AuthZFilter should call into Service more

This commit is contained in:
Hao Kung 2016-05-24 14:42:54 -07:00
parent 15f113ddb1
commit f54a964815
2 changed files with 31 additions and 4 deletions

View File

@ -39,7 +39,7 @@ namespace Microsoft.AspNetCore.Mvc.Authorization
public AuthorizationPolicy Policy { get; } public AuthorizationPolicy Policy { get; }
/// <inheritdoc /> /// <inheritdoc />
public virtual async Task OnAuthorizationAsync(Filters.AuthorizationFilterContext context) public virtual async Task OnAuthorizationAsync(AuthorizationFilterContext context)
{ {
if (context == null) if (context == null)
{ {
@ -76,9 +76,7 @@ namespace Microsoft.AspNetCore.Mvc.Authorization
var authService = httpContext.RequestServices.GetRequiredService<IAuthorizationService>(); var authService = httpContext.RequestServices.GetRequiredService<IAuthorizationService>();
// Note: Default Anonymous User is new ClaimsPrincipal(new ClaimsIdentity()) // Note: Default Anonymous User is new ClaimsPrincipal(new ClaimsIdentity())
if (httpContext.User == null || if (!await authService.AuthorizeAsync(httpContext.User, context, Policy))
!httpContext.User.Identities.Any(i => i.IsAuthenticated) ||
!await authService.AuthorizeAsync(httpContext.User, context, Policy))
{ {
context.Result = new ChallengeResult(Policy.AuthenticationSchemes.ToArray()); context.Result = new ChallengeResult(Policy.AuthenticationSchemes.ToArray());
} }

View File

@ -26,6 +26,35 @@ namespace Microsoft.AspNetCore.Mvc.Authorization
Assert.True(authorizationContext.HttpContext.User.Identities.Any(i => i.IsAuthenticated)); Assert.True(authorizationContext.HttpContext.User.Identities.Any(i => i.IsAuthenticated));
} }
[Fact]
public async Task AuthorizeFilterCanAuthorizeNonAuthenticatedUser()
{
// Arrange
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build());
var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization(), anonymous: true);
authorizationContext.HttpContext.User = new ClaimsPrincipal();
// Act
await authorizeFilter.OnAuthorizationAsync(authorizationContext);
// Assert
Assert.Null(authorizationContext.Result);
}
[Fact]
public async Task AuthorizeFilterCanAuthorizeNullUser()
{
// Arrange
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build());
var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization(), anonymous: true);
// Act
await authorizeFilter.OnAuthorizationAsync(authorizationContext);
// Assert
Assert.Null(authorizationContext.Result);
}
[Fact] [Fact]
public async Task Invoke_ValidClaimShouldNotFail() public async Task Invoke_ValidClaimShouldNotFail()
{ {