Merge pull request #19371 from umbraco/v16/merge-16-release-to-main

Merged from release/16.0 to main branch

Author: andr317c

build/azure-pipelines.yml

@@ -432,6 +432,33 @@ stages:
             displayName: Start SQL Server Docker image (Linux)
             condition: and(succeeded(), eq(variables['Agent.OS'], 'Linux'))
 
+          - powershell: |
+              $maxAttempts = 12
+              $attempt = 0
+              $status = ""
+
+              while (($status -ne 'running') -and ($attempt -lt $maxAttempts)) {
+                Start-Sleep -Seconds 5
+                # We use the docker inspect command to check the status of the container. If the container is not running, we wait 5 seconds and try again. And if reaches 12 attempts, we fail the build.
+                $status = docker inspect -f '{{.State.Status}}' mssql
+
+                if ($status -ne 'running') {
+                  Write-Host "Waiting for SQL Server to be ready... Attempt $($attempt + 1)"
+                  $attempt++
+                }
+              }
+
+              if ($status -eq 'running') {
+                Write-Host "SQL Server container is running"
+                docker ps -a
+              } else {
+                Write-Host "SQL Server did not become ready in time. Last known status: $status"
+                docker logs mssql
+                exit 1
+              }
+            displayName: Wait for SQL Server to be ready (Linux)
+            condition: and(succeeded(), eq(variables['Agent.OS'], 'Linux'))
+
           - pwsh: SqlLocalDB start MSSQLLocalDB
             displayName: Start SQL Server LocalDB (Windows)
             condition: and(succeeded(), eq(variables['Agent.OS'], 'Windows_NT'))

build/nightly-E2E-test-pipelines.yml

@@ -300,17 +300,17 @@ stages:
               testCommand: "npm run testSqlite -- --shard=1/3"
               vmImage: "ubuntu-latest"
               SA_PASSWORD: $(UMBRACO__CMS__UNATTENDED__UNATTENDEDUSERPASSWORD)
-              CONNECTIONSTRINGS__UMBRACODBDSN: "Server=(local);Database=Umbraco;User Id=sa;Password=$(SA_PASSWORD);TrustServerCertificate=True"
+              CONNECTIONSTRINGS__UMBRACODBDSN: "Server=(local);Database=Umbraco;User Id=sa;Password=$(SA_PASSWORD);Encrypt=True;TrustServerCertificate=True"
             LinuxPart2Of3:
               testCommand: "npm run testSqlite -- --shard=2/3"
               vmImage: "ubuntu-latest"
               SA_PASSWORD: $(UMBRACO__CMS__UNATTENDED__UNATTENDEDUSERPASSWORD)
-              CONNECTIONSTRINGS__UMBRACODBDSN: "Server=(local);Database=Umbraco;User Id=sa;Password=$(SA_PASSWORD);TrustServerCertificate=True"
+              CONNECTIONSTRINGS__UMBRACODBDSN: "Server=(local);Database=Umbraco;User Id=sa;Password=$(SA_PASSWORD);Encrypt=True;TrustServerCertificate=True"
             LinuxPart3Of3:
               testCommand: "npm run testSqlite -- --shard=3/3"
               vmImage: "ubuntu-latest"
               SA_PASSWORD: $(UMBRACO__CMS__UNATTENDED__UNATTENDEDUSERPASSWORD)
-              CONNECTIONSTRINGS__UMBRACODBDSN: "Server=(local);Database=Umbraco;User Id=sa;Password=$(SA_PASSWORD);TrustServerCertificate=True"
+              CONNECTIONSTRINGS__UMBRACODBDSN: "Server=(local);Database=Umbraco;User Id=sa;Password=$(SA_PASSWORD);Encrypt=True;TrustServerCertificate=True"
             WindowsPart1Of3:
               vmImage: "windows-latest"
               testCommand: "npm run testSqlite -- --shard=1/3"

src/Umbraco.Cms.Api.Management/Controllers/Document/CopyDocumentController.cs

@@ -1,4 +1,4 @@
-using Asp.Versioning;
+using Asp.Versioning;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
@@ -42,12 +42,16 @@ public async Task<IActionResult> Copy(
         Guid id,
         CopyDocumentRequestModel copyDocumentRequestModel)
     {
-        AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync(
+        AuthorizationResult sourceAuthorizationResult = await _authorizationService.AuthorizeResourceAsync(
             User,
-            ContentPermissionResource.WithKeys(ActionCopy.ActionLetter, new[] { copyDocumentRequestModel.Target?.Id, id }),
+            ContentPermissionResource.WithKeys(ActionCopy.ActionLetter, [id]),
+            AuthorizationPolicies.ContentPermissionByResource);
+        AuthorizationResult destinationAuthorizationResult = await _authorizationService.AuthorizeResourceAsync(
+            User,
+            ContentPermissionResource.WithKeys(ActionNew.ActionLetter, [copyDocumentRequestModel.Target?.Id]),
             AuthorizationPolicies.ContentPermissionByResource);
 
-        if (!authorizationResult.Succeeded)
+        if (sourceAuthorizationResult.Succeeded is false || destinationAuthorizationResult.Succeeded is false)
         {
             return Forbidden();
         }

src/Umbraco.Cms.Api.Management/Controllers/Document/Item/SearchDocumentItemController.cs

@@ -28,12 +28,13 @@ public async Task<IActionResult> SearchWithTrashed(
         CancellationToken cancellationToken,
         string query,
         bool? trashed = null,
+        string? culture = null,
         int skip = 0,
         int take = 100,
         Guid? parentId = null,
         [FromQuery] IEnumerable<Guid>? allowedDocumentTypes = null)
     {
-        PagedModel<IEntitySlim> searchResult = await _indexedEntitySearchService.SearchAsync(UmbracoObjectTypes.Document, query, parentId, allowedDocumentTypes, trashed, skip, take);
+        PagedModel<IEntitySlim> searchResult = await _indexedEntitySearchService.SearchAsync(UmbracoObjectTypes.Document, query, parentId, allowedDocumentTypes, trashed, culture, skip, take);
         var result = new PagedModel<DocumentItemResponseModel>
         {
             Items = searchResult.Items.OfType<IDocumentEntitySlim>().Select(_documentPresentationFactory.CreateItemResponseModel),

src/Umbraco.Cms.Api.Management/Controllers/Document/MoveDocumentController.cs

@@ -1,4 +1,4 @@
-using Asp.Versioning;
+using Asp.Versioning;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
@@ -39,6 +39,20 @@ public MoveDocumentController(
     [ProducesResponseType(typeof(ProblemDetails), StatusCodes.Status404NotFound)]
     public async Task<IActionResult> Move(CancellationToken cancellationToken, Guid id, MoveDocumentRequestModel moveDocumentRequestModel)
     {
+        AuthorizationResult sourceAuthorizationResult = await _authorizationService.AuthorizeResourceAsync(
+            User,
+            ContentPermissionResource.WithKeys(ActionMove.ActionLetter, [id]),
+            AuthorizationPolicies.ContentPermissionByResource);
+        AuthorizationResult destinationAuthorizationResult = await _authorizationService.AuthorizeResourceAsync(
+            User,
+            ContentPermissionResource.WithKeys(ActionNew.ActionLetter, [moveDocumentRequestModel.Target?.Id]),
+            AuthorizationPolicies.ContentPermissionByResource);
+
+        if (sourceAuthorizationResult.Succeeded is false || destinationAuthorizationResult.Succeeded is false)
+        {
+            return Forbidden();
+        }
+
         AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync(
             User,
             ContentPermissionResource.WithKeys(ActionMove.ActionLetter, new[] { moveDocumentRequestModel.Target?.Id, id }),

src/Umbraco.Cms.Api.Management/Controllers/Media/Item/SearchMediaItemController.cs

@@ -21,17 +21,20 @@ public SearchMediaItemController(IIndexedEntitySearchService indexedEntitySearch
         _mediaPresentationFactory = mediaPresentationFactory;
     }
 
-    [NonAction]
-    [Obsolete("Scheduled to be removed in v16, use the non obsoleted method instead")]
-    public Task<IActionResult> SearchFromParentWithAllowedTypes(CancellationToken cancellationToken, string query, int skip = 0, int take = 100, Guid? parentId = null, [FromQuery]IEnumerable<Guid>? allowedMediaTypes = null)
-        => SearchFromParentWithAllowedTypes(cancellationToken, query, null, skip, take, parentId);
-
     [HttpGet("search")]
     [MapToApiVersion("1.0")]
     [ProducesResponseType(typeof(PagedModel<MediaItemResponseModel>), StatusCodes.Status200OK)]
-    public async Task<IActionResult> SearchFromParentWithAllowedTypes(CancellationToken cancellationToken, string query, bool? trashed = null, int skip = 0, int take = 100, Guid? parentId = null, [FromQuery]IEnumerable<Guid>? allowedMediaTypes = null)
+    public async Task<IActionResult> SearchFromParentWithAllowedTypes(
+        CancellationToken cancellationToken,
+        string query,
+        bool? trashed = null,
+        string? culture = null,
+        int skip = 0,
+        int take = 100,
+        Guid? parentId = null,
+        [FromQuery]IEnumerable<Guid>? allowedMediaTypes = null)
     {
-        PagedModel<IEntitySlim> searchResult = await _indexedEntitySearchService.SearchAsync(UmbracoObjectTypes.Media, query, parentId, allowedMediaTypes, trashed, skip, take);
+        PagedModel<IEntitySlim> searchResult = await _indexedEntitySearchService.SearchAsync(UmbracoObjectTypes.Media, query, parentId, allowedMediaTypes, trashed, culture, skip, take);
         var result = new PagedModel<MediaItemResponseModel>
         {
             Items = searchResult.Items.OfType<IMediaEntitySlim>().Select(_mediaPresentationFactory.CreateItemResponseModel),

src/Umbraco.Cms.Api.Management/Controllers/Segment/AllSegmentController.cs

@@ -14,7 +14,6 @@
 namespace Umbraco.Cms.Api.Management.Controllers.Segment;
 
 [ApiVersion("1.0")]
-[Authorize(Policy = AuthorizationPolicies.SectionAccessSettings)]
 public class AllSegmentController : SegmentControllerBase
 {
     private readonly ISegmentService _segmentService;

src/Umbraco.Cms.Api.Management/DependencyInjection/UmbracoBuilder.BackOfficeIdentity.cs

@@ -3,6 +3,7 @@
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
+using Umbraco.Cms.Api.Management.NotificationHandlers;
 using Umbraco.Cms.Api.Management.Security;
 using Umbraco.Cms.Api.Management.Services;
 using Umbraco.Cms.Api.Management.Telemetry;
@@ -12,6 +13,7 @@
 using Umbraco.Cms.Core.Events;
 using Umbraco.Cms.Core.Mapping;
 using Umbraco.Cms.Core.Net;
+using Umbraco.Cms.Core.Notifications;
 using Umbraco.Cms.Core.Persistence.Repositories;
 using Umbraco.Cms.Core.Scoping;
 using Umbraco.Cms.Core.Security;
@@ -74,6 +76,9 @@ public static IUmbracoBuilder AddBackOfficeIdentity(this IUmbracoBuilder builder
 
         services.AddScoped<IBackOfficeExternalLoginService, BackOfficeExternalLoginService>();
 
+        // Register a notification handler to interrogate the registered external login providers at startup.
+        builder.AddNotificationHandler<UmbracoApplicationStartingNotification, ExternalLoginProviderStartupHandler>();
+
         return builder;
     }
 

src/Umbraco.Cms.Api.Management/NotificationHandlers/ExternalLoginProviderStartupHandler.cs

@@ -0,0 +1,44 @@
+using Umbraco.Cms.Api.Management.Security;
+using Umbraco.Cms.Core;
+using Umbraco.Cms.Core.Events;
+using Umbraco.Cms.Core.Notifications;
+using Umbraco.Cms.Core.Services;
+using Umbraco.Cms.Core.Sync;
+
+namespace Umbraco.Cms.Api.Management.NotificationHandlers;
+
+/// <summary>
+/// Invalidates backoffice sessions and clears external logins for removed providers if the external login
+/// provider setup has changed.
+/// </summary>
+internal sealed class ExternalLoginProviderStartupHandler : INotificationHandler<UmbracoApplicationStartingNotification>
+{
+    private readonly IBackOfficeExternalLoginProviders _backOfficeExternalLoginProviders;
+    private readonly IRuntimeState _runtimeState;
+    private readonly IServerRoleAccessor _serverRoleAccessor;
+
+    /// <summary>
+    /// Initializes a new instance of the <see cref="ExternalLoginProviderStartupHandler"/> class.
+    /// </summary>
+    public ExternalLoginProviderStartupHandler(
+        IBackOfficeExternalLoginProviders backOfficeExternalLoginProviders,
+        IRuntimeState runtimeState,
+        IServerRoleAccessor serverRoleAccessor)
+    {
+        _backOfficeExternalLoginProviders = backOfficeExternalLoginProviders;
+        _runtimeState = runtimeState;
+        _serverRoleAccessor = serverRoleAccessor;
+    }
+
+    /// <inheritdoc/>
+    public void Handle(UmbracoApplicationStartingNotification notification)
+    {
+        if (_runtimeState.Level != RuntimeLevel.Run ||
+            _serverRoleAccessor.CurrentServerRole == ServerRole.Subscriber)
+        {
+            return;
+        }
+
+        _backOfficeExternalLoginProviders.InvalidateSessionsIfExternalLoginProvidersChanged();
+    }
+}

src/Umbraco.Cms.Api.Management/OpenApi.json

@@ -10159,6 +10159,13 @@
               "type": "boolean"
             }
           },
+          {
+            "name": "culture",
+            "in": "query",
+            "schema": {
+              "type": "string"
+            }
+          },
           {
             "name": "skip",
             "in": "query",
@@ -15918,6 +15925,13 @@
               "type": "boolean"
             }
           },
+          {
+            "name": "culture",
+            "in": "query",
+            "schema": {
+              "type": "string"
+            }
+          },
           {
             "name": "skip",
             "in": "query",