AuthZFilter should call into Service more

2016-05-24 14:42:54 -07:00 · 2016-05-24 14:42:54 -07:00 · f54a964815
parent 15f113ddb1
commit f54a964815
2 changed files with 31 additions and 4 deletions
--- a/src/Microsoft.AspNetCore.Mvc.Core/Authorization/AuthorizeFilter.cs
+++ b/src/Microsoft.AspNetCore.Mvc.Core/Authorization/AuthorizeFilter.cs
@ -39,7 +39,7 @@ namespace Microsoft.AspNetCore.Mvc.Authorization
        public AuthorizationPolicy Policy { get; }

        /// <inheritdoc />
-        public virtual async Task OnAuthorizationAsync(Filters.AuthorizationFilterContext context)
+        public virtual async Task OnAuthorizationAsync(AuthorizationFilterContext context)
        {
            if (context == null)
            {
@ -76,9 +76,7 @@ namespace Microsoft.AspNetCore.Mvc.Authorization
            var authService = httpContext.RequestServices.GetRequiredService<IAuthorizationService>();

            // Note: Default Anonymous User is new ClaimsPrincipal(new ClaimsIdentity())
-            if (httpContext.User == null ||
-                !httpContext.User.Identities.Any(i => i.IsAuthenticated) ||
-                !await authService.AuthorizeAsync(httpContext.User, context, Policy))
+            if (!await authService.AuthorizeAsync(httpContext.User, context, Policy))
            {
                context.Result = new ChallengeResult(Policy.AuthenticationSchemes.ToArray());
            }
--- a/test/Microsoft.AspNetCore.Mvc.Core.Test/Authorization/AuthorizeFilterTest.cs
+++ b/test/Microsoft.AspNetCore.Mvc.Core.Test/Authorization/AuthorizeFilterTest.cs
@ -26,6 +26,35 @@ namespace Microsoft.AspNetCore.Mvc.Authorization
            Assert.True(authorizationContext.HttpContext.User.Identities.Any(i => i.IsAuthenticated));
        }

+        [Fact]
+        public async Task AuthorizeFilterCanAuthorizeNonAuthenticatedUser()
+        {
+            // Arrange
+            var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build());
+            var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization(), anonymous: true);
+            authorizationContext.HttpContext.User = new ClaimsPrincipal();
+
+            // Act
+            await authorizeFilter.OnAuthorizationAsync(authorizationContext);
+
+            // Assert
+            Assert.Null(authorizationContext.Result);
+        }
+
+        [Fact]
+        public async Task AuthorizeFilterCanAuthorizeNullUser()
+        {
+            // Arrange
+            var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build());
+            var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization(), anonymous: true);
+
+            // Act
+            await authorizeFilter.OnAuthorizationAsync(authorizationContext);
+
+            // Assert
+            Assert.Null(authorizationContext.Result);
+        }
+
        [Fact]
        public async Task Invoke_ValidClaimShouldNotFail()
        {