public static bool ChallengeClientRead(this HttpContext source, ConfigServerOptions option, ConfigurationClient client, IHttpResponseFactory responseFactory)
{
if (client == null)
{
responseFactory.BuildNotFoundStatusResponse(source);
return(false);
}
if (string.IsNullOrWhiteSpace(option.ClientReadClaimType) || string.IsNullOrWhiteSpace(client.ReadClaim))
{
return(source.ChallengeAuthentication(option.AllowAnomynousAccess, responseFactory));
}
//If we have an expected claim then we do not want to allow anomynous
if (!source.ChallengeAuthentication(false, responseFactory))
{
return(false);
}
if (!source.User.HasClaim(c => option.ClientReadClaimType.Equals(c.Type, StringComparison.OrdinalIgnoreCase) && client.ReadClaim.Equals(c.Value, StringComparison.OrdinalIgnoreCase)))
{
responseFactory.BuildStatusResponse(source, 403);
return(false);
}
return(true);
}
public static bool ChallengeClientConfiguratorOrAdmin(this HttpContext source, ConfigServerOptions option, ConfigurationClient client, IHttpResponseFactory responseFactory)
{
if (client == null)
{
responseFactory.BuildNotFoundStatusResponse(source);
return(false);
}
if (string.IsNullOrWhiteSpace(option.ClientAdminClaimType) || string.IsNullOrWhiteSpace(option.ClientConfiguratorClaimType) || string.IsNullOrWhiteSpace(client.ConfiguratorClaim))
{
return(source.ChallengeAuthentication(option.AllowManagerAnomynousAccess, responseFactory));
}
//If we have an expected claim then we do not want to allow anomynous
if (!source.ChallengeAuthentication(false, responseFactory))
{
return(false);
}
if (!(source.HasClaim(option.ClientConfiguratorClaimType, client.ConfiguratorClaim) || source.HasClaim(option.ClientAdminClaimType, ConfigServerConstants.AdminClaimValue)))
{
responseFactory.BuildStatusResponse(source, 403);
return(false);
}
return(true);
}
public static bool ChallengeAuthentication(this HttpContext source, bool allowAnomynous, IHttpResponseFactory responseFactory)
{
if (!allowAnomynous && !source.User.Identity.IsAuthenticated)
{
responseFactory.BuildStatusResponse(source, 401);
return(false);
}
return(true);
}
public async Task Handle(HttpContext context, ConfigServerOptions options)
{
// /{id} GET
// /{id}/{resource} DELETE GET
// /{id}?before={date} DELETE
if (!CheckMethodAndAuthentication(context, options))
{
return;
}
var pathParams = context.ToPathParams();
if (pathParams.Length == 0 || pathParams.Length > 2)
{
httpResponseFactory.BuildStatusResponse(context, StatusCodes.Status404NotFound);
return;
}
var clientIdentity = await GetIdentityFromPathOrDefault(pathParams[0]);
if (clientIdentity == null)
{
httpResponseFactory.BuildStatusResponse(context, StatusCodes.Status404NotFound);
return;
}
if (pathParams.Length == 1)
{
await HandleSingleParam(context, options, clientIdentity);
return;
}
else
{
await HandleTwoParams(context, pathParams, options, clientIdentity);
}
return;
}
public static bool ChallengeUser(this HttpContext source, string claimType, ICollection <string> acceptableValues, bool allowAnomynous, IHttpResponseFactory responseFactory)
{
if (string.IsNullOrWhiteSpace(claimType))
{
return(source.ChallengeAuthentication(allowAnomynous, responseFactory));
}
//If we have an expected claim then we do not want to allow anomynous
if (!source.ChallengeAuthentication(false, responseFactory))
{
return(false);
}
if (!source.User.HasClaim(c => claimType.Equals(c.Type, StringComparison.OrdinalIgnoreCase) && acceptableValues.Contains(c.Value)))
{
responseFactory.BuildStatusResponse(source, 403);
return(false);
}
return(true);
}