public override async Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken)
{
Dictionary <string, string> context = GetIncomingContext();
using (L.Context(context))
{
using (var time = new TimeMeasure())
{
Exception gex = null;
try
{
await base.OnExecutingAsync(executingContext, cancellationToken);
}
catch (Exception ex)
{
gex = ex;
throw;
}
finally
{
using (L.Context(
"FunctionName", executingContext.FunctionName,
"FunctionInstanceId", executingContext.FunctionInstanceId.ToString()))
{
if (LogRequests)
{
log.Request(executingContext.FunctionName, time.ElapsedTicks, gex);
}
}
}
}
}
}
public override Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken)
{
var req = executingContext.Arguments.First().Value as HttpRequest;
string id = executingContext.Arguments["id"] as String;
if (id == null)
{
id = "";
}
ClaimsPrincipal principal = executingContext.Arguments["principal"] as ClaimsPrincipal;
ClaimsIdentity ci = (ClaimsIdentity)principal.Identity;
bool admin = ci.IsInFHIRRole(Environment.GetEnvironmentVariable("ADMIN_ROLE"));
bool reader = ci.IsInFHIRRole(Environment.GetEnvironmentVariable("READER_ROLE"));
bool writer = ci.IsInFHIRRole(Environment.GetEnvironmentVariable("WRITER_ROLE"));
bool ispostcommand = req.Method.Equals("POST") && id.Equals("_search") && reader;
string inroles = "";
if (admin)
{
inroles += "A";
}
if (reader)
{
inroles += "R";
}
if (writer)
{
inroles += "W";
}
req.Headers.Remove(Utils.AUTH_STATUS_HEADER);
req.Headers.Remove(Utils.AUTH_STATUS_MSG_HEADER);
if (!principal.Identity.IsAuthenticated)
{
req.Headers.Add(Utils.AUTH_STATUS_HEADER, ((int)System.Net.HttpStatusCode.Unauthorized).ToString());
req.Headers.Add(Utils.AUTH_STATUS_MSG_HEADER, "User is not Authenticated");
}
else if (req.Method.Equals("GET") && !admin && !reader)
{
req.Headers.Add(Utils.AUTH_STATUS_HEADER, ((int)System.Net.HttpStatusCode.Unauthorized).ToString());
req.Headers.Add(Utils.AUTH_STATUS_MSG_HEADER, "User/Application must be in a reader role to access");
}
else if (!req.Method.Equals("GET") && !admin && !writer && !ispostcommand)
{
req.Headers.Add(Utils.AUTH_STATUS_HEADER, ((int)System.Net.HttpStatusCode.Unauthorized).ToString());
req.Headers.Add(Utils.AUTH_STATUS_MSG_HEADER, "User/Application must be in a writer role to update");
}
else
{
//Since we are proxying with service client need to ensure authenticated proxy principal is audited
req.Headers.Add(Utils.AUTH_STATUS_HEADER, ((int)System.Net.HttpStatusCode.OK).ToString());
req.Headers.Add(Utils.FHIR_PROXY_ROLES, inroles);
req.Headers.Add("X-MS-AZUREFHIR-AUDIT-USERID", principal.Identity.Name);
req.Headers.Add("X-MS-AZUREFHIR-AUDIT-TENANT", ci.Tenant());
req.Headers.Add("X-MS-AZUREFHIR-AUDIT-SOURCE", req.HttpContext.Connection.RemoteIpAddress.ToString());
req.Headers.Add("X-MS-AZUREFHIR-AUDIT-PROXY", $"{executingContext.FunctionName}");
}
return(base.OnExecutingAsync(executingContext, cancellationToken));
}
public void OnExecutingAsync_WithFunctionExecutingContextAsNotNull_ReturnsCompletedTask()
{
// arrange
var arguments = new Dictionary <string, object>();
var properties = new Dictionary <string, object>();
var functionInstanceId = Guid.NewGuid();
var functionName = "SomeName";
var mockLogger = new Mock <ILogger>();
FunctionExecutingContext functionExecutingContext = new FunctionExecutingContext(
arguments,
properties,
functionInstanceId,
functionName,
mockLogger.Object);
CancellationToken cancellationToken = new CancellationToken();
var expected = Task.CompletedTask;
// act
var actual = new ScopeCleanupFilter().OnExecutingAsync(functionExecutingContext, cancellationToken);
// assert
Assert.Equal(expected, actual);
}
/// <summary>
/// Pre-execution filter.
/// </summary>
/// <param name="executingContext">The executingContext<see cref="FunctionExecutingContext"/>.</param>
/// <param name="cancellationToken">The cancellationToken<see cref="CancellationToken"/>.</param>
/// <returns>The <see cref="Task"/>.</returns>
public Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken)
{
var httpRequest = executingContext.Arguments.First().Value as HttpRequest;
ValidateToken(httpRequest);
return(Task.CompletedTask);
}
public override async Task OnExecutingAsync(
FunctionExecutingContext executingContext, CancellationToken cancellationToken)
{
var documentRetriever = new HttpDocumentRetriever {
RequireHttps = Issuer.StartsWith("https://")
};
_configurationManager = new ConfigurationManager <OpenIdConnectConfiguration>(
$"{Issuer}/.well-known/openid-configuration",
new OpenIdConnectConfigurationRetriever(),
documentRetriever
);
executingContext.Logger.LogInformation("OAuth Validation...");
if (executingContext.Arguments.First().Value is HttpRequestMessage requestMessage)
{
var authHeader = requestMessage.Headers.Authorization;
if (await ValidateTokenAsync(authHeader) == null)
{
executingContext.Logger.LogError("The caller is unauthorised");
await Task.FromException(new AuthorizationException("The caller is unauthorised"));
}
}
else
{
executingContext.Logger.LogError("The caller is unauthorised");
await Task.FromException(new AuthorizationException("The caller is unauthorised"));
}
await base.OnExecutingAsync(executingContext, cancellationToken);
}
/// <summary>
/// Pre-execution filter.
/// </summary>
/// <remarks>
/// This mechanism can be used to extract the authentication information. Unfortunately, the binding in SignalRConnectionInfoAttribute
/// does not pick this up from the headers even when bound.
/// </remarks>
public Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken)
{
HttpRequest message = executingContext.Arguments.First().Value as HttpRequest;
if (message == null || !message.Headers.ContainsKey(AuthenticationHeaderName))
{
return(Task.FromException(new AuthenticationException("No Authorization header was present")));
}
try
{
Auth = new AuthenticationInfo(message);
}
catch (Exception exception)
{
return(Task.FromException(exception));
}
if (!Auth.IsValid)
{
return(Task.FromException(new KeyNotFoundException("No identity key was found in the claims.")));
}
return(Task.CompletedTask);
}
public async Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken)
{
if (_manager.IsAvailabilityTest(executingContext))
{
await _manager.StartInvocationAsync(executingContext);
}
}
public override Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken)
{
var httpRequest = executingContext.Arguments.First().Value as HttpRequest;
if (httpRequest == null)
{
throw new ValidationException("Http Request is not the first argument!");
}
var validationService = ServiceFactory.GetTokenValidationService();
if (validationService.AuthEnabled)
{
//TODO: Not the best way to do this!!
var user = validationService.AuthenticateRequest(httpRequest).Result;
if (user == null)
{
//httpRequest.HttpContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
//return Task.FromResult(0);
throw new ValidationException("Unauthorized!");
}
}
return(base.OnExecutingAsync(executingContext, cancellationToken));
}
public override Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken)
{
string jsonObj = string.Empty;
var req = (DefaultHttpRequest)executingContext.Arguments.FirstOrDefault().Value;
string bodyOrQueryString = req.Body.CanSeek ? "Body" : "Query";
switch (bodyOrQueryString)
{
case "Body":
jsonObj = ReadFromBody(req);
break;
case "Query":
jsonObj = ReadFromQueryString(req);
break;
default:
return(base.OnExecutingAsync(executingContext, cancellationToken));
}
if (string.IsNullOrEmpty(jsonObj))
{
return(base.OnExecutingAsync(executingContext, cancellationToken));
}
reqObject = JsonConvert.DeserializeObject(jsonObj);
return(base.OnExecutingAsync(executingContext, cancellationToken));
}
#pragma warning disable 618
public Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken)
#pragma warning restore 618
{
ILogger logger = null;
HttpRequest httpRequest = null;
Microsoft.Azure.WebJobs.ExecutionContext executionContext = null;
executingContext.Arguments.Keys.ToList().ForEach(key =>
{
var o = executingContext.Arguments[key];
if (o.GetType().GetInterfaces().Any(x => x == typeof(ILogger)))
{
logger = (ILogger)o;
}
else if (o.GetType().BaseType == typeof(HttpRequest))
{
httpRequest = (HttpRequest)o;
}
else if (o is Microsoft.Azure.WebJobs.ExecutionContext context)
{
executionContext = context;
}
});
var instanceId = executingContext.FunctionInstanceId.ToString("N");
AutoFacScopes.Register(instanceId, _moduleType, httpRequest, logger, executionContext);
executingContext.Properties.Add(ScopeName, instanceId);
return(Task.CompletedTask);
}
public Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken)
{
HttpRequest req = (HttpRequest)executingContext.Arguments["req"];
string tenant = req.Headers["Tenant"];
Console.WriteLine($"Tenant {tenant}");
return(Task.CompletedTask);
}
public Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken)
{
Act("Pre-Instance");
Assert.False(_field); // Not yet set
_field = true;
return(Task.CompletedTask);
}
public override Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken)
{
if (!Thread.CurrentPrincipal.Identity.IsAuthenticated)
{
throw new UnauthorizedException("Request is not authenticated");
}
return(base.OnExecutingAsync(executingContext, cancellationToken));
}
public override async Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken)
{
try
{
HttpRequest request = executingContext.Arguments.First().Value as HttpRequest;
if (request.Headers.ContainsKey("authorization"))
{
var authHeader = AuthenticationHeaderValue.Parse(request.Headers["authorization"]);
if (authHeader != null &&
authHeader.Scheme.ToLower() == "bearer" &&
!string.IsNullOrEmpty(authHeader.Parameter))
{
if (_validationParameters == null)
{
// load the tenant-specific OpenID config from Azure
var configManager = new ConfigurationManager <OpenIdConnectConfiguration>(
$"https://login.microsoftonline.com/{tenantId}/.well-known/openid-configuration",
new OpenIdConnectConfigurationRetriever());
var config = await configManager.GetConfigurationAsync();
_validationParameters = new TokenValidationParameters
{
IssuerSigningKeys = config.SigningKeys, // Use signing keys retrieved from Azure
ValidateAudience = true,
ValidAudience = expectedAudience, // audience MUST be the app ID of the API
ValidateIssuer = true,
ValidIssuer = config.Issuer, // use the issuer retrieved from Azure
ValidateLifetime = true,
};
}
var tokenHandler = new JwtSecurityTokenHandler();
SecurityToken jwtToken;
var result = tokenHandler.ValidateToken(authHeader.Parameter,
_validationParameters, out jwtToken); // validate the token, if ValidateToken did not throw an exception, then token is valid.
var tokenObject = tokenHandler.ReadToken(authHeader.Parameter) as JwtSecurityToken;
var roles = tokenObject.Claims.Where(e => e.Type == "roles").Select(e => e.Value); //retrive roles from the token
bool hasRole = roles.Intersect(_validRoles).Count() > 0; //Check if the token contains roles which are specified in attribute
if (!hasRole)
{
throw new AuthorizationException();
}
}
}
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// This method is called by Azure Functions before a function is executed. It is not intended to be called manually.
/// </summary>
#pragma warning disable CS0618 // Type or member is obsolete
public Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken)
#pragma warning restore CS0618 // Type or member is obsolete
{
var stopwatch = new Stopwatch();
stopwatch.Start();
executingContext.Properties.Add(Constants.StopwatchKeyName, stopwatch);
return(Task.CompletedTask);
}
public override Task OnExecutingAsync(FunctionExecutingContext executingContext,
CancellationToken cancellationToken)
{
if (executingContext.Arguments.FirstOrDefault().Value is InvocationContext invocationContext)
{
return(FilterAsync(invocationContext, cancellationToken));
}
// Should not hit the Exception.
throw new InvalidOperationException($"{nameof(FunctionExceptionContext)} doesn't contain {nameof(InvocationContext)}.");
}
async Task IFunctionInvocationFilter.OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken)
{
if (!this.IsProcessed(executingContext))
{
var httpContext = this.GetHttpContext(executingContext);
if (httpContext != null)
{
await this.AuthorizeRequest(executingContext, httpContext);
}
}
}
public override Task OnExecutingAsync(FunctionExecutingContext executingContext,
CancellationToken cancellationToken)
{
var request = executingContext.Arguments.Values.OfType <HttpRequest>().First();
request.Headers[HeaderNames.DefaultVersion] = DefaultVersion;
request.Headers[HeaderNames.Optional] = Optional.ToString();
request.Headers[HeaderNames.ValidVersions] = _validVersions;
return(Task.CompletedTask);
}
public override Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken)
{
var name = ((Microsoft.AspNetCore.Http.HttpRequest)executingContext.Arguments.First().Value).Query["name"].ToString();
if (name.Length < 3)
{
throw new Exception();
}
return(base.OnExecutingAsync(executingContext, cancellationToken));
}
private HttpContext GetHttpContext(FunctionExecutingContext context)
{
var requestArg = context.Arguments.Values.FirstOrDefault(x => x is HttpRequest);
if (requestArg is HttpRequest request)
{
return(request.HttpContext);
}
return(null);
}
public override Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken)
{
executingContext.Logger.LogInformation("Pre_" + _id);
Act("Pre_" + _id);
// add a custom property and retrieve it below
executingContext.Properties["TestProperty"] = "TestValue";
Assert.NotNull(executingContext.Logger);
return(base.OnExecutingAsync(executingContext, cancellationToken));
}
public void OnExecutingAsync_WithFunctionExecutingContextAsNull_ReturnsCompletedTask()
{
// arrange
FunctionExecutingContext functionExecutingContext = null;
CancellationToken cancellationToken = new CancellationToken();
var expected = Task.CompletedTask;
var actual = new ScopeCleanupFilter().OnExecutingAsync(functionExecutingContext, cancellationToken);
// act & assert
Assert.Equal(expected, actual);
}
private HttpRequest ExtractHttpRequestArgument(FunctionExecutingContext executingContext)
{
var httpRequestArgument = executingContext.Arguments
.SingleOrDefault(x => x.Value.GetType().IsSubclassOf(typeof(HttpRequest)));
if (httpRequestArgument.Equals(new KeyValuePair <string, object>()))
{
return(null);
}
return(httpRequestArgument.Value as HttpRequest);
}
private bool IsProcessed(FunctionExecutingContext context)
{
const string valueKey = "__AuthZProcessed";
if (!context.Properties.TryGetValue(valueKey, out var value))
{
context.Properties[valueKey] = true;
return(false);
}
return((bool)value);
}
#pragma warning disable CS0618 // Type or member is obsolete
public override Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken)
#pragma warning restore CS0618 // Type or member is obsolete
{
var request = (executingContext.Arguments.First(a => a.Value is HttpRequest)).Value as HttpRequest;
if (!request.Headers.ContainsKey(HEADER_NAME) ||
request.Headers[HEADER_NAME].First() != HEADER_VALUE)
{
executingContext.Logger.LogCritical("Client attempted to access an API function without appropriate headers!");
throw new ValidationException("Invalid request!");
}
return(base.OnExecutingAsync(executingContext, cancellationToken));
}
public override async Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken)
{
executingContext.Logger.LogInformation("JWT-Token validator executing...");
HttpRequest httpRequest = (HttpRequest)executingContext.Arguments.First().Value;
var authHeader = AuthenticationHeaderValue.Parse(httpRequest.Headers[HeaderNames.Authorization]);
AuthorizationOutput authorizationOutput = await this._authService.ValidateAsync(authHeader);
executingContext.Logger.LogInformation($"JWT-Token successful validated. Email: {authorizationOutput.Email}, User Roles: {authorizationOutput.ResourceAccess}");
httpRequest.HttpContext.Items.Add(HttpContextItems.AuthorizationOutput, authorizationOutput);
await base.OnExecutingAsync(executingContext, cancellationToken);
}
public override async Task OnExecutingAsync(
FunctionExecutingContext executingContext,
CancellationToken cancellationToken)
{
var req = executingContext.Arguments.Values.OfType <HttpRequest>().FirstOrDefault();
var authzHeader = req.Headers["Authorization"].FirstOrDefault();
if (authzHeader.StartsWith("Bearer ", StringComparison.Ordinal))
{
var accessToken = authzHeader.Substring("Bearer ".Length);
req.HttpContext.User = await ValidateJwtToken(accessToken, cancellationToken);
}
await base.OnExecutingAsync(executingContext, cancellationToken);
}
public override Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken)
{
executingContext.Logger.LogInformation("WorkItemValidator executing...");
var workItem = executingContext.Arguments.First().Value as WorkItem;
string errorMessage = null;
if (!TryValidateWorkItem(workItem, out errorMessage))
{
executingContext.Logger.LogError(errorMessage);
throw new ValidationException(errorMessage);
}
return(base.OnExecutingAsync(executingContext, cancellationToken));
}
public Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken)
{
var request = executingContext.Arguments.First().Value as HttpRequest;
try
{
Payload token = TokenValidator.GetAndValidateToken(request, logger).Result;
this.token = token;
}
catch (Exception ex)
{
throw new UnauthorizedAccessException("could not validate token ", ex);
}
return(Task.CompletedTask);
}
public Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken)
{
var logger = executingContext.Logger;
logger.LogInformation($"Executing {executingContext.FunctionName} with instanceId {executingContext.FunctionInstanceId}");
foreach (var(key, value) in executingContext.Arguments)
{
logger.LogInformation($"Parameter {key} with value {value}");
}
var req = (HttpRequest)executingContext.Arguments.Single(a => a.Value is HttpRequest).Value;
req.HttpContext.User = new GenericPrincipal(new GenericIdentity("Sergio"), new string[] { });
return(Task.CompletedTask);
}
