umbraco · Zeegaan · Jul 31, 2024 · Jul 29, 2024 · bergmania · Aug 12, 2024
diff --git a/src/Umbraco.Cms.Api.Management/Security/Authorization/User/AllowedApplicationHandler.cs b/src/Umbraco.Cms.Api.Management/Security/Authorization/User/AllowedApplicationHandler.cs
@@ -17,8 +17,8 @@ public AllowedApplicationHandler(IAuthorizationHelper authorizationHelper)
 
     protected override Task<bool> IsAuthorized(AuthorizationHandlerContext context, AllowedApplicationRequirement requirement)
     {
-        IUser user = _authorizationHelper.GetUmbracoUser(context.User);
-        var allowed = user.AllowedSections.ContainsAny(requirement.Applications);
+        var allowed = _authorizationHelper.TryGetUmbracoUser(context.User, out IUser? user)
+                      && user.AllowedSections.ContainsAny(requirement.Applications);
         return Task.FromResult(allowed);
     }
 }
diff --git a/src/Umbraco.Core/Security/Authorization/AuthorizationHelper.cs b/src/Umbraco.Core/Security/Authorization/AuthorizationHelper.cs
@@ -1,3 +1,4 @@
+using System.Diagnostics.CodeAnalysis;
 using System.Security.Claims;
 using System.Security.Principal;
 using Umbraco.Cms.Core.Models.Membership;
@@ -20,8 +21,14 @@ public AuthorizationHelper(IUserService userService)
 
     /// <inheritdoc/>
     public IUser GetUmbracoUser(IPrincipal currentUser)
+        => TryGetUmbracoUser(currentUser, out IUser? user)
+            ? user
+            : throw new InvalidOperationException($"Could not obtain an {nameof(IUser)} instance from {nameof(IPrincipal)}");
+
+    /// <inheritdoc/>
+    public bool TryGetUmbracoUser(IPrincipal currentUser, [NotNullWhen(true)] out IUser? user)
     {
-        IUser? user = null;
+        user = null;
         ClaimsIdentity? umbIdentity = currentUser.GetUmbracoIdentity();
         Guid? currentUserKey = umbIdentity?.GetUserKey();
 
@@ -38,12 +45,6 @@ public IUser GetUmbracoUser(IPrincipal currentUser)
             user = _userService.GetAsync(currentUserKey.Value).GetAwaiter().GetResult();
         }
 
-        if (user is null)
-        {
-            throw new InvalidOperationException(
-                $"Could not obtain an {nameof(IUser)} instance from {nameof(IPrincipal)}");
-        }
-
-        return user;
+        return user is not null;
     }
 }
diff --git a/src/Umbraco.Core/Security/Authorization/IAuthorizationHelper.cs b/src/Umbraco.Core/Security/Authorization/IAuthorizationHelper.cs
@@ -1,3 +1,4 @@
+using System.Diagnostics.CodeAnalysis;
 using System.Security.Principal;
 using Umbraco.Cms.Core.Models.Membership;
 
@@ -9,11 +10,19 @@ namespace Umbraco.Cms.Core.Security.Authorization;
 public interface IAuthorizationHelper
 {
     /// <summary>
-    ///     Converts an <see cref="IUser" /> into <see cref="IPrincipal" />.
+    ///     Converts an <see cref="IPrincipal" /> into an <see cref="IUser" />.
     /// </summary>
     /// <param name="currentUser">The current user's principal.</param>
     /// <returns>
     ///     <see cref="IUser" />.
     /// </returns>
     IUser GetUmbracoUser(IPrincipal currentUser);
+
+    /// <summary>
+    ///     Attempts to convert an <see cref="IPrincipal" /> into an <see cref="IUser" />.
+    /// </summary>
+    /// <param name="currentUser">The current user's principal.</param>
+    /// <param name="user">The resulting <see cref="IUser" />, if the conversion is successful.</param>
+    /// <returns>True if the conversion is successful, false otherwise</returns>
+    bool TryGetUmbracoUser(IPrincipal currentUser, [NotNullWhen(true)] out IUser? user);
 }