diff --git a/src/Umbraco.Web/Editors/AuthenticationController.cs b/src/Umbraco.Web/Editors/AuthenticationController.cs index cafb85c3b4..2976c26d82 100644 --- a/src/Umbraco.Web/Editors/AuthenticationController.cs +++ b/src/Umbraco.Web/Editors/AuthenticationController.cs @@ -329,7 +329,7 @@ namespace Umbraco.Web.Editors public async Task> Get2FAProviders() { var userId = await SignInManager.GetVerifiedUserIdAsync(); - if (userId < 0) + if (userId < Core.Constants.Security.SuperUserId) { Logger.Warn("Get2FAProviders :: No verified user found, returning 404"); throw new HttpResponseException(HttpStatusCode.NotFound); @@ -345,7 +345,7 @@ namespace Umbraco.Web.Editors throw new HttpResponseException(HttpStatusCode.NotFound); var userId = await SignInManager.GetVerifiedUserIdAsync(); - if (userId < 0) + if (userId < Core.Constants.Security.SuperUserId) { Logger.Warn("Get2FAProviders :: No verified user found, returning 404"); throw new HttpResponseException(HttpStatusCode.NotFound); @@ -475,8 +475,7 @@ namespace Umbraco.Web.Editors if (UserManager != null) { - var userId = -1; - int.TryParse(User.Identity.GetUserId(), out userId); + int.TryParse(User.Identity.GetUserId(), out var userId); UserManager.RaiseLogoutSuccessEvent(userId); } diff --git a/src/Umbraco.Web/Security/BackOfficeSignInManager.cs b/src/Umbraco.Web/Security/BackOfficeSignInManager.cs index 3ce72852bf..6e32424201 100644 --- a/src/Umbraco.Web/Security/BackOfficeSignInManager.cs +++ b/src/Umbraco.Web/Security/BackOfficeSignInManager.cs @@ -227,7 +227,7 @@ namespace Umbraco.Web.Security } /// - /// Get the user id that has been verified already or -1. + /// Get the user id that has been verified already or the SuperUserId minus 1. /// /// /// @@ -240,7 +240,7 @@ namespace Umbraco.Web.Security { return ConvertIdFromString(result.Identity.GetUserId()); } - return -1; + return Constants.Security.SuperUserId - 1; } /// @@ -269,12 +269,12 @@ namespace Umbraco.Web.Security /// This is implemented because we cannot override GetVerifiedUserIdAsync and instead we have to shadow it /// so due to this and because we are using an INT as the TKey and not an object, it can never be null. Adding to that /// the default(int) value returned by the base class is always a valid user (i.e. the admin) so we just have to duplicate - /// all of this code to check for -1 instead. + /// all of this code to check for SuperUserId-1 instead. /// public override async Task TwoFactorSignInAsync(string provider, string code, bool isPersistent, bool rememberBrowser) { var userId = await GetVerifiedUserIdAsync(); - if (userId == -1) + if (userId == Constants.Security.SuperUserId - 1) { return SignInStatus.Failure; } @@ -306,12 +306,12 @@ namespace Umbraco.Web.Security /// This is implemented because we cannot override GetVerifiedUserIdAsync and instead we have to shadow it /// so due to this and because we are using an INT as the TKey and not an object, it can never be null. Adding to that /// the default(int) value returned by the base class is always a valid user (i.e. the admin) so we just have to duplicate - /// all of this code to check for -1 instead. + /// all of this code to check for SuperUserId-1 instead. /// public override async Task SendTwoFactorCodeAsync(string provider) { var userId = await GetVerifiedUserIdAsync(); - if (userId == -1) + if (userId == Constants.Security.SuperUserId - 1) return false; var token = await UserManager.GenerateTwoFactorTokenAsync(userId, provider);