private async Task <AuthorizationPolicyResult> Validate( TicketLineParameter ticketLineParameter, ResourceSet resource, string?claimTokenFormat, ClaimsPrincipal requester, CancellationToken cancellationToken) { if (resource.AuthorizationPolicies.Length == 0) { return(new AuthorizationPolicyResult(AuthorizationPolicyResultKind.RequestSubmitted, requester)); } return(await _authorizationPolicy.Execute( ticketLineParameter, claimTokenFormat, requester, cancellationToken, resource.AuthorizationPolicies) .ConfigureAwait(false)); }
public async Task WhenTicketIsValidThenPolicyAuthorizes() { var ticketJson = @"{ ""Id"": ""95FE0861AFF41E4ABECC748C026C36F8"", ""Lines"": [ { ""scopes"": [ ""read"" ], ""resource_id"": ""RES123"" } ], ""Created"": ""2021-04-30T21:42:25.7091988+00:00"", ""Expires"": ""2021-04-30T22:12:25.7092013+00:00"", ""Requester"": [ { ""type"": ""sub"", ""value"": ""abc123"" }, { ""type"": ""name"", ""value"": ""A Tester"" }, { ""type"": ""email"", ""value"": ""*****@*****.**"" }, { ""type"": ""given_name"", ""value"": ""Anne"" }, { ""type"": ""family_name"", ""value"": ""Tester"" } ], ""ResourceOwner"": ""98765"", ""IsAuthorizedByRo"": true }"; var resourceSetJson = @"{ ""_id"": ""RES123"", ""name"": ""tux.jpg"", ""type"": ""Picture"", ""owner"": ""98765"", ""resource_scopes"": [ ""read"" ], ""authorization_policies"": [ { ""claims"": [{""type"":""email"", ""value"":""*****@*****.**""}], ""scopes"": [ ""read"" ], ""clients"": [ ""Test"" ], ""consent_needed"": true } ] }"; var resourceSet = JsonConvert.DeserializeObject <ResourceSet>(resourceSetJson); var ticket = JsonConvert.DeserializeObject <Ticket>(ticketJson); var kind = AuthorizationPolicyResultKind.NotAuthorized; foreach (var ticketLine in ticket !.Lines) { var result = await _authorizationPolicy.Execute( new TicketLineParameter("Test", ticketLine.Scopes, ticket.IsAuthorizedByRo), UmaConstants.IdTokenType, new ClaimsPrincipal(new ClaimsIdentity(ticket.Requester.Select(c => new Claim(c.Type, c.Value)))), CancellationToken.None, resourceSet !.AuthorizationPolicies) .ConfigureAwait(false); kind = result.Result; if (kind == AuthorizationPolicyResultKind.Authorized) { break; } } Assert.Equal(AuthorizationPolicyResultKind.Authorized, kind); }