Remove RequiredPolicy (#9399)
This commit is contained in:
parent
7448964388
commit
47ae9d9299
|
|
@ -47,7 +47,6 @@ namespace Microsoft.AspNetCore.Authorization
|
||||||
public AuthorizationOptions() { }
|
public AuthorizationOptions() { }
|
||||||
public Microsoft.AspNetCore.Authorization.AuthorizationPolicy DefaultPolicy { [System.Runtime.CompilerServices.CompilerGeneratedAttribute]get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute]set { } }
|
public Microsoft.AspNetCore.Authorization.AuthorizationPolicy DefaultPolicy { [System.Runtime.CompilerServices.CompilerGeneratedAttribute]get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute]set { } }
|
||||||
public bool InvokeHandlersAfterFailure { [System.Runtime.CompilerServices.CompilerGeneratedAttribute]get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute]set { } }
|
public bool InvokeHandlersAfterFailure { [System.Runtime.CompilerServices.CompilerGeneratedAttribute]get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute]set { } }
|
||||||
public Microsoft.AspNetCore.Authorization.AuthorizationPolicy RequiredPolicy { [System.Runtime.CompilerServices.CompilerGeneratedAttribute]get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute]set { } }
|
|
||||||
public void AddPolicy(string name, Microsoft.AspNetCore.Authorization.AuthorizationPolicy policy) { }
|
public void AddPolicy(string name, Microsoft.AspNetCore.Authorization.AuthorizationPolicy policy) { }
|
||||||
public void AddPolicy(string name, System.Action<Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder> configurePolicy) { }
|
public void AddPolicy(string name, System.Action<Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder> configurePolicy) { }
|
||||||
public Microsoft.AspNetCore.Authorization.AuthorizationPolicy GetPolicy(string name) { throw null; }
|
public Microsoft.AspNetCore.Authorization.AuthorizationPolicy GetPolicy(string name) { throw null; }
|
||||||
|
|
@ -127,7 +126,6 @@ namespace Microsoft.AspNetCore.Authorization
|
||||||
public DefaultAuthorizationPolicyProvider(Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authorization.AuthorizationOptions> options) { }
|
public DefaultAuthorizationPolicyProvider(Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authorization.AuthorizationOptions> options) { }
|
||||||
public System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy> GetDefaultPolicyAsync() { throw null; }
|
public System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy> GetDefaultPolicyAsync() { throw null; }
|
||||||
public virtual System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy> GetPolicyAsync(string policyName) { throw null; }
|
public virtual System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy> GetPolicyAsync(string policyName) { throw null; }
|
||||||
public System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy> GetRequiredPolicyAsync() { throw null; }
|
|
||||||
}
|
}
|
||||||
public partial class DefaultAuthorizationService : Microsoft.AspNetCore.Authorization.IAuthorizationService
|
public partial class DefaultAuthorizationService : Microsoft.AspNetCore.Authorization.IAuthorizationService
|
||||||
{
|
{
|
||||||
|
|
@ -157,7 +155,6 @@ namespace Microsoft.AspNetCore.Authorization
|
||||||
{
|
{
|
||||||
System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy> GetDefaultPolicyAsync();
|
System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy> GetDefaultPolicyAsync();
|
||||||
System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy> GetPolicyAsync(string policyName);
|
System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy> GetPolicyAsync(string policyName);
|
||||||
System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy> GetRequiredPolicyAsync();
|
|
||||||
}
|
}
|
||||||
public partial interface IAuthorizationRequirement
|
public partial interface IAuthorizationRequirement
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -27,18 +27,6 @@ namespace Microsoft.AspNetCore.Authorization
|
||||||
/// </remarks>
|
/// </remarks>
|
||||||
public AuthorizationPolicy DefaultPolicy { get; set; } = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
|
public AuthorizationPolicy DefaultPolicy { get; set; } = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
|
||||||
|
|
||||||
/// <summary>
|
|
||||||
/// Gets or sets the required authorization policy. Defaults to null.
|
|
||||||
/// </summary>
|
|
||||||
/// <remarks>
|
|
||||||
/// By default the required policy is null.
|
|
||||||
///
|
|
||||||
/// If a required policy has been specified then it is always evaluated, even if there are no
|
|
||||||
/// <see cref="IAuthorizeData"/> instances for a resource. If a resource has <see cref="IAuthorizeData"/>
|
|
||||||
/// then they are evaluated together with the required policy.
|
|
||||||
/// </remarks>
|
|
||||||
public AuthorizationPolicy RequiredPolicy { get; set; }
|
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Add an authorization policy with the provided name.
|
/// Add an authorization policy with the provided name.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
|
|
|
||||||
|
|
@ -176,17 +176,6 @@ namespace Microsoft.AspNetCore.Authorization
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
var requiredPolicy = await policyProvider.GetRequiredPolicyAsync();
|
|
||||||
if (requiredPolicy != null)
|
|
||||||
{
|
|
||||||
if (policyBuilder == null)
|
|
||||||
{
|
|
||||||
policyBuilder = new AuthorizationPolicyBuilder();
|
|
||||||
}
|
|
||||||
|
|
||||||
policyBuilder.Combine(requiredPolicy);
|
|
||||||
}
|
|
||||||
|
|
||||||
return policyBuilder?.Build();
|
return policyBuilder?.Build();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -15,7 +15,6 @@ namespace Microsoft.AspNetCore.Authorization
|
||||||
{
|
{
|
||||||
private readonly AuthorizationOptions _options;
|
private readonly AuthorizationOptions _options;
|
||||||
private Task<AuthorizationPolicy> _cachedDefaultPolicy;
|
private Task<AuthorizationPolicy> _cachedDefaultPolicy;
|
||||||
private Task<AuthorizationPolicy> _cachedRequiredPolicy;
|
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Creates a new instance of <see cref="DefaultAuthorizationPolicyProvider"/>.
|
/// Creates a new instance of <see cref="DefaultAuthorizationPolicyProvider"/>.
|
||||||
|
|
@ -40,15 +39,6 @@ namespace Microsoft.AspNetCore.Authorization
|
||||||
return GetCachedPolicy(ref _cachedDefaultPolicy, _options.DefaultPolicy);
|
return GetCachedPolicy(ref _cachedDefaultPolicy, _options.DefaultPolicy);
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
|
||||||
/// Gets the required authorization policy.
|
|
||||||
/// </summary>
|
|
||||||
/// <returns>The required authorization policy.</returns>
|
|
||||||
public Task<AuthorizationPolicy> GetRequiredPolicyAsync()
|
|
||||||
{
|
|
||||||
return GetCachedPolicy(ref _cachedRequiredPolicy, _options.RequiredPolicy);
|
|
||||||
}
|
|
||||||
|
|
||||||
private Task<AuthorizationPolicy> GetCachedPolicy(ref Task<AuthorizationPolicy> cachedPolicy, AuthorizationPolicy currentPolicy)
|
private Task<AuthorizationPolicy> GetCachedPolicy(ref Task<AuthorizationPolicy> cachedPolicy, AuthorizationPolicy currentPolicy)
|
||||||
{
|
{
|
||||||
var local = cachedPolicy;
|
var local = cachedPolicy;
|
||||||
|
|
|
||||||
|
|
@ -22,11 +22,5 @@ namespace Microsoft.AspNetCore.Authorization
|
||||||
/// </summary>
|
/// </summary>
|
||||||
/// <returns>The default authorization policy.</returns>
|
/// <returns>The default authorization policy.</returns>
|
||||||
Task<AuthorizationPolicy> GetDefaultPolicyAsync();
|
Task<AuthorizationPolicy> GetDefaultPolicyAsync();
|
||||||
|
|
||||||
/// <summary>
|
|
||||||
/// Gets the required authorization policy.
|
|
||||||
/// </summary>
|
|
||||||
/// <returns>The required authorization policy.</returns>
|
|
||||||
Task<AuthorizationPolicy> GetRequiredPolicyAsync();
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -51,6 +51,12 @@ namespace Microsoft.AspNetCore.Authorization
|
||||||
|
|
||||||
// IMPORTANT: Changes to authorization logic should be mirrored in MVC's AuthorizeFilter
|
// IMPORTANT: Changes to authorization logic should be mirrored in MVC's AuthorizeFilter
|
||||||
var authorizeData = endpoint?.Metadata.GetOrderedMetadata<IAuthorizeData>() ?? Array.Empty<IAuthorizeData>();
|
var authorizeData = endpoint?.Metadata.GetOrderedMetadata<IAuthorizeData>() ?? Array.Empty<IAuthorizeData>();
|
||||||
|
if (authorizeData.Count() == 0)
|
||||||
|
{
|
||||||
|
await _next(context);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
var policy = await AuthorizationPolicy.CombineAsync(_policyProvider, authorizeData);
|
var policy = await AuthorizationPolicy.CombineAsync(_policyProvider, authorizeData);
|
||||||
if (policy == null)
|
if (policy == null)
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -41,25 +41,6 @@ namespace Microsoft.AspNetCore.Authorization.Test
|
||||||
Assert.True(next.Called);
|
Assert.True(next.Called);
|
||||||
}
|
}
|
||||||
|
|
||||||
[Fact]
|
|
||||||
public async Task NoEndpointWithRequired_AnonymousUser_Challenges()
|
|
||||||
{
|
|
||||||
// Arrange
|
|
||||||
var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
|
|
||||||
var policyProvider = new Mock<IAuthorizationPolicyProvider>();
|
|
||||||
policyProvider.Setup(p => p.GetRequiredPolicyAsync()).ReturnsAsync(policy);
|
|
||||||
var next = new TestRequestDelegate();
|
|
||||||
|
|
||||||
var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
|
|
||||||
var context = GetHttpContext(anonymous: true);
|
|
||||||
|
|
||||||
// Act
|
|
||||||
await middleware.Invoke(context);
|
|
||||||
|
|
||||||
// Assert
|
|
||||||
Assert.False(next.Called);
|
|
||||||
}
|
|
||||||
|
|
||||||
[Fact]
|
[Fact]
|
||||||
public async Task HasEndpointWithoutAuth_AnonymousUser_Allows()
|
public async Task HasEndpointWithoutAuth_AnonymousUser_Allows()
|
||||||
{
|
{
|
||||||
|
|
@ -79,26 +60,6 @@ namespace Microsoft.AspNetCore.Authorization.Test
|
||||||
Assert.True(next.Called);
|
Assert.True(next.Called);
|
||||||
}
|
}
|
||||||
|
|
||||||
[Fact]
|
|
||||||
public async Task HasEndpointWithRequiredWithoutAuth_AnonymousUser_Challenges()
|
|
||||||
{
|
|
||||||
// Arrange
|
|
||||||
var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
|
|
||||||
var policyProvider = new Mock<IAuthorizationPolicyProvider>();
|
|
||||||
policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy);
|
|
||||||
policyProvider.Setup(p => p.GetRequiredPolicyAsync()).ReturnsAsync(policy);
|
|
||||||
var next = new TestRequestDelegate();
|
|
||||||
|
|
||||||
var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
|
|
||||||
var context = GetHttpContext(anonymous: true, endpoint: CreateEndpoint());
|
|
||||||
|
|
||||||
// Act
|
|
||||||
await middleware.Invoke(context);
|
|
||||||
|
|
||||||
// Assert
|
|
||||||
Assert.False(next.Called);
|
|
||||||
}
|
|
||||||
|
|
||||||
[Fact]
|
[Fact]
|
||||||
public async Task HasEndpointWithAuth_AnonymousUser_Challenges()
|
public async Task HasEndpointWithAuth_AnonymousUser_Challenges()
|
||||||
{
|
{
|
||||||
|
|
@ -148,11 +109,8 @@ namespace Microsoft.AspNetCore.Authorization.Test
|
||||||
var policy = new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build();
|
var policy = new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build();
|
||||||
var policyProvider = new Mock<IAuthorizationPolicyProvider>();
|
var policyProvider = new Mock<IAuthorizationPolicyProvider>();
|
||||||
var getPolicyCount = 0;
|
var getPolicyCount = 0;
|
||||||
var getRequiredPolicyCount = 0;
|
|
||||||
policyProvider.Setup(p => p.GetPolicyAsync(It.IsAny<string>())).ReturnsAsync(policy)
|
policyProvider.Setup(p => p.GetPolicyAsync(It.IsAny<string>())).ReturnsAsync(policy)
|
||||||
.Callback(() => getPolicyCount++);
|
.Callback(() => getPolicyCount++);
|
||||||
policyProvider.Setup(p => p.GetRequiredPolicyAsync()).ReturnsAsync(policy)
|
|
||||||
.Callback(() => getRequiredPolicyCount++);
|
|
||||||
var next = new TestRequestDelegate();
|
var next = new TestRequestDelegate();
|
||||||
var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
|
var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
|
||||||
var context = GetHttpContext(anonymous: true, endpoint: CreateEndpoint(new AuthorizeAttribute("whatever")));
|
var context = GetHttpContext(anonymous: true, endpoint: CreateEndpoint(new AuthorizeAttribute("whatever")));
|
||||||
|
|
@ -160,17 +118,14 @@ namespace Microsoft.AspNetCore.Authorization.Test
|
||||||
// Act & Assert
|
// Act & Assert
|
||||||
await middleware.Invoke(context);
|
await middleware.Invoke(context);
|
||||||
Assert.Equal(1, getPolicyCount);
|
Assert.Equal(1, getPolicyCount);
|
||||||
Assert.Equal(1, getRequiredPolicyCount);
|
|
||||||
Assert.Equal(1, next.CalledCount);
|
Assert.Equal(1, next.CalledCount);
|
||||||
|
|
||||||
await middleware.Invoke(context);
|
await middleware.Invoke(context);
|
||||||
Assert.Equal(2, getPolicyCount);
|
Assert.Equal(2, getPolicyCount);
|
||||||
Assert.Equal(2, getRequiredPolicyCount);
|
|
||||||
Assert.Equal(2, next.CalledCount);
|
Assert.Equal(2, next.CalledCount);
|
||||||
|
|
||||||
await middleware.Invoke(context);
|
await middleware.Invoke(context);
|
||||||
Assert.Equal(3, getPolicyCount);
|
Assert.Equal(3, getPolicyCount);
|
||||||
Assert.Equal(3, getRequiredPolicyCount);
|
|
||||||
Assert.Equal(3, next.CalledCount);
|
Assert.Equal(3, next.CalledCount);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -27,8 +27,6 @@ namespace CustomPolicyProvider
|
||||||
|
|
||||||
public Task<AuthorizationPolicy> GetDefaultPolicyAsync() => FallbackPolicyProvider.GetDefaultPolicyAsync();
|
public Task<AuthorizationPolicy> GetDefaultPolicyAsync() => FallbackPolicyProvider.GetDefaultPolicyAsync();
|
||||||
|
|
||||||
public Task<AuthorizationPolicy> GetRequiredPolicyAsync() => FallbackPolicyProvider.GetRequiredPolicyAsync();
|
|
||||||
|
|
||||||
// Policies are looked up by string name, so expect 'parameters' (like age)
|
// Policies are looked up by string name, so expect 'parameters' (like age)
|
||||||
// to be embedded in the policy names. This is abstracted away from developers
|
// to be embedded in the policy names. This is abstracted away from developers
|
||||||
// by the more strongly-typed attributes derived from AuthorizeAttribute
|
// by the more strongly-typed attributes derived from AuthorizeAttribute
|
||||||
|
|
@ -49,4 +47,4 @@ namespace CustomPolicyProvider
|
||||||
return FallbackPolicyProvider.GetPolicyAsync(policyName);
|
return FallbackPolicyProvider.GetPolicyAsync(policyName);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue