public void Validation()
{
Authenticator a = new Authenticator(
new SecurityTokenAuthenticator [] {
new CustomUserNameSecurityTokenAuthenticator(UserNamePasswordValidator.None),
new X509SecurityTokenAuthenticator(X509CertificateValidator.None),
});
PolicyCollection pl = a.ValidateToken(GetSamlToken());
Assert.AreEqual(1, pl.Count, "#1");
IAuthorizationPolicy p = pl [0];
Assert.AreEqual(ClaimSet.System, p.Issuer, "#2");
TestEvaluationContext ec = new TestEvaluationContext();
object o = null;
Assert.IsTrue(p.Evaluate(ec, ref o), "#3");
Assert.AreEqual(DateTime.MaxValue.AddDays(-1), ec.ExpirationTime, "#4");
IList <IIdentity> identities = ec.Properties ["Identities"] as IList <IIdentity>;
Assert.IsNotNull(identities, "#5");
Assert.AreEqual(1, identities.Count, "#6");
IIdentity ident = identities [0];
Assert.AreEqual(true, ident.IsAuthenticated, "#6-2");
// it's implementation details.
//Assert.AreEqual ("NoneUserNamePasswordValidator", ident.AuthenticationType, "#6-3");
Assert.AreEqual("mono", ident.Name, "#6-4");
Assert.AreEqual(1, ec.ClaimSets.Count, "#7");
Assert.IsTrue(p.Evaluate(ec, ref o), "#8");
identities = ec.Properties ["Identities"] as IList <IIdentity>;
Assert.AreEqual(2, identities.Count, "#9");
Assert.AreEqual(2, ec.ClaimSets.Count, "#10");
}
public void Check_PoliciesCanMutateUsersClaims()
{
// Arrange
var user = new ClaimsPrincipal(
new ClaimsIdentity(new Claim[0], "Basic")
);
var policies = new IAuthorizationPolicy[] {
new FakePolicy() {
ApplyAsyncAction = (context) => {
if (!context.Authorized)
{
context.UserClaims.Add(new Claim("Permission", "CanDeleteComments"));
context.Retry = true;
}
}
}
};
var authorizationService = new DefaultAuthorizationService(policies);
// Act
var allowed = authorizationService.Authorize(new Claim("Permission", "CanDeleteComments"), user);
// Assert
Assert.True(allowed);
}
public async Task Invoke(HttpContext context, IAuthorizationService authorizationService)
{
HttpResponse response = context.Response;
try {
await _next(context);
}
catch (UnauthorizedArgumentException) {
response.Clear();
response.StatusCode = StatusCodes.Status403Forbidden;
}
//
// Handle only 401 and 403
if (response.StatusCode != StatusCodes.Status403Forbidden &&
response.StatusCode != StatusCodes.Status401Unauthorized)
{
return;
}
//
// Get uncompleted AuthorizationPolicy
AuthorizationHandlerContext azContext = context.GetAuthorizationHandlerContext();
IAuthorizationPolicy policy = (IAuthorizationPolicy)azContext?.PendingRequirements.Where(r => r is IAuthorizationPolicy).FirstOrDefault() ?? null;
//
// Do Challenge
if (policy != null)
{
await policy.Challenge(context);
}
}
public void Check_ShouldApplyPoliciesInOrder()
{
// Arrange
string result = "";
var policies = new IAuthorizationPolicy[] {
new FakePolicy()
{
Order = 20,
ApplyingAsyncAction = (context) => { result += "20"; }
},
new FakePolicy()
{
Order = -1,
ApplyingAsyncAction = (context) => { result += "-1"; }
},
new FakePolicy()
{
Order = 30,
ApplyingAsyncAction = (context) => { result += "30"; }
},
};
var authorizationService = new DefaultAuthorizationService(policies);
// Act
var allowed = authorizationService.Authorize(Enumerable.Empty <Claim>(), null);
// Assert
Assert.Equal("-12030", result);
}
public override IAuthorizationPolicy CreatePolicy(ClaimSet issuer, SamlSecurityTokenAuthenticator samlAuthenticator)
{
if (issuer == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("issuer");
// SupportingTokenAuthenticator collection can be null when the Subject does not
// contain a key.
if (this.policy == null)
{
List<ClaimSet> claimSets = new List<ClaimSet>();
ClaimSet subjectKeyClaimset = this.subject.ExtractSubjectKeyClaimSet(samlAuthenticator);
if (subjectKeyClaimset != null)
claimSets.Add(subjectKeyClaimset);
List<Claim> claims = new List<Claim>();
ReadOnlyCollection<Claim> subjectClaims = this.subject.ExtractClaims();
for (int i = 0; i < subjectClaims.Count; ++i)
{
claims.Add(subjectClaims[i]);
}
AddClaimsToList(claims);
claimSets.Add(new DefaultClaimSet(issuer, claims));
this.policy = new UnconditionalPolicy(this.subject.Identity, claimSets.AsReadOnly(), SecurityUtils.MaxUtcDateTime);
}
return this.policy;
}
public void Check_ApplyCanMutateCheckedClaims()
{
// Arrange
var user = new ClaimsPrincipal(
new ClaimsIdentity(new Claim[] { new Claim("Permission", "CanDeleteComments") }, "Basic")
);
var policies = new IAuthorizationPolicy[] {
new FakePolicy()
{
ApplyAsyncAction = (context) => {
// for instance, if user owns the comment
if (!context.Claims.Any(claim => claim.Type == "Permission" && claim.Value == "CanDeleteComments"))
{
context.Claims.Add(new Claim("Permission", "CanDeleteComments"));
context.Retry = true;
}
}
}
};
var authorizationService = new DefaultAuthorizationService(policies);
// Act
var allowed = authorizationService.Authorize(Enumerable.Empty <Claim>(), user);
// Assert
Assert.True(allowed);
}
public void Validation()
{
X509Certificate2 cert = new X509Certificate2(TestResourceHelper.GetFullPathOfResource("Test/Resources/test.cer"));
Authenticator a = new Authenticator(
X509CertificateValidator.None);
PolicyCollection pl = a.ValidateToken(new X509SecurityToken(cert));
Assert.AreEqual(1, pl.Count, "#1");
IAuthorizationPolicy p = pl [0];
Assert.AreEqual(ClaimSet.System, p.Issuer, "#2");
TestEvaluationContext ec = new TestEvaluationContext();
object o = null;
Assert.IsTrue(p.Evaluate(ec, ref o), "#3");
// mhm, should this really be converted to UTC?
Assert.AreEqual(cert.NotAfter.ToUniversalTime(), ec.ExpirationTime, "#4");
IList <IIdentity> identities = ec.Properties ["Identities"] as IList <IIdentity>;
Assert.IsNotNull(identities, "#5");
Assert.AreEqual(1, identities.Count, "#6");
IIdentity ident = identities [0];
Assert.AreEqual(true, ident.IsAuthenticated, "#6-2");
Assert.AreEqual("X509", ident.AuthenticationType, "#6-3");
//Assert.AreEqual (cert.SubjectName.Name + "; " + cert.Thumbprint, ident.Name, "#6-4");
Assert.AreEqual(1, ec.ClaimSets.Count, "#7");
Assert.IsTrue(p.Evaluate(ec, ref o), "#8");
identities = ec.Properties ["Identities"] as IList <IIdentity>;
Assert.AreEqual(2, identities.Count, "#9");
Assert.AreEqual(2, ec.ClaimSets.Count, "#10");
}
/// <summary>
/// Combines the specified <paramref name="policy"/> into the current instance.
/// </summary>
/// <param name="policy">The <see cref="IAuthorizationPolicy"/> to combine.</param>
/// <returns>A reference to this instance after the operation has completed.</returns>
public AuthorizationPolicyBuilder Combine(IAuthorizationPolicy policy)
{
Contract.Requires(policy != null);
AddRequirements(policy.Requirements.ToArray());
return(this);
}
public MatchesForTeamController(IGlobalSettings globalSettings,
IUmbracoContextAccessor umbracoContextAccessor,
ServiceContext serviceContext,
AppCaches appCaches,
IProfilingLogger profilingLogger,
UmbracoHelper umbracoHelper,
ITeamDataSource teamDataSource,
IMatchFilterFactory matchFilterFactory,
IMatchListingDataSource matchDataSource,
IDateTimeFormatter dateFormatter,
ICreateMatchSeasonSelector createMatchSeasonSelector,
IAuthorizationPolicy <Team> authorizationPolicy,
IMatchFilterQueryStringParser matchFilterQueryStringParser,
IMatchFilterHumanizer matchFilterHumanizer)
: base(globalSettings, umbracoContextAccessor, serviceContext, appCaches, profilingLogger, umbracoHelper)
{
_teamDataSource = teamDataSource ?? throw new ArgumentNullException(nameof(teamDataSource));
_matchFilterFactory = matchFilterFactory ?? throw new ArgumentNullException(nameof(matchFilterFactory));
_matchDataSource = matchDataSource ?? throw new ArgumentNullException(nameof(matchDataSource));
_dateFormatter = dateFormatter ?? throw new ArgumentNullException(nameof(dateFormatter));
_createMatchSeasonSelector = createMatchSeasonSelector ?? throw new ArgumentNullException(nameof(createMatchSeasonSelector));
_authorizationPolicy = authorizationPolicy ?? throw new ArgumentNullException(nameof(authorizationPolicy));
_matchFilterQueryStringParser = matchFilterQueryStringParser ?? throw new ArgumentNullException(nameof(matchFilterQueryStringParser));
_matchFilterHumanizer = matchFilterHumanizer ?? throw new ArgumentNullException(nameof(matchFilterHumanizer));
}
public AuthorizationPolicy()
{
var builder = new AuthorizationPolicyBuilder(this.GetType().FullName);
Build(builder);
_inner = builder.Build();
}
public TodoController(IResourceManager <Server.Todo> todoManager, IHttpSessionManager httpSessionManager, IAuthorizationPolicy <Server.Todo> authorizationPolicy)
: base(todoManager, httpSessionManager, authorizationPolicy, keyGenerator: t => Guid.NewGuid().ToString(), modelValidator: new TodoValidator())
{
this.todoManager_ = todoManager;
this.httpSessionManager_ = httpSessionManager;
this.authorizationPolicy_ = authorizationPolicy;
}
public void Check_ApplyCanMutateCheckedClaims()
{
// Arrange
var user = new ClaimsPrincipal(
new ClaimsIdentity( new Claim[] { new Claim("Permission", "CanDeleteComments") }, "Basic")
);
var policies = new IAuthorizationPolicy[] {
new FakePolicy() {
ApplyAsyncAction = (context) => {
// for instance, if user owns the comment
if(!context.Claims.Any(claim => claim.Type == "Permission" && claim.Value == "CanDeleteComments"))
{
context.Claims.Add(new Claim("Permission", "CanDeleteComments"));
context.Retry = true;
}
}
}
};
var authorizationService = new DefaultAuthorizationService(policies);
// Act
var allowed = authorizationService.Authorize(Enumerable.Empty<Claim>(), user);
// Assert
Assert.True(allowed);
}
public override IAuthorizationPolicy CreatePolicy(ClaimSet issuer, SamlSecurityTokenAuthenticator samlAuthenticator)
{
if (issuer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("issuer");
}
if (this.policy == null)
{
List<ClaimSet> list = new List<ClaimSet>();
ClaimSet item = this.subject.ExtractSubjectKeyClaimSet(samlAuthenticator);
if (item != null)
{
list.Add(item);
}
List<Claim> claims = new List<Claim>();
ReadOnlyCollection<Claim> onlys = this.subject.ExtractClaims();
for (int i = 0; i < onlys.Count; i++)
{
claims.Add(onlys[i]);
}
this.AddClaimsToList(claims);
list.Add(new DefaultClaimSet(issuer, claims));
this.policy = new UnconditionalPolicy(this.subject.Identity, list.AsReadOnly(), System.IdentityModel.SecurityUtils.MaxUtcDateTime);
}
return this.policy;
}
public virtual IIdentity ResolveIdentity(SecurityToken token)
{
if (token == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token");
}
for (int i = 0; i < this.supportingAuthenticators.Count; ++i)
{
if (this.supportingAuthenticators[i].CanValidateToken(token))
{
ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies = this.supportingAuthenticators[i].ValidateToken(token);
if (authorizationPolicies != null && authorizationPolicies.Count != 0)
{
for (int j = 0; j < authorizationPolicies.Count; ++j)
{
IAuthorizationPolicy policy = authorizationPolicies[j];
if (policy is UnconditionalPolicy)
{
return(((UnconditionalPolicy)policy).PrimaryIdentity);
}
}
}
}
}
return(null);
}
public void Check_PoliciesCanMutateUsersClaims()
{
// Arrange
var user = new ClaimsPrincipal(
new ClaimsIdentity(new Claim[0], "Basic")
);
var policies = new IAuthorizationPolicy[] {
new FakePolicy()
{
ApplyAsyncAction = (context) => {
if (!context.Authorized)
{
context.UserClaims.Add(new Claim("Permission", "CanDeleteComments"));
context.Retry = true;
}
}
}
};
var authorizationService = new DefaultAuthorizationService(policies);
// Act
var allowed = authorizationService.Authorize(new Claim("Permission", "CanDeleteComments"), user);
// Assert
Assert.True(allowed);
}
public override IAuthorizationPolicy CreatePolicy(ClaimSet issuer, SamlSecurityTokenAuthenticator samlAuthenticator)
{
if (issuer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("issuer");
}
if (this.policy == null)
{
List <ClaimSet> list = new List <ClaimSet>();
ClaimSet item = this.subject.ExtractSubjectKeyClaimSet(samlAuthenticator);
if (item != null)
{
list.Add(item);
}
List <Claim> claims = new List <Claim>();
ReadOnlyCollection <Claim> onlys = this.subject.ExtractClaims();
for (int i = 0; i < onlys.Count; i++)
{
claims.Add(onlys[i]);
}
this.AddClaimsToList(claims);
list.Add(new DefaultClaimSet(issuer, claims));
this.policy = new UnconditionalPolicy(this.subject.Identity, list.AsReadOnly(), System.IdentityModel.SecurityUtils.MaxUtcDateTime);
}
return(this.policy);
}
public TestController(ITeamDataSource teamDataSource, ISeasonDataSource seasonDataSource, ICreateMatchSeasonSelector createMatchSeasonSelector, IEditMatchHelper editMatchHelper, Uri requestUrl,
IAuthorizationPolicy <Competition> competitionAuthorizationPolicy)
: base(
Mock.Of <IGlobalSettings>(),
Mock.Of <IUmbracoContextAccessor>(),
null,
AppCaches.NoCache,
Mock.Of <IProfilingLogger>(),
null,
teamDataSource,
seasonDataSource,
createMatchSeasonSelector,
editMatchHelper,
competitionAuthorizationPolicy)
{
var request = new Mock <HttpRequestBase>();
request.SetupGet(x => x.RawUrl).Returns(requestUrl.AbsolutePath);
var context = new Mock <HttpContextBase>();
context.SetupGet(x => x.Request).Returns(request.Object);
var controllerContext = new Mock <ControllerContext>();
controllerContext.Setup(p => p.HttpContext).Returns(context.Object);
controllerContext.Setup(p => p.HttpContext.User).Returns(new GenericPrincipal(new GenericIdentity("test"), null));
ControllerContext = controllerContext.Object;
}
public override IAuthorizationPolicy CreatePolicy(ClaimSet issuer, SamlSecurityTokenAuthenticator samlAuthenticator)
{
if (issuer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("issuer");
}
// SupportingTokenAuthenticator collection can be null when the Subject does not
// contain a key.
if (this.policy == null)
{
List <ClaimSet> claimSets = new List <ClaimSet>();
ClaimSet subjectKeyClaimset = this.subject.ExtractSubjectKeyClaimSet(samlAuthenticator);
if (subjectKeyClaimset != null)
{
claimSets.Add(subjectKeyClaimset);
}
List <Claim> claims = new List <Claim>();
ReadOnlyCollection <Claim> subjectClaims = this.subject.ExtractClaims();
for (int i = 0; i < subjectClaims.Count; ++i)
{
claims.Add(subjectClaims[i]);
}
AddClaimsToList(claims);
claimSets.Add(new DefaultClaimSet(issuer, claims));
this.policy = new UnconditionalPolicy(this.subject.Identity, claimSets.AsReadOnly(), SecurityUtils.MaxUtcDateTime);
}
return(this.policy);
}
public TournamentController(IGlobalSettings globalSettings,
IUmbracoContextAccessor umbracoContextAccessor,
ServiceContext serviceContext,
AppCaches appCaches,
IProfilingLogger profilingLogger,
UmbracoHelper umbracoHelper,
ITournamentDataSource tournamentDataSource,
IMatchListingDataSource matchDataSource,
IMatchFilterFactory matchFilterFactory,
ICommentsDataSource <Tournament> commentsDataSource,
IAuthorizationPolicy <Tournament> authorizationPolicy,
IDateTimeFormatter dateFormatter,
IEmailProtector emailProtector,
IBadLanguageFilter badLanguageFilter)
: base(globalSettings, umbracoContextAccessor, serviceContext, appCaches, profilingLogger, umbracoHelper)
{
_tournamentDataSource = tournamentDataSource ?? throw new ArgumentNullException(nameof(tournamentDataSource));
_matchDataSource = matchDataSource ?? throw new ArgumentNullException(nameof(matchDataSource));
_matchFilterFactory = matchFilterFactory ?? throw new ArgumentNullException(nameof(matchFilterFactory));
_commentsDataSource = commentsDataSource ?? throw new ArgumentNullException(nameof(commentsDataSource));
_authorizationPolicy = authorizationPolicy ?? throw new ArgumentNullException(nameof(authorizationPolicy));
_dateFormatter = dateFormatter ?? throw new ArgumentNullException(nameof(dateFormatter));
_emailProtector = emailProtector ?? throw new ArgumentNullException(nameof(emailProtector));
_badLanguageFilter = badLanguageFilter ?? throw new ArgumentNullException(nameof(badLanguageFilter));
}
public TestController(IMatchDataSource matchDataSource, ISeasonDataSource seasonDataSource, IEditMatchHelper editMatchHelper, Uri requestUrl, UmbracoHelper umbracoHelper,
IAuthorizationPolicy <Stoolball.Matches.Match> matchAuthorizationPolicy, IAuthorizationPolicy <Competition> competitionAuthorizationPolicy)
: base(
Mock.Of <IGlobalSettings>(),
Mock.Of <IUmbracoContextAccessor>(),
null,
AppCaches.NoCache,
Mock.Of <IProfilingLogger>(),
umbracoHelper,
matchDataSource,
matchAuthorizationPolicy,
competitionAuthorizationPolicy,
Mock.Of <IDateTimeFormatter>(),
seasonDataSource,
editMatchHelper)
{
var request = new Mock <HttpRequestBase>();
request.SetupGet(x => x.Url).Returns(requestUrl);
var context = new Mock <HttpContextBase>();
context.SetupGet(x => x.Request).Returns(request.Object);
var controllerContext = new Mock <ControllerContext>();
controllerContext.Setup(p => p.HttpContext).Returns(context.Object);
controllerContext.Setup(p => p.HttpContext.User).Returns(new GenericPrincipal(new GenericIdentity("test"), null));
ControllerContext = controllerContext.Object;
}
public override void AddClaimSet(
IAuthorizationPolicy authorizationPolicy,
ClaimSet claimSet)
{
generation++;
claim_set_map.Add(authorizationPolicy, claimSet);
claim_sets.Add(claimSet);
}
public EmployeeController(IEmployeeService employeeService, ApplicationDbContext dbContext,
IMapper mapper, ICurrentUser currentUser, IAuthorizationPolicy authorizationPolicy)
{
EmployeeService = employeeService;
DbContext = dbContext;
Mapper = mapper;
CurrentUser = currentUser;
Policies = authorizationPolicy;
}
/// <summary>
/// Add an authorization policy with the provided name.
/// </summary>
/// <param name="policy">The authorization policy.</param>
public void AddPolicy(IAuthorizationPolicy policy)
{
if (policy == null)
{
throw new ArgumentNullException(nameof(policy));
}
_policyMap.Add(policy.Name, policy);
}
public CreateSeasonSurfaceController(IUmbracoContextAccessor umbracoContextAccessor, IUmbracoDatabaseFactory umbracoDatabaseFactory, ServiceContext serviceContext,
AppCaches appCaches, ILogger logger, IProfilingLogger profilingLogger, UmbracoHelper umbracoHelper, ICompetitionDataSource competitionDataSource,
ISeasonRepository seasonRepository, IAuthorizationPolicy <Competition> authorizationPolicy)
: base(umbracoContextAccessor, umbracoDatabaseFactory, serviceContext, appCaches, logger, profilingLogger, umbracoHelper)
{
_competitionDataSource = competitionDataSource ?? throw new ArgumentNullException(nameof(competitionDataSource));
_seasonRepository = seasonRepository ?? throw new System.ArgumentNullException(nameof(seasonRepository));
_authorizationPolicy = authorizationPolicy ?? throw new ArgumentNullException(nameof(authorizationPolicy));
}
public CreateTeamSurfaceController(IUmbracoContextAccessor umbracoContextAccessor, IUmbracoDatabaseFactory umbracoDatabaseFactory, ServiceContext serviceContext,
AppCaches appCaches, ILogger logger, IProfilingLogger profilingLogger, UmbracoHelper umbracoHelper, ITeamRepository teamRepository,
IAuthorizationPolicy <Team> authorizationPolicy, ICacheOverride cacheOverride)
: base(umbracoContextAccessor, umbracoDatabaseFactory, serviceContext, appCaches, logger, profilingLogger, umbracoHelper)
{
_teamRepository = teamRepository ?? throw new System.ArgumentNullException(nameof(teamRepository));
_authorizationPolicy = authorizationPolicy ?? throw new System.ArgumentNullException(nameof(authorizationPolicy));
_cacheOverride = cacheOverride ?? throw new ArgumentNullException(nameof(cacheOverride));
}
public CreateMatchLocationSurfaceController(IUmbracoContextAccessor umbracoContextAccessor, IUmbracoDatabaseFactory umbracoDatabaseFactory, ServiceContext serviceContext,
AppCaches appCaches, ILogger logger, IProfilingLogger profilingLogger, UmbracoHelper umbracoHelper, IMatchLocationRepository matchLocationRepository,
IAuthorizationPolicy <MatchLocation> authorizationPolicy, IRouteGenerator routeGenerator, ICacheOverride cacheOverride)
: base(umbracoContextAccessor, umbracoDatabaseFactory, serviceContext, appCaches, logger, profilingLogger, umbracoHelper)
{
_matchLocationRepository = matchLocationRepository ?? throw new System.ArgumentNullException(nameof(matchLocationRepository));
_authorizationPolicy = authorizationPolicy ?? throw new System.ArgumentNullException(nameof(authorizationPolicy));
_routeGenerator = routeGenerator ?? throw new System.ArgumentNullException(nameof(routeGenerator));
_cacheOverride = cacheOverride ?? throw new ArgumentNullException(nameof(cacheOverride));
}
public ResourceActionHandler(IAuthorizationPolicy authorizationPolicy)
{
EnsureArg.IsNotNull(authorizationPolicy, nameof(authorizationPolicy));
_authorizationPolicy = authorizationPolicy;
foreach (ResourceAction resourceActionValue in Enum.GetValues(typeof(ResourceAction)))
{
_resourceActionLookup.Add(resourceActionValue.ToString(), resourceActionValue);
}
}
public AuthorizationPolicyValidator(
IJwksStore jwksStore,
IResourceSetRepository resourceSetRepository,
IEventPublisher eventPublisher)
{
_authorizationPolicy = new DefaultAuthorizationPolicy();
_jwksStore = jwksStore;
_resourceSetRepository = resourceSetRepository;
_eventPublisher = eventPublisher;
}
public DeleteClubSurfaceController(IUmbracoContextAccessor umbracoContextAccessor, IUmbracoDatabaseFactory umbracoDatabaseFactory, ServiceContext serviceContext,
AppCaches appCaches, ILogger logger, IProfilingLogger profilingLogger, UmbracoHelper umbracoHelper, IClubDataSource clubDataSource, IClubRepository clubRepository,
IAuthorizationPolicy <Club> authorizationPolicy, ICacheOverride cacheOverride)
: base(umbracoContextAccessor, umbracoDatabaseFactory, serviceContext, appCaches, logger, profilingLogger, umbracoHelper)
{
_clubDataSource = clubDataSource ?? throw new System.ArgumentNullException(nameof(clubDataSource));
_clubRepository = clubRepository ?? throw new System.ArgumentNullException(nameof(clubRepository));
_authorizationPolicy = authorizationPolicy ?? throw new System.ArgumentNullException(nameof(authorizationPolicy));
_cacheOverride = cacheOverride ?? throw new ArgumentNullException(nameof(cacheOverride));
}
public EditSeasonResultsTableSurfaceController(IUmbracoContextAccessor umbracoContextAccessor, IUmbracoDatabaseFactory umbracoDatabaseFactory, ServiceContext serviceContext,
AppCaches appCaches, ILogger logger, IProfilingLogger profilingLogger, UmbracoHelper umbracoHelper, ISeasonDataSource seasonDataSource,
ISeasonRepository seasonRepository, IAuthorizationPolicy <Competition> authorizationPolicy, IPostSaveRedirector postSaveRedirector)
: base(umbracoContextAccessor, umbracoDatabaseFactory, serviceContext, appCaches, logger, profilingLogger, umbracoHelper)
{
_seasonDataSource = seasonDataSource ?? throw new ArgumentNullException(nameof(seasonDataSource));
_seasonRepository = seasonRepository ?? throw new ArgumentNullException(nameof(seasonRepository));
_authorizationPolicy = authorizationPolicy ?? throw new ArgumentNullException(nameof(authorizationPolicy));
_postSaveRedirector = postSaveRedirector ?? throw new ArgumentNullException(nameof(postSaveRedirector));
}
/// <summary>
/// Given a collection of IAuthorizationPolicies this method will eliminate the IAuthorizationPolicy
/// that was created for the given transport Security Token. The method modifies the given collection
/// of IAuthorizationPolicy.
/// </summary>
/// <param name="transportToken">Client's Security Token provided at the transport layer.</param>
/// <param name="tranportTokenIdentities"></param>
/// <param name="baseAuthorizationPolicies">Collection of IAuthorizationPolicies that were created by WCF.</param>
static void EliminateTransportTokenPolicy(
SecurityToken transportToken,
IEnumerable <ClaimsIdentity> tranportTokenIdentities,
List <IAuthorizationPolicy> baseAuthorizationPolicies)
{
if (transportToken == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("transportToken");
}
if (tranportTokenIdentities == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tranportTokenIdentities");
}
if (baseAuthorizationPolicies == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("baseAuthorizationPolicy");
}
if (baseAuthorizationPolicies.Count == 0)
{
// This should never happen in our current configuration. IDFx token handlers do not validate
// client tokens present at the transport level. So we should atleast have one IAuthorizationPolicy
// that WCF generated for the transport token.
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("baseAuthorizationPolicy", SR.GetString(SR.ID0020));
}
//
// We will process one IAuthorizationPolicy at a time. Transport token will have been authenticated
// by WCF and would have created a IAuthorizationPolicy for the same. If the transport token is a X.509
// SecurityToken and 'mapToWindows' was set to true then the IAuthorizationPolicy that was created
// by WCF will have two Claimsets, a X509ClaimSet and a WindowsClaimSet. We need to prune out this case
// and ignore both these Claimsets as we have made a call to the token handler to authenticate this
// token above. If we create a AuthorizationContext using all the IAuthorizationPolicies then all
// the claimsets are merged and it becomes hard to identify this case.
//
IAuthorizationPolicy policyToEliminate = null;
foreach (IAuthorizationPolicy authPolicy in baseAuthorizationPolicies)
{
if (DoesPolicyMatchTransportToken(transportToken, tranportTokenIdentities, authPolicy))
{
policyToEliminate = authPolicy;
break;
}
}
if (policyToEliminate == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID4271, transportToken));
}
baseAuthorizationPolicies.Remove(policyToEliminate);
}
public EditCompetitionSurfaceController(IUmbracoContextAccessor umbracoContextAccessor, IUmbracoDatabaseFactory umbracoDatabaseFactory, ServiceContext serviceContext,
AppCaches appCaches, ILogger logger, IProfilingLogger profilingLogger, UmbracoHelper umbracoHelper, ICompetitionDataSource competitionDataSource,
ICompetitionRepository competitionRepository, IAuthorizationPolicy <Competition> authorizationPolicy, IPostSaveRedirector postSaveRedirector, ICacheOverride cacheOverride)
: base(umbracoContextAccessor, umbracoDatabaseFactory, serviceContext, appCaches, logger, profilingLogger, umbracoHelper)
{
_competitionDataSource = competitionDataSource ?? throw new ArgumentNullException(nameof(competitionDataSource));
_competitionRepository = competitionRepository ?? throw new ArgumentNullException(nameof(competitionRepository));
_authorizationPolicy = authorizationPolicy ?? throw new ArgumentNullException(nameof(authorizationPolicy));
_postSaveRedirector = postSaveRedirector ?? throw new ArgumentNullException(nameof(postSaveRedirector));
_cacheOverride = cacheOverride ?? throw new ArgumentNullException(nameof(cacheOverride));
}
public override void AddClaimSet(IAuthorizationPolicy policy, ClaimSet claimSet)
{
if (claimSet == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("claimSet");
if (_claimSets == null)
_claimSets = new List<ClaimSet>();
_claimSets.Add(claimSet);
++_generation;
}
public CreateClubController(IGlobalSettings globalSettings,
IUmbracoContextAccessor umbracoContextAccessor,
ServiceContext serviceContext,
AppCaches appCaches,
IProfilingLogger profilingLogger,
UmbracoHelper umbracoHelper,
IAuthorizationPolicy <Club> authorizationPolicy)
: base(globalSettings, umbracoContextAccessor, serviceContext, appCaches, profilingLogger, umbracoHelper)
{
_authorizationPolicy = authorizationPolicy ?? throw new System.ArgumentNullException(nameof(authorizationPolicy));
}
public EditTournamentSeasonsSurfaceController(IUmbracoContextAccessor umbracoContextAccessor, IUmbracoDatabaseFactory umbracoDatabaseFactory, ServiceContext serviceContext,
AppCaches appCaches, ILogger logger, IProfilingLogger profilingLogger, UmbracoHelper umbracoHelper, ITournamentDataSource tournamentDataSource, ICacheClearer <Tournament> cacheClearer,
ITournamentRepository tournamentRepository, IAuthorizationPolicy <Tournament> authorizationPolicy, IPostSaveRedirector postSaveRedirector)
: base(umbracoContextAccessor, umbracoDatabaseFactory, serviceContext, appCaches, logger, profilingLogger, umbracoHelper)
{
_tournamentDataSource = tournamentDataSource ?? throw new ArgumentNullException(nameof(tournamentDataSource));
_cacheClearer = cacheClearer ?? throw new ArgumentNullException(nameof(cacheClearer));
_tournamentRepository = tournamentRepository ?? throw new ArgumentNullException(nameof(tournamentRepository));
_authorizationPolicy = authorizationPolicy ?? throw new ArgumentNullException(nameof(authorizationPolicy));
_postSaveRedirector = postSaveRedirector ?? throw new ArgumentNullException(nameof(postSaveRedirector));
}
public override void AddClaimSet(IAuthorizationPolicy policy, ClaimSet claimSet)
{
if (claimSet == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("claimSet");
}
if (this.claimSets == null)
{
this.claimSets = new List<ClaimSet>();
}
this.claimSets.Add(claimSet);
this.generation++;
}
public void Check_ShouldConvertNullClaimsToEmptyList()
{
// Arrange
IList<Claim> claims = null;
var policies = new IAuthorizationPolicy[] {
new FakePolicy() {
Order = 20,
ApplyingAsyncAction = (context) => { claims = context.Claims; }
}
};
var authorizationService = new DefaultAuthorizationService(policies);
// Act
var allowed = authorizationService.Authorize(Enumerable.Empty<Claim>(), null);
// Assert
Assert.NotNull(claims);
Assert.Equal(0, claims.Count);
}
public abstract void AddClaimSet(IAuthorizationPolicy policy, ClaimSet claimSet);
public override void AddClaimSet (
IAuthorizationPolicy authorizationPolicy,
ClaimSet claimSet)
{
generation++;
claim_set_map.Add (authorizationPolicy, claimSet);
claim_sets.Add (claimSet);
}
public void Check_ShouldThrowWhenPoliciesDontStop()
{
// Arrange
var policies = new IAuthorizationPolicy[] {
new FakePolicy() {
ApplyAsyncAction = (context) => { context.Retry = true; }
}
};
var authorizationService = new DefaultAuthorizationService(policies);
// Act
// Assert
Exception ex = Assert.Throws<AggregateException>(() => authorizationService.Authorize(Enumerable.Empty<Claim>(), null));
}
public void Check_ShouldInvokeApplyingApplyAppliedInOrder()
{
// Arrange
string result = "";
var policies = new IAuthorizationPolicy[] {
new FakePolicy() {
Order = 20,
ApplyingAsyncAction = (context) => { result += "Applying20"; },
ApplyAsyncAction = (context) => { result += "Apply20"; },
AppliedAsyncAction = (context) => { result += "Applied20"; }
},
new FakePolicy() {
Order = -1,
ApplyingAsyncAction = (context) => { result += "Applying-1"; },
ApplyAsyncAction = (context) => { result += "Apply-1"; },
AppliedAsyncAction = (context) => { result += "Applied-1"; }
},
new FakePolicy() {
Order = 30,
ApplyingAsyncAction = (context) => { result += "Applying30"; },
ApplyAsyncAction = (context) => { result += "Apply30"; },
AppliedAsyncAction = (context) => { result += "Applied30"; }
},
};
var authorizationService = new DefaultAuthorizationService(policies);
// Act
var allowed = authorizationService.Authorize(Enumerable.Empty<Claim>(), null);
// Assert
Assert.Equal("Applying-1Applying20Applying30Apply-1Apply20Apply30Applied-1Applied20Applied30", result);
}
public AuthorizationPolicyResult(IAuthorizationPolicy policy, AuthorizationRight rights)
{
_rights = rights;
_policy = Description.For(policy);
}
public override void AddClaimSet (IAuthorizationPolicy policy, ClaimSet claimSet)
{
claim_sets.Add (claimSet);
}
