public void OnProvidersExecuting_IgnoresAttributesOnHandlerMethods()
{
// Arrange
var policyProvider = new DefaultAuthorizationPolicyProvider(Options.Create(new AuthorizationOptions()));
var authorizationProvider = new AuthorizationPageApplicationModelProvider(policyProvider, OptionsWithoutEndpointRouting);
var typeInfo = typeof(PageWithAuthorizeHandlers).GetTypeInfo();
var context = GetApplicationProviderContext(typeInfo);
// Act
authorizationProvider.OnProvidersExecuting(context);
// Assert
Assert.Collection(
context.PageApplicationModel.Filters,
f => Assert.IsType <PageHandlerPageFilter>(f),
f => Assert.IsType <HandleOptionsRequestsPageFilter>(f));
}
public void OnProvidersExecuting_AddsAuthorizeFilter_IfModelHasAuthorizationAttributes()
{
// Arrange
var policyProvider = new DefaultAuthorizationPolicyProvider(Options.Create(new AuthorizationOptions()));
var authorizationProvider = new AuthorizationPageApplicationModelProvider(policyProvider);
var context = GetApplicationProviderContext(typeof(TestPage).GetTypeInfo());
// Act
authorizationProvider.OnProvidersExecuting(context);
// Assert
Assert.Collection(
context.PageApplicationModel.Filters,
f => Assert.IsType <PageHandlerPageFilter>(f),
f => Assert.IsType <HandleOptionsRequestsPageFilter>(f),
f => Assert.IsType <AuthorizeFilter>(f));
}
public void OnProvidersExecuting_AddsAllowAnonymousFilter()
{
// Arrange
var policyProvider = new DefaultAuthorizationPolicyProvider(Options.Create(new AuthorizationOptions()));
var authorizationProvider = new AuthorizationPageApplicationModelProvider(policyProvider, OptionsWithoutEndpointRouting);
var context = GetApplicationProviderContext(typeof(PageWithAnonymousModel).GetTypeInfo());
// Act
authorizationProvider.OnProvidersExecuting(context);
// Assert
Assert.Collection(
context.PageApplicationModel.Filters,
f => Assert.IsType <PageHandlerPageFilter>(f),
f => Assert.IsType <HandleOptionsRequestsPageFilter>(f),
f => Assert.IsType <AllowAnonymousFilter>(f));
}
public void OnProvidersExecuting_DoesNothingWithEndpointRouting()
{
// Arrange
var policyProvider = new DefaultAuthorizationPolicyProvider(Options.Create(new AuthorizationOptions()));
var authorizationProvider = new AuthorizationPageApplicationModelProvider(policyProvider, Options.Create(new MvcOptions()));
var typeInfo = typeof(TestPage).GetTypeInfo();
var context = GetApplicationProviderContext(typeInfo);
// Act
authorizationProvider.OnProvidersExecuting(context);
// Assert
Assert.Collection(
context.PageApplicationModel.Filters,
f => Assert.IsType <PageHandlerPageFilter>(f),
f => Assert.IsType <HandleOptionsRequestsPageFilter>(f));
}
public async Task CanReplaceDefaultPolicyDirectly()
{
// Arrange
var attributes = new AuthorizeAttribute[] {
new AuthorizeAttribute(),
new AuthorizeAttribute(),
};
var policies = new[] { new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build() };
var options = new AuthorizationOptions();
var provider = new DefaultAuthorizationPolicyProvider(Options.Create(options));
// Act
var combined = await AuthorizationPolicy.CombineAsync(provider, attributes, policies);
// Assert
Assert.Equal(1, combined.Requirements.Count);
Assert.Empty(combined.Requirements.OfType <DenyAnonymousAuthorizationRequirement>());
}
public async Task CombineMustIgnoreEmptyAuthenticationScheme()
{
// Arrange
var attributes = new AuthorizeAttribute[] {
new AuthorizeAttribute()
{
AuthenticationSchemes = "a1 , , ,,, a2"
}
};
var options = new AuthorizationOptions();
var provider = new DefaultAuthorizationPolicyProvider(Options.Create(options));
// Act
var combined = await AuthorizationPolicy.CombineAsync(provider, attributes);
// Assert
Assert.Equal(2, combined.AuthenticationSchemes.Count());
Assert.Contains(combined.AuthenticationSchemes, a => a.Equals("a1"));
Assert.Contains(combined.AuthenticationSchemes, a => a.Equals("a2"));
}
public void OnProvidersExecuting_CollatesAttributesFromInheritedTypes()
{
// Arrange
var options = new TestOptionsManager <AuthorizationOptions>();
options.Value.AddPolicy("Base", policy => policy.RequireClaim("Basic").RequireClaim("Basic2"));
options.Value.AddPolicy("Derived", policy => policy.RequireClaim("Derived"));
var policyProvider = new DefaultAuthorizationPolicyProvider(options);
var autorizationProvider = new AuthorizationPageApplicationModelProvider(policyProvider);
var context = GetApplicationProviderContext(typeof(TestPageWithDerivedModel).GetTypeInfo());
// Act
autorizationProvider.OnProvidersExecuting(context);
// Assert
var authorizeFilter = Assert.IsType <AuthorizeFilter>(Assert.Single(context.PageApplicationModel.Filters));
// Basic + Basic2 + Derived authorize
Assert.Equal(3, authorizeFilter.Policy.Requirements.Count);
}
public async Task CombineMustIgnoreEmptyRoles()
{
// Arrange
var attributes = new AuthorizeAttribute[] {
new AuthorizeAttribute()
{
Roles = "r1 , ,, , r2"
}
};
var options = new AuthorizationOptions();
var provider = new DefaultAuthorizationPolicyProvider(Options.Create(options));
// Act
var combined = await AuthorizationPolicy.CombineAsync(provider, attributes);
// Assert
Assert.Contains(combined.Requirements, r => r is RolesAuthorizationRequirement);
var rolesAuthorizationRequirement = combined.Requirements.OfType <RolesAuthorizationRequirement>().First();
Assert.Equal(2, rolesAuthorizationRequirement.AllowedRoles.Count());
Assert.Contains(rolesAuthorizationRequirement.AllowedRoles, r => r.Equals("r1"));
Assert.Contains(rolesAuthorizationRequirement.AllowedRoles, r => r.Equals("r2"));
}
public AbpApplicationConfigurationAppService(
IOptions <AbpLocalizationOptions> localizationOptions,
IOptions <AbpMultiTenancyOptions> multiTenancyOptions,
IServiceProvider serviceProvider,
IAbpAuthorizationPolicyProvider abpAuthorizationPolicyProvider,
IPermissionDefinitionManager permissionDefinitionManager,
DefaultAuthorizationPolicyProvider defaultAuthorizationPolicyProvider,
IPermissionChecker permissionChecker,
IAuthorizationService authorizationService,
ICurrentUser currentUser,
ISettingProvider settingProvider,
ISettingDefinitionManager settingDefinitionManager,
IFeatureDefinitionManager featureDefinitionManager,
ILanguageProvider languageProvider,
ITimezoneProvider timezoneProvider,
IOptions <AbpClockOptions> abpClockOptions,
ICachedObjectExtensionsDtoService cachedObjectExtensionsDtoService,
IOptions <AbpApplicationConfigurationOptions> options)
{
_serviceProvider = serviceProvider;
_abpAuthorizationPolicyProvider = abpAuthorizationPolicyProvider;
_permissionDefinitionManager = permissionDefinitionManager;
_defaultAuthorizationPolicyProvider = defaultAuthorizationPolicyProvider;
_permissionChecker = permissionChecker;
_authorizationService = authorizationService;
_currentUser = currentUser;
_settingProvider = settingProvider;
_settingDefinitionManager = settingDefinitionManager;
_featureDefinitionManager = featureDefinitionManager;
_languageProvider = languageProvider;
_timezoneProvider = timezoneProvider;
_abpClockOptions = abpClockOptions.Value;
_cachedObjectExtensionsDtoService = cachedObjectExtensionsDtoService;
_options = options.Value;
_localizationOptions = localizationOptions.Value;
_multiTenancyOptions = multiTenancyOptions.Value;
}
public async Task CanCombineAuthorizeAttributes()
{
// Arrange
var attributes = new AuthorizeAttribute[] {
new AuthorizeAttribute(),
new AuthorizeAttribute("1")
{
AuthenticationSchemes = "dupe"
},
new AuthorizeAttribute("2")
{
AuthenticationSchemes = "dupe"
},
new AuthorizeAttribute {
Roles = "r1,r2", AuthenticationSchemes = "roles"
},
};
var options = new AuthorizationOptions();
options.AddPolicy("1", policy => policy.RequireClaim("1"));
options.AddPolicy("2", policy => policy.RequireClaim("2"));
var provider = new DefaultAuthorizationPolicyProvider(Options.Create(options));
// Act
var combined = await AuthorizationPolicy.CombineAsync(provider, attributes);
// Assert
Assert.Equal(2, combined.AuthenticationSchemes.Count());
Assert.Contains("dupe", combined.AuthenticationSchemes);
Assert.Contains("roles", combined.AuthenticationSchemes);
Assert.Equal(4, combined.Requirements.Count());
Assert.Contains(combined.Requirements, r => r is DenyAnonymousAuthorizationRequirement);
Assert.Equal(2, combined.Requirements.OfType <ClaimsAuthorizationRequirement>().Count());
Assert.Single(combined.Requirements.OfType <RolesAuthorizationRequirement>());
}
public void Configuration(IAppBuilder app)
{
app.UseErrorPage();
app.Use(AddEmployeeClaimBeforeAuthorizationCheck);
var config = new HttpConfiguration();
WebApiConfig.Register(config);
app.UseAuthorization(options =>
{
options.AddPolicy(ExampleConstants.EmployeeNumber2Policy, policyBuilder =>
{
policyBuilder.AddRequirements(new EmployeeNumber2Requirement());
});
var policyProvider = new DefaultAuthorizationPolicyProvider(options);
var handlers = new IAuthorizationHandler[] { new EmployeeNumber2Handler() };
var logger = app.CreateLogger("my logger");
options.Dependencies.Service = new DefaultAuthorizationService(policyProvider, handlers, logger);
});
app.UseWebApi(config);
}
public GoogleScopedPolicyProvider(GoogleAuthenticationSchemeProvider scheme, IOptions <AuthorizationOptions> options)
{
_scheme = scheme.Scheme;
_default = new DefaultAuthorizationPolicyProvider(options);
}
public LimfxPolicyProvider(IOptions <AuthorizationOptions> options)
{
// ASP.NET Core only uses one authorization policy provider, so if the custom implementation
// doesn't handle all policies it should fall back to an alternate provider.
BackupPolicyProvider = new DefaultAuthorizationPolicyProvider(options);
}
public DynamicClaimPolicyProvider(IOptions <AuthorizationOptions> options)
{
_options = options.Value;
FallbackPolicyProvider = new DefaultAuthorizationPolicyProvider(options);
}
public OperationTypePolicyProvider(IOperaionTypeAuthoriztion permissions, IOptions <AuthorizationOptions> options, ILogger logger)
{
_permissions = permissions;
FallbackPolicyProvider = new DefaultAuthorizationPolicyProvider(options);
_logger = logger;
}
/// <summary>
/// Initializes a new instance of the <see cref="PermissionsPolicyProvider"/> class.
/// </summary>
/// <param name="options">The options.</param>
public PermissionsPolicyProvider(IOptions <AuthorizationOptions> options)
{
this.FallbackPolicyProvider = new DefaultAuthorizationPolicyProvider(options);
}
public LogicalOrPolicyProvider(IOptions <AuthorizationOptions> options)
{
_authZOpts = options.Value;
FallbackPolicyProvider = new DefaultAuthorizationPolicyProvider(options);
}
public AppPolicyProvider(IOptions <AuthorizationOptions> options,
IConfiguration configuration)
{
_defaultAuthorizationPolicyProvider = new DefaultAuthorizationPolicyProvider(options);
_configuration = configuration;
}
/// <summary>
/// Constructs the policy provider and sets the default fallback provider configured with the options provided to the DI container.
/// Do not instantiate this manually. This class must be registered as a singleton in the ASP NET DI container
/// </summary>
/// <param name="options"></param>
public RequiresPermissionPolicyProvider(IOptions <AuthorizationOptions> options)
{
FallbackPolicyProvider = new DefaultAuthorizationPolicyProvider(options);
}
public CustomRBACPolicyProvider(IConfiguration configuration, IOptions <AuthorizationOptions> options)
{
_configuration = configuration;
FallbackPolicyProvider = new DefaultAuthorizationPolicyProvider(options);
}
public CustomAuthPolicyProvider(IOptions <AuthorizationOptions> options)
{
//Initializing default policy provider.
FallbackPolicyProvider = new DefaultAuthorizationPolicyProvider(options);
}
public KeycloakAuthorizationPolicyProvider(IOptions <KeycloakAuthorizationOptions> options, IOptions <AuthorizationOptions> authorizationOptions)
{
_options = options;
_authorizationOptions = authorizationOptions;
_fallbackPolicyProvider = new DefaultAuthorizationPolicyProvider(_authorizationOptions);
}
public void Setup()
{
_policyProvider = new DefaultAuthorizationPolicyProvider(Options.Create(new AuthorizationOptions()));
}
public CustomPolicyProvider(IOptions <AuthorizationOptions> options)
{
BackupPolicyProvider = new DefaultAuthorizationPolicyProvider(options);
}
public RoleAuthorizationPolicyProvider(ILoggerFactory loggerFactory, IOptions <AuthorizationOptions> authorizationOptions)
{
_defaultAuthorizationPolicyProvider = new DefaultAuthorizationPolicyProvider(authorizationOptions);
_logger = loggerFactory.CreateLogger <RoleAuthorizationPolicyProvider>();
}
public MinimumAgePolicyProvider(IOptions <AuthorizationOptions> options)
{
BackupPolicyProvider = new DefaultAuthorizationPolicyProvider(options);
}
public PermissionPolicy(IOptions <AuthorizationOptions> options)
{
defaultPolicyProvider = new DefaultAuthorizationPolicyProvider(options);
}
public LoginRequiredPolicyProvider(IOptions <AuthorizationOptions> options)
{
//save default provider options if needed
FallbackPolicyProvider = new DefaultAuthorizationPolicyProvider(options);
}
public PolicyProvider(IOptions <AuthorizationOptions> options)
{
FallbackPolicyProvider = new DefaultAuthorizationPolicyProvider(options);
}
public MinimumTimeSpendPolicy(IOptions <AuthorizationOptions> options)
{
defaultPolicyProvider = new DefaultAuthorizationPolicyProvider(options);
}
