Merge pull request #1205 from sbwalker/dev

Ensure Install Wizard will only be displayed if the Master database connection string in appsettings.json is not specified. This addresses a potential security issue where the Install Wizard could be displayed in an existing installation if the Master database connection failed during startup.
2021-03-30 17:46:42 -04:00
parent 3c5e7f997b 09c040128a
commit c037614917
8 changed files with 63 additions and 32 deletions
--- a/Oqtane.Client/App.razor
+++ b/Oqtane.Client/App.razor
@ -1,31 +1,39 @@
-@inject IInstallationService InstallationService
+@inject IInstallationService InstallationService

@if (_initialized)
 {
-    @if (!_installed)
+    @if (!_installation.Success)
    {
        <Installer />
    }
    else
    {
-        <CascadingAuthenticationState>
-            <CascadingValue Value="@PageState">
-                <SiteRouter OnStateChange="@ChangeState" />
-            </CascadingValue>
-        </CascadingAuthenticationState>
+        @if (string.IsNullOrEmpty(_installation.Message))
+        {
+            <CascadingAuthenticationState>
+                <CascadingValue Value="@PageState">
+                    <SiteRouter OnStateChange="@ChangeState" />
+                </CascadingValue>
+            </CascadingAuthenticationState>
+        }
+        else
+        {
+            <div class="app-alert">
+                @_installation.Message
+            </div> 
+        }
    }
 }

@code {
+    private Installation _installation;
    private bool _initialized;
-    private bool _installed;

    private PageState PageState { get; set; }

    protected override async Task OnParametersSetAsync()
    {
-        var installation = await InstallationService.IsInstalled();
-        _installed = installation.Success;
+        _installation = await InstallationService.IsInstalled();
        _initialized = true;
    }

--- a/Oqtane.Client/Modules/Admin/Sites/Index.razor
+++ b/Oqtane.Client/Modules/Admin/Sites/Index.razor
@ -22,7 +22,7 @@ else
        <Row>
            <td><ActionLink Action="Edit" Parameters="@($"id=" + context.AliasId.ToString())" ResourceKey="EditSite" /></td>
            <td><ActionDialog Header="Delete Site" Message="@Localizer["Are You Sure You Wish To Delete The {0} Site?", context.Name]" Action="Delete" Security="SecurityAccessLevel.Admin" Class="btn btn-danger" OnClick="@(async () => await DeleteSite(context))" ResourceKey="DeleteSite" /></td>
-            <td><a href="@(_scheme + context.Name)">@context.Name</a></td>
+            <td><a href="@(_scheme + context.Name +"?reload")">@context.Name</a></td>
        </Row>
    </Pager>
 }