Remove RequiredPolicy (#9399)
This commit is contained in:
Hao Kung
GitHub
parent
7448964388
commit
47ae9d9299
|
|
@ -47,7 +47,6 @@ namespace Microsoft.AspNetCore.Authorization
|
|||
public AuthorizationOptions() { }
|
||||
public Microsoft.AspNetCore.Authorization.AuthorizationPolicy DefaultPolicy { [System.Runtime.CompilerServices.CompilerGeneratedAttribute]get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute]set { } }
|
||||
public bool InvokeHandlersAfterFailure { [System.Runtime.CompilerServices.CompilerGeneratedAttribute]get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute]set { } }
|
||||
public Microsoft.AspNetCore.Authorization.AuthorizationPolicy RequiredPolicy { [System.Runtime.CompilerServices.CompilerGeneratedAttribute]get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute]set { } }
|
||||
public void AddPolicy(string name, Microsoft.AspNetCore.Authorization.AuthorizationPolicy policy) { }
|
||||
public void AddPolicy(string name, System.Action<Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder> configurePolicy) { }
|
||||
public Microsoft.AspNetCore.Authorization.AuthorizationPolicy GetPolicy(string name) { throw null; }
|
||||
|
|
@ -127,7 +126,6 @@ namespace Microsoft.AspNetCore.Authorization
|
|||
public DefaultAuthorizationPolicyProvider(Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authorization.AuthorizationOptions> options) { }
|
||||
public System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy> GetDefaultPolicyAsync() { throw null; }
|
||||
public virtual System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy> GetPolicyAsync(string policyName) { throw null; }
|
||||
public System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy> GetRequiredPolicyAsync() { throw null; }
|
||||
}
|
||||
public partial class DefaultAuthorizationService : Microsoft.AspNetCore.Authorization.IAuthorizationService
|
||||
{
|
||||
|
|
@ -157,7 +155,6 @@ namespace Microsoft.AspNetCore.Authorization
|
|||
{
|
||||
System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy> GetDefaultPolicyAsync();
|
||||
System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy> GetPolicyAsync(string policyName);
|
||||
System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy> GetRequiredPolicyAsync();
|
||||
}
|
||||
public partial interface IAuthorizationRequirement
|
||||
{
|
||||
|
|
|
|||
|
|
@ -27,18 +27,6 @@ namespace Microsoft.AspNetCore.Authorization
|
|||
/// </remarks>
|
||||
public AuthorizationPolicy DefaultPolicy { get; set; } = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets the required authorization policy. Defaults to null.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// By default the required policy is null.
|
||||
///
|
||||
/// If a required policy has been specified then it is always evaluated, even if there are no
|
||||
/// <see cref="IAuthorizeData"/> instances for a resource. If a resource has <see cref="IAuthorizeData"/>
|
||||
/// then they are evaluated together with the required policy.
|
||||
/// </remarks>
|
||||
public AuthorizationPolicy RequiredPolicy { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Add an authorization policy with the provided name.
|
||||
/// </summary>
|
||||
|
|
|
|||
|
|
@ -176,17 +176,6 @@ namespace Microsoft.AspNetCore.Authorization
|
|||
}
|
||||
}
|
||||
|
||||
var requiredPolicy = await policyProvider.GetRequiredPolicyAsync();
|
||||
if (requiredPolicy != null)
|
||||
{
|
||||
if (policyBuilder == null)
|
||||
{
|
||||
policyBuilder = new AuthorizationPolicyBuilder();
|
||||
}
|
||||
|
||||
policyBuilder.Combine(requiredPolicy);
|
||||
}
|
||||
|
||||
return policyBuilder?.Build();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,7 +15,6 @@ namespace Microsoft.AspNetCore.Authorization
|
|||
{
|
||||
private readonly AuthorizationOptions _options;
|
||||
private Task<AuthorizationPolicy> _cachedDefaultPolicy;
|
||||
private Task<AuthorizationPolicy> _cachedRequiredPolicy;
|
||||
|
||||
/// <summary>
|
||||
/// Creates a new instance of <see cref="DefaultAuthorizationPolicyProvider"/>.
|
||||
|
|
@ -40,15 +39,6 @@ namespace Microsoft.AspNetCore.Authorization
|
|||
return GetCachedPolicy(ref _cachedDefaultPolicy, _options.DefaultPolicy);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Gets the required authorization policy.
|
||||
/// </summary>
|
||||
/// <returns>The required authorization policy.</returns>
|
||||
public Task<AuthorizationPolicy> GetRequiredPolicyAsync()
|
||||
{
|
||||
return GetCachedPolicy(ref _cachedRequiredPolicy, _options.RequiredPolicy);
|
||||
}
|
||||
|
||||
private Task<AuthorizationPolicy> GetCachedPolicy(ref Task<AuthorizationPolicy> cachedPolicy, AuthorizationPolicy currentPolicy)
|
||||
{
|
||||
var local = cachedPolicy;
|
||||
|
|
|
|||
|
|
@ -22,11 +22,5 @@ namespace Microsoft.AspNetCore.Authorization
|
|||
/// </summary>
|
||||
/// <returns>The default authorization policy.</returns>
|
||||
Task<AuthorizationPolicy> GetDefaultPolicyAsync();
|
||||
|
||||
/// <summary>
|
||||
/// Gets the required authorization policy.
|
||||
/// </summary>
|
||||
/// <returns>The required authorization policy.</returns>
|
||||
Task<AuthorizationPolicy> GetRequiredPolicyAsync();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -51,6 +51,12 @@ namespace Microsoft.AspNetCore.Authorization
|
|||
|
||||
// IMPORTANT: Changes to authorization logic should be mirrored in MVC's AuthorizeFilter
|
||||
var authorizeData = endpoint?.Metadata.GetOrderedMetadata<IAuthorizeData>() ?? Array.Empty<IAuthorizeData>();
|
||||
if (authorizeData.Count() == 0)
|
||||
{
|
||||
await _next(context);
|
||||
return;
|
||||
}
|
||||
|
||||
var policy = await AuthorizationPolicy.CombineAsync(_policyProvider, authorizeData);
|
||||
if (policy == null)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -41,25 +41,6 @@ namespace Microsoft.AspNetCore.Authorization.Test
|
|||
Assert.True(next.Called);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task NoEndpointWithRequired_AnonymousUser_Challenges()
|
||||
{
|
||||
// Arrange
|
||||
var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
|
||||
var policyProvider = new Mock<IAuthorizationPolicyProvider>();
|
||||
policyProvider.Setup(p => p.GetRequiredPolicyAsync()).ReturnsAsync(policy);
|
||||
var next = new TestRequestDelegate();
|
||||
|
||||
var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
|
||||
var context = GetHttpContext(anonymous: true);
|
||||
|
||||
// Act
|
||||
await middleware.Invoke(context);
|
||||
|
||||
// Assert
|
||||
Assert.False(next.Called);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task HasEndpointWithoutAuth_AnonymousUser_Allows()
|
||||
{
|
||||
|
|
@ -79,26 +60,6 @@ namespace Microsoft.AspNetCore.Authorization.Test
|
|||
Assert.True(next.Called);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task HasEndpointWithRequiredWithoutAuth_AnonymousUser_Challenges()
|
||||
{
|
||||
// Arrange
|
||||
var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
|
||||
var policyProvider = new Mock<IAuthorizationPolicyProvider>();
|
||||
policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy);
|
||||
policyProvider.Setup(p => p.GetRequiredPolicyAsync()).ReturnsAsync(policy);
|
||||
var next = new TestRequestDelegate();
|
||||
|
||||
var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
|
||||
var context = GetHttpContext(anonymous: true, endpoint: CreateEndpoint());
|
||||
|
||||
// Act
|
||||
await middleware.Invoke(context);
|
||||
|
||||
// Assert
|
||||
Assert.False(next.Called);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task HasEndpointWithAuth_AnonymousUser_Challenges()
|
||||
{
|
||||
|
|
@ -148,11 +109,8 @@ namespace Microsoft.AspNetCore.Authorization.Test
|
|||
var policy = new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build();
|
||||
var policyProvider = new Mock<IAuthorizationPolicyProvider>();
|
||||
var getPolicyCount = 0;
|
||||
var getRequiredPolicyCount = 0;
|
||||
policyProvider.Setup(p => p.GetPolicyAsync(It.IsAny<string>())).ReturnsAsync(policy)
|
||||
.Callback(() => getPolicyCount++);
|
||||
policyProvider.Setup(p => p.GetRequiredPolicyAsync()).ReturnsAsync(policy)
|
||||
.Callback(() => getRequiredPolicyCount++);
|
||||
var next = new TestRequestDelegate();
|
||||
var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
|
||||
var context = GetHttpContext(anonymous: true, endpoint: CreateEndpoint(new AuthorizeAttribute("whatever")));
|
||||
|
|
@ -160,17 +118,14 @@ namespace Microsoft.AspNetCore.Authorization.Test
|
|||
// Act & Assert
|
||||
await middleware.Invoke(context);
|
||||
Assert.Equal(1, getPolicyCount);
|
||||
Assert.Equal(1, getRequiredPolicyCount);
|
||||
Assert.Equal(1, next.CalledCount);
|
||||
|
||||
await middleware.Invoke(context);
|
||||
Assert.Equal(2, getPolicyCount);
|
||||
Assert.Equal(2, getRequiredPolicyCount);
|
||||
Assert.Equal(2, next.CalledCount);
|
||||
|
||||
await middleware.Invoke(context);
|
||||
Assert.Equal(3, getPolicyCount);
|
||||
Assert.Equal(3, getRequiredPolicyCount);
|
||||
Assert.Equal(3, next.CalledCount);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -27,8 +27,6 @@ namespace CustomPolicyProvider
|
|||
|
||||
public Task<AuthorizationPolicy> GetDefaultPolicyAsync() => FallbackPolicyProvider.GetDefaultPolicyAsync();
|
||||
|
||||
public Task<AuthorizationPolicy> GetRequiredPolicyAsync() => FallbackPolicyProvider.GetRequiredPolicyAsync();
|
||||
|
||||
// Policies are looked up by string name, so expect 'parameters' (like age)
|
||||
// to be embedded in the policy names. This is abstracted away from developers
|
||||
// by the more strongly-typed attributes derived from AuthorizeAttribute
|
||||
|
|
@ -49,4 +47,4 @@ namespace CustomPolicyProvider
|
|||
return FallbackPolicyProvider.GetPolicyAsync(policyName);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue