/// <summary> /// Check all session is in any supplied roles otherwise a 401 HttpError is thrown /// </summary> /// <param name="request"></param> /// <param name="requiredRoles"></param> public static void AssertRequiredRoles(IRequest request, params string[] requiredRoles) { if (requiredRoles.IsEmpty()) { return; } var req = request.TryResolve <IHttpRequest>(); if (HostContext.HasValidAuthSecret(req)) { return; } var session = req.GetSession(); if (session != null && requiredRoles.Any(session.HasRole)) { return; } session.UpdateFromUserAuthRepo(req); if (session != null && requiredRoles.Any(session.HasRole)) { return; } var statusCode = session != null && session.IsAuthenticated ? (int)HttpStatusCode.Forbidden : (int)HttpStatusCode.Unauthorized; throw new HttpError(statusCode, "Invalid Role"); }
/// <summary> /// Check all session is in all supplied roles otherwise a 401 HttpError is thrown /// </summary> public static void AssertRequiredRoles(IRequest req, IAuthRepository authRepo, params string[] requiredRoles) { if (requiredRoles.IsEmpty() || HostContext.HasValidAuthSecret(req)) { return; } var session = req.GetSession(); if (session != null) { if (session.HasRole(RoleNames.Admin, authRepo)) { return; } if (requiredRoles.All(x => session.HasRole(x, authRepo))) { return; } session.UpdateFromUserAuthRepo(req); } if (session != null && requiredRoles.All(x => session.HasRole(x, authRepo))) { return; } var statusCode = session != null && session.IsAuthenticated ? (int)HttpStatusCode.Forbidden : (int)HttpStatusCode.Unauthorized; throw new HttpError(statusCode, ErrorMessages.InvalidRole.Localize(req)); }
public static bool HasRequiredRoles(IRequest req, string[] requiredRoles) { if (requiredRoles.IsEmpty()) { return(true); } if (HostContext.HasValidAuthSecret(req)) { return(true); } var session = req.GetSession(); if (session != null) { if (session.HasRole(RoleNames.Admin)) { return(true); } if (requiredRoles.All(session.HasRole)) { return(true); } } session.UpdateFromUserAuthRepo(req); if (session != null && requiredRoles.All(session.HasRole)) { return(true); } return(false); }
public override async Task ExecuteAsync(IRequest req, IResponse res, object requestDto) { if (HostContext.HasValidAuthSecret(req)) { return; } await base.ExecuteAsync(req, res, requestDto); if (res.IsClosed) { return; } var session = req.GetSession(); var authRepo = HostContext.AppHost.GetAuthRepository(req); using (authRepo as IDisposable) { if (session != null && session.HasRole("Admin", authRepo) || (this.HasWebSudo(req, session as IWebSudoAuthSession) || this.DoHtmlRedirectIfConfigured(req, res))) { return; } } res.StatusCode = 402; res.StatusDescription = "Web Sudo Required"; res.EndRequest(); }
public override async Task ExecuteAsync(IRequest req, IResponse res, object requestDto) { if (HostContext.HasValidAuthSecret(req)) { return; } await base.ExecuteAsync(req, res, requestDto).ConfigAwait(); //first check if session is authenticated if (res.IsClosed) { return; //AuthenticateAttribute already closed the request (ie auth failed) } var session = await req.AssertAuthenticatedSessionAsync().ConfigAwait(); var authRepo = HostContext.AppHost.GetAuthRepositoryAsync(req); await using (authRepo as IAsyncDisposable) { if (await session.HasAnyRolesAsync(RequiredRoles, authRepo, req).ConfigAwait()) { return; } } await HandleShortCircuitedErrors(req, res, requestDto, HttpStatusCode.Forbidden, ErrorMessages.InvalidRole.Localize(req)).ConfigAwait(); }
public static void AssertRequiredRoles(IRequest req, params string[] requiredRoles) { if (requiredRoles.IsEmpty()) { return; } if (HostContext.HasValidAuthSecret(req)) { return; } var session = req.AssertAuthenticatedSession(); var authRepo = HostContext.AppHost.GetAuthRepository(req); using (authRepo as IDisposable) { if (session.HasAnyRoles(requiredRoles, authRepo, req)) { return; } } throw new HttpError(HttpStatusCode.Forbidden, ErrorMessages.InvalidRole.Localize(req)); }
private static bool SessionValidForAllRoles(IRequest req, IAuthSession session, ICollection <string> requiredRoles) { var singleRequiredRole = requiredRoles.Count == 1 ? requiredRoles.First() : null; if (singleRequiredRole == RoleNames.AllowAnon) { return(true); } if (requiredRoles.IsEmpty()) { return(true); } if (HostContext.HasValidAuthSecret(req)) { return(true); } AssertAuthenticated(req, requestDto: req.Dto, session: session); if (session != null && singleRequiredRole == RoleNames.AllowAnyUser && session.IsAuthenticated) { return(true); } return(false); }
public override void Execute(IRequest req, IResponse res, object requestDto) { if (HostContext.HasValidAuthSecret(req)) { return; } base.Execute(req, res, requestDto); //first check if session is authenticated if (res.IsClosed) { return; //AuthenticateAttribute already closed the request (ie auth failed) } var session = req.GetSession(); if (HasAnyRoles(req, session)) { return; } if (DoHtmlRedirectIfConfigured(req, res)) { return; } res.StatusCode = (int)HttpStatusCode.Forbidden; res.StatusDescription = "Invalid Role"; res.EndRequest(); }
public static bool IsAuthenticated(this IRequest req) { if (HostContext.HasValidAuthSecret(req)) { return(true); } var session = req.GetSession(); return(session != null && AuthenticateService.AuthProviders.Any(x => session.IsAuthorized(x.Provider))); }
private static bool SessionValidForAllPermissions(IRequest req, IAuthSession session, ICollection <string> requiredPermissions) { if (requiredPermissions.IsEmpty()) { return(true); } if (HostContext.HasValidAuthSecret(req)) { return(true); } return(false); }
public static async Task <bool> AuthenticateAsync(IRequest req, object requestDto = null, IAuthSession session = null, IAuthProvider[] authProviders = null) { if (HostContext.HasValidAuthSecret(req)) { return(true); } session ??= await(req ?? throw new ArgumentNullException(nameof(req))).GetSessionAsync().ConfigAwait(); authProviders ??= AuthenticateService.GetAuthProviders(); var authValidate = HostContext.GetPlugin <AuthFeature>()?.OnAuthenticateValidate; var ret = authValidate?.Invoke(req); if (ret != null) { return(false); } req.PopulateFromRequestIfHasSessionId(requestDto); if (!req.Items.ContainsKey(Keywords.HasPreAuthenticated)) { //Unauthorized or invalid requests will terminate the response and return false var mockResponse = new BasicRequest().Response; req.Items[Keywords.HasPreAuthenticated] = true; foreach (var authWithRequest in authProviders.OfType <IAuthWithRequest>()) { await authWithRequest.PreAuthenticateAsync(req, mockResponse).ConfigAwait(); if (mockResponse.IsClosed) { return(false); } } foreach (var authWithRequest in authProviders.OfType <IAuthWithRequestSync>()) { authWithRequest.PreAuthenticate(req, mockResponse); if (mockResponse.IsClosed) { return(false); } } } var sessionIsAuthenticated = session != null && (authProviders.Length > 0 ? authProviders.Any(x => session.IsAuthorized(x.Provider)) : session.IsAuthenticated); return(sessionIsAuthenticated); }
private static bool SessionValidForAllPermissions(IRequest req, IAuthSession session, ICollection <string> requiredPermissions) { if (requiredPermissions.IsEmpty()) { return(true); } if (HostContext.HasValidAuthSecret(req)) { return(true); } AssertAuthenticated(req, requestDto: req.Dto, session: session); return(false); }
private static async Task <bool> SessionValidForAllPermissionsAsync(IRequest req, IAuthSession session, ICollection <string> requiredPermissions) { if (requiredPermissions.IsEmpty()) { return(true); } if (HostContext.HasValidAuthSecret(req)) { return(true); } await AssertAuthenticatedAsync(req, requestDto : req.Dto, session : session).ConfigAwait(); return(false); }
public static bool IsAuthenticated(this IRequest req) { //Sync with [Authenticate] impl if (HostContext.HasValidAuthSecret(req)) { return(true); } var authProviders = AuthenticateService.GetAuthProviders(); AuthenticateAttribute.PreAuthenticate(req, authProviders); var session = req.GetSession(); return(session != null && authProviders.Any(x => session.IsAuthorized(x.Provider))); }
public override void Execute(IRequest req, IResponse res, object requestDto) { if (AuthenticateService.AuthProviders == null) { throw new InvalidOperationException( "The AuthService must be initialized by calling AuthService.Init to use an authenticate attribute"); } if (HostContext.HasValidAuthSecret(req)) { return; } var matchingOAuthConfigs = AuthenticateService.AuthProviders.Where(x => this.Provider.IsNullOrEmpty() || x.Provider == this.Provider).ToList(); if (matchingOAuthConfigs.Count == 0) { res.WriteError(req, requestDto, "No OAuth Configs found matching {0} provider" .Fmt(this.Provider ?? "any")); res.EndRequest(); return; } req.PopulateFromRequestIfHasSessionId(requestDto); //Call before GetSession so Exceptions can bubble req.Items[Keywords.HasPreAuthenticated] = true; matchingOAuthConfigs.OfType <IAuthWithRequest>() .Each(x => x.PreAuthenticate(req, res)); var session = req.GetSession(); if (session == null || !matchingOAuthConfigs.Any(x => session.IsAuthorized(x.Provider))) { if (this.DoHtmlRedirectIfConfigured(req, res, true)) { return; } AuthProvider.HandleFailedAuth(matchingOAuthConfigs[0], session, req, res); } }
public override async Task ExecuteAsync(IRequest req, IResponse res, object requestDto) { if (AuthenticateService.AuthProviders == null) { throw new InvalidOperationException( "The AuthService must be initialized by calling AuthService.Init to use an authenticate attribute"); } if (HostContext.HasValidAuthSecret(req)) { return; } var authProviders = AuthenticateService.GetAuthProviders(this.Provider); if (authProviders.Length == 0) { await res.WriteError(req, requestDto, $"No registered Auth Providers found matching {this.Provider ?? "any"} provider").ConfigAwait(); res.EndRequest(); return; } req.PopulateFromRequestIfHasSessionId(requestDto); await PreAuthenticateAsync(req, authProviders).ConfigAwait(); if (res.IsClosed) { return; } var session = req.GetSession(); if (session == null || !authProviders.Any(x => session.IsAuthorized(x.Provider))) { if (this.DoHtmlRedirectIfConfigured(req, res, true)) { return; } await AuthProvider.HandleFailedAuth(authProviders[0], session, req, res).ConfigAwait(); } }
public override async Task ExecuteAsync(IRequest req, IResponse res, object requestDto) { if (HostContext.HasValidAuthSecret(req)) { return; } await base.ExecuteAsync(req, res, requestDto).ConfigAwait(); //first check if session is authenticated if (res.IsClosed) { return; //AuthenticateAttribute already closed the request (ie auth failed) } var session = await req.GetSessionAsync().ConfigAwait(); var authRepo = HostContext.AppHost.GetAuthRepositoryAsync(req); #if NET472 || NETSTANDARD2_0 await using (authRepo as IAsyncDisposable) #else using (authRepo as IDisposable) #endif { if (session != null && await session.HasRoleAsync(RoleNames.Admin, authRepo).ConfigAwait()) { return; } if (await HasAnyPermissionsAsync(req, session, authRepo).ConfigAwait()) { return; } } if (DoHtmlRedirectAccessDeniedIfConfigured(req, res)) { return; } res.StatusCode = (int)HttpStatusCode.Forbidden; res.StatusDescription = ErrorMessages.InvalidPermission.Localize(req); await HostContext.AppHost.HandleShortCircuitedErrors(req, res, requestDto).ConfigAwait(); }
/// <summary> /// Check all session is in any supplied roles otherwise a 401 HttpError is thrown /// </summary> /// <param name="request"></param> /// <param name="requiredRoles"></param> public static void AssertRequiredRoles(IRequest req, params string[] requiredRoles) { if (requiredRoles.IsEmpty()) { return; } if (HostContext.HasValidAuthSecret(req)) { return; } var session = req.GetSession(); var authRepo = HostContext.AppHost.GetAuthRepository(req); using (authRepo as IDisposable) { if (session != null && session.HasRole(RoleNames.Admin, authRepo)) { return; } if (session != null && session.UserAuthId != null && requiredRoles.Any(x => session.HasRole(x, authRepo))) { return; } session.UpdateFromUserAuthRepo(req); if (session != null && session.UserAuthId != null && requiredRoles.Any(x => session.HasRole(x, authRepo))) { return; } } var statusCode = session != null && session.IsAuthenticated ? (int)HttpStatusCode.Forbidden : (int)HttpStatusCode.Unauthorized; throw new HttpError(statusCode, "Invalid Role"); }
public static bool PreAuthenticatedValidForAllRoles(IRequest req, ICollection <string> requiredRoles) { var singleRequiredRole = requiredRoles.Count == 1 ? requiredRoles.First() : null; if (singleRequiredRole == RoleNames.AllowAnon) { return(true); } if (requiredRoles.IsEmpty()) { return(true); } if (HostContext.HasValidAuthSecret(req)) { return(true); } return(false); }
public static IServiceStackHandler GetRequestInfoHandler(IHttpRequest request) { if (request.QueryString[Keywords.Debug] != Keywords.RequestInfo) { return(null); } if (HostContext.Config.DebugMode || HostContext.HasValidAuthSecret(request)) { return(new RequestInfoHandler()); } var session = request.GetSession(); if (session != null && session.Roles.Contains("admin")) { return(new RequestInfoHandler()); } return(null); }
public static bool HasRequiredRoles(IRequest req, string[] requiredRoles) { if (requiredRoles.IsEmpty()) { return(true); } if (HostContext.HasValidAuthSecret(req)) { return(true); } var session = req.GetSession(); var authRepo = HostContext.AppHost.GetAuthRepository(req); using (authRepo as IDisposable) { if (session != null) { if (session.HasRole(RoleNames.Admin, authRepo)) { return(true); } if (requiredRoles.All(x => session.HasRole(x, authRepo))) { return(true); } session.UpdateFromUserAuthRepo(req); } if (session != null && requiredRoles.All(x => session.HasRole(x, authRepo))) { return(true); } } return(false); }
public override async Task ExecuteAsync(IRequest req, IResponse res, object requestDto) { if (HostContext.HasValidAuthSecret(req)) { return; } await base.ExecuteAsync(req, res, requestDto); //first check if session is authenticated if (res.IsClosed) { return; //AuthenticateAttribute already closed the request (ie auth failed) } var session = req.GetSession(); var authRepo = HostContext.AppHost.GetAuthRepository(req); using (authRepo as IDisposable) { if (session != null && session.HasRole(RoleNames.Admin, authRepo)) { return; } if (HasAnyRoles(req, session, authRepo)) { return; } } if (DoHtmlRedirectIfConfigured(req, res)) { return; } res.StatusCode = (int)HttpStatusCode.Forbidden; res.StatusDescription = ErrorMessages.InvalidRole.Localize(req); await HostContext.AppHost.HandleShortCircuitedErrors(req, res, requestDto); }
internal static IHttpHandler ReturnRequestInfo(IHttpRequest httpReq) { if ((HostContext.DebugMode || HostContext.Config.AdminAuthSecret != null) && httpReq.QueryString["debug"] == RequestInfoHandler.RestPath) { if (HostContext.DebugMode || HostContext.HasValidAuthSecret(httpReq)) { var reqInfo = RequestInfoHandler.GetRequestInfo(httpReq); reqInfo.Host = HostContext.Config.DebugHttpListenerHostEnvironment + "_v" + Env.ServiceStackVersion + "_" + HostContext.ServiceName; reqInfo.PathInfo = httpReq.PathInfo; reqInfo.GetPathUrl = httpReq.GetPathUrl(); return(new RequestInfoHandler { RequestInfo = reqInfo }); } } return(null); }
public override void Execute(IRequest req, IResponse res, object requestDto) { if (HostContext.HasValidAuthSecret(req)) { return; } base.Execute(req, res, requestDto); //first check if session is authenticated if (res.IsClosed) { return; //AuthenticateAttribute already closed the request (ie auth failed) } var session = req.GetSession(); var authRepo = HostContext.AppHost.GetAuthRepository(req); using (authRepo as IDisposable) { if (session != null && session.HasRole(RoleNames.Admin, authRepo)) { return; } if (HasAnyPermissions(req, session, authRepo)) { return; } } if (DoHtmlRedirectIfConfigured(req, res)) { return; } res.StatusCode = (int)HttpStatusCode.Forbidden; res.StatusDescription = "Invalid Permission"; res.EndRequest(); }