public void OnResourceExecuting(ResourceExecutingContext context) { if ((string.IsNullOrEmpty(Permission) && !Authorization.IsLoggedIn) || (!string.IsNullOrEmpty(Permission) && !Authorization.HasPermission(Permission))) { if (Authorization.IsLoggedIn) { context.Result = new Result<ServiceResponse>(new ServiceResponse { Error = new ServiceError { Code = "AccessDenied", Message = LocalText.Get("Authorization.AccessDenied") } }); context.HttpContext.Response.StatusCode = 400; } else { context.Result = new Result<ServiceResponse>(new ServiceResponse { Error = new ServiceError { Code = "NotLoggedIn", Message = LocalText.Get("Authorization.NotLoggedIn") } }); context.HttpContext.Response.StatusCode = 400; } } }
public AuthorizationFilterTests() { ActionContext action = new ActionContext(Substitute.For<HttpContext>(), new RouteData(), new ActionDescriptor()); context = new ResourceExecutingContext(action, new IFilterMetadata[0], new IValueProviderFactory[0]); authorization = Substitute.For<IAuthorizationProvider>(); filter = new AuthorizationFilter(authorization); }
public void OnResourceExecuting(ResourceExecutingContext context) { context.Result = new ContentResult() { Content = "Resource unavailable - header should not be set" }; }
public void OnResourceExecuting(ResourceExecutingContext context) { if ((string.IsNullOrEmpty(attr.Permission) && !Authorization.IsLoggedIn) || (!string.IsNullOrEmpty(attr.Permission) && !Authorization.HasPermission(attr.Permission))) { context.Result = new ChallengeResult(); } }
public void OnResourceExecuting(ResourceExecutingContext context) { _cacheKey = context.HttpContext.Request.Path.ToString(); if (_cache.ContainsKey(_cacheKey)) { var cachedValue = _cache[_cacheKey] as string; if (cachedValue != null) { context.Result = new ContentResult() { Content = cachedValue }; } } }
public void OnResourceExecuting(ResourceExecutingContext context) { if (!context.HttpContext.User.Identity.IsAuthenticated) return; Int32? accountId = context.HttpContext.User.Id(); String area = context.RouteData.Values["area"] as String; String action = context.RouteData.Values["action"] as String; String controller = context.RouteData.Values["controller"] as String; if (!IsAuthorizedFor(accountId, action, controller, area)) context.Result = RedirectToUnauthorized(context); }
/// <inheritdoc /> public void OnResourceExecuting(ResourceExecutingContext context) { if (context == null) { throw new ArgumentNullException(nameof(context)); } var statusCodeFeature = context.HttpContext.Features.Get<IStatusCodePagesFeature>(); if (statusCodeFeature != null) { // Turn off the StatusCodePages feature. statusCodeFeature.Enabled = false; } }
public void OnActionExecuting_SetsCurrentLanguage() { ActionContext action = new ActionContext(new DefaultHttpContext(), new RouteData(), new ActionDescriptor()); ResourceExecutingContext context = new ResourceExecutingContext(action, new IFilterMetadata[0], new IValueProviderFactory[0]); ILanguages languages = Substitute.For<ILanguages>(); context.RouteData.Values["language"] = "lt"; languages["lt"].Returns(new Language()); new LanguageFilter(languages).OnResourceExecuting(context); Language actual = languages.Current; Language expected = languages["lt"]; Assert.Equal(expected, actual); }
public void OnResourceExecuting(ResourceExecutingContext context) { var descriptions = new List<ApiExplorerData>(); foreach (var group in _descriptionProvider.ApiDescriptionGroups.Items) { foreach (var description in group.Items) { if (context.ActionDescriptor == description.ActionDescriptor) { descriptions.Add(CreateSerializableData(description)); } } } context.Result = new JsonResult(descriptions); }
public void OnResourceExecuting(ResourceExecutingContext context) { var formValueProviderFactory = context.ValueProviderFactories .OfType<FormValueProviderFactory>() .FirstOrDefault(); if (formValueProviderFactory != null) { context.ValueProviderFactories.Remove(formValueProviderFactory); } var jqueryFormValueProviderFactory = context.ValueProviderFactories .OfType<JQueryFormValueProviderFactory>() .FirstOrDefault(); if (jqueryFormValueProviderFactory != null) { context.ValueProviderFactories.Remove(jqueryFormValueProviderFactory); } }
/// <summary> /// As a <see cref="IResourceFilter"/>, this filter looks at the request and rejects it before going ahead if /// 1. The format in the request does not match any format in the map. /// 2. If there is a conflicting producesFilter. /// </summary> /// <param name="context">The <see cref="ResourceExecutingContext"/>.</param> public void OnResourceExecuting(ResourceExecutingContext context) { if (context == null) { throw new ArgumentNullException(nameof(context)); } var format = GetFormat(context); if (format == null) { // no format specified by user, so the filter is muted return; } var contentType = _options.FormatterMappings.GetMediaTypeMappingForFormat(format); if (contentType == null) { // no contentType exists for the format, return 404 context.Result = new NotFoundResult(); return; } // Determine media types this action supports. var responseTypeFilters = context.Filters.OfType<IApiResponseMetadataProvider>(); var supportedMediaTypes = new MediaTypeCollection(); foreach (var filter in responseTypeFilters) { filter.SetContentTypes(supportedMediaTypes); } // Check if support is adequate for requested media type. if (supportedMediaTypes.Count != 0) { // We need to check if the action can generate the content type the user asked for. That is, treat the // request's format and IApiResponseMetadataProvider-provided content types similarly to an Accept // header and an output formatter's SupportedMediaTypes: Confirm action supports a more specific media // type than requested e.g. OK if "text/*" requested and action supports "text/plain". if (!IsSuperSetOfAnySupportedMediaType(contentType, supportedMediaTypes)) { context.Result = new NotFoundResult(); } } }
/// <inheritdoc /> public void OnResourceExecuting(ResourceExecutingContext context) { if (context == null) { throw new ArgumentNullException(nameof(context)); } // Only execute if the current filter is the one which is closest to the action. // Ignore all other filters. This is to ensure we have a overriding behavior. if (IsApplicable(context.ActionDescriptor)) { var requestContentType = context.HttpContext.Request.ContentType; // Confirm the request's content type is more specific than a media type this action supports e.g. OK // if client sent "text/plain" data and this action supports "text/*". if (requestContentType != null && !IsSubsetOfAnyContentType(requestContentType)) { context.Result = new UnsupportedMediaTypeResult(); } } }
public void FormatFilter_ExplicitContentType_SetOnResponse_TakesPrecedence() { // Arrange var mediaType = MediaTypeHeaderValue.Parse("application/foo"); var mockObjects = new MockObjects("json", FormatSource.QueryData); var response = new Mock<HttpResponse>(); response.Setup(r => r.ContentType).Returns("application/foo"); var httpContext = new Mock<HttpContext>(); httpContext.Setup(c => c.Response).Returns(response.Object); httpContext.Setup(c => c.Request.Query["format"]).Returns("json"); var actionContext = new ActionContext(httpContext.Object, new RouteData(), new ActionDescriptor()); var resultExecutingContext = new ResultExecutingContext( actionContext, new IFilterMetadata[] { }, new ObjectResult("Hello!"), controller: new object()); var resourceExecutingContext = new ResourceExecutingContext( actionContext, new IFilterMetadata[] { }); var filter = new FormatFilter(mockObjects.OptionsManager); // Act filter.OnResourceExecuting(resourceExecutingContext); filter.OnResultExecuting(resultExecutingContext); // Assert var result = Assert.IsType<ObjectResult>(resultExecutingContext.Result); Assert.Equal(0, result.ContentTypes.Count); }
public void OnResourceExecuting(ResourceExecutingContext context) { var mvcOptions = context.HttpContext.RequestServices.GetRequiredService<IOptions<MvcOptions>>(); var formatter = mvcOptions.Value.OutputFormatters.OfType<JsonOutputFormatter>().First(); var result = new ObjectResult("someValue"); result.Formatters.Add(formatter); context.Result = result; }
public void OnResourceExecuting_ForNoContentTypeMatch_SetsUnsupportedMediaTypeResult(string contentType) { // Arrange var httpContext = new DefaultHttpContext(); httpContext.Request.ContentType = contentType; var consumesFilter = new ConsumesAttribute("application/json"); var actionWithConstraint = new ActionDescriptor() { ActionConstraints = new List<IActionConstraintMetadata>() { consumesFilter }, FilterDescriptors = new List<FilterDescriptor>() { new FilterDescriptor(consumesFilter, FilterScope.Action) } }; var actionContext = new ActionContext(httpContext, new RouteData(), actionWithConstraint); var resourceExecutingContext = new ResourceExecutingContext( actionContext, new[] { consumesFilter }, new List<IValueProviderFactory>()); // Act consumesFilter.OnResourceExecuting(resourceExecutingContext); // Assert Assert.NotNull(resourceExecutingContext.Result); Assert.IsType<UnsupportedMediaTypeResult>(resourceExecutingContext.Result); }
public void OnResourceExecuting(ResourceExecutingContext context) { _logger.LogInformation("OnResourceExecuting"); }
public static ControllerActionDescriptor ControllerActionDescriptor(this ResourceExecutingContext context) => context.ActionDescriptor.ControllerActionDescriptor();
public void OnResourceExecuting(ResourceExecutingContext context) { Languages.Current = Languages[context.RouteData.Values["language"] as String]; }
public void OnResourceExecuting_ForAContentTypeMatch_IsNoOp(string contentType) { // Arrange var httpContext = new DefaultHttpContext(); httpContext.Request.ContentType = contentType; var consumesFilter = new ConsumesAttribute("application/json", "application/xml"); var actionWithConstraint = new ActionDescriptor() { ActionConstraints = new List<IActionConstraintMetadata>() { consumesFilter }, FilterDescriptors = new List<FilterDescriptor>() { new FilterDescriptor(consumesFilter, FilterScope.Action) } }; var actionContext = new ActionContext(httpContext, new RouteData(), actionWithConstraint); var resourceExecutingContext = new ResourceExecutingContext(actionContext, new[] { consumesFilter }); // Act consumesFilter.OnResourceExecuting(resourceExecutingContext); // Assert Assert.Null(resourceExecutingContext.Result); }
public void FormatFilter_ContextContainsFormat_InRouteAndQueryData() { // If the format is present in both route and query data, the one in route data wins // Arrange var mediaType = new StringSegment("application/json"); var mockObjects = new MockObjects("json", FormatSource.RouteData); var httpContext = new Mock<HttpContext>(); httpContext.Setup(c => c.Response).Returns(new Mock<HttpResponse>().Object); // Query contains xml httpContext.Setup(c => c.Request.Query.ContainsKey("format")).Returns(true); httpContext.Setup(c => c.Request.Query["format"]).Returns("xml"); // Routedata contains json var data = new RouteData(); data.Values.Add("format", "json"); var ac = new ActionContext(httpContext.Object, data, new ActionDescriptor()); var resultExecutingContext = new ResultExecutingContext( ac, new IFilterMetadata[] { }, new ObjectResult("Hello!"), controller: new object()); var resourceExecutingContext = new ResourceExecutingContext( ac, new IFilterMetadata[] { }); var filter = new FormatFilter(mockObjects.OptionsManager); // Act filter.OnResourceExecuting(resourceExecutingContext); filter.OnResultExecuting(resultExecutingContext); // Assert var objectResult = Assert.IsType<ObjectResult>(resultExecutingContext.Result); Assert.Equal(1, objectResult.ContentTypes.Count); MediaTypeAssert.Equal(mediaType, objectResult.ContentTypes[0]); }
public void OnResourceExecuting(ResourceExecutingContext context) { // ShortCircuit. context.Result = new ObjectResult("someValue"); }
public static void BeforeOnResourceExecution( this DiagnosticSource diagnosticSource, ResourceExecutingContext resourceExecutingContext, IAsyncResourceFilter filter) { Debug.Assert(diagnosticSource != null); Debug.Assert(resourceExecutingContext != null); Debug.Assert(filter != null); if (diagnosticSource.IsEnabled("Microsoft.AspNetCore.Mvc.BeforeOnResourceExecution")) { diagnosticSource.Write( "Microsoft.AspNetCore.Mvc.BeforeOnResourceExecution", new { actionDescriptor = resourceExecutingContext.ActionDescriptor, resourceExecutingContext = resourceExecutingContext, filter = filter }); } }
public ResourceExecutingContext CreateResourceExecutingContext(IFilterMetadata[] filters) { var context = new ResourceExecutingContext( MockActionContext, filters, new List<IValueProviderFactory>()); return context; }
public void OnResourceExecuting(ResourceExecutingContext context) { context.HttpContext.Response.Headers.Append( "filters", Name + " - OnResourceExecuting"); }
public ResourceExecutingContext CreateResourceExecutingContext(IFilterMetadata[] filters) { var context = new ResourceExecutingContext( MockActionContext, filters); return context; }
public static void AfterOnResourceExecuting( this DiagnosticSource diagnosticSource, ResourceExecutingContext resourceExecutingContext, IResourceFilter filter) { if (diagnosticSource.IsEnabled("Microsoft.AspNetCore.Mvc.AfterOnResourceExecuting")) { diagnosticSource.Write( "Microsoft.AspNetCore.Mvc.AfterOnResourceExecuting", new { actionDescriptor = resourceExecutingContext.ActionDescriptor, resourceExecutingContext = resourceExecutingContext, filter = filter }); } }
public async Task OnResourceExecutionAsync(ResourceExecutingContext context, ResourceExecutionDelegate next) { if (!context.HttpContext.User.Identity.IsAuthenticated || !context.Filters.ExistsAuthorizeAttribute()) { await next(); return; } var method = context.GetMethod(); var authorization = context.GetAuthorization(); var onClientValidate = _options.OnClientValidate; var clientValidate = ClientValidate.None; if (context.Filters.OfType <BasicAuthorizeAttribute>().Any()) { clientValidate = context.Filters.OfType <BasicAuthorizeAttribute>().First().ClientValidate; } if (clientValidate != ClientValidate.None) { onClientValidate = (clientValidate == ClientValidate.On); } if (onClientValidate) { var clientId = context.HttpContext.User.GetClientId(); if (_options.ClientId != clientId) { if (string.IsNullOrWhiteSpace(_options.Authority)) { throw new ArgumentNullException(nameof(_options.Authority)); } var grantInfoResponse = await _serviceAuthorizeHttpClient.GetGrantInfo( method, authorization); if (grantInfoResponse.Code != 0) { context.Result = new BadRequestObjectResult(ActionObject.Ok(grantInfoResponse.Code, grantInfoResponse.Message)); return; } var grantInfo = grantInfoResponse.Data; if (grantInfo == null) { context.Result = new BadRequestObjectResult(ActionObject.Ok(-1, "获取授权信息失败")); return; } if (!grantInfo.Granted) { context.Result = new ObjectResult(ActionObject.Ok(-1, "该资源需要appid拥有授权")) { StatusCode = 403 }; return; } } } await next(); }