHelpers;
+using Umbraco.Web;
+using Umbraco.Web.Routing;
+using Umbraco.Web.Security;
+using Umbraco.Web.Security.Identity;
+
+namespace Umbraco.Tests.Security
+{
+    [TestFixture]
+    public class BackOfficeCookieManagerTests
+    {
+        [Test]
+        public void ShouldAuthenticateRequest_When_Not_Configured()
+        {
+            var dbCtx = new Mock<DatabaseContext>(Mock.Of<IDatabaseFactory>(), Mock.Of<ILogger>(), Mock.Of<ISqlSyntaxProvider>(), "test");
+            dbCtx.Setup(x => x.IsDatabaseConfigured).Returns(false);
+
+            var appCtx = new ApplicationContext(
+                dbCtx.Object,
+                MockHelper.GetMockedServiceContext(),
+                CacheHelper.CreateDisabledCacheHelper(),
+                new ProfilingLogger(Mock.Of<ILogger>(), Mock.Of<IProfiler>()));
+            
+            var umbCtx = UmbracoContext.CreateContext(
+                Mock.Of<HttpContextBase>(), 
+                appCtx, 
+                new WebSecurity(Mock.Of<HttpContextBase>(), appCtx), 
+                Mock.Of<IUmbracoSettingsSection>(), new List<IUrlProvider>(), false);
+
+            var mgr = new BackOfficeCookieManager(Mock.Of<IUmbracoContextAccessor>(accessor => accessor.Value == umbCtx));
+
+            var result = mgr.ShouldAuthenticateRequest(Mock.Of<IOwinContext>(), new Uri("http://localhost/umbraco"));
+
+            Assert.IsFalse(result);
+        }
+
+        [Test]
+        public void ShouldAuthenticateRequest_When_Configured()
+        {
+            var dbCtx = new Mock<DatabaseContext>(Mock.Of<IDatabaseFactory>(), Mock.Of<ILogger>(), Mock.Of<ISqlSyntaxProvider>(), "test");
+            dbCtx.Setup(x => x.IsDatabaseConfigured).Returns(true);
+
+            var appCtx = new ApplicationContext(
+                dbCtx.Object,
+                MockHelper.GetMockedServiceContext(),
+                CacheHelper.CreateDisabledCacheHelper(),
+                new ProfilingLogger(Mock.Of<ILogger>(), Mock.Of<IProfiler>()));
+
+            var umbCtx = UmbracoContext.CreateContext(
+                Mock.Of<HttpContextBase>(),
+                appCtx,
+                new WebSecurity(Mock.Of<HttpContextBase>(), appCtx),
+                Mock.Of<IUmbracoSettingsSection>(), new List<IUrlProvider>(), false);
+
+            var mgr = new BackOfficeCookieManager(Mock.Of<IUmbracoContextAccessor>(accessor => accessor.Value == umbCtx));
+
+            var request = new Mock<OwinRequest>();
+            request.Setup(owinRequest => owinRequest.Uri).Returns(new Uri("http://localhost/umbraco"));
+
+            var result = mgr.ShouldAuthenticateRequest(
+                Mock.Of<IOwinContext>(context => context.Request == request.Object), 
+                new Uri("http://localhost/umbraco"));
+
+            Assert.IsTrue(result);
+        }
+
+        //TODO : Write remaining tests for `ShouldAuthenticateRequest`
+    }
+}
\ No newline at end of file
diff --git a/src/Umbraco.Tests/Security/UmbracoBackOfficeIdentityTests.cs b/src/Umbraco.Tests/Security/UmbracoBackOfficeIdentityTests.cs
index 2e3bc39814..813653fb7c 100644
--- a/src/Umbraco.Tests/Security/UmbracoBackOfficeIdentityTests.cs
+++ b/src/Umbraco.Tests/Security/UmbracoBackOfficeIdentityTests.cs
@@ -1,5 +1,4 @@
 using System;
-using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
 using System.Text;
@@ -9,6 +8,7 @@ using Newtonsoft.Json;
 using NUnit.Framework;
 using Umbraco.Core;
 using Umbraco.Core.Security;
+using Umbraco.Core.Services;
 
 namespace Umbraco.Tests.Security
 {
diff --git a/src/Umbraco.Tests/Umbraco.Tests.csproj b/src/Umbraco.Tests/Umbraco.Tests.csproj
index 223ea33faa..cbad6db867 100644
--- a/src/Umbraco.Tests/Umbraco.Tests.csproj
+++ b/src/Umbraco.Tests/Umbraco.Tests.csproj
@@ -75,6 +75,10 @@
       <SpecificVersion>False</SpecificVersion>
       <HintPath>..\packages\Lucene.Net.2.9.4.1\lib\net40\Lucene.Net.dll</HintPath>
     </Reference>
+    <Reference Include="Microsoft.Owin, Version=3.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.Owin.3.0.1\lib\net45\Microsoft.Owin.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
     <Reference Include="Microsoft.Web.Infrastructure, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <Private>True</Private>
       <HintPath>..\packages\Microsoft.Web.Infrastructure.1.0.0.0\lib\net40\Microsoft.Web.Infrastructure.dll</HintPath>
@@ -94,6 +98,10 @@
       <SpecificVersion>False</SpecificVersion>
       <HintPath>..\packages\NUnit.2.6.2\lib\nunit.framework.dll</HintPath>
     </Reference>
+    <Reference Include="Owin, Version=1.0.0.0, Culture=neutral, PublicKeyToken=f0ebd12fd5e55cc5, processorArchitecture=MSIL">
+      <HintPath>..\packages\Owin.1.0\lib\net40\Owin.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
     <Reference Include="Semver">
       <HintPath>..\packages\semver.1.1.2\lib\net45\Semver.dll</HintPath>
     </Reference>
@@ -194,6 +202,7 @@
     <Compile Include="Resolvers\ResolverBaseTest.cs" />
     <Compile Include="Routing\RoutesCacheTests.cs" />
     <Compile Include="Routing\UrlRoutingTestBase.cs" />
+    <Compile Include="Security\BackOfficeCookieManagerTests.cs" />
     <Compile Include="Security\UmbracoBackOfficeIdentityTests.cs" />
     <Compile Include="Services\PublicAccessServiceTests.cs" />
     <Compile Include="StringNewlineExtensions.cs" />
diff --git a/src/Umbraco.Tests/packages.config b/src/Umbraco.Tests/packages.config
index 8986f13197..89a6429d46 100644
--- a/src/Umbraco.Tests/packages.config
+++ b/src/Umbraco.Tests/packages.config
@@ -13,11 +13,13 @@
   <package id="Microsoft.AspNet.WebApi.SelfHost" version="4.0.30506.0" targetFramework="net45" />
   <package id="Microsoft.AspNet.WebApi.WebHost" version="5.2.3" targetFramework="net45" />
   <package id="Microsoft.AspNet.WebPages" version="3.2.3" targetFramework="net45" />
+  <package id="Microsoft.Owin" version="3.0.1" targetFramework="net45" />
   <package id="Microsoft.Web.Infrastructure" version="1.0.0.0" targetFramework="net45" />
   <package id="MiniProfiler" version="2.1.0" targetFramework="net45" />
   <package id="Moq" version="4.1.1309.0919" targetFramework="net45" />
   <package id="Newtonsoft.Json" version="6.0.8" targetFramework="net45" />
   <package id="NUnit" version="2.6.2" targetFramework="net45" />
+  <package id="Owin" version="1.0" targetFramework="net45" />
   <package id="Selenium.WebDriver" version="2.32.0" targetFramework="net45" />
   <package id="semver" version="1.1.2" targetFramework="net45" />
   <package id="SharpZipLib" version="0.86.0" targetFramework="net45" />