Moving AllowAnonymous attribute to Authorization
This commit is contained in:
parent
f4a6d634b5
commit
6bd97c7c30
|
|
@ -2,6 +2,7 @@
|
||||||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||||
|
|
||||||
using System;
|
using System;
|
||||||
|
using Microsoft.AspNet.Authorization;
|
||||||
using Microsoft.AspNet.Mvc;
|
using Microsoft.AspNet.Mvc;
|
||||||
using Microsoft.AspNet.Mvc.Filters;
|
using Microsoft.AspNet.Mvc.Filters;
|
||||||
using MvcSample.Web.Filters;
|
using MvcSample.Web.Filters;
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
// Copyright (c) .NET Foundation. All rights reserved.
|
// Copyright (c) .NET Foundation. All rights reserved.
|
||||||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||||
|
|
||||||
namespace Microsoft.AspNet.Mvc.Filters
|
namespace Microsoft.AspNet.Mvc.Filters
|
||||||
{
|
{
|
||||||
public interface IAllowAnonymous : IFilterMetadata
|
public interface IAllowAnonymousFilter : IFilterMetadata
|
||||||
{
|
{
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -1,13 +0,0 @@
|
||||||
// Copyright (c) .NET Foundation. All rights reserved.
|
|
||||||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
|
||||||
|
|
||||||
using System;
|
|
||||||
using Microsoft.AspNet.Mvc.Filters;
|
|
||||||
|
|
||||||
namespace Microsoft.AspNet.Mvc
|
|
||||||
{
|
|
||||||
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
|
|
||||||
public class AllowAnonymousAttribute : Attribute, IAllowAnonymous
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
@ -38,21 +38,31 @@ namespace Microsoft.AspNet.Mvc.ApplicationModels
|
||||||
{
|
{
|
||||||
policy = AuthorizationPolicy.Combine(
|
policy = AuthorizationPolicy.Combine(
|
||||||
_authorizationOptions,
|
_authorizationOptions,
|
||||||
controllerModel.Attributes.OfType<AuthorizeAttribute>());
|
controllerModel.Attributes.OfType<IAuthorizeData>());
|
||||||
if (policy != null)
|
if (policy != null)
|
||||||
{
|
{
|
||||||
controllerModel.Filters.Add(new AuthorizeFilter(policy));
|
controllerModel.Filters.Add(new AuthorizeFilter(policy));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
foreach (var attribute in controllerModel.Attributes.OfType<IAllowAnonymous>())
|
||||||
|
{
|
||||||
|
controllerModel.Filters.Add(new AllowAnonymousFilter());
|
||||||
|
}
|
||||||
|
|
||||||
foreach (var actionModel in controllerModel.Actions)
|
foreach (var actionModel in controllerModel.Actions)
|
||||||
{
|
{
|
||||||
policy = AuthorizationPolicy.Combine(
|
policy = AuthorizationPolicy.Combine(
|
||||||
_authorizationOptions,
|
_authorizationOptions,
|
||||||
actionModel.Attributes.OfType<AuthorizeAttribute>());
|
actionModel.Attributes.OfType<IAuthorizeData>());
|
||||||
if (policy != null)
|
if (policy != null)
|
||||||
{
|
{
|
||||||
actionModel.Filters.Add(new AuthorizeFilter(policy));
|
actionModel.Filters.Add(new AuthorizeFilter(policy));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
foreach (var attribute in actionModel.Attributes.OfType<IAllowAnonymous>())
|
||||||
|
{
|
||||||
|
actionModel.Filters.Add(new AllowAnonymousFilter());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,13 @@
|
||||||
|
// Copyright (c) .NET Foundation. All rights reserved.
|
||||||
|
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||||
|
|
||||||
|
namespace Microsoft.AspNet.Mvc.Filters
|
||||||
|
{
|
||||||
|
/// <summary>
|
||||||
|
/// An implementation of <see cref="IAllowAnonymousFilter"/>
|
||||||
|
/// </summary>
|
||||||
|
public class AllowAnonymousFilter : IAllowAnonymousFilter
|
||||||
|
{
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -4,6 +4,7 @@
|
||||||
using System;
|
using System;
|
||||||
using System.Linq;
|
using System.Linq;
|
||||||
using System.Threading.Tasks;
|
using System.Threading.Tasks;
|
||||||
|
using Microsoft.AspNet.Authorization;
|
||||||
using Microsoft.AspNet.Mvc.Internal;
|
using Microsoft.AspNet.Mvc.Internal;
|
||||||
|
|
||||||
namespace Microsoft.AspNet.Mvc.Filters
|
namespace Microsoft.AspNet.Mvc.Filters
|
||||||
|
|
@ -36,7 +37,7 @@ namespace Microsoft.AspNet.Mvc.Filters
|
||||||
throw new ArgumentNullException(nameof(context));
|
throw new ArgumentNullException(nameof(context));
|
||||||
}
|
}
|
||||||
|
|
||||||
return context.Filters.Any(item => item is IAllowAnonymous);
|
return context.Filters.Any(item => item is IAllowAnonymousFilter);
|
||||||
}
|
}
|
||||||
|
|
||||||
protected virtual void Fail(AuthorizationContext context)
|
protected virtual void Fail(AuthorizationContext context)
|
||||||
|
|
|
||||||
|
|
@ -64,7 +64,7 @@ namespace Microsoft.AspNet.Mvc.Filters
|
||||||
}
|
}
|
||||||
|
|
||||||
// Allow Anonymous skips all authorization
|
// Allow Anonymous skips all authorization
|
||||||
if (context.Filters.Any(item => item is IAllowAnonymous))
|
if (context.Filters.Any(item => item is IAllowAnonymousFilter))
|
||||||
{
|
{
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -56,6 +56,26 @@ namespace Microsoft.AspNet.Mvc.ApplicationModels
|
||||||
Assert.Equal(3, authorizeFilters.First().Policy.Requirements.Count);
|
Assert.Equal(3, authorizeFilters.First().Policy.Requirements.Count);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[Fact]
|
||||||
|
public void CreateControllerModelAndActionModel_AllowAnonymousAttributeAddsAllowAnonymousFilter()
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
var provider = new AuthorizationApplicationModelProvider(new TestOptionsManager<AuthorizationOptions>());
|
||||||
|
var defaultProvider = new DefaultApplicationModelProvider(new TestOptionsManager<MvcOptions>());
|
||||||
|
|
||||||
|
var context = new ApplicationModelProviderContext(new[] { typeof(AnonymousController).GetTypeInfo() });
|
||||||
|
defaultProvider.OnProvidersExecuting(context);
|
||||||
|
|
||||||
|
// Act
|
||||||
|
provider.OnProvidersExecuting(context);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
var controller = Assert.Single(context.Result.Controllers);
|
||||||
|
Assert.Single(controller.Filters, f => f is AllowAnonymousFilter);
|
||||||
|
var action = Assert.Single(controller.Actions);
|
||||||
|
Assert.Single(action.Filters, f => f is AllowAnonymousFilter);
|
||||||
|
}
|
||||||
|
|
||||||
private class BaseController
|
private class BaseController
|
||||||
{
|
{
|
||||||
[Authorize(Policy = "Base")]
|
[Authorize(Policy = "Base")]
|
||||||
|
|
@ -76,5 +96,14 @@ namespace Microsoft.AspNet.Mvc.ApplicationModels
|
||||||
public class AccountController
|
public class AccountController
|
||||||
{
|
{
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[AllowAnonymous]
|
||||||
|
public class AnonymousController
|
||||||
|
{
|
||||||
|
[AllowAnonymous]
|
||||||
|
public void SomeAction()
|
||||||
|
{
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -64,7 +64,7 @@ namespace Microsoft.AspNet.Mvc.Filters
|
||||||
var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization(),
|
var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization(),
|
||||||
anonymous: true);
|
anonymous: true);
|
||||||
|
|
||||||
authorizationContext.Filters.Add(new AllowAnonymousAttribute());
|
authorizationContext.Filters.Add(new AllowAnonymousFilter());
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
await authorizeFilter.OnAuthorizationAsync(authorizationContext);
|
await authorizeFilter.OnAuthorizationAsync(authorizationContext);
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
// Copyright (c) .NET Foundation. All rights reserved.
|
// Copyright (c) .NET Foundation. All rights reserved.
|
||||||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||||
|
|
||||||
|
using Microsoft.AspNet.Authorization;
|
||||||
using Microsoft.AspNet.Mvc;
|
using Microsoft.AspNet.Mvc;
|
||||||
|
|
||||||
namespace AntiforgeryTokenWebSite
|
namespace AntiforgeryTokenWebSite
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,7 @@
|
||||||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||||
|
|
||||||
using System;
|
using System;
|
||||||
|
using Microsoft.AspNet.Authorization;
|
||||||
using Microsoft.AspNet.Mvc;
|
using Microsoft.AspNet.Mvc;
|
||||||
|
|
||||||
namespace FiltersWebSite
|
namespace FiltersWebSite
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue