From 89a668b3598c7c8b195ce95f8f8dd9ad71fabb1e Mon Sep 17 00:00:00 2001 From: Hao Kung Date: Mon, 8 Jun 2020 12:07:51 -0700 Subject: [PATCH 1/5] Flow endpoint and httpcontext always from authz middleware --- .../Policy/src/AuthorizationMiddleware.cs | 6 ++++-- .../Policy/src/AuthorizationMiddlewareContext.cs | 13 +++++++++++++ .../test/AuthorizationMiddlewareTests.cs | 10 ++++++---- 3 files changed, 23 insertions(+), 6 deletions(-) create mode 100644 src/Security/Authorization/Policy/src/AuthorizationMiddlewareContext.cs diff --git a/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs b/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs index 8963a130bf2d..4c7b45e51a44 100644 --- a/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs +++ b/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs @@ -61,8 +61,10 @@ public async Task Invoke(HttpContext context) return; } - // Note that the resource will be null if there is no matched endpoint - var authorizeResult = await policyEvaluator.AuthorizeAsync(policy, authenticateResult, context, resource: endpoint); + // Note that the endpoint will be null if there is no matched endpoint + var authZContext = new AuthorizationMiddlewareContext { Context = context, Endpoint = endpoint }; + + var authorizeResult = await policyEvaluator.AuthorizeAsync(policy, authenticateResult, context, resource: authZContext); var authorizationMiddlewareResultHandler = context.RequestServices.GetRequiredService(); await authorizationMiddlewareResultHandler.HandleAsync(_next, context, policy, authorizeResult); diff --git a/src/Security/Authorization/Policy/src/AuthorizationMiddlewareContext.cs b/src/Security/Authorization/Policy/src/AuthorizationMiddlewareContext.cs new file mode 100644 index 000000000000..dae0696a6cfd --- /dev/null +++ b/src/Security/Authorization/Policy/src/AuthorizationMiddlewareContext.cs @@ -0,0 +1,13 @@ +// Copyright (c) .NET Foundation. All rights reserved. +// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. + +using Microsoft.AspNetCore.Http; + +namespace Microsoft.AspNetCore.Authorization +{ + public class AuthorizationMiddlewareContext + { + public HttpContext Context { get; set; } + public Endpoint Endpoint { get; set; } + } +} diff --git a/src/Security/Authorization/test/AuthorizationMiddlewareTests.cs b/src/Security/Authorization/test/AuthorizationMiddlewareTests.cs index e1e50f060224..ab0a87bbbe28 100644 --- a/src/Security/Authorization/test/AuthorizationMiddlewareTests.cs +++ b/src/Security/Authorization/test/AuthorizationMiddlewareTests.cs @@ -314,13 +314,13 @@ public async Task Invoke_SingleValidClaimShouldSucceed() } [Fact] - public async Task AuthZResourceShouldBeEndpoint() + public async Task AuthZResourceShouldHaveEndpoint() { // Arrange - object resource = null; + AuthorizationMiddlewareContext resource = null; var policy = new AuthorizationPolicyBuilder().RequireAssertion(c => { - resource = c.Resource; + resource = c.Resource as AuthorizationMiddlewareContext; return true; }).Build(); var policyProvider = new Mock(); @@ -335,7 +335,9 @@ public async Task AuthZResourceShouldBeEndpoint() await middleware.Invoke(context); // Assert - Assert.Equal(endpoint, resource); + Assert.NotNull(resource); + Assert.Equal(context, resource.Context); + Assert.Equal(endpoint, resource.Endpoint); } [Fact] From 46a23b72ff577fdb5dbfdb32020604ca8e7f9016 Mon Sep 17 00:00:00 2001 From: Hao Kung Date: Mon, 8 Jun 2020 14:00:41 -0700 Subject: [PATCH 2/5] Fix ref --- .../Microsoft.AspNetCore.Authorization.Policy.netcoreapp.cs | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/Security/Authorization/Policy/ref/Microsoft.AspNetCore.Authorization.Policy.netcoreapp.cs b/src/Security/Authorization/Policy/ref/Microsoft.AspNetCore.Authorization.Policy.netcoreapp.cs index 0fa980dadc26..528f96b9560a 100644 --- a/src/Security/Authorization/Policy/ref/Microsoft.AspNetCore.Authorization.Policy.netcoreapp.cs +++ b/src/Security/Authorization/Policy/ref/Microsoft.AspNetCore.Authorization.Policy.netcoreapp.cs @@ -9,6 +9,12 @@ public AuthorizationMiddleware(Microsoft.AspNetCore.Http.RequestDelegate next, M [System.Diagnostics.DebuggerStepThroughAttribute] public System.Threading.Tasks.Task Invoke(Microsoft.AspNetCore.Http.HttpContext context) { throw null; } } + public partial class AuthorizationMiddlewareContext + { + public AuthorizationMiddlewareContext() { } + public Microsoft.AspNetCore.Http.HttpContext Context { [System.Runtime.CompilerServices.CompilerGeneratedAttribute] get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute] set { } } + public Microsoft.AspNetCore.Http.Endpoint Endpoint { [System.Runtime.CompilerServices.CompilerGeneratedAttribute] get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute] set { } } + } public partial interface IAuthorizationMiddlewareResultHandler { System.Threading.Tasks.Task HandleAsync(Microsoft.AspNetCore.Http.RequestDelegate next, Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Authorization.AuthorizationPolicy policy, Microsoft.AspNetCore.Authorization.Policy.PolicyAuthorizationResult authorizeResult); From 7a3525ea7f8dcfb0a4fc4c61ec14c8b04ca4aeb4 Mon Sep 17 00:00:00 2001 From: Hao Kung Date: Mon, 8 Jun 2020 19:24:22 -0700 Subject: [PATCH 3/5] CR feedback --- .../Authorization/Policy/src/AuthorizationMiddleware.cs | 2 +- .../Policy/src/AuthorizationMiddlewareContext.cs | 3 +-- .../Authorization/test/AuthorizationMiddlewareTests.cs | 6 +++--- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs b/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs index 4c7b45e51a44..85ddb1a7df1e 100644 --- a/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs +++ b/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs @@ -62,7 +62,7 @@ public async Task Invoke(HttpContext context) } // Note that the endpoint will be null if there is no matched endpoint - var authZContext = new AuthorizationMiddlewareContext { Context = context, Endpoint = endpoint }; + var authZContext = new AuthorizationMiddlewareContext { HttpContext = context }; var authorizeResult = await policyEvaluator.AuthorizeAsync(policy, authenticateResult, context, resource: authZContext); diff --git a/src/Security/Authorization/Policy/src/AuthorizationMiddlewareContext.cs b/src/Security/Authorization/Policy/src/AuthorizationMiddlewareContext.cs index dae0696a6cfd..31ecf8a149e3 100644 --- a/src/Security/Authorization/Policy/src/AuthorizationMiddlewareContext.cs +++ b/src/Security/Authorization/Policy/src/AuthorizationMiddlewareContext.cs @@ -7,7 +7,6 @@ namespace Microsoft.AspNetCore.Authorization { public class AuthorizationMiddlewareContext { - public HttpContext Context { get; set; } - public Endpoint Endpoint { get; set; } + public HttpContext HttpContext { get; set; } } } diff --git a/src/Security/Authorization/test/AuthorizationMiddlewareTests.cs b/src/Security/Authorization/test/AuthorizationMiddlewareTests.cs index ab0a87bbbe28..2c638d093bf0 100644 --- a/src/Security/Authorization/test/AuthorizationMiddlewareTests.cs +++ b/src/Security/Authorization/test/AuthorizationMiddlewareTests.cs @@ -314,7 +314,7 @@ public async Task Invoke_SingleValidClaimShouldSucceed() } [Fact] - public async Task AuthZResourceShouldHaveEndpoint() + public async Task AuthZResourceShouldBeHttpContextAndHaveHEndpoint() { // Arrange AuthorizationMiddlewareContext resource = null; @@ -336,8 +336,8 @@ public async Task AuthZResourceShouldHaveEndpoint() // Assert Assert.NotNull(resource); - Assert.Equal(context, resource.Context); - Assert.Equal(endpoint, resource.Endpoint); + Assert.Equal(context, resource.HttpContext); + Assert.Equal(endpoint, resource.HttpContext.GetEndpoint()); } [Fact] From 2b1321031878639a1a91c38fbcaa4514fd8c9ce8 Mon Sep 17 00:00:00 2001 From: Hao Kung Date: Mon, 8 Jun 2020 19:25:37 -0700 Subject: [PATCH 4/5] Update ref --- .../Microsoft.AspNetCore.Authorization.Policy.netcoreapp.cs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/Security/Authorization/Policy/ref/Microsoft.AspNetCore.Authorization.Policy.netcoreapp.cs b/src/Security/Authorization/Policy/ref/Microsoft.AspNetCore.Authorization.Policy.netcoreapp.cs index 528f96b9560a..8d58073cd652 100644 --- a/src/Security/Authorization/Policy/ref/Microsoft.AspNetCore.Authorization.Policy.netcoreapp.cs +++ b/src/Security/Authorization/Policy/ref/Microsoft.AspNetCore.Authorization.Policy.netcoreapp.cs @@ -12,8 +12,7 @@ public AuthorizationMiddleware(Microsoft.AspNetCore.Http.RequestDelegate next, M public partial class AuthorizationMiddlewareContext { public AuthorizationMiddlewareContext() { } - public Microsoft.AspNetCore.Http.HttpContext Context { [System.Runtime.CompilerServices.CompilerGeneratedAttribute] get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute] set { } } - public Microsoft.AspNetCore.Http.Endpoint Endpoint { [System.Runtime.CompilerServices.CompilerGeneratedAttribute] get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute] set { } } + public Microsoft.AspNetCore.Http.HttpContext HttpContext { [System.Runtime.CompilerServices.CompilerGeneratedAttribute] get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute] set { } } } public partial interface IAuthorizationMiddlewareResultHandler { From 0dba0a69d75d36bde066ba38f3f2c2032fd4113d Mon Sep 17 00:00:00 2001 From: Hao Kung Date: Wed, 17 Jun 2020 12:45:46 -0700 Subject: [PATCH 5/5] Flow HttpContext as resource directly --- ...oft.AspNetCore.Authorization.Policy.netcoreapp.cs | 5 ----- .../Policy/src/AuthorizationMiddleware.cs | 5 +---- .../Policy/src/AuthorizationMiddlewareContext.cs | 12 ------------ .../test/AuthorizationMiddlewareTests.cs | 8 ++++---- 4 files changed, 5 insertions(+), 25 deletions(-) delete mode 100644 src/Security/Authorization/Policy/src/AuthorizationMiddlewareContext.cs diff --git a/src/Security/Authorization/Policy/ref/Microsoft.AspNetCore.Authorization.Policy.netcoreapp.cs b/src/Security/Authorization/Policy/ref/Microsoft.AspNetCore.Authorization.Policy.netcoreapp.cs index 8d58073cd652..0fa980dadc26 100644 --- a/src/Security/Authorization/Policy/ref/Microsoft.AspNetCore.Authorization.Policy.netcoreapp.cs +++ b/src/Security/Authorization/Policy/ref/Microsoft.AspNetCore.Authorization.Policy.netcoreapp.cs @@ -9,11 +9,6 @@ public AuthorizationMiddleware(Microsoft.AspNetCore.Http.RequestDelegate next, M [System.Diagnostics.DebuggerStepThroughAttribute] public System.Threading.Tasks.Task Invoke(Microsoft.AspNetCore.Http.HttpContext context) { throw null; } } - public partial class AuthorizationMiddlewareContext - { - public AuthorizationMiddlewareContext() { } - public Microsoft.AspNetCore.Http.HttpContext HttpContext { [System.Runtime.CompilerServices.CompilerGeneratedAttribute] get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute] set { } } - } public partial interface IAuthorizationMiddlewareResultHandler { System.Threading.Tasks.Task HandleAsync(Microsoft.AspNetCore.Http.RequestDelegate next, Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Authorization.AuthorizationPolicy policy, Microsoft.AspNetCore.Authorization.Policy.PolicyAuthorizationResult authorizeResult); diff --git a/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs b/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs index 85ddb1a7df1e..119cc75c92a2 100644 --- a/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs +++ b/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs @@ -61,10 +61,7 @@ public async Task Invoke(HttpContext context) return; } - // Note that the endpoint will be null if there is no matched endpoint - var authZContext = new AuthorizationMiddlewareContext { HttpContext = context }; - - var authorizeResult = await policyEvaluator.AuthorizeAsync(policy, authenticateResult, context, resource: authZContext); + var authorizeResult = await policyEvaluator.AuthorizeAsync(policy, authenticateResult, context, resource: context); var authorizationMiddlewareResultHandler = context.RequestServices.GetRequiredService(); await authorizationMiddlewareResultHandler.HandleAsync(_next, context, policy, authorizeResult); diff --git a/src/Security/Authorization/Policy/src/AuthorizationMiddlewareContext.cs b/src/Security/Authorization/Policy/src/AuthorizationMiddlewareContext.cs deleted file mode 100644 index 31ecf8a149e3..000000000000 --- a/src/Security/Authorization/Policy/src/AuthorizationMiddlewareContext.cs +++ /dev/null @@ -1,12 +0,0 @@ -// Copyright (c) .NET Foundation. All rights reserved. -// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. - -using Microsoft.AspNetCore.Http; - -namespace Microsoft.AspNetCore.Authorization -{ - public class AuthorizationMiddlewareContext - { - public HttpContext HttpContext { get; set; } - } -} diff --git a/src/Security/Authorization/test/AuthorizationMiddlewareTests.cs b/src/Security/Authorization/test/AuthorizationMiddlewareTests.cs index 2c638d093bf0..effe426a3b0d 100644 --- a/src/Security/Authorization/test/AuthorizationMiddlewareTests.cs +++ b/src/Security/Authorization/test/AuthorizationMiddlewareTests.cs @@ -317,10 +317,10 @@ public async Task Invoke_SingleValidClaimShouldSucceed() public async Task AuthZResourceShouldBeHttpContextAndHaveHEndpoint() { // Arrange - AuthorizationMiddlewareContext resource = null; + HttpContext resource = null; var policy = new AuthorizationPolicyBuilder().RequireAssertion(c => { - resource = c.Resource as AuthorizationMiddlewareContext; + resource = c.Resource as HttpContext; return true; }).Build(); var policyProvider = new Mock(); @@ -336,8 +336,8 @@ public async Task AuthZResourceShouldBeHttpContextAndHaveHEndpoint() // Assert Assert.NotNull(resource); - Assert.Equal(context, resource.HttpContext); - Assert.Equal(endpoint, resource.HttpContext.GetEndpoint()); + Assert.Equal(context, resource); + Assert.Equal(endpoint, resource.GetEndpoint()); } [Fact]