public void Apply(OpenApiOperation operation, OperationFilterContext context) { // Piggy back off of SecurityRequirementsOperationFilter from Swashbuckle.AspNetCore.Filters which has oauth2 as the default security scheme. var filter = new SecurityRequirementsOperationFilter(securitySchemaName: "ApiKey"); filter.Apply(operation, context); }
public void Apply_SetsAuthorize_WithMultipleSecuritySchemas() { // Arrange var operation = new OpenApiOperation { OperationId = "foobar", Responses = new OpenApiResponses() }; var filterContext = FilterContextFor(typeof(FakeActions), nameof(FakeActions.Authorize)); const string securitySchemaName = "customSchema"; var sut = new SecurityRequirementsOperationFilter(); var sut2 = new SecurityRequirementsOperationFilter(true, securitySchemaName); // Act sut.Apply(operation, filterContext); sut2.Apply(operation, filterContext); // Assert operation.Security.Count.ShouldBe(2); var securityScheme = operation.Security[0].SingleOrDefault(ss => ss.Key.Reference.Id == "oauth2"); securityScheme.Value.ShouldNotBeNull(); securityScheme.Value.Count().ShouldBe(0); var securityScheme2 = operation.Security[1].SingleOrDefault(ss => ss.Key.Reference.Id == securitySchemaName); securityScheme2.Value.ShouldNotBeNull(); securityScheme2.Value.Count().ShouldBe(0); }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services .AddMvc() .SetCompatibilityVersion(CompatibilityVersion.Version_3_0) .AddNewtonsoftJson(options => { options.SerializerSettings.NullValueHandling = Newtonsoft.Json.NullValueHandling.Ignore; }); services.AddAuthentication(Constants.SignAuthenticationScheme). AddScheme <StsSettings, SignAuthenticationHandler>(Constants.SignAuthenticationScheme, options => Configuration.Bind("StsSettings", options)); services.AddAuthentication(BasicAuthenticationHandler.AuthenticationScheme). AddScheme <StsSettings, BasicAuthenticationHandler>(BasicAuthenticationHandler.AuthenticationScheme, options => Configuration.Bind("StsSettings", options)); services.AddAuthentication(SrsAuthenticationScheme.SessionAuthenticationScheme) .AddScheme <AuthenticationSchemeOptions, SessionAuthenticationHandler>(SrsAuthenticationScheme.SessionAuthenticationScheme, null); var packageNameExtension = new OpenApiObject(); packageNameExtension.Add("package-name", new OpenApiString("com.vmware.srs")); services.AddSwaggerGen( c => { c.SwaggerDoc( "srs", new OpenApiInfo { Description = APIGatewayResources.ProductApiDescription, Title = APIGatewayResources.ProductName, Version = APIGatewayResources.ProductVersion, Contact = new OpenApiContact() { Name = "Script Runtime Service for vSphere", Url = new Uri(@"https://github.com/vmware/script-runtime-service-for-vsphere"), }, Extensions = { { "x-vmw-vapi-codegenconfig", packageNameExtension } } }); var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml"; var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile); c.IncludeXmlComments(xmlPath); GlobalTagsSchemeFilter.Configure(c); TagsOperationFilter.Configure(c); VMwareVapiVendorExtensionsOperationFilter.Configure(c); SecurityRequirementsOperationFilter.Configure(c); ScriptExecutionParameterDocumentFilter.Configure(c); ScriptExecutionParameterSchemaFilter.Configure(c); //ServersDocumentFilter.Configure(c); //VMwarePrintingPressExtensionsOperationFilter.Configure(c); //VMwarePrintingPressPathExtensionsDocumentFilter.Configure(c); ReadOnlySchemaFilter.Configure(c); }); services.AddSwaggerGenNewtonsoftSupport(); }
/// <summary> /// Конструктор /// </summary> /// <param name="includeUnauthorizedAndForbiddenResponses">Добавить (по-умолчанию) ответы об ошибках /// 401 и 403 в операции атрибутированые Authorize</param> /// <param name="securitySchemaName">Имя схемы безопасности. Значение по-умолчанию <c>"oauth2"</c></param> /// <param name="unauthorizedResponseDescription">Описание ответа на ошибку 401</param> /// <param name="forbiddenResponseDescription">Описание ответа на ошибку 403</param> public SecurityRequirementsOperationFilter(bool includeUnauthorizedAndForbiddenResponses = true, string securitySchemaName = "oauth2", string unauthorizedResponseDescription = "Не авторизован - Пользователь не предоставил необходимых учётных данных для доступа к ресурсу.", string forbiddenResponseDescription = "Запрещено - Пользователь не имеет необходимых прав для доступа к ресурсу.") { Func <IEnumerable <AuthorizeAttribute>, IEnumerable <string> > policySelector = authAttributes => authAttributes .Where(a => !string.IsNullOrEmpty(a.Policy)) .Select(a => a.Policy); filter = new SecurityRequirementsOperationFilter <AuthorizeAttribute>(policySelector, includeUnauthorizedAndForbiddenResponses, securitySchemaName, unauthorizedResponseDescription, forbiddenResponseDescription); }
public void ApplyMethodAllowAnonymousAttribute() { // Arrange var context = GetContext(typeof(Controller), nameof(Controller.MethodWithAllowAnonymous)); var filter = new SecurityRequirementsOperationFilter(); // Act filter.Apply(_operation, context); // Assert Assert.Empty(_operation.Responses); Assert.Null(_operation.Security); }
public void Apply_DoesNotAdds401And403_WhenConfiguredNotTo() { // Arrange var sut = new SecurityRequirementsOperationFilter(false); var operation = new Operation { OperationId = "foobar", Responses = new Dictionary <string, Response>() }; var filterContext = FilterContextFor(typeof(FakeActions), nameof(FakeActions.Authorize)); // Act sut.Apply(operation, filterContext); // Assert operation.Responses.ShouldNotContainKey("401"); operation.Responses.ShouldNotContainKey("403"); }
public void Apply_Controller_Policies() { // Arrange var context = GetContext(typeof(ControllerWithPolicies), nameof(ControllerWithRoles.Method)); var filter = new SecurityRequirementsOperationFilter(); // Act filter.Apply(_operation, context); // Assert AssertAuthorizeResponses(); var security = Assert.IsAssignableFrom <List <IDictionary <string, IEnumerable <string> > > >(_operation.Security); var attributes = Assert.Single(security); var policy = Assert.Single(attributes["Bearer"]); Assert.Equal("UserPolicy", policy); }
public void ApplyMethodRoles() { // Arrange var context = GetContext(typeof(Controller), nameof(Controller.MethodWithRoles)); var filter = new SecurityRequirementsOperationFilter(); // Act filter.Apply(_operation, context); // Assert AssertAuthorizeResponses(); var security = Assert.IsAssignableFrom <List <IDictionary <string, IEnumerable <string> > > >(_operation.Security); var attributes = Assert.Single(security); Assert.NotNull(attributes); var role = Assert.Single(attributes["Bearer"]); Assert.Equal("AdminRole", role); }
public void Apply_SetsAuthorize_WithNoPolicy_WhenCustomSecuritySchemaIsSet() { // Arrange const string securitySchemaName = "customSchema"; var sut = new SecurityRequirementsOperationFilter(true, securitySchemaName); var operation = new Operation { OperationId = "foobar", Responses = new Dictionary <string, Response>() }; var filterContext = FilterContextFor(typeof(FakeActions), nameof(FakeActions.Authorize)); // Act sut.Apply(operation, filterContext); // Assert operation.Security.Count.ShouldBe(1); var security = operation.Security[0]; security.ShouldContainKey(securitySchemaName); security[securitySchemaName].Count().ShouldBe(0); }
public JWTSecurityRequirementsOperationFilter(bool includeUnauthorizedAndForbiddenResponses = false) { _filter = new SecurityRequirementsOperationFilter <AuthorizeAttribute>( authAttributes => authAttributes.Where(a => !string.IsNullOrEmpty(a.Policy)) .Select(a => a.Policy), includeUnauthorizedAndForbiddenResponses); }
public void Apply(OpenApiOperation operation, OperationFilterContext context) { var filter = new SecurityRequirementsOperationFilter(securitySchemaName: ApiKeyAuthenticationOptions.DefaultScheme); filter.Apply(operation, context); }