We have moved to GitHub Issues
Created by Gavin Faux 14 May 2015, 11:17:08 Updated by Shannon Deminick 26 Jun 2017, 07:11:21
I have a site that is being upgraded from 7.2.2 to 7.2.5 and in our staging environment we are not being prompted to authorize the upgrade, other than seeing the 'Continue' prompt the process then happens automatically and leave the browser automatically logged into /umbraco as the default admin user (id 0).
I'd expect to be prompted for credentials before running the upgrade and being authenticated in back office. We've tried clearing browser cache, server caches and browser incognito mode but in all cases it appears to magically log us in without being prompted.
We've captured sessions with Fiddler, after the
UmbracoVersion step completes the next call to
POST /install/api/PostPerformInstall comes back with an authentication cookie; I can't figure out how this is happening without us having logged in first.
Note: we have run this process multiple times by just setting the
umbracoConfigurationStatus to an empty string and browsing to site home page - not sure if this is affecting upgrade behaviour?
umbracoConfigurationStatus is a version below currently installed then we have to authorise via
/umbraco/AuthorizeUpgrade, but if empty then upgrade is performed without authentication. Has this always been the case?
Yes, empty version means Umbraco isn't installed yet, then on the next request we see there IS a database and try to guess the version and upgrade. Not ideal but we do in the upgrade instructions mention to not clear the version number. https://our.umbraco.org/documentation/Installation/Upgrading/general#Mergeconfigurationfiles
Closing issue due to inactivity - see blog post for details https://umbraco.com/blog/issue-tracker-cleanup/
Backwards Compatible: True
Affected versions: 7.2.2, 7.2.5
Due in version: