public async Task <ResourceValidationResult> IsAuthorized(string openidProvider, Ticket validTicket, ClaimTokenParameter claimTokenParameter)
{
if (string.IsNullOrWhiteSpace(openidProvider))
{
throw new ArgumentNullException(nameof(openidProvider));
}
if (validTicket == null)
{
throw new ArgumentNullException(nameof(validTicket));
}
if (validTicket.Lines == null || !validTicket.Lines.Any())
{
throw new ArgumentNullException(nameof(validTicket.Lines));
}
var resourceIds = validTicket.Lines.Select(l => l.ResourceSetId);
var resources = await _resourceSetRepository.Get(resourceIds);
if (resources == null || !resources.Any() || resources.Count() != resourceIds.Count())
{
throw new BaseUmaException(ErrorCodes.InternalError, ErrorDescriptions.SomeResourcesDontExist);
}
ResourceValidationResult validationResult = null;
foreach (var ticketLine in validTicket.Lines)
{
var ticketLineParameter = new TicketLineParameter(ticketLine.Scopes);
if (validTicket.Audiences != null && validTicket.Audiences.Any())
{
ticketLineParameter.ClientId = validTicket.Audiences.First();
}
var resource = resources.First(r => r.Id == ticketLine.ResourceSetId);
validationResult = await Validate(openidProvider, ticketLineParameter, resource, claimTokenParameter).ConfigureAwait(false);
if (!validationResult.IsValid)
{
_umaServerEventSource.AuthorizationPoliciesFailed(validTicket.Id);
return(validationResult);
}
}
return(validationResult);
}
public async Task <AuthorizationPolicyResult> IsAuthorized(Ticket validTicket, string clientId, ClaimTokenParameter claimTokenParameter)
{
if (validTicket == null)
{
throw new ArgumentNullException(nameof(validTicket));
}
if (string.IsNullOrWhiteSpace(clientId))
{
throw new ArgumentNullException(nameof(clientId));
}
if (validTicket.Lines == null || !validTicket.Lines.Any())
{
throw new ArgumentNullException(nameof(validTicket.Lines));
}
var resourceIds = validTicket.Lines.Select(l => l.ResourceSetId);
var resources = await _resourceSetRepository.Get(resourceIds);
if (resources == null || !resources.Any() || resources.Count() != resourceIds.Count())
{
throw new BaseUmaException(ErrorCodes.InternalError, ErrorDescriptions.SomeResourcesDontExist);
}
AuthorizationPolicyResult validationResult = null;
foreach (var ticketLine in validTicket.Lines)
{
var ticketLineParameter = new TicketLineParameter(clientId, ticketLine.Scopes, validTicket.IsAuthorizedByRo);
var resource = resources.First(r => r.Id == ticketLine.ResourceSetId);
validationResult = await Validate(ticketLineParameter, resource, claimTokenParameter);
if (validationResult.Type != AuthorizationPolicyResultEnum.Authorized)
{
_umaServerEventSource.AuthorizationPoliciesFailed(validTicket.Id);
return(validationResult);
}
}
return(validationResult);
}