public void Apply(OpenApiOperation operation, OperationFilterContext context)
{
// Piggy back off of SecurityRequirementsOperationFilter from Swashbuckle.AspNetCore.Filters which has oauth2 as the default security scheme.
var filter = new SecurityRequirementsOperationFilter(securitySchemaName: "ApiKey");
filter.Apply(operation, context);
}
public void Apply_SetsAuthorize_WithMultipleSecuritySchemas()
{
// Arrange
var operation = new OpenApiOperation {
OperationId = "foobar", Responses = new OpenApiResponses()
};
var filterContext = FilterContextFor(typeof(FakeActions), nameof(FakeActions.Authorize));
const string securitySchemaName = "customSchema";
var sut = new SecurityRequirementsOperationFilter();
var sut2 = new SecurityRequirementsOperationFilter(true, securitySchemaName);
// Act
sut.Apply(operation, filterContext);
sut2.Apply(operation, filterContext);
// Assert
operation.Security.Count.ShouldBe(2);
var securityScheme = operation.Security[0].SingleOrDefault(ss => ss.Key.Reference.Id == "oauth2");
securityScheme.Value.ShouldNotBeNull();
securityScheme.Value.Count().ShouldBe(0);
var securityScheme2 = operation.Security[1].SingleOrDefault(ss => ss.Key.Reference.Id == securitySchemaName);
securityScheme2.Value.ShouldNotBeNull();
securityScheme2.Value.Count().ShouldBe(0);
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services
.AddMvc()
.SetCompatibilityVersion(CompatibilityVersion.Version_3_0)
.AddNewtonsoftJson(options => {
options.SerializerSettings.NullValueHandling = Newtonsoft.Json.NullValueHandling.Ignore;
});
services.AddAuthentication(Constants.SignAuthenticationScheme).
AddScheme <StsSettings, SignAuthenticationHandler>(Constants.SignAuthenticationScheme,
options => Configuration.Bind("StsSettings", options));
services.AddAuthentication(BasicAuthenticationHandler.AuthenticationScheme).
AddScheme <StsSettings, BasicAuthenticationHandler>(BasicAuthenticationHandler.AuthenticationScheme,
options => Configuration.Bind("StsSettings", options));
services.AddAuthentication(SrsAuthenticationScheme.SessionAuthenticationScheme)
.AddScheme <AuthenticationSchemeOptions, SessionAuthenticationHandler>(SrsAuthenticationScheme.SessionAuthenticationScheme, null);
var packageNameExtension = new OpenApiObject();
packageNameExtension.Add("package-name", new OpenApiString("com.vmware.srs"));
services.AddSwaggerGen(
c => {
c.SwaggerDoc(
"srs",
new OpenApiInfo {
Description = APIGatewayResources.ProductApiDescription,
Title = APIGatewayResources.ProductName,
Version = APIGatewayResources.ProductVersion,
Contact = new OpenApiContact()
{
Name = "Script Runtime Service for vSphere",
Url = new Uri(@"https://github.com/vmware/script-runtime-service-for-vsphere"),
},
Extensions =
{
{ "x-vmw-vapi-codegenconfig", packageNameExtension }
}
});
var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
c.IncludeXmlComments(xmlPath);
GlobalTagsSchemeFilter.Configure(c);
TagsOperationFilter.Configure(c);
VMwareVapiVendorExtensionsOperationFilter.Configure(c);
SecurityRequirementsOperationFilter.Configure(c);
ScriptExecutionParameterDocumentFilter.Configure(c);
ScriptExecutionParameterSchemaFilter.Configure(c);
//ServersDocumentFilter.Configure(c);
//VMwarePrintingPressExtensionsOperationFilter.Configure(c);
//VMwarePrintingPressPathExtensionsDocumentFilter.Configure(c);
ReadOnlySchemaFilter.Configure(c);
});
services.AddSwaggerGenNewtonsoftSupport();
}
/// <summary>
/// Конструктор
/// </summary>
/// <param name="includeUnauthorizedAndForbiddenResponses">Добавить (по-умолчанию) ответы об ошибках
/// 401 и 403 в операции атрибутированые Authorize</param>
/// <param name="securitySchemaName">Имя схемы безопасности. Значение по-умолчанию <c>"oauth2"</c></param>
/// <param name="unauthorizedResponseDescription">Описание ответа на ошибку 401</param>
/// <param name="forbiddenResponseDescription">Описание ответа на ошибку 403</param>
public SecurityRequirementsOperationFilter(bool includeUnauthorizedAndForbiddenResponses = true,
string securitySchemaName = "oauth2",
string unauthorizedResponseDescription = "Не авторизован - Пользователь не предоставил необходимых учётных данных для доступа к ресурсу.",
string forbiddenResponseDescription = "Запрещено - Пользователь не имеет необходимых прав для доступа к ресурсу.")
{
Func <IEnumerable <AuthorizeAttribute>, IEnumerable <string> > policySelector = authAttributes =>
authAttributes
.Where(a => !string.IsNullOrEmpty(a.Policy))
.Select(a => a.Policy);
filter = new SecurityRequirementsOperationFilter <AuthorizeAttribute>(policySelector, includeUnauthorizedAndForbiddenResponses, securitySchemaName, unauthorizedResponseDescription, forbiddenResponseDescription);
}
public void ApplyMethodAllowAnonymousAttribute()
{
// Arrange
var context = GetContext(typeof(Controller), nameof(Controller.MethodWithAllowAnonymous));
var filter = new SecurityRequirementsOperationFilter();
// Act
filter.Apply(_operation, context);
// Assert
Assert.Empty(_operation.Responses);
Assert.Null(_operation.Security);
}
public void Apply_DoesNotAdds401And403_WhenConfiguredNotTo()
{
// Arrange
var sut = new SecurityRequirementsOperationFilter(false);
var operation = new Operation {
OperationId = "foobar", Responses = new Dictionary <string, Response>()
};
var filterContext = FilterContextFor(typeof(FakeActions), nameof(FakeActions.Authorize));
// Act
sut.Apply(operation, filterContext);
// Assert
operation.Responses.ShouldNotContainKey("401");
operation.Responses.ShouldNotContainKey("403");
}
public void Apply_Controller_Policies()
{
// Arrange
var context = GetContext(typeof(ControllerWithPolicies), nameof(ControllerWithRoles.Method));
var filter = new SecurityRequirementsOperationFilter();
// Act
filter.Apply(_operation, context);
// Assert
AssertAuthorizeResponses();
var security = Assert.IsAssignableFrom <List <IDictionary <string, IEnumerable <string> > > >(_operation.Security);
var attributes = Assert.Single(security);
var policy = Assert.Single(attributes["Bearer"]);
Assert.Equal("UserPolicy", policy);
}
public void ApplyMethodRoles()
{
// Arrange
var context = GetContext(typeof(Controller), nameof(Controller.MethodWithRoles));
var filter = new SecurityRequirementsOperationFilter();
// Act
filter.Apply(_operation, context);
// Assert
AssertAuthorizeResponses();
var security = Assert.IsAssignableFrom <List <IDictionary <string, IEnumerable <string> > > >(_operation.Security);
var attributes = Assert.Single(security);
Assert.NotNull(attributes);
var role = Assert.Single(attributes["Bearer"]);
Assert.Equal("AdminRole", role);
}
public void Apply_SetsAuthorize_WithNoPolicy_WhenCustomSecuritySchemaIsSet()
{
// Arrange
const string securitySchemaName = "customSchema";
var sut = new SecurityRequirementsOperationFilter(true, securitySchemaName);
var operation = new Operation {
OperationId = "foobar", Responses = new Dictionary <string, Response>()
};
var filterContext = FilterContextFor(typeof(FakeActions), nameof(FakeActions.Authorize));
// Act
sut.Apply(operation, filterContext);
// Assert
operation.Security.Count.ShouldBe(1);
var security = operation.Security[0];
security.ShouldContainKey(securitySchemaName);
security[securitySchemaName].Count().ShouldBe(0);
}
public JWTSecurityRequirementsOperationFilter(bool includeUnauthorizedAndForbiddenResponses = false)
{
_filter = new SecurityRequirementsOperationFilter <AuthorizeAttribute>(
authAttributes => authAttributes.Where(a => !string.IsNullOrEmpty(a.Policy))
.Select(a => a.Policy), includeUnauthorizedAndForbiddenResponses);
}
public void Apply(OpenApiOperation operation, OperationFilterContext context)
{
var filter = new SecurityRequirementsOperationFilter(securitySchemaName: ApiKeyAuthenticationOptions.DefaultScheme);
filter.Apply(operation, context);
}
