Skip to content

Commit

Permalink
Merge pull request from GHSA-h8wc-r4jh-mg7m
Browse files Browse the repository at this point in the history
* Don't login after install

* Fail the install if database is not created

---------

Co-authored-by: Zeegaan <nge@umbraco.dk>
Co-authored-by: Nikolaj <nikolajlauridsen@protonmail.ch>
  • Loading branch information
3 people committed Jul 13, 2023
1 parent 2a601ae commit 20a4e47
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 17 deletions.
2 changes: 1 addition & 1 deletion src/Umbraco.Infrastructure/Runtime/RuntimeState.cs
Original file line number Diff line number Diff line change
Expand Up @@ -212,7 +212,7 @@ public void DetermineRuntimeLevel()
if (_globalSettings.Value.InstallMissingDatabase || _databaseProviderMetadata.CanForceCreateDatabase(_databaseFactory))
{
// ok to install on a configured but missing database
Level = RuntimeLevel.Install;
Level = RuntimeLevel.BootFailed;
Reason = RuntimeLevelReason.InstallMissingDatabase;
return;
}
Expand Down
31 changes: 15 additions & 16 deletions src/Umbraco.Web.BackOffice/Install/InstallApiController.cs
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
using System.Reflection;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Newtonsoft.Json.Linq;
using Umbraco.Cms.Core;
Expand All @@ -25,15 +26,14 @@ namespace Umbraco.Cms.Web.BackOffice.Install;
[Area(Constants.Web.Mvc.InstallArea)]
public class InstallApiController : ControllerBase
{
private readonly IBackOfficeSignInManager _backOfficeSignInManager;
private readonly IBackOfficeUserManager _backOfficeUserManager;
private readonly DatabaseBuilder _databaseBuilder;
private readonly InstallStatusTracker _installStatusTracker;
private readonly InstallStepCollection _installSteps;
private readonly ILogger<InstallApiController> _logger;
private readonly IProfilingLogger _proflog;
private readonly IRuntime _runtime;

[Obsolete("Use the constructor without IBackOfficeUserManager & IBackOfficeSignInManager instead, scheduled for removal in v14")]
public InstallApiController(
DatabaseBuilder databaseBuilder,
IProfilingLogger proflog,
Expand All @@ -44,14 +44,25 @@ public InstallApiController(
IRuntime runtime,
IBackOfficeUserManager backOfficeUserManager,
IBackOfficeSignInManager backOfficeSignInManager)
: this(databaseBuilder, proflog, logger, installHelper, installSteps, installStatusTracker, runtime)
{
}

[ActivatorUtilitiesConstructor]
public InstallApiController(
DatabaseBuilder databaseBuilder,
IProfilingLogger proflog,
ILogger<InstallApiController> logger,
InstallHelper installHelper,
InstallStepCollection installSteps,
InstallStatusTracker installStatusTracker,
IRuntime runtime)
{
_databaseBuilder = databaseBuilder ?? throw new ArgumentNullException(nameof(databaseBuilder));
_proflog = proflog ?? throw new ArgumentNullException(nameof(proflog));
_installSteps = installSteps;
_installStatusTracker = installStatusTracker;
_runtime = runtime;
_backOfficeUserManager = backOfficeUserManager;
_backOfficeSignInManager = backOfficeSignInManager;
InstallHelper = installHelper;
_logger = logger;
}
Expand Down Expand Up @@ -88,20 +99,8 @@ public InstallSetup GetSetup()
[HttpPost]
public async Task<ActionResult> CompleteInstall()
{
RuntimeLevel levelBeforeRestart = _runtime.State.Level;

await _runtime.RestartAsync();

if (levelBeforeRestart == RuntimeLevel.Install)
{
BackOfficeIdentityUser? identityUser =
await _backOfficeUserManager.FindByIdAsync(Core.Constants.Security.SuperUserIdAsString);
if (identityUser is not null)
{
_backOfficeSignInManager.SignInAsync(identityUser, false);
}
}

return NoContent();
}

Expand Down

0 comments on commit 20a4e47

Please sign in to comment.