Use Invariant when toString userIds

bergmania · bergmania · commit 68d4d76da2c7 · 2021-09-20T11:30:09.000+02:00
diff --git a/src/Umbraco.Infrastructure/Install/InstallSteps/NewInstallStep.cs b/src/Umbraco.Infrastructure/Install/InstallSteps/NewInstallStep.cs
@@ -73,11 +73,11 @@ public override async Task<InstallSetupResult> ExecuteAsync(UserModel user)
 
             _userService.Save(admin);
 
-            var membershipUser = await _userManager.FindByIdAsync(Constants.Security.SuperUserId.ToString());
+            var membershipUser = await _userManager.FindByIdAsync(Constants.Security.SuperUserIdAsString);
             if (membershipUser == null)
             {
                 throw new InvalidOperationException(
-                    $"No user found in membership provider with id of {Constants.Security.SuperUserId}.");
+                    $"No user found in membership provider with id of {Constants.Security.SuperUserIdAsString}.");
             }
 
             //To change the password here we actually need to reset it since we don't have an old one to use to change
diff --git a/src/Umbraco.Infrastructure/Persistence/Factories/ExternalLoginFactory.cs b/src/Umbraco.Infrastructure/Persistence/Factories/ExternalLoginFactory.cs
@@ -9,7 +9,7 @@ internal static class ExternalLoginFactory
     {
         public static IIdentityUserToken BuildEntity(ExternalLoginTokenDto dto)
         {
-            var entity = new IdentityUserToken(dto.Id, dto.ExternalLoginDto.LoginProvider, dto.Name, dto.Value, dto.ExternalLoginDto.UserId.ToString(), dto.CreateDate);
+            var entity = new IdentityUserToken(dto.Id, dto.ExternalLoginDto.LoginProvider, dto.Name, dto.Value, dto.ExternalLoginDto.UserId.ToString(CultureInfo.InvariantCulture), dto.CreateDate);
 
             // reset dirty initial properties (U4-1946)
             entity.ResetDirtyProperties(false);
@@ -18,7 +18,7 @@ public static IIdentityUserToken BuildEntity(ExternalLoginTokenDto dto)
 
         public static IIdentityUserLogin BuildEntity(ExternalLoginDto dto)
         {
-            var entity = new IdentityUserLogin(dto.Id, dto.LoginProvider, dto.ProviderKey, dto.UserId.ToString(), dto.CreateDate)
+            var entity = new IdentityUserLogin(dto.Id, dto.LoginProvider, dto.ProviderKey, dto.UserId.ToString(CultureInfo.InvariantCulture), dto.CreateDate)
             {
                 UserData = dto.UserData
             };
diff --git a/src/Umbraco.Infrastructure/Security/MemberIdentityUser.cs b/src/Umbraco.Infrastructure/Security/MemberIdentityUser.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.Globalization;
 using System.Linq;
 using Umbraco.Cms.Core.Models.Membership;
 using Umbraco.Extensions;
@@ -11,7 +12,7 @@ namespace Umbraco.Cms.Core.Security
     /// </summary>
     public class MemberIdentityUser : UmbracoIdentityUser
     {
-        private string _comments;        
+        private string _comments;
 
         // Custom comparer for enumerables
         private static readonly DelegateEqualityComparer<IReadOnlyCollection<IReadOnlyUserGroup>> s_groupsComparer = new DelegateEqualityComparer<IReadOnlyCollection<IReadOnlyUserGroup>>(
@@ -77,7 +78,7 @@ public string Comments
         /// </summary>
         public string MemberTypeAlias { get; set; }
 
-        private static string UserIdToString(int userId) => string.Intern(userId.ToString());
+        private static string UserIdToString(int userId) => string.Intern(userId.ToString(CultureInfo.InvariantCulture));
 
         // TODO: Should we support custom member properties for persistence/retrieval?
     }
diff --git a/src/Umbraco.Infrastructure/Security/UmbracoUserStore.cs b/src/Umbraco.Infrastructure/Security/UmbracoUserStore.cs
@@ -37,7 +37,7 @@ protected static int UserIdToInt(string userId)
             throw new InvalidOperationException($"Unable to convert user ID ({userId})to int using InvariantCulture");
         }
 
-        protected static string UserIdToString(int userId) => string.Intern(userId.ToString());
+        protected static string UserIdToString(int userId) => string.Intern(userId.ToString(CultureInfo.InvariantCulture));
 
         /// <summary>
         /// Not supported in Umbraco
diff --git a/src/Umbraco.Infrastructure/Services/Implement/ExternalLoginService.cs b/src/Umbraco.Infrastructure/Services/Implement/ExternalLoginService.cs
@@ -1,4 +1,5 @@
 using System.Collections.Generic;
+using System.Globalization;
 using System.Linq;
 using Microsoft.Extensions.Logging;
 using Umbraco.Cms.Core.Events;
@@ -25,7 +26,7 @@ public IEnumerable<IIdentityUserLogin> GetExternalLogins(int userId)
             using (var scope = ScopeProvider.CreateScope(autoComplete: true))
             {
                 // TODO: This is temp until we update the external service to support guids for both users and members
-                var asString = userId.ToString();
+                var asString = userId.ToString(CultureInfo.InvariantCulture);
                 return _externalLoginRepository.Get(Query<IIdentityUserLogin>().Where(x => x.UserId == asString))
                     .ToList();
             }
@@ -36,7 +37,7 @@ public IEnumerable<IIdentityUserToken> GetExternalLoginTokens(int userId)
             using (var scope = ScopeProvider.CreateScope(autoComplete: true))
             {
                 // TODO: This is temp until we update the external service to support guids for both users and members
-                var asString = userId.ToString();
+                var asString = userId.ToString(CultureInfo.InvariantCulture);
                 return _externalLoginRepository.Get(Query<IIdentityUserToken>().Where(x => x.UserId == asString))
                     .ToList();
             }
diff --git a/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/AdminUsersHandlerTests.cs b/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/AdminUsersHandlerTests.cs
@@ -2,6 +2,7 @@
 // See LICENSE for more details.
 
 using System.Collections.Generic;
+using System.Globalization;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authorization;
@@ -59,7 +60,7 @@ public async Task Non_Integer_QueryString_Value_Is_Authorized()
         public async Task Editing_Single_Admin_User_By_Admin_User_Is_Authorized()
         {
             AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext();
-            AdminUsersHandler sut = CreateHandler(queryStringValue: Admin2UserId.ToString(), editingWithAdmin: true);
+            AdminUsersHandler sut = CreateHandler(queryStringValue: Admin2UserId.ToString(CultureInfo.InvariantCulture), editingWithAdmin: true);
 
             await sut.HandleAsync(authHandlerContext);
 
@@ -70,7 +71,7 @@ public async Task Editing_Single_Admin_User_By_Admin_User_Is_Authorized()
         public async Task Editing_Single_Admin_User_By_Non_Admin_User_Is_Not_Authorized()
         {
             AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext();
-            AdminUsersHandler sut = CreateHandler(queryStringValue: Admin2UserId.ToString());
+            AdminUsersHandler sut = CreateHandler(queryStringValue: Admin2UserId.ToString(CultureInfo.InvariantCulture));
 
             await sut.HandleAsync(authHandlerContext);
 
@@ -81,7 +82,7 @@ public async Task Editing_Single_Admin_User_By_Non_Admin_User_Is_Not_Authorized(
         public async Task Editing_Single_Non_Admin_User_By_Non_Admin_User_Is_Authorized()
         {
             AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext();
-            AdminUsersHandler sut = CreateHandler(queryStringValue: NonAdmin2UserId.ToString());
+            AdminUsersHandler sut = CreateHandler(queryStringValue: NonAdmin2UserId.ToString(CultureInfo.InvariantCulture));
 
             await sut.HandleAsync(authHandlerContext);
 
diff --git a/src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs b/src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.Globalization;
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
@@ -510,7 +511,7 @@ public async Task<ActionResult<UserDetail>> PostVerify2FACode(Verify2FACodeModel
         [AllowAnonymous]
         public async Task<IActionResult> PostSetPassword(SetPasswordModel model)
         {
-            var identityUser = await _userManager.FindByIdAsync(model.UserId.ToString());
+            var identityUser = await _userManager.FindByIdAsync(model.UserId.ToString(CultureInfo.InvariantCulture));
 
             var result = await _userManager.ResetPasswordAsync(identityUser, model.ResetCode, model.Password);
             if (result.Succeeded)
@@ -560,7 +561,7 @@ public async Task<IActionResult> PostSetPassword(SetPasswordModel model)
                     }
                 }
 
-                _userManager.NotifyForgotPasswordChanged(User, model.UserId.ToString());
+                _userManager.NotifyForgotPasswordChanged(User, model.UserId.ToString(CultureInfo.InvariantCulture));
                 return Ok();
             }
 
diff --git a/src/Umbraco.Web.BackOffice/Controllers/BackOfficeController.cs b/src/Umbraco.Web.BackOffice/Controllers/BackOfficeController.cs
@@ -348,7 +348,7 @@ public ActionResult LinkLogin(string provider)
         [AllowAnonymous]
         public async Task<IActionResult> ValidatePasswordResetCode([Bind(Prefix = "u")]int userId, [Bind(Prefix = "r")]string resetCode)
         {
-            var user = await _userManager.FindByIdAsync(userId.ToString());
+            var user = await _userManager.FindByIdAsync(userId.ToString(CultureInfo.InvariantCulture));
             if (user != null)
             {
                 var result = await _userManager.VerifyUserTokenAsync(user, "Default", "ResetPassword", resetCode);
diff --git a/src/Umbraco.Web.BackOffice/Controllers/CurrentUserController.cs b/src/Umbraco.Web.BackOffice/Controllers/CurrentUserController.cs
@@ -250,7 +250,7 @@ public async Task<ActionResult<ModelWithNotifications<string>>> PostChangePasswo
         [ValidateAngularAntiForgeryToken]
         public async Task<Dictionary<string, string>> GetCurrentUserLinkedLogins()
         {
-            var identityUser = await _backOfficeUserManager.FindByIdAsync(_backofficeSecurityAccessor.BackOfficeSecurity.GetUserId().ResultOr(0).ToString());
+            var identityUser = await _backOfficeUserManager.FindByIdAsync(_backofficeSecurityAccessor.BackOfficeSecurity.GetUserId().ResultOr(0).ToString(CultureInfo.InvariantCulture));
 
             // deduplicate in case there are duplicates (there shouldn't be now since we have a unique constraint on the external logins
             // but there didn't used to be)
diff --git a/src/Umbraco.Web.BackOffice/Install/CreateUnattendedUserNotificationHandler.cs b/src/Umbraco.Web.BackOffice/Install/CreateUnattendedUserNotificationHandler.cs
@@ -76,10 +76,10 @@ public async Task HandleAsync(UnattendedInstallNotification notification, Cancel
             // Uses same approach as NewInstall Step
             using IServiceScope scope = _serviceScopeFactory.CreateScope();
             IBackOfficeUserManager backOfficeUserManager = scope.ServiceProvider.GetRequiredService<IBackOfficeUserManager>();
-            BackOfficeIdentityUser membershipUser = await backOfficeUserManager.FindByIdAsync(Core.Constants.Security.SuperUserId.ToString());
+            BackOfficeIdentityUser membershipUser = await backOfficeUserManager.FindByIdAsync(Core.Constants.Security.SuperUserIdAsString);
             if (membershipUser == null)
             {
-                throw new InvalidOperationException($"No user found in membership provider with id of {Core.Constants.Security.SuperUserId}.");
+                throw new InvalidOperationException($"No user found in membership provider with id of {Core.Constants.Security.SuperUserIdAsString}.");
             }
 
             //To change the password here we actually need to reset it since we don't have an old one to use to change

Original file line number	Diff line number	Diff line change
`@@ -73,11 +73,11 @@ public override async Task<InstallSetupResult> ExecuteAsync(UserModel user)`
`73`	`73`
`74`	`74`	`_userService.Save(admin);`
`75`	`75`
`76`		`- var membershipUser = await _userManager.FindByIdAsync(Constants.Security.SuperUserId.ToString());`
	`76`	`+ var membershipUser = await _userManager.FindByIdAsync(Constants.Security.SuperUserIdAsString);`
`77`	`77`	`if (membershipUser == null)`
`78`	`78`	`{`
`79`	`79`	`throw new InvalidOperationException(`
`80`		`- $"No user found in membership provider with id of {Constants.Security.SuperUserId}.");`
	`80`	`+ $"No user found in membership provider with id of {Constants.Security.SuperUserIdAsString}.");`
`81`	`81`	`}`
`82`	`82`
`83`	`83`	`//To change the password here we actually need to reset it since we don't have an old one to use to change`
Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@ internal static class ExternalLoginFactory`
`9`	`9`	`{`
`10`	`10`	`public static IIdentityUserToken BuildEntity(ExternalLoginTokenDto dto)`
`11`	`11`	`{`
`12`		`- var entity = new IdentityUserToken(dto.Id, dto.ExternalLoginDto.LoginProvider, dto.Name, dto.Value, dto.ExternalLoginDto.UserId.ToString(), dto.CreateDate);`
	`12`	`+ var entity = new IdentityUserToken(dto.Id, dto.ExternalLoginDto.LoginProvider, dto.Name, dto.Value, dto.ExternalLoginDto.UserId.ToString(CultureInfo.InvariantCulture), dto.CreateDate);`
`13`	`13`
`14`	`14`	`// reset dirty initial properties (U4-1946)`
`15`	`15`	`entity.ResetDirtyProperties(false);`
`@@ -18,7 +18,7 @@ public static IIdentityUserToken BuildEntity(ExternalLoginTokenDto dto)`
`18`	`18`
`19`	`19`	`public static IIdentityUserLogin BuildEntity(ExternalLoginDto dto)`
`20`	`20`	`{`
`21`		`- var entity = new IdentityUserLogin(dto.Id, dto.LoginProvider, dto.ProviderKey, dto.UserId.ToString(), dto.CreateDate)`
	`21`	`+ var entity = new IdentityUserLogin(dto.Id, dto.LoginProvider, dto.ProviderKey, dto.UserId.ToString(CultureInfo.InvariantCulture), dto.CreateDate)`
`22`	`22`	`{`
`23`	`23`	`UserData = dto.UserData`
`24`	`24`	`};`
Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,7 @@ protected static int UserIdToInt(string userId)`
`37`	`37`	`throw new InvalidOperationException($"Unable to convert user ID ({userId})to int using InvariantCulture");`
`38`	`38`	`}`
`39`	`39`
`40`		`- protected static string UserIdToString(int userId) => string.Intern(userId.ToString());`
	`40`	`+ protected static string UserIdToString(int userId) => string.Intern(userId.ToString(CultureInfo.InvariantCulture));`
`41`	`41`
`42`	`42`	`/// <summary>`
`43`	`43`	`/// Not supported in Umbraco`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`using System.Collections.Generic;`
	`2`	`+using System.Globalization;`
`2`	`3`	`using System.Linq;`
`3`	`4`	`using Microsoft.Extensions.Logging;`
`4`	`5`	`using Umbraco.Cms.Core.Events;`
`@@ -25,7 +26,7 @@ public IEnumerable<IIdentityUserLogin> GetExternalLogins(int userId)`
`25`	`26`	`using (var scope = ScopeProvider.CreateScope(autoComplete: true))`
`26`	`27`	`{`
`27`	`28`	`// TODO: This is temp until we update the external service to support guids for both users and members`
`28`		`- var asString = userId.ToString();`
	`29`	`+ var asString = userId.ToString(CultureInfo.InvariantCulture);`
`29`	`30`	`return _externalLoginRepository.Get(Query<IIdentityUserLogin>().Where(x => x.UserId == asString))`
`30`	`31`	`.ToList();`
`31`	`32`	`}`
`@@ -36,7 +37,7 @@ public IEnumerable<IIdentityUserToken> GetExternalLoginTokens(int userId)`
`36`	`37`	`using (var scope = ScopeProvider.CreateScope(autoComplete: true))`
`37`	`38`	`{`
`38`	`39`	`// TODO: This is temp until we update the external service to support guids for both users and members`
`39`		`- var asString = userId.ToString();`
	`40`	`+ var asString = userId.ToString(CultureInfo.InvariantCulture);`
`40`	`41`	`return _externalLoginRepository.Get(Query<IIdentityUserToken>().Where(x => x.UserId == asString))`
`41`	`42`	`.ToList();`
`42`	`43`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,6 @@`
`1`	`1`	`using System;`
`2`	`2`	`using System.Collections.Generic;`
	`3`	`+using System.Globalization;`
`3`	`4`	`using System.Linq;`
`4`	`5`	`using System.Security.Claims;`
`5`	`6`	`using System.Threading.Tasks;`
`@@ -510,7 +511,7 @@ public async Task<ActionResult<UserDetail>> PostVerify2FACode(Verify2FACodeModel`
`510`	`511`	`[AllowAnonymous]`
`511`	`512`	`public async Task<IActionResult> PostSetPassword(SetPasswordModel model)`
`512`	`513`	`{`
`513`		`- var identityUser = await _userManager.FindByIdAsync(model.UserId.ToString());`
	`514`	`+ var identityUser = await _userManager.FindByIdAsync(model.UserId.ToString(CultureInfo.InvariantCulture));`
`514`	`515`
`515`	`516`	`var result = await _userManager.ResetPasswordAsync(identityUser, model.ResetCode, model.Password);`
`516`	`517`	`if (result.Succeeded)`
`@@ -560,7 +561,7 @@ public async Task<IActionResult> PostSetPassword(SetPasswordModel model)`
`560`	`561`	`}`
`561`	`562`	`}`
`562`	`563`
`563`		`- _userManager.NotifyForgotPasswordChanged(User, model.UserId.ToString());`
	`564`	`+ _userManager.NotifyForgotPasswordChanged(User, model.UserId.ToString(CultureInfo.InvariantCulture));`
`564`	`565`	`return Ok();`
`565`	`566`	`}`
`566`	`567`
Original file line number	Diff line number	Diff line change
`@@ -348,7 +348,7 @@ public ActionResult LinkLogin(string provider)`
`348`	`348`	`[AllowAnonymous]`
`349`	`349`	`public async Task<IActionResult> ValidatePasswordResetCode([Bind(Prefix = "u")]int userId, [Bind(Prefix = "r")]string resetCode)`
`350`	`350`	`{`
`351`		`- var user = await _userManager.FindByIdAsync(userId.ToString());`
	`351`	`+ var user = await _userManager.FindByIdAsync(userId.ToString(CultureInfo.InvariantCulture));`
`352`	`352`	`if (user != null)`
`353`	`353`	`{`
`354`	`354`	`var result = await _userManager.VerifyUserTokenAsync(user, "Default", "ResetPassword", resetCode);`
Original file line number	Diff line number	Diff line change
`@@ -250,7 +250,7 @@ public async Task<ActionResult<ModelWithNotifications<string>>> PostChangePasswo`
`250`	`250`	`[ValidateAngularAntiForgeryToken]`
`251`	`251`	`public async Task<Dictionary<string, string>> GetCurrentUserLinkedLogins()`
`252`	`252`	`{`
`253`		`- var identityUser = await _backOfficeUserManager.FindByIdAsync(_backofficeSecurityAccessor.BackOfficeSecurity.GetUserId().ResultOr(0).ToString());`
	`253`	`+ var identityUser = await _backOfficeUserManager.FindByIdAsync(_backofficeSecurityAccessor.BackOfficeSecurity.GetUserId().ResultOr(0).ToString(CultureInfo.InvariantCulture));`
`254`	`254`
`255`	`255`	`// deduplicate in case there are duplicates (there shouldn't be now since we have a unique constraint on the external logins`
`256`	`256`	`// but there didn't used to be)`
Original file line number	Diff line number	Diff line change
`@@ -76,10 +76,10 @@ public async Task HandleAsync(UnattendedInstallNotification notification, Cancel`
`76`	`76`	`// Uses same approach as NewInstall Step`
`77`	`77`	`using IServiceScope scope = _serviceScopeFactory.CreateScope();`
`78`	`78`	`IBackOfficeUserManager backOfficeUserManager = scope.ServiceProvider.GetRequiredService<IBackOfficeUserManager>();`
`79`		`- BackOfficeIdentityUser membershipUser = await backOfficeUserManager.FindByIdAsync(Core.Constants.Security.SuperUserId.ToString());`
	`79`	`+ BackOfficeIdentityUser membershipUser = await backOfficeUserManager.FindByIdAsync(Core.Constants.Security.SuperUserIdAsString);`
`80`	`80`	`if (membershipUser == null)`
`81`	`81`	`{`
`82`		`- throw new InvalidOperationException($"No user found in membership provider with id of {Core.Constants.Security.SuperUserId}.");`
	`82`	`+ throw new InvalidOperationException($"No user found in membership provider with id of {Core.Constants.Security.SuperUserIdAsString}.");`
`83`	`83`	`}`
`84`	`84`
`85`	`85`	`//To change the password here we actually need to reset it since we don't have an old one to use to change`