Fix using statement order and remove duplicate attributes

Co-authored-by: AndyButland <[email protected]>

Author: Copilot

src/Umbraco.Cms.Api.Management/Controllers/RedirectUrlManagement/GetStatusRedirectUrlManagementController.cs

@@ -1,8 +1,8 @@
 using Asp.Versioning;
+using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Umbraco.Cms.Api.Management.Factories;
 using Umbraco.Cms.Api.Management.ViewModels.RedirectUrlManagement;
-using Microsoft.AspNetCore.Http;
 
 namespace Umbraco.Cms.Api.Management.Controllers.RedirectUrlManagement;
 

src/Umbraco.Cms.Api.Management/Controllers/RedirectUrlManagement/SetStatusRedirectUrlManagementController.cs

@@ -1,9 +1,9 @@
 using Asp.Versioning;
+using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Umbraco.Cms.Core.Configuration;
 using Umbraco.Cms.Core.Models.RedirectUrlManagement;
 using Umbraco.Cms.Core.Security;
-using Microsoft.AspNetCore.Http;
 
 namespace Umbraco.Cms.Api.Management.Controllers.RedirectUrlManagement;
 
@@ -25,7 +25,6 @@ public SetStatusRedirectUrlManagementController(
     // We generally don't want to edit the appsettings from our code.
     // But maybe there is a valid use case for doing it on the fly.
     [HttpPost("status")]
-    [MapToApiVersion("1.0")]
     [EndpointSummary("Gets URLs for a document.")]
     [EndpointDescription("Gets the URLs for the document identified by the provided Id.")]
     [MapToApiVersion("1.0")]

src/Umbraco.Cms.Api.Management/Controllers/Security/BackOfficeController.cs

@@ -73,8 +73,6 @@ public BackOfficeController(
     }
 
     [HttpPost("login")]
-    [MapToApiVersion("1.0")]
-    [Authorize(Policy = AuthorizationPolicies.DenyLocalLoginIfConfigured)]
     [EndpointSummary("Authenticates a user.")]
     [EndpointDescription("Authenticates a user with the provided credentials and returns authentication tokens.")]
     [MapToApiVersion("1.0")]
@@ -144,7 +142,6 @@ await _backOfficeUserManager.CheckPasswordAsync(user, model.Password))
 
     [AllowAnonymous]
     [HttpPost("verify-2fa")]
-    [MapToApiVersion("1.0")]
     [EndpointSummary("Verifies two-factor authentication.")]
     [EndpointDescription("Verifies the two-factor authentication code for the user.")]
     [MapToApiVersion("1.0")]
@@ -308,7 +305,6 @@ public async Task<IActionResult> Signout(CancellationToken cancellationToken)
     // Creates and retains a short lived secret to use in the link-login
     // endpoint because we can not protect that method with a bearer token for reasons explained there
     [HttpGet("link-login-key")]
-    [MapToApiVersion("1.0")]
     [EndpointSummary("Authenticates a user.")]
     [EndpointDescription("Authenticates a user with the provided credentials and returns authentication tokens.")]
     [MapToApiVersion("1.0")]
@@ -338,8 +334,6 @@ public async Task<IActionResult> LinkLoginKey(string provider)
     //   can't set a bearer token header.
     // we are forcing form usage here for the whole model so the secret does not end up in url logs.
     [HttpPost("link-login")]
-    [AllowAnonymous]
-    [MapToApiVersion("1.0")]
     [EndpointSummary("Authenticates a user.")]
     [EndpointDescription("Authenticates a user with the provided credentials and returns authentication tokens.")]
     [AllowAnonymous]
@@ -383,8 +377,6 @@ public async Task<IActionResult> LinkLogin([FromForm] LinkLoginRequestModel requ
     ///     which this is based on
     /// </remarks>
     [HttpGet("ExternalLinkLoginCallback")]
-    [AllowAnonymous]
-    [MapToApiVersion("1.0")]
     [EndpointSummary("Authenticates a user.")]
     [EndpointDescription("Authenticates a user with the provided credentials and returns authentication tokens.")]
     [AllowAnonymous]
@@ -412,7 +404,6 @@ RedirectResult RedirectWithStatus(string status)
     }
 
     [HttpPost("unlink-login")]
-    [MapToApiVersion("1.0")]
     [EndpointSummary("Authenticates a user.")]
     [EndpointDescription("Authenticates a user with the provided credentials and returns authentication tokens.")]
     [MapToApiVersion("1.0")]

src/Umbraco.Cms.Api.Management/Controllers/Security/BackOfficeGraphicsController.cs

@@ -36,44 +36,34 @@ public BackOfficeGraphicsController(IOptions<ContentSettings> contentSettings, I
     }
 
     [HttpGet("login-background", Name = LoginBackGroundRouteName)]
-    [AllowAnonymous]
-    [MapToApiVersion("1.0")]
     [EndpointSummary("Authenticates a user.")]
     [EndpointDescription("Authenticates a user with the provided credentials and returns authentication tokens.")]
     [AllowAnonymous]
     [MapToApiVersion("1.0")]
     public IActionResult LoginBackground() => HandleFileRequest(_contentSettings.Value.LoginBackgroundImage);
 
     [HttpGet("logo", Name = LogoRouteName)]
-    [AllowAnonymous]
-    [MapToApiVersion("1.0")]
     [EndpointSummary("Gets the login logo image.")]
     [EndpointDescription("Gets the custom login logo image if configured.")]
     [AllowAnonymous]
     [MapToApiVersion("1.0")]
     public IActionResult Logo() => HandleFileRequest(_contentSettings.Value.BackOfficeLogo);
 
     [HttpGet("logo-alternative", Name = LogoAlternativeRouteName)]
-    [AllowAnonymous]
-    [MapToApiVersion("1.0")]
     [EndpointSummary("Gets the login logo image.")]
     [EndpointDescription("Gets the custom login logo image if configured.")]
     [AllowAnonymous]
     [MapToApiVersion("1.0")]
     public IActionResult LogoAlternative() => HandleFileRequest(_contentSettings.Value.BackOfficeLogoAlternative);
 
     [HttpGet("login-logo", Name = LoginLogoRouteName)]
-    [AllowAnonymous]
-    [MapToApiVersion("1.0")]
     [EndpointSummary("Authenticates a user.")]
     [EndpointDescription("Authenticates a user with the provided credentials and returns authentication tokens.")]
     [AllowAnonymous]
     [MapToApiVersion("1.0")]
     public IActionResult LoginLogo() => HandleFileRequest(_contentSettings.Value.LoginLogoImage);
 
     [HttpGet("login-logo-alternative", Name = LoginLogoAlternativeRouteName)]
-    [AllowAnonymous]
-    [MapToApiVersion("1.0")]
     [EndpointSummary("Authenticates a user.")]
     [EndpointDescription("Authenticates a user with the provided credentials and returns authentication tokens.")]
     [AllowAnonymous]

src/Umbraco.Cms.Api.Management/Controllers/Security/ResetPasswordTokenController.cs

@@ -33,7 +33,6 @@ public ResetPasswordTokenController(IUserService userService, IOpenIddictTokenMa
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     [ProducesResponseType(typeof(ProblemDetailsBuilder), StatusCodes.Status400BadRequest)]
     [ProducesResponseType(typeof(ProblemDetailsBuilder), StatusCodes.Status404NotFound)]
-    [UserPasswordEnsureMinimumResponseTime]
     [EndpointSummary("Initiates password reset.")]
     [EndpointDescription("Initiates a password reset process for the user with the provided email.")]
     [UserPasswordEnsureMinimumResponseTime]

src/Umbraco.Cms.Api.Management/Controllers/Security/VerifyResetPasswordTokenController.cs

@@ -30,7 +30,6 @@ public VerifyResetPasswordTokenController(IUserService userService, IPasswordCon
     [ProducesResponseType(typeof(VerifyResetPasswordResponseModel), StatusCodes.Status200OK)]
     [ProducesResponseType(typeof(ProblemDetailsBuilder), StatusCodes.Status400BadRequest)]
     [ProducesResponseType(typeof(ProblemDetailsBuilder), StatusCodes.Status404NotFound)]
-    [UserPasswordEnsureMinimumResponseTime]
     [EndpointSummary("Initiates password reset.")]
     [EndpointDescription("Initiates a password reset process for the user with the provided email.")]
     [UserPasswordEnsureMinimumResponseTime]