diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs b/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs index aebd49e662..a0378f9c15 100644 --- a/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs +++ b/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs @@ -4,6 +4,7 @@ using System; using System.Collections.Generic; using System.Linq; +using Microsoft.AspNet.Authorization.Infrastructure; namespace Microsoft.AspNet.Authorization { diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authorization/AuthorizationServiceCollectionExtensions.cs index cbf0b922aa..dff8bf6fcd 100644 --- a/src/Microsoft.AspNet.Authorization/AuthorizationServiceCollectionExtensions.cs +++ b/src/Microsoft.AspNet.Authorization/AuthorizationServiceCollectionExtensions.cs @@ -3,6 +3,7 @@ using System; using Microsoft.AspNet.Authorization; +using Microsoft.AspNet.Authorization.Infrastructure; using Microsoft.Extensions.DependencyInjection.Extensions; namespace Microsoft.Extensions.DependencyInjection diff --git a/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs b/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs index 2e2702ff6a..40e16107c0 100644 --- a/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs +++ b/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs @@ -37,7 +37,6 @@ namespace Microsoft.AspNet.Authorization _logger = logger; } - public async Task AuthorizeAsync(ClaimsPrincipal user, object resource, IEnumerable requirements) { if (requirements == null) @@ -71,9 +70,11 @@ namespace Microsoft.AspNet.Authorization } var policy = _options.GetPolicy(policyName); - return (policy == null) - ? Task.FromResult(false) - : this.AuthorizeAsync(user, resource, policy); + if (policy == null) + { + throw new InvalidOperationException($"No policy found: {policyName}."); + } + return this.AuthorizeAsync(user, resource, policy); } } } \ No newline at end of file diff --git a/src/Microsoft.AspNet.Authorization/ClaimsAuthorizationRequirement.cs b/src/Microsoft.AspNet.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs similarity index 97% rename from src/Microsoft.AspNet.Authorization/ClaimsAuthorizationRequirement.cs rename to src/Microsoft.AspNet.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs index 905e74f39a..82e3ac5b69 100644 --- a/src/Microsoft.AspNet.Authorization/ClaimsAuthorizationRequirement.cs +++ b/src/Microsoft.AspNet.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs @@ -5,7 +5,7 @@ using System; using System.Collections.Generic; using System.Linq; -namespace Microsoft.AspNet.Authorization +namespace Microsoft.AspNet.Authorization.Infrastructure { // Must contain a claim with the specified name, and at least one of the required values // If AllowedValues is null or empty, that means any claim is valid diff --git a/src/Microsoft.AspNet.Authorization/DelegateRequirement.cs b/src/Microsoft.AspNet.Authorization/Infrastructure/DelegateRequirement.cs similarity index 92% rename from src/Microsoft.AspNet.Authorization/DelegateRequirement.cs rename to src/Microsoft.AspNet.Authorization/Infrastructure/DelegateRequirement.cs index ea985d5e91..834060bb64 100644 --- a/src/Microsoft.AspNet.Authorization/DelegateRequirement.cs +++ b/src/Microsoft.AspNet.Authorization/Infrastructure/DelegateRequirement.cs @@ -3,7 +3,7 @@ using System; -namespace Microsoft.AspNet.Authorization +namespace Microsoft.AspNet.Authorization.Infrastructure { public class DelegateRequirement : AuthorizationHandler, IAuthorizationRequirement { diff --git a/src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationRequirement.cs b/src/Microsoft.AspNet.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs similarity index 93% rename from src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationRequirement.cs rename to src/Microsoft.AspNet.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs index 8dcc9b1eee..1011baef3e 100644 --- a/src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationRequirement.cs +++ b/src/Microsoft.AspNet.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs @@ -3,7 +3,7 @@ using System.Linq; -namespace Microsoft.AspNet.Authorization +namespace Microsoft.AspNet.Authorization.Infrastructure { public class DenyAnonymousAuthorizationRequirement : AuthorizationHandler, IAuthorizationRequirement { diff --git a/src/Microsoft.AspNet.Authorization/NameAuthorizationRequirement.cs b/src/Microsoft.AspNet.Authorization/Infrastructure/NameAuthorizationRequirement.cs similarity index 95% rename from src/Microsoft.AspNet.Authorization/NameAuthorizationRequirement.cs rename to src/Microsoft.AspNet.Authorization/Infrastructure/NameAuthorizationRequirement.cs index 45820e6a9a..dc9ea9eda2 100644 --- a/src/Microsoft.AspNet.Authorization/NameAuthorizationRequirement.cs +++ b/src/Microsoft.AspNet.Authorization/Infrastructure/NameAuthorizationRequirement.cs @@ -4,7 +4,7 @@ using System; using System.Linq; -namespace Microsoft.AspNet.Authorization +namespace Microsoft.AspNet.Authorization.Infrastructure { /// /// Requirement that ensures a specific Name diff --git a/src/Microsoft.AspNet.Authorization/OperationAuthorizationRequirement.cs b/src/Microsoft.AspNet.Authorization/Infrastructure/OperationAuthorizationRequirement.cs similarity index 84% rename from src/Microsoft.AspNet.Authorization/OperationAuthorizationRequirement.cs rename to src/Microsoft.AspNet.Authorization/Infrastructure/OperationAuthorizationRequirement.cs index 13732d0196..0beaaa2448 100644 --- a/src/Microsoft.AspNet.Authorization/OperationAuthorizationRequirement.cs +++ b/src/Microsoft.AspNet.Authorization/Infrastructure/OperationAuthorizationRequirement.cs @@ -1,7 +1,7 @@ // Copyright (c) .NET Foundation. All rights reserved. // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. -namespace Microsoft.AspNet.Authorization +namespace Microsoft.AspNet.Authorization.Infrastructure { public class OperationAuthorizationRequirement : IAuthorizationRequirement { diff --git a/src/Microsoft.AspNet.Authorization/PassThroughAuthorizationHandler.cs b/src/Microsoft.AspNet.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs similarity index 90% rename from src/Microsoft.AspNet.Authorization/PassThroughAuthorizationHandler.cs rename to src/Microsoft.AspNet.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs index b1d3b84210..1ea353f934 100644 --- a/src/Microsoft.AspNet.Authorization/PassThroughAuthorizationHandler.cs +++ b/src/Microsoft.AspNet.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs @@ -4,7 +4,7 @@ using System.Linq; using System.Threading.Tasks; -namespace Microsoft.AspNet.Authorization +namespace Microsoft.AspNet.Authorization.Infrastructure { public class PassThroughAuthorizationHandler : IAuthorizationHandler { diff --git a/src/Microsoft.AspNet.Authorization/RolesAuthorizationRequirement.cs b/src/Microsoft.AspNet.Authorization/Infrastructure/RolesAuthorizationRequirement.cs similarity index 96% rename from src/Microsoft.AspNet.Authorization/RolesAuthorizationRequirement.cs rename to src/Microsoft.AspNet.Authorization/Infrastructure/RolesAuthorizationRequirement.cs index fb8647d75e..21b3729de1 100644 --- a/src/Microsoft.AspNet.Authorization/RolesAuthorizationRequirement.cs +++ b/src/Microsoft.AspNet.Authorization/Infrastructure/RolesAuthorizationRequirement.cs @@ -5,7 +5,7 @@ using System; using System.Collections.Generic; using System.Linq; -namespace Microsoft.AspNet.Authorization +namespace Microsoft.AspNet.Authorization.Infrastructure { // Must belong to with one of specified roles // If AllowedRoles is null or empty, that means any role is valid diff --git a/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs b/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs index 93aaeb6156..03eccd2a62 100644 --- a/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs +++ b/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs @@ -4,6 +4,7 @@ using System; using System.Linq; using Microsoft.AspNet.Authorization; +using Microsoft.AspNet.Authorization.Infrastructure; using Xunit; namespace Microsoft.AspNet.Authroization.Test diff --git a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs index 3b5d68360f..7844f612b9 100644 --- a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs +++ b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs @@ -6,6 +6,7 @@ using System.Collections.Generic; using System.Linq; using System.Security.Claims; using System.Threading.Tasks; +using Microsoft.AspNet.Authorization.Infrastructure; using Microsoft.Extensions.DependencyInjection; using Xunit; @@ -268,23 +269,15 @@ namespace Microsoft.AspNet.Authorization.Test } [Fact] - public async Task Authorize_ShouldNotAllowIfUnknownPolicy() + public async Task Authorize_ThrowsWithUnknownPolicy() { // Arrange var authorizationService = BuildAuthorizationService(); - var user = new ClaimsPrincipal( - new ClaimsIdentity( - new Claim[] { - new Claim("Permission", "CanViewComment"), - }, - null) - ); // Act - var allowed = await authorizationService.AuthorizeAsync(user, "Basic"); - // Assert - Assert.False(allowed); + var exception = await Assert.ThrowsAsync(() => authorizationService.AuthorizeAsync(new ClaimsPrincipal(), "whatever", "BogusPolicy")); + Assert.Equal("No policy found: BogusPolicy.", exception.Message); } [Fact] @@ -459,7 +452,7 @@ namespace Microsoft.AspNet.Authorization.Test ); // Act - var allowed = await authorizationService.AuthorizeAsync(user, "Any"); + var allowed = await authorizationService.AuthorizeAsync(user, "Hao"); // Assert Assert.False(allowed);