From 20a4e475c8d7b91d263e4e103ef19f3644e7b569 Mon Sep 17 00:00:00 2001 From: Nikolaj Geisle <70372949+zeegaan@users.noreply.github.com> Date: Thu, 13 Jul 2023 06:03:39 +0200 Subject: [PATCH] Merge pull request from GHSA-h8wc-r4jh-mg7m * Don't login after install * Fail the install if database is not created --------- Co-authored-by: Zeegaan Co-authored-by: Nikolaj --- .../Runtime/RuntimeState.cs | 2 +- .../Install/InstallApiController.cs | 31 +++++++++---------- 2 files changed, 16 insertions(+), 17 deletions(-) diff --git a/src/Umbraco.Infrastructure/Runtime/RuntimeState.cs b/src/Umbraco.Infrastructure/Runtime/RuntimeState.cs index 6597fadf61af..2e2e5dbe594c 100644 --- a/src/Umbraco.Infrastructure/Runtime/RuntimeState.cs +++ b/src/Umbraco.Infrastructure/Runtime/RuntimeState.cs @@ -212,7 +212,7 @@ public void DetermineRuntimeLevel() if (_globalSettings.Value.InstallMissingDatabase || _databaseProviderMetadata.CanForceCreateDatabase(_databaseFactory)) { // ok to install on a configured but missing database - Level = RuntimeLevel.Install; + Level = RuntimeLevel.BootFailed; Reason = RuntimeLevelReason.InstallMissingDatabase; return; } diff --git a/src/Umbraco.Web.BackOffice/Install/InstallApiController.cs b/src/Umbraco.Web.BackOffice/Install/InstallApiController.cs index 52068c6f8d93..b71093379150 100644 --- a/src/Umbraco.Web.BackOffice/Install/InstallApiController.cs +++ b/src/Umbraco.Web.BackOffice/Install/InstallApiController.cs @@ -1,5 +1,6 @@ using System.Reflection; using Microsoft.AspNetCore.Mvc; +using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Logging; using Newtonsoft.Json.Linq; using Umbraco.Cms.Core; @@ -25,8 +26,6 @@ namespace Umbraco.Cms.Web.BackOffice.Install; [Area(Constants.Web.Mvc.InstallArea)] public class InstallApiController : ControllerBase { - private readonly IBackOfficeSignInManager _backOfficeSignInManager; - private readonly IBackOfficeUserManager _backOfficeUserManager; private readonly DatabaseBuilder _databaseBuilder; private readonly InstallStatusTracker _installStatusTracker; private readonly InstallStepCollection _installSteps; @@ -34,6 +33,7 @@ public class InstallApiController : ControllerBase private readonly IProfilingLogger _proflog; private readonly IRuntime _runtime; + [Obsolete("Use the constructor without IBackOfficeUserManager & IBackOfficeSignInManager instead, scheduled for removal in v14")] public InstallApiController( DatabaseBuilder databaseBuilder, IProfilingLogger proflog, @@ -44,14 +44,25 @@ public InstallApiController( IRuntime runtime, IBackOfficeUserManager backOfficeUserManager, IBackOfficeSignInManager backOfficeSignInManager) + : this(databaseBuilder, proflog, logger, installHelper, installSteps, installStatusTracker, runtime) + { + } + + [ActivatorUtilitiesConstructor] + public InstallApiController( + DatabaseBuilder databaseBuilder, + IProfilingLogger proflog, + ILogger logger, + InstallHelper installHelper, + InstallStepCollection installSteps, + InstallStatusTracker installStatusTracker, + IRuntime runtime) { _databaseBuilder = databaseBuilder ?? throw new ArgumentNullException(nameof(databaseBuilder)); _proflog = proflog ?? throw new ArgumentNullException(nameof(proflog)); _installSteps = installSteps; _installStatusTracker = installStatusTracker; _runtime = runtime; - _backOfficeUserManager = backOfficeUserManager; - _backOfficeSignInManager = backOfficeSignInManager; InstallHelper = installHelper; _logger = logger; } @@ -88,20 +99,8 @@ public InstallSetup GetSetup() [HttpPost] public async Task CompleteInstall() { - RuntimeLevel levelBeforeRestart = _runtime.State.Level; - await _runtime.RestartAsync(); - if (levelBeforeRestart == RuntimeLevel.Install) - { - BackOfficeIdentityUser? identityUser = - await _backOfficeUserManager.FindByIdAsync(Core.Constants.Security.SuperUserIdAsString); - if (identityUser is not null) - { - _backOfficeSignInManager.SignInAsync(identityUser, false); - } - } - return NoContent(); }