Switch to shared security helper
This commit is contained in:
Hao Kung
parent
57031946d0
commit
efc35302e8
|
|
@ -1,36 +0,0 @@
|
|||
// Copyright (c) .NET Foundation. All rights reserved.
|
||||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||
|
||||
using System.Linq;
|
||||
using System.Security.Claims;
|
||||
using Microsoft.AspNet.Http;
|
||||
using Microsoft.Framework.Internal;
|
||||
|
||||
namespace Microsoft.AspNet.Authentication
|
||||
{
|
||||
/// <summary>
|
||||
/// Helper code used when implementing authentication middleware
|
||||
/// </summary>
|
||||
public static class SecurityHelper
|
||||
{
|
||||
/// <summary>
|
||||
/// Add all ClaimsIdenities from an additional ClaimPrincipal to the ClaimsPrincipal
|
||||
/// Merges a new claims principal, placing all new identities first, and eliminating
|
||||
/// any empty unauthenticated identities from context.User
|
||||
/// </summary>
|
||||
/// <param name="identity"></param>
|
||||
public static ClaimsPrincipal MergeUserPrincipal([NotNull] ClaimsPrincipal existingPrincipal, [NotNull] ClaimsPrincipal additionalPrincipal)
|
||||
{
|
||||
var newPrincipal = new ClaimsPrincipal();
|
||||
// New principal identities go first
|
||||
newPrincipal.AddIdentities(additionalPrincipal.Identities);
|
||||
|
||||
// Then add any existing non empty or authenticated identities
|
||||
if (existingPrincipal != null)
|
||||
{
|
||||
newPrincipal.AddIdentities(existingPrincipal.Identities.Where(i => i.IsAuthenticated || i.Claims.Count() > 0));
|
||||
}
|
||||
return newPrincipal;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -11,6 +11,7 @@
|
|||
"Microsoft.AspNet.Http.Extensions": "1.0.0-*",
|
||||
"Microsoft.Framework.Logging.Abstractions": "1.0.0-*",
|
||||
"Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" },
|
||||
"Microsoft.Framework.SecurityHelper.Sources": { "type": "build", "version": "1.0.0-*" },
|
||||
"Microsoft.Framework.OptionsModel": "1.0.0-*",
|
||||
"Microsoft.Framework.WebEncoders": "1.0.0-*"
|
||||
},
|
||||
|
|
|
|||
|
|
@ -1,107 +0,0 @@
|
|||
// Copyright (c) .NET Foundation. All rights reserved.
|
||||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||
|
||||
using System.Linq;
|
||||
using System.Security.Claims;
|
||||
using System.Security.Principal;
|
||||
using Microsoft.AspNet.Http.Internal;
|
||||
using Shouldly;
|
||||
using Xunit;
|
||||
|
||||
namespace Microsoft.AspNet.Authentication
|
||||
{
|
||||
public class SecurityHelperTests
|
||||
{
|
||||
[Fact]
|
||||
public void AddingToAnonymousIdentityDoesNotKeepAnonymousIdentity()
|
||||
{
|
||||
var context = new DefaultHttpContext();
|
||||
context.User.ShouldNotBe(null);
|
||||
context.User.Identity.IsAuthenticated.ShouldBe(false);
|
||||
|
||||
context.User = SecurityHelper.MergeUserPrincipal(context.User, new GenericPrincipal(new GenericIdentity("Test1", "Alpha"), new string[0]));
|
||||
|
||||
context.User.ShouldNotBe(null);
|
||||
context.User.Identity.AuthenticationType.ShouldBe("Alpha");
|
||||
context.User.Identity.Name.ShouldBe("Test1");
|
||||
|
||||
context.User.ShouldBeTypeOf<ClaimsPrincipal>();
|
||||
context.User.Identity.ShouldBeTypeOf<ClaimsIdentity>();
|
||||
|
||||
((ClaimsPrincipal)context.User).Identities.Count().ShouldBe(1);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void AddingExistingIdentityChangesDefaultButPreservesPrior()
|
||||
{
|
||||
var context = new DefaultHttpContext();
|
||||
context.User = new GenericPrincipal(new GenericIdentity("Test1", "Alpha"), null);
|
||||
|
||||
context.User.Identity.AuthenticationType.ShouldBe("Alpha");
|
||||
context.User.Identity.Name.ShouldBe("Test1");
|
||||
|
||||
context.User = SecurityHelper.MergeUserPrincipal(context.User, new GenericPrincipal(new GenericIdentity("Test2", "Beta"), new string[0]));
|
||||
|
||||
context.User.Identity.AuthenticationType.ShouldBe("Beta");
|
||||
context.User.Identity.Name.ShouldBe("Test2");
|
||||
|
||||
context.User = SecurityHelper.MergeUserPrincipal(context.User, new GenericPrincipal(new GenericIdentity("Test3", "Gamma"), new string[0]));
|
||||
|
||||
context.User.Identity.AuthenticationType.ShouldBe("Gamma");
|
||||
context.User.Identity.Name.ShouldBe("Test3");
|
||||
|
||||
var principal = context.User;
|
||||
principal.Identities.Count().ShouldBe(3);
|
||||
principal.Identities.Skip(0).First().Name.ShouldBe("Test3");
|
||||
principal.Identities.Skip(1).First().Name.ShouldBe("Test2");
|
||||
principal.Identities.Skip(2).First().Name.ShouldBe("Test1");
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void AddingPreservesNewIdentitiesAndDropsEmpty()
|
||||
{
|
||||
var context = new DefaultHttpContext();
|
||||
var existingPrincipal = new ClaimsPrincipal(new ClaimsIdentity());
|
||||
var identityNoAuthTypeWithClaim = new ClaimsIdentity();
|
||||
identityNoAuthTypeWithClaim.AddClaim(new Claim("identityNoAuthTypeWithClaim", "yes"));
|
||||
existingPrincipal.AddIdentity(identityNoAuthTypeWithClaim);
|
||||
var identityEmptyWithAuthType = new ClaimsIdentity("empty");
|
||||
existingPrincipal.AddIdentity(identityEmptyWithAuthType);
|
||||
context.User = existingPrincipal;
|
||||
|
||||
context.User.Identity.IsAuthenticated.ShouldBe(false);
|
||||
|
||||
var newPrincipal = new ClaimsPrincipal();
|
||||
var newEmptyIdentity = new ClaimsIdentity();
|
||||
var identityTwo = new ClaimsIdentity("yep");
|
||||
newPrincipal.AddIdentity(newEmptyIdentity);
|
||||
newPrincipal.AddIdentity(identityTwo);
|
||||
|
||||
context.User = SecurityHelper.MergeUserPrincipal(context.User, newPrincipal);
|
||||
|
||||
// Preserve newPrincipal order
|
||||
context.User.Identity.IsAuthenticated.ShouldBe(false);
|
||||
context.User.Identity.Name.ShouldBe(null);
|
||||
|
||||
var principal = context.User;
|
||||
principal.Identities.Count().ShouldBe(4);
|
||||
principal.Identities.Skip(0).First().ShouldBe(newEmptyIdentity);
|
||||
principal.Identities.Skip(1).First().ShouldBe(identityTwo);
|
||||
principal.Identities.Skip(2).First().ShouldBe(identityNoAuthTypeWithClaim);
|
||||
principal.Identities.Skip(3).First().ShouldBe(identityEmptyWithAuthType);
|
||||
|
||||
// This merge should drop newEmptyIdentity since its empty
|
||||
context.User = SecurityHelper.MergeUserPrincipal(context.User, new GenericPrincipal(new GenericIdentity("Test3", "Gamma"), new string[0]));
|
||||
|
||||
context.User.Identity.AuthenticationType.ShouldBe("Gamma");
|
||||
context.User.Identity.Name.ShouldBe("Test3");
|
||||
|
||||
principal = context.User;
|
||||
principal.Identities.Count().ShouldBe(4);
|
||||
principal.Identities.Skip(0).First().Name.ShouldBe("Test3");
|
||||
principal.Identities.Skip(1).First().ShouldBe(identityTwo);
|
||||
principal.Identities.Skip(2).First().ShouldBe(identityNoAuthTypeWithClaim);
|
||||
principal.Identities.Skip(3).First().ShouldBe(identityEmptyWithAuthType);
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue