This commit is contained in:
parent
96f55fcf25
commit
f4f5b16e93
|
|
@ -102,10 +102,27 @@ namespace Microsoft.AspNetCore.Components
|
||||||
private async Task<bool> IsAuthorizedAsync(ClaimsPrincipal user)
|
private async Task<bool> IsAuthorizedAsync(ClaimsPrincipal user)
|
||||||
{
|
{
|
||||||
var authorizeData = GetAuthorizeData();
|
var authorizeData = GetAuthorizeData();
|
||||||
|
EnsureNoAuthenticationSchemeSpecified(authorizeData);
|
||||||
|
|
||||||
var policy = await AuthorizationPolicy.CombineAsync(
|
var policy = await AuthorizationPolicy.CombineAsync(
|
||||||
AuthorizationPolicyProvider, authorizeData);
|
AuthorizationPolicyProvider, authorizeData);
|
||||||
var result = await AuthorizationService.AuthorizeAsync(user, Resource, policy);
|
var result = await AuthorizationService.AuthorizeAsync(user, Resource, policy);
|
||||||
return result.Succeeded;
|
return result.Succeeded;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private static void EnsureNoAuthenticationSchemeSpecified(IAuthorizeData[] authorizeData)
|
||||||
|
{
|
||||||
|
// It's not meaningful to specify a nonempty scheme, since by the time Components
|
||||||
|
// authorization runs, we already have a specific ClaimsPrincipal (we're stateful).
|
||||||
|
// To avoid any confusion, ensure the developer isn't trying to specify a scheme.
|
||||||
|
for (var i = 0; i < authorizeData.Length; i++)
|
||||||
|
{
|
||||||
|
var entry = authorizeData[i];
|
||||||
|
if (!string.IsNullOrEmpty(entry.AuthenticationSchemes))
|
||||||
|
{
|
||||||
|
throw new NotSupportedException($"The authorization data specifies an authentication scheme with value '{entry.AuthenticationSchemes}'. Authentication schemes cannot be specified for components.");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -427,6 +427,24 @@ namespace Microsoft.AspNetCore.Components
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[Fact]
|
||||||
|
public void RejectsNonemptyScheme()
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
var authorizationService = new TestAuthorizationService();
|
||||||
|
var renderer = CreateTestRenderer(authorizationService);
|
||||||
|
var rootComponent = new TestAuthStateProviderComponent(builder =>
|
||||||
|
{
|
||||||
|
builder.OpenComponent<AuthorizeViewCoreWithScheme>(0);
|
||||||
|
builder.CloseComponent();
|
||||||
|
});
|
||||||
|
renderer.AssignRootComponentId(rootComponent);
|
||||||
|
|
||||||
|
// Act/Assert
|
||||||
|
var ex = Assert.Throws<NotSupportedException>(rootComponent.TriggerRender);
|
||||||
|
Assert.Equal("The authorization data specifies an authentication scheme with value 'test scheme'. Authentication schemes cannot be specified for components.", ex.Message);
|
||||||
|
}
|
||||||
|
|
||||||
private static TestAuthStateProviderComponent WrapInAuthorizeView(
|
private static TestAuthStateProviderComponent WrapInAuthorizeView(
|
||||||
RenderFragment<AuthenticationState> childContent = null,
|
RenderFragment<AuthenticationState> childContent = null,
|
||||||
RenderFragment<AuthenticationState> authorizedContent = null,
|
RenderFragment<AuthenticationState> authorizedContent = null,
|
||||||
|
|
@ -557,5 +575,11 @@ namespace Microsoft.AspNetCore.Components
|
||||||
{
|
{
|
||||||
public string PolicyName { get; set; }
|
public string PolicyName { get; set; }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public class AuthorizeViewCoreWithScheme : AuthorizeViewCore
|
||||||
|
{
|
||||||
|
protected override IAuthorizeData[] GetAuthorizeData()
|
||||||
|
=> new[] { new AuthorizeAttribute { AuthenticationSchemes = "test scheme" } };
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue