public void RetrieveGrantsForGlobals_User() { var mocks = new MockRepository(); var prov = mocks.DynamicMock <ISettingsStorageProviderV30>(); var aclManager = mocks.DynamicMock <IAclManager>(); Expect.Call(prov.AclManager).Return(aclManager).Repeat.Any(); Expect.Call(aclManager.RetrieveEntriesForSubject("U.User")).Return( new[] { new AclEntry(Actions.ForGlobals.ResourceMasterPrefix, Actions.ForGlobals.ManageFiles, "U.User", Value.Deny), new AclEntry(Actions.ForGlobals.ResourceMasterPrefix, Actions.ForGlobals.ManageAccounts, "U.User", Value.Grant), new AclEntry(Actions.ForDirectories.ResourceMasterPrefix + "/", Actions.ForDirectories.UploadFiles, "U.User", Value.Grant) }); mocks.Replay(prov); mocks.Replay(aclManager); Collectors.SettingsProvider = prov; var grants = AuthReader.RetrieveGrantsForGlobals(new UserInfo("User", "User", "*****@*****.**", true, DateTime.Now, null)); Assert.AreEqual(1, grants.Length, "Wrong grant count"); Assert.AreEqual(Actions.ForGlobals.ManageAccounts, grants[0], "Wrong grant"); mocks.Verify(prov); mocks.Verify(aclManager); }
public void RetrieveGrantsForPage_User() { var mocks = new MockRepository(); var prov = mocks.DynamicMock <ISettingsStorageProviderV30>(); var aclManager = mocks.DynamicMock <IAclManager>(); Expect.Call(prov.AclManager).Return(aclManager).Repeat.Any(); Expect.Call(aclManager.RetrieveEntriesForSubject("U.User")).Return( new[] { new AclEntry(Actions.ForPages.ResourceMasterPrefix + "Page", Actions.ForPages.ModifyPage, "U.User", Value.Grant), new AclEntry(Actions.ForPages.ResourceMasterPrefix + "Page", Actions.FullControl, "U.User", Value.Deny), new AclEntry(Actions.ForPages.ResourceMasterPrefix + "NS.Blah", Actions.ForPages.ManagePage, "U.User", Value.Grant) }); mocks.Replay(prov); mocks.Replay(aclManager); Collectors.SettingsProvider = prov; var grants = AuthReader.RetrieveGrantsForPage( new UserInfo("User", "User", "*****@*****.**", true, DateTime.Now, null), new PageInfo("Page", null, DateTime.Now)); Assert.AreEqual(1, grants.Length, "Wrong grant count"); Assert.AreEqual(Actions.ForPages.ModifyPage, grants[0], "Wrong grant"); }
public void RetrieveGrantsForNamespace_Group_Sub() { var mocks = new MockRepository(); var prov = mocks.DynamicMock <ISettingsStorageProviderV30>(); var aclManager = mocks.DynamicMock <IAclManager>(); Expect.Call(prov.AclManager).Return(aclManager).Repeat.Any(); Expect.Call(aclManager.RetrieveEntriesForSubject("G.Group")).Return( new[] { new AclEntry(Actions.ForNamespaces.ResourceMasterPrefix + "Sub", Actions.ForNamespaces.ManagePages, "G.Group", Value.Grant), new AclEntry(Actions.ForNamespaces.ResourceMasterPrefix + "Sub", Actions.ForNamespaces.ManageCategories, "G.Group", Value.Deny), new AclEntry(Actions.ForNamespaces.ResourceMasterPrefix, Actions.ForNamespaces.ManagePages, "G.Group", Value.Grant) }); mocks.Replay(prov); mocks.Replay(aclManager); Collectors.SettingsProvider = prov; var grants = AuthReader.RetrieveGrantsForNamespace(new UserGroup("Group", "Group", null), new NamespaceInfo("Sub", null, null)); Assert.AreEqual(1, grants.Length, "Wrong grant count"); Assert.AreEqual(Actions.ForNamespaces.ManagePages, grants[0], "Wrong grant"); }
public void RetrieveDenialsForGlobals_Group() { var mocks = new MockRepository(); var prov = mocks.DynamicMock <ISettingsStorageProviderV30>(); var aclManager = mocks.DynamicMock <IAclManager>(); Expect.Call(prov.AclManager).Return(aclManager).Repeat.Any(); Expect.Call(aclManager.RetrieveEntriesForSubject("G.Group")).Return( new[] { new AclEntry(Actions.ForGlobals.ResourceMasterPrefix, Actions.ForGlobals.ManageFiles, "G.Group", Value.Deny), new AclEntry(Actions.ForGlobals.ResourceMasterPrefix, Actions.ForGlobals.ManageConfiguration, "G.Group", Value.Grant), new AclEntry(Actions.ForDirectories.ResourceMasterPrefix + "/", Actions.ForDirectories.UploadFiles, "G.Group", Value.Deny) }); mocks.Replay(prov); mocks.Replay(aclManager); Collectors.SettingsProvider = prov; var grants = AuthReader.RetrieveDenialsForGlobals(new UserGroup("Group", "Group", null)); Assert.AreEqual(1, grants.Length, "Wrong denial count"); Assert.AreEqual(Actions.ForGlobals.ManageFiles, grants[0], "Wrong denial"); mocks.Verify(prov); mocks.Verify(aclManager); }
public void RetrieveGrantsForDirectory_Sub_User() { var mocks = new MockRepository(); var prov = mocks.DynamicMock <ISettingsStorageProviderV30>(); var filesProv = mocks.DynamicMock <IFilesStorageProviderV30>(); var aclManager = mocks.DynamicMock <IAclManager>(); Expect.Call(prov.AclManager).Return(aclManager).Repeat.Any(); var dirName = Actions.ForDirectories.ResourceMasterPrefix + AuthTools.GetDirectoryName(filesProv, "/Dir/Sub/"); Expect.Call(aclManager.RetrieveEntriesForSubject("U.User")).Return( new[] { new AclEntry(dirName, Actions.ForDirectories.UploadFiles, "U.User", Value.Grant), new AclEntry(dirName, Actions.FullControl, "U.User", Value.Deny), new AclEntry("D." + AuthTools.GetDirectoryName(filesProv, "/"), Actions.ForDirectories.List, "U.User", Value.Grant) }); mocks.Replay(prov); mocks.Replay(aclManager); Collectors.SettingsProvider = prov; var grants = AuthReader.RetrieveGrantsForDirectory( new UserInfo("User", "User", "*****@*****.**", true, DateTime.Now, null), filesProv, "/Dir/Sub/"); Assert.AreEqual(1, grants.Length, "Wrong grant count"); Assert.AreEqual(Actions.ForDirectories.UploadFiles, grants[0], "Wrong grant"); }
/// <summary> /// 授权 /// </summary> /// <param name = "id" > 用户编号 </ param > /// < param name="token">用户token</param> /// <param name = "actionContext" ></ param > /// < returns ></ returns > public static bool Authorize(string authorization, string agents, Func <TokenAuthIdentity, HttpClientType, bool> checkToken) { try { if (!authorization.StartsWith(AuthConst.AuthPrefix)) { return(false); } var auth = AuthReader.Read(authorization); if (auth == null) { return(false); } else { if (auth.Id == 0 || !StringValid.IsEmpty(auth.Token)) { return(false); } else { return(checkToken(auth, HttpClientReader.Read(agents))); } } } catch { return(false); } }
public void RetrieveDenialsForDirectory_Root_Group() { var mocks = new MockRepository(); var prov = mocks.DynamicMock <ISettingsStorageProviderV30>(); var filesProv = mocks.DynamicMock <IFilesStorageProviderV30>(); var aclManager = mocks.DynamicMock <IAclManager>(); Expect.Call(prov.AclManager).Return(aclManager).Repeat.Any(); var dirName = Actions.ForDirectories.ResourceMasterPrefix + AuthTools.GetDirectoryName(filesProv, "/"); Expect.Call(aclManager.RetrieveEntriesForSubject("G.Group")).Return( new[] { new AclEntry(dirName, Actions.ForDirectories.List, "G.Group", Value.Deny), new AclEntry(dirName, Actions.FullControl, "G.Group", Value.Grant), new AclEntry("D." + AuthTools.GetDirectoryName(filesProv, "/Other/"), Actions.ForDirectories.UploadFiles, "G.Group", Value.Deny) }); mocks.Replay(prov); mocks.Replay(aclManager); Collectors.SettingsProvider = prov; var grants = AuthReader.RetrieveDenialsForDirectory(new UserGroup("Group", "Group", null), filesProv, "/"); Assert.AreEqual(1, grants.Length, "Wrong denial count"); Assert.AreEqual(Actions.ForDirectories.List, grants[0], "Wrong denial"); }
public static int Read(HttpRequest request) { if (request == null || (request.Headers[AuthConst.AuthKey].Count == 0 && request.Cookies[AuthConst.AuthKey].IsEmpty())) { return(0); } var authorization = request.Headers[AuthConst.AuthKey].ToString(); if (authorization.IsEmpty()) { //如果header中没有读到尝试从cookie中读取 authorization = request.Cookies[AuthConst.AuthKey]; } if (authorization.IsEmpty() || !authorization.StartsWith(AuthConst.AuthPrefix)) { return(0); } var identity = AuthReader.Read(authorization); if (identity == null) { return(0); } else { return(identity.Id); } }
public void RetrieveGrantsForDirectory_Group_InvalidDirectory(string d) { Collectors.SettingsProvider = MockProvider(); var fProv = mocks.DynamicMock <IFilesStorageProviderV30>(); mocks.Replay(fProv); AuthReader.RetrieveGrantsForDirectory(new UserGroup("Group", "Group", null), fProv, d); }
public void RetrieveSubjectsForDirectory_InvalidDirectory(string d) { Collectors.SettingsProvider = MockProvider(); var fProv = mocks.DynamicMock <IFilesStorageProviderV30>(); mocks.Replay(fProv); AuthReader.RetrieveSubjectsForDirectory(fProv, d); }
public void RetrieveDenialsForDirectory_User_InvalidDirectory(string d) { Collectors.SettingsProvider = MockProvider(); var fProv = mocks.DynamicMock <IFilesStorageProviderV30>(); mocks.Replay(fProv); AuthReader.RetrieveDenialsForDirectory( new UserInfo("User", "User", "*****@*****.**", true, DateTime.Now, null), fProv, d); }
public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next) { if (context.HttpContext.Request.Headers.ContainsKey(AuthConst.AuthKey) || context.HttpContext.Request.Cookies.ContainsKey(AuthConst.AuthKey)) { var agents = context.HttpContext.Request.Headers[AuthConst.UserAgentKey].ToString(); string authorization = context.HttpContext.Request.Headers[AuthConst.AuthKey].ToString(); if (authorization.IsEmpty()) { //如果header中没有读到尝试从cookie中读取 authorization = context.HttpContext.Request.Cookies[AuthConst.AuthKey]; } if (!authorization.StartsWith(AuthConst.AuthPrefix)) { context.Result = new RedirectResult(AuthConst.LoginUrl); } var identity = AuthReader.Read(authorization); var descriptor = context.ActionDescriptor as ControllerActionDescriptor; var permissionActionContext = new PermissionActionContext() { ActionName = descriptor.ActionName, ControllerName = descriptor.ControllerName, ControllerTypeInfo = descriptor.ControllerTypeInfo, DisplayName = descriptor.DisplayName, MethodInfo = descriptor.MethodInfo, Path = context.HttpContext.Request.Path }; if (identity.NotNull() && await AuthConst.CheckPermission(permissionActionContext, identity, HttpClientReader.Read(agents))) { await next(); } else { context.Result = new StatusCodeResult(403); } } else { context.Result = new RedirectResult(AuthConst.LoginUrl); } }
public void RetrieveSubjectsForDirectory_Sub() { var mocks = new MockRepository(); var prov = mocks.DynamicMock <ISettingsStorageProviderV30>(); var filesProv = mocks.DynamicMock <IFilesStorageProviderV30>(); var aclManager = mocks.DynamicMock <IAclManager>(); Expect.Call(prov.AclManager).Return(aclManager).Repeat.Any(); var dirName = Actions.ForDirectories.ResourceMasterPrefix + AuthTools.GetDirectoryName(filesProv, "/Dir/Sub/"); Expect.Call(aclManager.RetrieveEntriesForResource(dirName)).Return( new[] { new AclEntry(dirName, Actions.ForDirectories.List, "U.User1", Value.Grant), new AclEntry(dirName, Actions.ForDirectories.UploadFiles, "U.User", Value.Grant), new AclEntry(dirName, Actions.ForDirectories.DownloadFiles, "G.Group", Value.Grant), new AclEntry(dirName, Actions.ForDirectories.CreateDirectories, "U.User", Value.Deny) }); mocks.Replay(prov); mocks.Replay(aclManager); Collectors.SettingsProvider = prov; var infos = AuthReader.RetrieveSubjectsForDirectory(filesProv, "/Dir/Sub/"); Assert.AreEqual(3, infos.Length, "Wrong info count"); Array.Sort(infos, delegate(SubjectInfo x, SubjectInfo y) { return(x.Name.CompareTo(y.Name)); }); Assert.AreEqual("Group", infos[0].Name, "Wrong subject name"); Assert.AreEqual(SubjectType.Group, infos[0].Type, "Wrong subject type"); Assert.AreEqual("User", infos[1].Name, "Wrong subject name"); Assert.AreEqual(SubjectType.User, infos[1].Type, "Wrong subject type"); Assert.AreEqual("User1", infos[2].Name, "Wrong subject name"); Assert.AreEqual(SubjectType.User, infos[2].Type, "Wrong subject type"); mocks.Verify(prov); mocks.Verify(aclManager); }
public void RetrieveSubjectsForPage() { var mocks = new MockRepository(); var prov = mocks.DynamicMock <ISettingsStorageProviderV30>(); var aclManager = mocks.DynamicMock <IAclManager>(); Expect.Call(prov.AclManager).Return(aclManager).Repeat.Any(); Expect.Call(aclManager.RetrieveEntriesForResource("P.NS.Page")).Return( new[] { new AclEntry(Actions.ForPages.ResourceMasterPrefix + "Page", Actions.ForPages.ModifyPage, "U.User1", Value.Grant), new AclEntry(Actions.ForPages.ResourceMasterPrefix + "Page", Actions.ForPages.ManageCategories, "U.User", Value.Grant), new AclEntry(Actions.ForPages.ResourceMasterPrefix + "Page", Actions.ForPages.DeleteAttachments, "G.Group", Value.Grant), new AclEntry(Actions.ForPages.ResourceMasterPrefix + "Page", Actions.ForPages.DeleteAttachments, "U.User", Value.Deny) }); mocks.Replay(prov); mocks.Replay(aclManager); Collectors.SettingsProvider = prov; var infos = AuthReader.RetrieveSubjectsForPage(new PageInfo("NS.Page", null, DateTime.Now)); Assert.AreEqual(3, infos.Length, "Wrong info count"); Array.Sort(infos, delegate(SubjectInfo x, SubjectInfo y) { return(x.Name.CompareTo(y.Name)); }); Assert.AreEqual("Group", infos[0].Name, "Wrong subject name"); Assert.AreEqual(SubjectType.Group, infos[0].Type, "Wrong subject type"); Assert.AreEqual("User", infos[1].Name, "Wrong subject name"); Assert.AreEqual(SubjectType.User, infos[1].Type, "Wrong subject type"); Assert.AreEqual("User1", infos[2].Name, "Wrong subject name"); Assert.AreEqual(SubjectType.User, infos[2].Type, "Wrong subject type"); mocks.Verify(prov); mocks.Verify(aclManager); }
public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next) { if (AuthConst.AuthType == AuthType.Internal) { if (context.HttpContext.Request.Headers.ContainsKey(AuthConst.AuthKey) || context.HttpContext.Request.Cookies.ContainsKey(AuthConst.AuthKey)) { var agents = context.HttpContext.Request.Headers[AuthConst.UserAgentKey].ToString(); string authorization = context.HttpContext.Request.Headers[AuthConst.AuthKey].ToString(); if (authorization.IsEmpty()) { //如果header中没有读到尝试从cookie中读取 authorization = context.HttpContext.Request.Cookies[AuthConst.AuthKey]; } if (!authorization.StartsWith(AuthConst.AuthPrefix)) { context.Result = new RedirectResult(AuthConst.LoginUrl); } var identity = AuthReader.Read(authorization); if (identity.NotNull() && await AuthConst.CheckAuth(identity, HttpClientReader.Read(agents))) { await next(); } else { context.Result = new RedirectResult(AuthConst.LoginUrl); } } else { context.Result = new RedirectResult(AuthConst.LoginUrl); } } else { throw new NotImplementedException(); } }