public void OnResourceExecuting(ResourceExecutingContext context)
{
if ((string.IsNullOrEmpty(Permission) &&
!Authorization.IsLoggedIn) ||
(!string.IsNullOrEmpty(Permission) &&
!Authorization.HasPermission(Permission)))
{
if (Authorization.IsLoggedIn)
{
context.Result = new Result<ServiceResponse>(new ServiceResponse
{
Error = new ServiceError
{
Code = "AccessDenied",
Message = LocalText.Get("Authorization.AccessDenied")
}
});
context.HttpContext.Response.StatusCode = 400;
}
else
{
context.Result = new Result<ServiceResponse>(new ServiceResponse
{
Error = new ServiceError
{
Code = "NotLoggedIn",
Message = LocalText.Get("Authorization.NotLoggedIn")
}
});
context.HttpContext.Response.StatusCode = 400;
}
}
}
public AuthorizationFilterTests()
{
ActionContext action = new ActionContext(Substitute.For<HttpContext>(), new RouteData(), new ActionDescriptor());
context = new ResourceExecutingContext(action, new IFilterMetadata[0], new IValueProviderFactory[0]);
authorization = Substitute.For<IAuthorizationProvider>();
filter = new AuthorizationFilter(authorization);
}
public void OnResourceExecuting(ResourceExecutingContext context)
{
context.Result = new ContentResult()
{
Content = "Resource unavailable - header should not be set"
};
}
public void OnResourceExecuting(ResourceExecutingContext context)
{
if ((string.IsNullOrEmpty(attr.Permission) &&
!Authorization.IsLoggedIn) ||
(!string.IsNullOrEmpty(attr.Permission) &&
!Authorization.HasPermission(attr.Permission)))
{
context.Result = new ChallengeResult();
}
}
public void OnResourceExecuting(ResourceExecutingContext context)
{
_cacheKey = context.HttpContext.Request.Path.ToString();
if (_cache.ContainsKey(_cacheKey))
{
var cachedValue = _cache[_cacheKey] as string;
if (cachedValue != null)
{
context.Result = new ContentResult()
{ Content = cachedValue };
}
}
}
public void OnResourceExecuting(ResourceExecutingContext context)
{
if (!context.HttpContext.User.Identity.IsAuthenticated)
return;
Int32? accountId = context.HttpContext.User.Id();
String area = context.RouteData.Values["area"] as String;
String action = context.RouteData.Values["action"] as String;
String controller = context.RouteData.Values["controller"] as String;
if (!IsAuthorizedFor(accountId, action, controller, area))
context.Result = RedirectToUnauthorized(context);
}
/// <inheritdoc />
public void OnResourceExecuting(ResourceExecutingContext context)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
var statusCodeFeature = context.HttpContext.Features.Get<IStatusCodePagesFeature>();
if (statusCodeFeature != null)
{
// Turn off the StatusCodePages feature.
statusCodeFeature.Enabled = false;
}
}
public void OnActionExecuting_SetsCurrentLanguage()
{
ActionContext action = new ActionContext(new DefaultHttpContext(), new RouteData(), new ActionDescriptor());
ResourceExecutingContext context = new ResourceExecutingContext(action, new IFilterMetadata[0], new IValueProviderFactory[0]);
ILanguages languages = Substitute.For<ILanguages>();
context.RouteData.Values["language"] = "lt";
languages["lt"].Returns(new Language());
new LanguageFilter(languages).OnResourceExecuting(context);
Language actual = languages.Current;
Language expected = languages["lt"];
Assert.Equal(expected, actual);
}
public void OnResourceExecuting(ResourceExecutingContext context)
{
var descriptions = new List<ApiExplorerData>();
foreach (var group in _descriptionProvider.ApiDescriptionGroups.Items)
{
foreach (var description in group.Items)
{
if (context.ActionDescriptor == description.ActionDescriptor)
{
descriptions.Add(CreateSerializableData(description));
}
}
}
context.Result = new JsonResult(descriptions);
}
public void OnResourceExecuting(ResourceExecutingContext context)
{
var formValueProviderFactory = context.ValueProviderFactories
.OfType<FormValueProviderFactory>()
.FirstOrDefault();
if (formValueProviderFactory != null)
{
context.ValueProviderFactories.Remove(formValueProviderFactory);
}
var jqueryFormValueProviderFactory = context.ValueProviderFactories
.OfType<JQueryFormValueProviderFactory>()
.FirstOrDefault();
if (jqueryFormValueProviderFactory != null)
{
context.ValueProviderFactories.Remove(jqueryFormValueProviderFactory);
}
}
/// <summary>
/// As a <see cref="IResourceFilter"/>, this filter looks at the request and rejects it before going ahead if
/// 1. The format in the request does not match any format in the map.
/// 2. If there is a conflicting producesFilter.
/// </summary>
/// <param name="context">The <see cref="ResourceExecutingContext"/>.</param>
public void OnResourceExecuting(ResourceExecutingContext context)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
var format = GetFormat(context);
if (format == null)
{
// no format specified by user, so the filter is muted
return;
}
var contentType = _options.FormatterMappings.GetMediaTypeMappingForFormat(format);
if (contentType == null)
{
// no contentType exists for the format, return 404
context.Result = new NotFoundResult();
return;
}
// Determine media types this action supports.
var responseTypeFilters = context.Filters.OfType<IApiResponseMetadataProvider>();
var supportedMediaTypes = new MediaTypeCollection();
foreach (var filter in responseTypeFilters)
{
filter.SetContentTypes(supportedMediaTypes);
}
// Check if support is adequate for requested media type.
if (supportedMediaTypes.Count != 0)
{
// We need to check if the action can generate the content type the user asked for. That is, treat the
// request's format and IApiResponseMetadataProvider-provided content types similarly to an Accept
// header and an output formatter's SupportedMediaTypes: Confirm action supports a more specific media
// type than requested e.g. OK if "text/*" requested and action supports "text/plain".
if (!IsSuperSetOfAnySupportedMediaType(contentType, supportedMediaTypes))
{
context.Result = new NotFoundResult();
}
}
}
/// <inheritdoc />
public void OnResourceExecuting(ResourceExecutingContext context)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
// Only execute if the current filter is the one which is closest to the action.
// Ignore all other filters. This is to ensure we have a overriding behavior.
if (IsApplicable(context.ActionDescriptor))
{
var requestContentType = context.HttpContext.Request.ContentType;
// Confirm the request's content type is more specific than a media type this action supports e.g. OK
// if client sent "text/plain" data and this action supports "text/*".
if (requestContentType != null && !IsSubsetOfAnyContentType(requestContentType))
{
context.Result = new UnsupportedMediaTypeResult();
}
}
}
public void FormatFilter_ExplicitContentType_SetOnResponse_TakesPrecedence()
{
// Arrange
var mediaType = MediaTypeHeaderValue.Parse("application/foo");
var mockObjects = new MockObjects("json", FormatSource.QueryData);
var response = new Mock<HttpResponse>();
response.Setup(r => r.ContentType).Returns("application/foo");
var httpContext = new Mock<HttpContext>();
httpContext.Setup(c => c.Response).Returns(response.Object);
httpContext.Setup(c => c.Request.Query["format"]).Returns("json");
var actionContext = new ActionContext(httpContext.Object, new RouteData(), new ActionDescriptor());
var resultExecutingContext = new ResultExecutingContext(
actionContext,
new IFilterMetadata[] { },
new ObjectResult("Hello!"),
controller: new object());
var resourceExecutingContext = new ResourceExecutingContext(
actionContext,
new IFilterMetadata[] { });
var filter = new FormatFilter(mockObjects.OptionsManager);
// Act
filter.OnResourceExecuting(resourceExecutingContext);
filter.OnResultExecuting(resultExecutingContext);
// Assert
var result = Assert.IsType<ObjectResult>(resultExecutingContext.Result);
Assert.Equal(0, result.ContentTypes.Count);
}
public void OnResourceExecuting(ResourceExecutingContext context)
{
var mvcOptions = context.HttpContext.RequestServices.GetRequiredService<IOptions<MvcOptions>>();
var formatter = mvcOptions.Value.OutputFormatters.OfType<JsonOutputFormatter>().First();
var result = new ObjectResult("someValue");
result.Formatters.Add(formatter);
context.Result = result;
}
public void OnResourceExecuting_ForNoContentTypeMatch_SetsUnsupportedMediaTypeResult(string contentType)
{
// Arrange
var httpContext = new DefaultHttpContext();
httpContext.Request.ContentType = contentType;
var consumesFilter = new ConsumesAttribute("application/json");
var actionWithConstraint = new ActionDescriptor()
{
ActionConstraints = new List<IActionConstraintMetadata>() { consumesFilter },
FilterDescriptors =
new List<FilterDescriptor>() { new FilterDescriptor(consumesFilter, FilterScope.Action) }
};
var actionContext = new ActionContext(httpContext, new RouteData(), actionWithConstraint);
var resourceExecutingContext = new ResourceExecutingContext(
actionContext,
new[] { consumesFilter },
new List<IValueProviderFactory>());
// Act
consumesFilter.OnResourceExecuting(resourceExecutingContext);
// Assert
Assert.NotNull(resourceExecutingContext.Result);
Assert.IsType<UnsupportedMediaTypeResult>(resourceExecutingContext.Result);
}
public void OnResourceExecuting(ResourceExecutingContext context)
{
_logger.LogInformation("OnResourceExecuting");
}
public static ControllerActionDescriptor ControllerActionDescriptor(this ResourceExecutingContext context) => context.ActionDescriptor.ControllerActionDescriptor();
public void OnResourceExecuting(ResourceExecutingContext context)
{
Languages.Current = Languages[context.RouteData.Values["language"] as String];
}
public void OnResourceExecuting_ForAContentTypeMatch_IsNoOp(string contentType)
{
// Arrange
var httpContext = new DefaultHttpContext();
httpContext.Request.ContentType = contentType;
var consumesFilter = new ConsumesAttribute("application/json", "application/xml");
var actionWithConstraint = new ActionDescriptor()
{
ActionConstraints = new List<IActionConstraintMetadata>() { consumesFilter },
FilterDescriptors =
new List<FilterDescriptor>() { new FilterDescriptor(consumesFilter, FilterScope.Action) }
};
var actionContext = new ActionContext(httpContext, new RouteData(), actionWithConstraint);
var resourceExecutingContext = new ResourceExecutingContext(actionContext, new[] { consumesFilter });
// Act
consumesFilter.OnResourceExecuting(resourceExecutingContext);
// Assert
Assert.Null(resourceExecutingContext.Result);
}
public void FormatFilter_ContextContainsFormat_InRouteAndQueryData()
{
// If the format is present in both route and query data, the one in route data wins
// Arrange
var mediaType = new StringSegment("application/json");
var mockObjects = new MockObjects("json", FormatSource.RouteData);
var httpContext = new Mock<HttpContext>();
httpContext.Setup(c => c.Response).Returns(new Mock<HttpResponse>().Object);
// Query contains xml
httpContext.Setup(c => c.Request.Query.ContainsKey("format")).Returns(true);
httpContext.Setup(c => c.Request.Query["format"]).Returns("xml");
// Routedata contains json
var data = new RouteData();
data.Values.Add("format", "json");
var ac = new ActionContext(httpContext.Object, data, new ActionDescriptor());
var resultExecutingContext = new ResultExecutingContext(
ac,
new IFilterMetadata[] { },
new ObjectResult("Hello!"),
controller: new object());
var resourceExecutingContext = new ResourceExecutingContext(
ac,
new IFilterMetadata[] { });
var filter = new FormatFilter(mockObjects.OptionsManager);
// Act
filter.OnResourceExecuting(resourceExecutingContext);
filter.OnResultExecuting(resultExecutingContext);
// Assert
var objectResult = Assert.IsType<ObjectResult>(resultExecutingContext.Result);
Assert.Equal(1, objectResult.ContentTypes.Count);
MediaTypeAssert.Equal(mediaType, objectResult.ContentTypes[0]);
}
public void OnResourceExecuting(ResourceExecutingContext context)
{
// ShortCircuit.
context.Result = new ObjectResult("someValue");
}
public static void BeforeOnResourceExecution(
this DiagnosticSource diagnosticSource,
ResourceExecutingContext resourceExecutingContext,
IAsyncResourceFilter filter)
{
Debug.Assert(diagnosticSource != null);
Debug.Assert(resourceExecutingContext != null);
Debug.Assert(filter != null);
if (diagnosticSource.IsEnabled("Microsoft.AspNetCore.Mvc.BeforeOnResourceExecution"))
{
diagnosticSource.Write(
"Microsoft.AspNetCore.Mvc.BeforeOnResourceExecution",
new
{
actionDescriptor = resourceExecutingContext.ActionDescriptor,
resourceExecutingContext = resourceExecutingContext,
filter = filter
});
}
}
public ResourceExecutingContext CreateResourceExecutingContext(IFilterMetadata[] filters)
{
var context = new ResourceExecutingContext(
MockActionContext,
filters,
new List<IValueProviderFactory>());
return context;
}
public void OnResourceExecuting(ResourceExecutingContext context)
{
context.HttpContext.Response.Headers.Append(
"filters",
Name + " - OnResourceExecuting");
}
public ResourceExecutingContext CreateResourceExecutingContext(IFilterMetadata[] filters)
{
var context = new ResourceExecutingContext(
MockActionContext,
filters);
return context;
}
public static void AfterOnResourceExecuting(
this DiagnosticSource diagnosticSource,
ResourceExecutingContext resourceExecutingContext,
IResourceFilter filter)
{
if (diagnosticSource.IsEnabled("Microsoft.AspNetCore.Mvc.AfterOnResourceExecuting"))
{
diagnosticSource.Write(
"Microsoft.AspNetCore.Mvc.AfterOnResourceExecuting",
new
{
actionDescriptor = resourceExecutingContext.ActionDescriptor,
resourceExecutingContext = resourceExecutingContext,
filter = filter
});
}
}
public async Task OnResourceExecutionAsync(ResourceExecutingContext context, ResourceExecutionDelegate next)
{
if (!context.HttpContext.User.Identity.IsAuthenticated || !context.Filters.ExistsAuthorizeAttribute())
{
await next();
return;
}
var method = context.GetMethod();
var authorization = context.GetAuthorization();
var onClientValidate = _options.OnClientValidate;
var clientValidate = ClientValidate.None;
if (context.Filters.OfType <BasicAuthorizeAttribute>().Any())
{
clientValidate = context.Filters.OfType <BasicAuthorizeAttribute>().First().ClientValidate;
}
if (clientValidate != ClientValidate.None)
{
onClientValidate = (clientValidate == ClientValidate.On);
}
if (onClientValidate)
{
var clientId = context.HttpContext.User.GetClientId();
if (_options.ClientId != clientId)
{
if (string.IsNullOrWhiteSpace(_options.Authority))
{
throw new ArgumentNullException(nameof(_options.Authority));
}
var grantInfoResponse = await _serviceAuthorizeHttpClient.GetGrantInfo(
method, authorization);
if (grantInfoResponse.Code != 0)
{
context.Result = new BadRequestObjectResult(ActionObject.Ok(grantInfoResponse.Code, grantInfoResponse.Message));
return;
}
var grantInfo = grantInfoResponse.Data;
if (grantInfo == null)
{
context.Result = new BadRequestObjectResult(ActionObject.Ok(-1, "获取授权信息失败"));
return;
}
if (!grantInfo.Granted)
{
context.Result = new ObjectResult(ActionObject.Ok(-1, "该资源需要appid拥有授权"))
{
StatusCode = 403
};
return;
}
}
}
await next();
}
