Member Username cannot be same as a member's id

[AaronMorf]

Which Umbraco version are you using? (Please write the exact version, example: 10.1.0)

13.4.0

Bug summary

The member username cannot be the same as the member id if the member is in the cache.

If the username is the id of another member and that member is cached, MemberService.GetByUsername will return the wrong member.

When trying to get the member using MemberService.GetByUsername, do not check the id, only the username.

Specifics

In the MemberRepository.cs where the username cache is created, it writes the same CacheKey as for the normal entity cache.
I guess this should be fixed.

Username Cache:

Umbraco-CMS/src/Umbraco.Infrastructure/Persistence/Repositories/Implement/MemberRepository.cs

Lines 230 to 231 in 00ca9e0

	public IMember? GetByUsername(string? username) =>
	_memberByUsernameCachePolicy.Get(username, PerformGetByUsername, PerformGetAllByUsername);

Umbraco-CMS/src/Umbraco.Infrastructure/Persistence/Repositories/Implement/MemberRepository.cs

Lines 69 to 70 in 00ca9e0

	_memberByUsernameCachePolicy =
	new DefaultRepositoryCachePolicy<IMember, string>(GlobalIsolatedCache, ScopeAccessor, DefaultOptions);

Entity Cache:

Umbraco-CMS/src/Umbraco.Infrastructure/Persistence/Repositories/Implement/EntityRepositoryBase.cs

Lines 196 to 197 in 00ca9e0

	protected virtual IRepositoryCachePolicy<TEntity, TId> CreateCachePolicy()
	=> new DefaultRepositoryCachePolicy<TEntity, TId>(GlobalIsolatedCache, ScopeAccessor, DefaultOptions);

Cache Key:

Umbraco-CMS/src/Umbraco.Infrastructure/Cache/DefaultRepositoryCachePolicy.cs

Lines 231 to 246 in c8899af

	protected string GetEntityCacheKey(int id) => EntityTypeCacheKey + id;
	protected string GetEntityCacheKey(TId? id)
	{
	if (EqualityComparer<TId>.Default.Equals(id, default))
	{
	return string.Empty;
	}
	if (typeof(TId).IsValueType)
	{
	return EntityTypeCacheKey + id;
	}
	return EntityTypeCacheKey + id?.ToString()?.ToUpperInvariant();
	}

Umbraco-CMS/src/Umbraco.Infrastructure/Cache/DefaultRepositoryCachePolicy.cs

Line 31 in c8899af

protected string EntityTypeCacheKey { get; } = $"uRepo_{typeof(TEntity).Name}_";

Steps to reproduce

Create a member and give them a random number (12345) as their username:

Check the new member's id and copy it (1499):

Now create another member with the copied id (1499) as their username. Click save and you will see that the username is already taken:

Once the cache is cleared (after 5 minutes or a reboot), a member can be created with the username of the first member created ID (1499) without the validation error:

When the cache is cleared (after 5 minutes or a reboot), save the first member (Test Member 12345) and try to get the new member by username (1499).
You will get the first member (Test Member 12345) instead of the correct member (Test Member 1499):
@using Umbraco.Cms.Core.Services @inject IMemberService memberService @{ var member = memberService.GetByUsername("1499"); if (member != null) { <p> Member: @member.Name </p> } }

OUTPUT: Member: Test Member 12345

EXPECTED OUTPUT: Member: Test Member 1499

Expected result / actual result

When reproducing you should see the error and the wrong cache.
The expected result would be to allow any username for a member, even if it is another member's id and to have the correct member returned.

---

This item has been added to our backlog AB#45490

[github-actions]

Hi there @AaronMorf!

Firstly, a big thank you for raising this issue. Every piece of feedback we receive helps us to make Umbraco better.

We really appreciate your patience while we wait for our team to have a look at this but we wanted to let you know that we see this and share with you the plan for what comes next.

• We'll assess whether this issue relates to something that has already been fixed in a later version of the release that it has been raised for.
• If it's a bug, is it related to a release that we are actively supporting or is it related to a release that's in the end-of-life or security-only phase?
• We'll replicate the issue to ensure that the problem is as described.
• We'll decide whether the behavior is an issue or if the behavior is intended.

We wish we could work with everyone directly and assess your issue immediately but we're in the fortunate position of having lots of contributions to work with and only a few humans who are able to do it. We are making progress though and in the meantime, we will keep you in the loop and let you know when we have any questions.

Thanks, from your friendly Umbraco GitHub bot 🤖 🙂

[NguyenThuyLan]

Thank @AaronMorf for reporting this issue. I confirm I was able to reproduce this on v13.6.0.