public bool TryAuthorize(string authorization, string key, [NotNullWhen(false)] out IActionResult?failure, [NotNullWhen(true)] out IServerInstance?instance) { instance = null; if (!AuthorizationUtility.TryParseBasicAuthentication(authorization, out failure, out var authKey, out var token)) { return(false); } if (authKey != key) { failure = Forbid(); return(false); } if (!_serverManager.TryGetInstance(key, out instance)) { failure = NotFound(); return(false); } // TODO: we probably need constant-time comparisons for this? // Maybe? if (token != instance.Secret) { failure = Unauthorized(); return(false); } return(true); }
public void ClaimedPrincipalAuthorizationTests(AuthorizationLevel[] principalLevel, AuthorizationLevel requiredLevel, bool expectSuccess) { ClaimsPrincipal principal = CreatePrincipal(principalLevel); bool result = AuthorizationUtility.PrincipalHasAuthLevelClaim(principal, requiredLevel); Assert.Equal(expectSuccess, result); }