From 0586647590ceecafab4fb02607ee075e76ecfa52 Mon Sep 17 00:00:00 2001 From: donker Date: Thu, 2 Apr 2020 23:36:42 +0200 Subject: [PATCH 1/2] Fixes #3658 by allowing a superuser to be returned for this query --- .../Website/DotNetNuke.Website.csproj | 1 + .../SqlDataProvider/09.06.00.SqlDataProvider | 28 +++++++++++++++++++ 2 files changed, 29 insertions(+) create mode 100644 DNN Platform/Website/Providers/DataProviders/SqlDataProvider/09.06.00.SqlDataProvider diff --git a/DNN Platform/Website/DotNetNuke.Website.csproj b/DNN Platform/Website/DotNetNuke.Website.csproj index a311244f82e..46163b03e22 100644 --- a/DNN Platform/Website/DotNetNuke.Website.csproj +++ b/DNN Platform/Website/DotNetNuke.Website.csproj @@ -3325,6 +3325,7 @@ + diff --git a/DNN Platform/Website/Providers/DataProviders/SqlDataProvider/09.06.00.SqlDataProvider b/DNN Platform/Website/Providers/DataProviders/SqlDataProvider/09.06.00.SqlDataProvider new file mode 100644 index 00000000000..7f70973fe3a --- /dev/null +++ b/DNN Platform/Website/Providers/DataProviders/SqlDataProvider/09.06.00.SqlDataProvider @@ -0,0 +1,28 @@ +/************************************************************/ +/***** SqlDataProvider *****/ +/***** *****/ +/***** *****/ +/***** Note: To manually execute this script you must *****/ +/***** perform a search and replace operation *****/ +/***** for {databaseOwner} and {objectQualifier} *****/ +/***** *****/ +/************************************************************/ + +IF EXISTS (SELECT * FROM sys.objects WHERE object_id = OBJECT_ID(N'{databaseOwner}{objectQualifier}GetSingleUserByEmail') AND type in (N'P', N'PC')) +DROP PROCEDURE {databaseOwner}{objectQualifier}GetSingleUserByEmail +GO + +SET ANSI_NULLS ON +GO +SET QUOTED_IDENTIFIER ON +GO +CREATE PROCEDURE {databaseOwner}{objectQualifier}GetSingleUserByEmail +@PortalId INT, + @Email nvarchar(255) +AS + SELECT ISNULL((SELECT TOP 1 U.UserId from {databaseOwner}{objectQualifier}Users U LEFT JOIN {databaseOwner}{objectQualifier}UserPortals UP on UP.[UserId] = U.[UserId] AND UP.[PortalId] = @PortalId WHERE U.Email = @Email AND (UP.[PortalId] = @PortalId OR U.IsSuperUser=1)), -1) +GO + +/************************************************************/ +/***** SqlDataProvider *****/ +/************************************************************/ From 8f927cbe57019198053a0885c1ee698951ad3edb Mon Sep 17 00:00:00 2001 From: donker Date: Fri, 3 Apr 2020 00:03:46 +0200 Subject: [PATCH 2/2] Make sure to look up user against effective portal --- .../DesktopModules/AuthenticationServices/DNN/Login.ascx.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DNN Platform/Website/DesktopModules/AuthenticationServices/DNN/Login.ascx.cs b/DNN Platform/Website/DesktopModules/AuthenticationServices/DNN/Login.ascx.cs index 2f09a7c837d..ec046303f8d 100644 --- a/DNN Platform/Website/DesktopModules/AuthenticationServices/DNN/Login.ascx.cs +++ b/DNN Platform/Website/DesktopModules/AuthenticationServices/DNN/Login.ascx.cs @@ -259,7 +259,7 @@ private void OnLoginClick(object sender, EventArgs e) if (emailUsedAsUsername) { // one additonal call to db to see if an account with that email actually exists - userByEmail = UserController.GetUserByEmail(PortalId, userName); + userByEmail = UserController.GetUserByEmail(PortalController.GetEffectivePortalId(PortalId), userName); if (userByEmail != null) {