public bool TryAuthorize(string authorization,
string key,
[NotNullWhen(false)] out IActionResult?failure,
[NotNullWhen(true)] out IServerInstance?instance)
{
instance = null;
if (!AuthorizationUtility.TryParseBasicAuthentication(authorization, out failure, out var authKey,
out var token))
{
return(false);
}
if (authKey != key)
{
failure = Forbid();
return(false);
}
if (!_serverManager.TryGetInstance(key, out instance))
{
failure = NotFound();
return(false);
}
// TODO: we probably need constant-time comparisons for this?
// Maybe?
if (token != instance.Secret)
{
failure = Unauthorized();
return(false);
}
return(true);
}
public void ClaimedPrincipalAuthorizationTests(AuthorizationLevel[] principalLevel, AuthorizationLevel requiredLevel, bool expectSuccess)
{
ClaimsPrincipal principal = CreatePrincipal(principalLevel);
bool result = AuthorizationUtility.PrincipalHasAuthLevelClaim(principal, requiredLevel);
Assert.Equal(expectSuccess, result);
}
