Add defensive coding to the member application initializer (#19760)

kjac · web-flow · commit 67abecc2524f · 2025-07-21T12:24:51.000+02:00
diff --git a/src/Umbraco.Cms.Api.Delivery/Handlers/InitializeMemberApplicationNotificationHandler.cs b/src/Umbraco.Cms.Api.Delivery/Handlers/InitializeMemberApplicationNotificationHandler.cs
@@ -6,6 +6,7 @@
 using Umbraco.Cms.Core.Events;
 using Umbraco.Cms.Core.Notifications;
 using Umbraco.Cms.Core.Services;
+using Umbraco.Cms.Core.Sync;
 using Umbraco.Cms.Infrastructure.Security;
 
 namespace Umbraco.Cms.Api.Delivery.Handlers;
@@ -16,16 +17,21 @@ internal sealed class InitializeMemberApplicationNotificationHandler : INotifica
     private readonly ILogger<InitializeMemberApplicationNotificationHandler> _logger;
     private readonly DeliveryApiSettings _deliveryApiSettings;
     private readonly IServiceScopeFactory _serviceScopeFactory;
+    private readonly IServerRoleAccessor _serverRoleAccessor;
+    private static readonly SemaphoreSlim _locker = new(1);
+    private static bool _isInitialized = false;
 
     public InitializeMemberApplicationNotificationHandler(
         IRuntimeState runtimeState,
         IOptions<DeliveryApiSettings> deliveryApiSettings,
         ILogger<InitializeMemberApplicationNotificationHandler> logger,
-        IServiceScopeFactory serviceScopeFactory)
+        IServiceScopeFactory serviceScopeFactory,
+        IServerRoleAccessor serverRoleAccessor)
     {
         _runtimeState = runtimeState;
         _logger = logger;
         _serviceScopeFactory = serviceScopeFactory;
+        _serverRoleAccessor = serverRoleAccessor;
         _deliveryApiSettings = deliveryApiSettings.Value;
     }
 
@@ -36,34 +42,55 @@ public async Task HandleAsync(UmbracoApplicationStartingNotification notificatio
             return;
         }
 
-        // we cannot inject the IMemberApplicationManager because it ultimately takes a dependency on the DbContext ... and during
-        // install that is not allowed (no connection string means no DbContext)
-        using IServiceScope scope = _serviceScopeFactory.CreateScope();
-        IMemberApplicationManager memberApplicationManager = scope.ServiceProvider.GetRequiredService<IMemberApplicationManager>();
-
-        if (_deliveryApiSettings.MemberAuthorization?.AuthorizationCodeFlow?.Enabled is not true)
+        if (_serverRoleAccessor.CurrentServerRole is ServerRole.Subscriber)
         {
-            await memberApplicationManager.DeleteMemberApplicationAsync(cancellationToken);
+            // subscriber instances should not alter the member application
             return;
         }
 
-        if (ValidateRedirectUrls(_deliveryApiSettings.MemberAuthorization.AuthorizationCodeFlow.LoginRedirectUrls) is false)
+        try
         {
-            await memberApplicationManager.DeleteMemberApplicationAsync(cancellationToken);
-            return;
-        }
+            await _locker.WaitAsync(cancellationToken);
+            if (_isInitialized)
+            {
+                return;
+            }
+
+            _isInitialized = true;
+
+            // we cannot inject the IMemberApplicationManager because it ultimately takes a dependency on the DbContext ... and during
+            // install that is not allowed (no connection string means no DbContext)
+            using IServiceScope scope = _serviceScopeFactory.CreateScope();
+            IMemberApplicationManager memberApplicationManager = scope.ServiceProvider.GetRequiredService<IMemberApplicationManager>();
+
+            if (_deliveryApiSettings.MemberAuthorization?.AuthorizationCodeFlow?.Enabled is not true)
+            {
+                await memberApplicationManager.DeleteMemberApplicationAsync(cancellationToken);
+                return;
+            }
 
-        if (_deliveryApiSettings.MemberAuthorization.AuthorizationCodeFlow.LogoutRedirectUrls.Any()
-            && ValidateRedirectUrls(_deliveryApiSettings.MemberAuthorization.AuthorizationCodeFlow.LogoutRedirectUrls) is false)
+            if (ValidateRedirectUrls(_deliveryApiSettings.MemberAuthorization.AuthorizationCodeFlow.LoginRedirectUrls) is false)
+            {
+                await memberApplicationManager.DeleteMemberApplicationAsync(cancellationToken);
+                return;
+            }
+
+            if (_deliveryApiSettings.MemberAuthorization.AuthorizationCodeFlow.LogoutRedirectUrls.Any()
+                && ValidateRedirectUrls(_deliveryApiSettings.MemberAuthorization.AuthorizationCodeFlow.LogoutRedirectUrls) is false)
+            {
+                await memberApplicationManager.DeleteMemberApplicationAsync(cancellationToken);
+                return;
+            }
+
+            await memberApplicationManager.EnsureMemberApplicationAsync(
+                _deliveryApiSettings.MemberAuthorization.AuthorizationCodeFlow.LoginRedirectUrls,
+                _deliveryApiSettings.MemberAuthorization.AuthorizationCodeFlow.LogoutRedirectUrls,
+                cancellationToken);
+        }
+        finally
         {
-            await memberApplicationManager.DeleteMemberApplicationAsync(cancellationToken);
-            return;
+            _locker.Release();
         }
-
-        await memberApplicationManager.EnsureMemberApplicationAsync(
-            _deliveryApiSettings.MemberAuthorization.AuthorizationCodeFlow.LoginRedirectUrls,
-            _deliveryApiSettings.MemberAuthorization.AuthorizationCodeFlow.LogoutRedirectUrls,
-            cancellationToken);
     }
 
     private bool ValidateRedirectUrls(Uri[] redirectUrls)
