Merge branch 'v13/dev' into v13/contrib

Author: AndyButland

src/Umbraco.Core/Cache/RepositoryCachePolicyOptions.cs

@@ -11,6 +11,7 @@ public class RepositoryCachePolicyOptions
     public RepositoryCachePolicyOptions(Func<int> performCount)
     {
         PerformCount = performCount;
+        CacheNullValues = false;
         GetAllCacheValidateCount = true;
         GetAllCacheAllowZeroCount = false;
     }
@@ -21,6 +22,7 @@ public RepositoryCachePolicyOptions(Func<int> performCount)
     public RepositoryCachePolicyOptions()
     {
         PerformCount = null;
+        CacheNullValues = false;
         GetAllCacheValidateCount = false;
         GetAllCacheAllowZeroCount = false;
     }
@@ -30,6 +32,11 @@ public RepositoryCachePolicyOptions()
     /// </summary>
     public Func<int>? PerformCount { get; set; }
 
+    /// <summary>
+    ///     True if the Get method will cache null results so that the db is not hit for repeated lookups
+    /// </summary>
+    public bool CacheNullValues { get; set; }
+
     /// <summary>
     ///     True/false as to validate the total item count when all items are returned from cache, the default is true but this
     ///     means that a db lookup will occur - though that lookup will probably be significantly less expensive than the

src/Umbraco.Core/EmbeddedResources/Snippets/LoginStatus.cshtml

@@ -5,7 +5,7 @@
 @using Umbraco.Extensions
 
 @{
-    var isLoggedIn = Context.User?.Identity?.IsAuthenticated ?? false;
+    var isLoggedIn = Context.User.GetMemberIdentity()?.IsAuthenticated ?? false;
     var logoutModel = new PostRedirectModel();
     // You can modify this to redirect to a different URL instead of the current one
     logoutModel.RedirectUrl = null;
@@ -15,7 +15,7 @@
 {
     <div class="login-status">
 
-        <p>Welcome back <strong>@Context?.User?.Identity?.Name</strong>!</p>
+        <p>Welcome back <strong>@Context.User?.GetMemberIdentity()?.Name</strong>!</p>
 
         @using (Html.BeginUmbracoForm<UmbLoginStatusController>("HandleLogout", new { RedirectUrl = logoutModel.RedirectUrl }))
         {

src/Umbraco.Infrastructure/Cache/DefaultRepositoryCachePolicy.cs

@@ -24,6 +24,8 @@ public class DefaultRepositoryCachePolicy<TEntity, TId> : RepositoryCachePolicyB
     private static readonly TEntity[] _emptyEntities = new TEntity[0]; // const
     private readonly RepositoryCachePolicyOptions _options;
 
+    private const string NullRepresentationInCache = "*NULL*";
+
     public DefaultRepositoryCachePolicy(IAppPolicyCache cache, IScopeAccessor scopeAccessor, RepositoryCachePolicyOptions options)
         : base(cache, scopeAccessor) =>
         _options = options ?? throw new ArgumentNullException(nameof(options));
@@ -116,6 +118,7 @@ public override void Delete(TEntity entity, Action<TEntity> persistDeleted)
         {
             // whatever happens, clear the cache
             var cacheKey = GetEntityCacheKey(entity.Id);
+
             Cache.Clear(cacheKey);
 
             // if there's a GetAllCacheAllowZeroCount cache, ensure it is cleared
@@ -127,20 +130,36 @@ public override void Delete(TEntity entity, Action<TEntity> persistDeleted)
     public override TEntity? Get(TId? id, Func<TId?, TEntity?> performGet, Func<TId[]?, IEnumerable<TEntity>?> performGetAll)
     {
         var cacheKey = GetEntityCacheKey(id);
+
         TEntity? fromCache = Cache.GetCacheItem<TEntity>(cacheKey);
 
-        // if found in cache then return else fetch and cache
-        if (fromCache != null)
+        // If found in cache then return immediately.
+        if (fromCache is not null)
         {
             return fromCache;
         }
 
+        // Because TEntity can never be a string, we will never be in a position where the proxy value collides withs a real value.
+        // Therefore this point can only be reached if there is a proxy null value => becomes null when cast to TEntity above OR the item simply does not exist.
+        // If we've cached a "null" value, return null.
+        if (_options.CacheNullValues && Cache.GetCacheItem<string>(cacheKey) == NullRepresentationInCache)
+        {
+            return null;
+        }
+
+        // Otherwise go to the database to retrieve.
         TEntity? entity = performGet(id);
 
         if (entity != null && entity.HasIdentity)
         {
+            // If we've found an identified entity, cache it for subsequent retrieval.
             InsertEntity(cacheKey, entity);
         }
+        else if (entity is null && _options.CacheNullValues)
+        {
+            // If we've not found an entity, and we're caching null values, cache a "null" value.
+            InsertNull(cacheKey);
+        }
 
         return entity;
     }
@@ -248,6 +267,15 @@ protected string GetEntityCacheKey(TId? id)
     protected virtual void InsertEntity(string cacheKey, TEntity entity)
         => Cache.Insert(cacheKey, () => entity, TimeSpan.FromMinutes(5), true);
 
+    protected virtual void InsertNull(string cacheKey)
+    {
+        // We can't actually cache a null value, as in doing so wouldn't be able to distinguish between
+        // a value that does exist but isn't yet cached, or a value that has been explicitly cached with a null value.
+        // Both would return null when we retrieve from the cache and we couldn't distinguish between the two.
+        // So we cache a special value that represents null, and then we can check for that value when we retrieve from the cache.
+        Cache.Insert(cacheKey, () => NullRepresentationInCache, TimeSpan.FromMinutes(5), true);
+    }
+
     protected virtual void InsertEntities(TId[]? ids, TEntity[]? entities)
     {
         if (ids?.Length == 0 && entities?.Length == 0 && _options.GetAllCacheAllowZeroCount)

src/Umbraco.Infrastructure/Persistence/Repositories/Implement/DictionaryRepository.cs

@@ -102,11 +102,10 @@ protected override IRepositoryCachePolicy<IDictionaryItem, int> CreateCachePolic
         var options = new RepositoryCachePolicyOptions
         {
             // allow zero to be cached
-            GetAllCacheAllowZeroCount = true,
+            GetAllCacheAllowZeroCount = true
         };
 
-        return new SingleItemsOnlyRepositoryCachePolicy<IDictionaryItem, int>(GlobalIsolatedCache, ScopeAccessor,
-            options);
+        return new SingleItemsOnlyRepositoryCachePolicy<IDictionaryItem, int>(GlobalIsolatedCache, ScopeAccessor, options);
     }
 
     protected IDictionaryItem ConvertFromDto(DictionaryDto dto)
@@ -190,11 +189,10 @@ protected override IRepositoryCachePolicy<IDictionaryItem, Guid> CreateCachePoli
             var options = new RepositoryCachePolicyOptions
             {
                 // allow zero to be cached
-                GetAllCacheAllowZeroCount = true,
+                GetAllCacheAllowZeroCount = true
             };
 
-            return new SingleItemsOnlyRepositoryCachePolicy<IDictionaryItem, Guid>(GlobalIsolatedCache, ScopeAccessor,
-                options);
+            return new SingleItemsOnlyRepositoryCachePolicy<IDictionaryItem, Guid>(GlobalIsolatedCache, ScopeAccessor, options);
         }
     }
 
@@ -228,12 +226,13 @@ protected override IRepositoryCachePolicy<IDictionaryItem, string> CreateCachePo
         {
             var options = new RepositoryCachePolicyOptions
             {
+                // allow null to be cached
+                CacheNullValues = true,
                 // allow zero to be cached
-                GetAllCacheAllowZeroCount = true,
+                GetAllCacheAllowZeroCount = true
             };
 
-            return new SingleItemsOnlyRepositoryCachePolicy<IDictionaryItem, string>(GlobalIsolatedCache, ScopeAccessor,
-                options);
+            return new SingleItemsOnlyRepositoryCachePolicy<IDictionaryItem, string>(GlobalIsolatedCache, ScopeAccessor, options);
         }
     }
 

src/Umbraco.Infrastructure/PropertyEditors/RichTextEditorPastedImages.cs

@@ -8,12 +8,14 @@
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
+using Umbraco.Cms.Core.Cache;
 using Umbraco.Cms.Core.Configuration.Models;
 using Umbraco.Cms.Core.Exceptions;
 using Umbraco.Cms.Core.Hosting;
 using Umbraco.Cms.Core.IO;
 using Umbraco.Cms.Core.Media;
 using Umbraco.Cms.Core.Models;
+using Umbraco.Cms.Core.Models.Membership;
 using Umbraco.Cms.Core.Models.PublishedContent;
 using Umbraco.Cms.Core.Routing;
 using Umbraco.Cms.Core.Services;
@@ -38,6 +40,9 @@ public sealed class RichTextEditorPastedImages
     private readonly IUmbracoContextAccessor _umbracoContextAccessor;
     private readonly string _tempFolderAbsolutePath;
     private readonly IImageUrlGenerator _imageUrlGenerator;
+    private readonly IEntityService _entityService;
+    private readonly IUserService _userService;
+    private readonly AppCaches _appCaches;
     private readonly ContentSettings _contentSettings;
     private readonly Dictionary<string, GuidUdi> _uploadedImages = new();
 
@@ -67,6 +72,7 @@ public RichTextEditorPastedImages(
     {
     }
 
+    [Obsolete("Use the non-obsolete constructor. Scheduled for removal in v14")]
     public RichTextEditorPastedImages(
         IUmbracoContextAccessor umbracoContextAccessor,
         ILogger<RichTextEditorPastedImages> logger,
@@ -79,6 +85,39 @@ public RichTextEditorPastedImages(
         IPublishedUrlProvider publishedUrlProvider,
         IImageUrlGenerator imageUrlGenerator,
         IOptions<ContentSettings> contentSettings)
+        : this(
+            umbracoContextAccessor,
+            logger,
+            hostingEnvironment,
+            mediaService,
+            contentTypeBaseServiceProvider,
+            mediaFileManager,
+            mediaUrlGenerators,
+            shortStringHelper,
+            publishedUrlProvider,
+            imageUrlGenerator,
+            StaticServiceProvider.Instance.GetRequiredService<IEntityService>(),
+            StaticServiceProvider.Instance.GetRequiredService<IUserService>(),
+            StaticServiceProvider.Instance.GetRequiredService<AppCaches>(),
+            contentSettings)
+    {
+    }
+
+    public RichTextEditorPastedImages(
+        IUmbracoContextAccessor umbracoContextAccessor,
+        ILogger<RichTextEditorPastedImages> logger,
+        IHostingEnvironment hostingEnvironment,
+        IMediaService mediaService,
+        IContentTypeBaseServiceProvider contentTypeBaseServiceProvider,
+        MediaFileManager mediaFileManager,
+        MediaUrlGeneratorCollection mediaUrlGenerators,
+        IShortStringHelper shortStringHelper,
+        IPublishedUrlProvider publishedUrlProvider,
+        IImageUrlGenerator imageUrlGenerator,
+        IEntityService entityService,
+        IUserService userService,
+        AppCaches appCaches,
+        IOptions<ContentSettings> contentSettings)
     {
         _umbracoContextAccessor =
             umbracoContextAccessor ?? throw new ArgumentNullException(nameof(umbracoContextAccessor));
@@ -92,6 +131,9 @@ public RichTextEditorPastedImages(
         _shortStringHelper = shortStringHelper;
         _publishedUrlProvider = publishedUrlProvider;
         _imageUrlGenerator = imageUrlGenerator;
+        _entityService = entityService;
+        _userService = userService;
+        _appCaches = appCaches;
         _contentSettings = contentSettings.Value;
 
         _tempFolderAbsolutePath = _hostingEnvironment.MapPathContentRoot(Constants.SystemDirectories.TempImageUploads);
@@ -270,7 +312,7 @@ private void PersistMediaItem(Guid mediaParentFolder, int userId, HtmlNode img,
                 : Constants.Conventions.MediaTypes.Image;
 
             IMedia mediaFile = mediaParentFolder == Guid.Empty
-                ? _mediaService.CreateMedia(mediaItemName, Constants.System.Root, mediaType, userId)
+                ? _mediaService.CreateMedia(mediaItemName, GetDefaultMediaRoot(userId), mediaType, userId)
                 : _mediaService.CreateMedia(mediaItemName, mediaParentFolder, mediaType, userId);
 
             var fileInfo = new FileInfo(absoluteTempImagePath);
@@ -354,4 +396,11 @@ private void PersistMediaItem(Guid mediaParentFolder, int userId, HtmlNode img,
     }
 
     private bool IsValidPath(string imagePath) => imagePath.StartsWith(_tempFolderAbsolutePath);
+
+    private int GetDefaultMediaRoot(int userId)
+    {
+        IUser user = _userService.GetUserById(userId) ?? throw new ArgumentException("User could not be found");
+        var userStartNodes = user.CalculateMediaStartNodeIds(_entityService, _appCaches);
+        return userStartNodes?.FirstOrDefault() ?? Constants.System.Root;
+    }
 }

src/Umbraco.Web.BackOffice/Trees/ContentTreeController.cs

@@ -317,13 +317,7 @@ protected MenuItemCollection GetAllNodeMenuItems(IUmbracoEntity item)
 
         if (_emailSender.CanSendRequiredEmail())
         {
-            menu.Items.Add(new MenuItem("notify", LocalizedTextService)
-            {
-                Icon = "icon-megaphone",
-                SeparatorBefore = true,
-                OpensDialog = true,
-                UseLegacyIcon = false
-            });
+            AddActionNode<ActionNotify>(item, menu, hasSeparator: true, opensDialog: true, useLegacyIcon: false);
         }
 
         if ((item is DocumentEntitySlim documentEntity && documentEntity.IsContainer) == false)

src/Umbraco.Web.Common/Extensions/HttpContextExtensions.cs

@@ -62,9 +62,16 @@ public static async Task<AuthenticateResult> AuthenticateBackOfficeAsync(this Ht
         // Update the HttpContext's user with the authenticated user's principal to ensure
         // that subsequent requests within the same context will recognize the user
         // as authenticated.
-        if (result.Succeeded)
+        if (result is { Succeeded: true, Principal.Identity: not null })
         {
-            httpContext.User = result.Principal;
+            // We need to get existing identities that are not the backoffice kind and flow them to the new identity
+            // Otherwise we can't log in as both a member and a backoffice user
+            // For instance if you've enabled basic auth.
+            ClaimsPrincipal? authenticatedPrincipal = result.Principal;
+            IEnumerable<ClaimsIdentity> existingIdentities = httpContext.User.Identities.Where(x => x.IsAuthenticated && x.AuthenticationType != authenticatedPrincipal.Identity.AuthenticationType);
+            authenticatedPrincipal.AddIdentities(existingIdentities);
+
+            httpContext.User = authenticatedPrincipal;
         }
 
         return result;

src/Umbraco.Web.Common/Extensions/MemberClaimsPrincipalExtensions.cs

@@ -0,0 +1,18 @@
+using System.Security.Claims;
+using Microsoft.AspNetCore.Identity;
+
+namespace Umbraco.Extensions;
+
+public static class MemberClaimsPrincipalExtensions
+{
+    /// <summary>
+    /// Tries to get specifically the member identity from the ClaimsPrincipal
+    /// </summary>
+    /// <remarks>
+    /// The identity returned is the one with default authentication type.
+    /// </remarks>
+    /// <param name="principal">The principal to find the identity in.</param>
+    /// <returns>The default authenticated authentication type identity.</returns>
+    public static ClaimsIdentity? GetMemberIdentity(this ClaimsPrincipal principal)
+        => principal.Identities.FirstOrDefault(x => x.AuthenticationType == IdentityConstants.ApplicationScheme);
+}

src/Umbraco.Web.Common/Security/MemberManager.cs

@@ -1,4 +1,5 @@
 using System.Globalization;
+using System.Security.Claims;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.Extensions.Logging;
@@ -124,8 +125,11 @@ public virtual async Task<bool> IsMemberAuthorizedAsync(
     /// <inheritdoc />
     public virtual bool IsLoggedIn()
     {
-        HttpContext? httpContext = _httpContextAccessor.HttpContext;
-        return httpContext?.User.Identity?.IsAuthenticated ?? false;
+        // We have to try and specifically find the member identity, it's entirely possible for there to be both backoffice and member.
+        ClaimsIdentity? memberIdentity = _httpContextAccessor.HttpContext?.User.GetMemberIdentity();
+
+        return memberIdentity is not null &&
+               memberIdentity.IsAuthenticated;
     }
 
     /// <inheritdoc />
@@ -181,23 +185,27 @@ public virtual Task<IReadOnlyDictionary<string, bool>> IsProtectedAsync(IEnumera
     /// <inheritdoc />
     public virtual async Task<MemberIdentityUser?> GetCurrentMemberAsync()
     {
-        if (_currentMember == null)
+        if (_currentMember is not null)
         {
-            if (!IsLoggedIn())
-            {
-                return null;
-            }
+            return _currentMember;
+        }
 
-            _currentMember = await GetUserAsync(_httpContextAccessor.HttpContext?.User!);
+        if (IsLoggedIn() is false)
+        {
+            return null;
         }
 
+        // Create a principal the represents the member security context.
+        var memberPrincipal = new ClaimsPrincipal(_httpContextAccessor.HttpContext?.User.GetMemberIdentity()!);
+        _currentMember = await GetUserAsync(memberPrincipal);
+
         return _currentMember;
     }
 
     public virtual IPublishedContent? AsPublishedMember(MemberIdentityUser user) => _store.GetPublishedMember(user);
 
     /// <summary>
-    ///     This will check if the member has access to this path
+    /// This will check if the member has access to this path.
     /// </summary>
     /// <param name="path"></param>
     /// <returns></returns>