public async Task <IActionResult> ExtensionWebHookHandler(string name, CancellationToken token, [FromServices] IScriptWebHookProvider provider)
{
if (provider.TryGetHandler(name, out HttpHandler handler))
{
// must either be authorized at the admin level, or system level with
// a matching key name
string keyName = DefaultScriptWebHookProvider.GetKeyName(name);
if (!AuthUtility.PrincipalHasAuthLevelClaim(User, AuthorizationLevel.System, keyName))
{
return(Unauthorized());
}
var requestMessage = new HttpRequestMessageFeature(this.HttpContext).HttpRequestMessage;
HttpResponseMessage response = await handler.ConvertAsync(requestMessage, token);
var result = new ObjectResult(response);
result.Formatters.Add(new HttpResponseMessageOutputFormatter());
return(result);
}
return(NotFound());
}
public async Task <IActionResult> ExtensionWebHookHandler(string name, CancellationToken token, [FromServices] IScriptWebHookProvider provider)
{
if (provider.TryGetHandler(name, out HttpHandler handler))
{
string keyName = DefaultScriptWebHookProvider.GetKeyName(name);
var authResult = await _authorizationService.AuthorizeAsync(User, keyName, PolicyNames.SystemAuthLevel);
if (!authResult.Succeeded)
{
return(Unauthorized());
}
var requestMessage = new HttpRequestMessageFeature(this.HttpContext).HttpRequestMessage;
HttpResponseMessage response = await handler.ConvertAsync(requestMessage, token);
var result = new ObjectResult(response);
result.Formatters.Add(new HttpResponseMessageOutputFormatter());
return(result);
}
return(NotFound());
}
public static void AddScriptPolicies(this AuthorizationOptions options)
{
options.AddPolicy(PolicyNames.AdminAuthLevel, p =>
{
p.AddScriptAuthenticationSchemes();
p.AddRequirements(new AuthLevelRequirement(AuthorizationLevel.Admin));
});
options.AddPolicy(PolicyNames.SystemAuthLevel, p =>
{
p.AddScriptAuthenticationSchemes();
p.AddRequirements(new AuthLevelRequirement(AuthorizationLevel.System));
});
options.AddPolicy(PolicyNames.AdminAuthLevelOrInternal, p =>
{
p.AddScriptAuthenticationSchemes();
p.RequireAssertion(async c =>
{
if (c.Resource is AuthorizationFilterContext filterContext)
{
if (filterContext.HttpContext.Request.IsAppServiceInternalRequest())
{
return(true);
}
var authorizationService = filterContext.HttpContext.RequestServices.GetRequiredService <IAuthorizationService>();
AuthorizationResult result = await authorizationService.AuthorizeAsync(c.User, PolicyNames.AdminAuthLevel);
return(result.Succeeded);
}
return(false);
});
});
options.AddPolicy(PolicyNames.SystemKeyAuthLevel, p =>
{
p.AddScriptAuthenticationSchemes();
p.RequireAssertion(c =>
{
if (c.Resource is AuthorizationFilterContext filterContext)
{
if (filterContext.HttpContext.Request.IsAppServiceInternalRequest())
{
return(true);
}
string keyName = null;
object keyNameObject = filterContext.RouteData.Values["extensionName"];
if (keyNameObject != null)
{
keyName = DefaultScriptWebHookProvider.GetKeyName(keyNameObject.ToString());
}
else
{
keyNameObject = filterContext.RouteData.Values["keyName"];
if (keyNameObject != null)
{
keyName = keyNameObject.ToString();
}
}
if (!string.IsNullOrEmpty(keyName) && AuthUtility.PrincipalHasAuthLevelClaim(filterContext.HttpContext.User, AuthorizationLevel.System, keyName))
{
return(true);
}
}
return(false);
});
});
}
