Fixes: U4-2232 UmbracoAuthorizeAttribute breaks Relfection methods - ensures that no singleton instances are passed into attributes since they only ever get created once, meaning we're left with a stale version in the attribute.

2013-07-31 16:45:11 +10:00
parent ad697db42b
commit e2eeafcbfc
5 changed files with 80 additions and 30 deletions
--- a/src/Umbraco.Web/WebApi/MemberAuthorizeAttribute.cs
+++ b/src/Umbraco.Web/WebApi/MemberAuthorizeAttribute.cs
@@ -16,21 +16,27 @@ namespace Umbraco.Web.WebApi
    public sealed class MemberAuthorizeAttribute : AuthorizeAttribute
    {

-        private readonly ApplicationContext _applicationContext;
        private readonly UmbracoContext _umbracoContext;

+        private UmbracoContext GetUmbracoContext()
+        {
+            return _umbracoContext ?? UmbracoContext.Current;
+        }
+
+        /// <summary>
+        /// THIS SHOULD BE ONLY USED FOR UNIT TESTS
+        /// </summary>
+        /// <param name="umbracoContext"></param>
        public MemberAuthorizeAttribute(UmbracoContext umbracoContext)
        {
            if (umbracoContext == null) throw new ArgumentNullException("umbracoContext");
            _umbracoContext = umbracoContext;
-            _applicationContext = _umbracoContext.Application;
        }

        public MemberAuthorizeAttribute()
-            : this(UmbracoContext.Current)
-		{
+        {

-		}
+        }

        /// <summary>
        /// Flag for whether to allow all site visitors or just authenticated members
@@ -74,7 +80,7 @@ namespace Umbraco.Web.WebApi
                }
            }

-            return _umbracoContext.Security.IsMemberAuthorized(AllowAll,
+            return GetUmbracoContext().Security.IsMemberAuthorized(AllowAll,
                                                  AllowType.Split(','),
                                                  AllowGroup.Split(','),
                                                  members);
--- a/src/Umbraco.Web/WebApi/UmbracoAuthorizeAttribute.cs
+++ b/src/Umbraco.Web/WebApi/UmbracoAuthorizeAttribute.cs
@@ -13,6 +13,20 @@ namespace Umbraco.Web.WebApi
        private readonly ApplicationContext _applicationContext;
        private readonly UmbracoContext _umbracoContext;

+        private ApplicationContext GetApplicationContext()
+        {
+            return _applicationContext ?? ApplicationContext.Current;
+        }
+
+        private UmbracoContext GetUmbracoContext()
+        {
+            return _umbracoContext ?? UmbracoContext.Current;
+        }
+
+        /// <summary>
+        /// THIS SHOULD BE ONLY USED FOR UNIT TESTS
+        /// </summary>
+        /// <param name="umbracoContext"></param>
        public UmbracoAuthorizeAttribute(UmbracoContext umbracoContext)
        {
            if (umbracoContext == null) throw new ArgumentNullException("umbracoContext");
@@ -21,9 +35,7 @@ namespace Umbraco.Web.WebApi
        }

        public UmbracoAuthorizeAttribute()
-            : this(UmbracoContext.Current)
        {
-
        }

        protected override bool IsAuthorized(System.Web.Http.Controllers.HttpActionContext actionContext)
@@ -31,9 +43,10 @@ namespace Umbraco.Web.WebApi
            try
            {
                //we need to that the app is configured and that a user is logged in
-                if (!_applicationContext.IsConfigured)
+                if (!GetApplicationContext().IsConfigured)
                    return false;
-                var isLoggedIn = _umbracoContext.Security.ValidateUserContextId(_umbracoContext.Security.UmbracoUserContextId);
+                var umbCtx = GetUmbracoContext();
+                var isLoggedIn = umbCtx.Security.ValidateUserContextId(umbCtx.Security.UmbracoUserContextId);
                return isLoggedIn;
            }
            catch (Exception)