public void RetrieveGrantsForGlobals_User()
{
var mocks = new MockRepository();
var prov = mocks.DynamicMock <ISettingsStorageProviderV30>();
var aclManager = mocks.DynamicMock <IAclManager>();
Expect.Call(prov.AclManager).Return(aclManager).Repeat.Any();
Expect.Call(aclManager.RetrieveEntriesForSubject("U.User")).Return(
new[]
{
new AclEntry(Actions.ForGlobals.ResourceMasterPrefix, Actions.ForGlobals.ManageFiles, "U.User",
Value.Deny),
new AclEntry(Actions.ForGlobals.ResourceMasterPrefix, Actions.ForGlobals.ManageAccounts, "U.User",
Value.Grant),
new AclEntry(Actions.ForDirectories.ResourceMasterPrefix + "/", Actions.ForDirectories.UploadFiles,
"U.User", Value.Grant)
});
mocks.Replay(prov);
mocks.Replay(aclManager);
Collectors.SettingsProvider = prov;
var grants =
AuthReader.RetrieveGrantsForGlobals(new UserInfo("User", "User", "*****@*****.**", true, DateTime.Now,
null));
Assert.AreEqual(1, grants.Length, "Wrong grant count");
Assert.AreEqual(Actions.ForGlobals.ManageAccounts, grants[0], "Wrong grant");
mocks.Verify(prov);
mocks.Verify(aclManager);
}
public void RetrieveGrantsForPage_User()
{
var mocks = new MockRepository();
var prov = mocks.DynamicMock <ISettingsStorageProviderV30>();
var aclManager = mocks.DynamicMock <IAclManager>();
Expect.Call(prov.AclManager).Return(aclManager).Repeat.Any();
Expect.Call(aclManager.RetrieveEntriesForSubject("U.User")).Return(
new[]
{
new AclEntry(Actions.ForPages.ResourceMasterPrefix + "Page", Actions.ForPages.ModifyPage, "U.User",
Value.Grant),
new AclEntry(Actions.ForPages.ResourceMasterPrefix + "Page", Actions.FullControl, "U.User",
Value.Deny),
new AclEntry(Actions.ForPages.ResourceMasterPrefix + "NS.Blah", Actions.ForPages.ManagePage,
"U.User", Value.Grant)
});
mocks.Replay(prov);
mocks.Replay(aclManager);
Collectors.SettingsProvider = prov;
var grants =
AuthReader.RetrieveGrantsForPage(
new UserInfo("User", "User", "*****@*****.**", true, DateTime.Now, null),
new PageInfo("Page", null, DateTime.Now));
Assert.AreEqual(1, grants.Length, "Wrong grant count");
Assert.AreEqual(Actions.ForPages.ModifyPage, grants[0], "Wrong grant");
}
public void RetrieveGrantsForNamespace_Group_Sub()
{
var mocks = new MockRepository();
var prov = mocks.DynamicMock <ISettingsStorageProviderV30>();
var aclManager = mocks.DynamicMock <IAclManager>();
Expect.Call(prov.AclManager).Return(aclManager).Repeat.Any();
Expect.Call(aclManager.RetrieveEntriesForSubject("G.Group")).Return(
new[]
{
new AclEntry(Actions.ForNamespaces.ResourceMasterPrefix + "Sub", Actions.ForNamespaces.ManagePages,
"G.Group", Value.Grant),
new AclEntry(Actions.ForNamespaces.ResourceMasterPrefix + "Sub",
Actions.ForNamespaces.ManageCategories, "G.Group", Value.Deny),
new AclEntry(Actions.ForNamespaces.ResourceMasterPrefix, Actions.ForNamespaces.ManagePages,
"G.Group", Value.Grant)
});
mocks.Replay(prov);
mocks.Replay(aclManager);
Collectors.SettingsProvider = prov;
var grants = AuthReader.RetrieveGrantsForNamespace(new UserGroup("Group", "Group", null),
new NamespaceInfo("Sub", null, null));
Assert.AreEqual(1, grants.Length, "Wrong grant count");
Assert.AreEqual(Actions.ForNamespaces.ManagePages, grants[0], "Wrong grant");
}
public void RetrieveDenialsForGlobals_Group()
{
var mocks = new MockRepository();
var prov = mocks.DynamicMock <ISettingsStorageProviderV30>();
var aclManager = mocks.DynamicMock <IAclManager>();
Expect.Call(prov.AclManager).Return(aclManager).Repeat.Any();
Expect.Call(aclManager.RetrieveEntriesForSubject("G.Group")).Return(
new[]
{
new AclEntry(Actions.ForGlobals.ResourceMasterPrefix, Actions.ForGlobals.ManageFiles, "G.Group",
Value.Deny),
new AclEntry(Actions.ForGlobals.ResourceMasterPrefix, Actions.ForGlobals.ManageConfiguration,
"G.Group", Value.Grant),
new AclEntry(Actions.ForDirectories.ResourceMasterPrefix + "/", Actions.ForDirectories.UploadFiles,
"G.Group", Value.Deny)
});
mocks.Replay(prov);
mocks.Replay(aclManager);
Collectors.SettingsProvider = prov;
var grants = AuthReader.RetrieveDenialsForGlobals(new UserGroup("Group", "Group", null));
Assert.AreEqual(1, grants.Length, "Wrong denial count");
Assert.AreEqual(Actions.ForGlobals.ManageFiles, grants[0], "Wrong denial");
mocks.Verify(prov);
mocks.Verify(aclManager);
}
public void RetrieveGrantsForDirectory_Sub_User()
{
var mocks = new MockRepository();
var prov = mocks.DynamicMock <ISettingsStorageProviderV30>();
var filesProv = mocks.DynamicMock <IFilesStorageProviderV30>();
var aclManager = mocks.DynamicMock <IAclManager>();
Expect.Call(prov.AclManager).Return(aclManager).Repeat.Any();
var dirName = Actions.ForDirectories.ResourceMasterPrefix +
AuthTools.GetDirectoryName(filesProv, "/Dir/Sub/");
Expect.Call(aclManager.RetrieveEntriesForSubject("U.User")).Return(
new[]
{
new AclEntry(dirName, Actions.ForDirectories.UploadFiles, "U.User", Value.Grant),
new AclEntry(dirName, Actions.FullControl, "U.User", Value.Deny),
new AclEntry("D." + AuthTools.GetDirectoryName(filesProv, "/"), Actions.ForDirectories.List,
"U.User", Value.Grant)
});
mocks.Replay(prov);
mocks.Replay(aclManager);
Collectors.SettingsProvider = prov;
var grants =
AuthReader.RetrieveGrantsForDirectory(
new UserInfo("User", "User", "*****@*****.**", true, DateTime.Now, null),
filesProv, "/Dir/Sub/");
Assert.AreEqual(1, grants.Length, "Wrong grant count");
Assert.AreEqual(Actions.ForDirectories.UploadFiles, grants[0], "Wrong grant");
}
/// <summary>
/// 授权
/// </summary>
/// <param name = "id" > 用户编号 </ param >
/// < param name="token">用户token</param>
/// <param name = "actionContext" ></ param >
/// < returns ></ returns >
public static bool Authorize(string authorization, string agents, Func <TokenAuthIdentity, HttpClientType, bool> checkToken)
{
try
{
if (!authorization.StartsWith(AuthConst.AuthPrefix))
{
return(false);
}
var auth = AuthReader.Read(authorization);
if (auth == null)
{
return(false);
}
else
{
if (auth.Id == 0 || !StringValid.IsEmpty(auth.Token))
{
return(false);
}
else
{
return(checkToken(auth, HttpClientReader.Read(agents)));
}
}
}
catch
{
return(false);
}
}
public void RetrieveDenialsForDirectory_Root_Group()
{
var mocks = new MockRepository();
var prov = mocks.DynamicMock <ISettingsStorageProviderV30>();
var filesProv = mocks.DynamicMock <IFilesStorageProviderV30>();
var aclManager = mocks.DynamicMock <IAclManager>();
Expect.Call(prov.AclManager).Return(aclManager).Repeat.Any();
var dirName = Actions.ForDirectories.ResourceMasterPrefix + AuthTools.GetDirectoryName(filesProv, "/");
Expect.Call(aclManager.RetrieveEntriesForSubject("G.Group")).Return(
new[]
{
new AclEntry(dirName, Actions.ForDirectories.List, "G.Group", Value.Deny),
new AclEntry(dirName, Actions.FullControl, "G.Group", Value.Grant),
new AclEntry("D." + AuthTools.GetDirectoryName(filesProv, "/Other/"),
Actions.ForDirectories.UploadFiles, "G.Group", Value.Deny)
});
mocks.Replay(prov);
mocks.Replay(aclManager);
Collectors.SettingsProvider = prov;
var grants = AuthReader.RetrieveDenialsForDirectory(new UserGroup("Group", "Group", null),
filesProv, "/");
Assert.AreEqual(1, grants.Length, "Wrong denial count");
Assert.AreEqual(Actions.ForDirectories.List, grants[0], "Wrong denial");
}
public static int Read(HttpRequest request)
{
if (request == null ||
(request.Headers[AuthConst.AuthKey].Count == 0 && request.Cookies[AuthConst.AuthKey].IsEmpty()))
{
return(0);
}
var authorization = request.Headers[AuthConst.AuthKey].ToString();
if (authorization.IsEmpty())
{
//如果header中没有读到尝试从cookie中读取
authorization = request.Cookies[AuthConst.AuthKey];
}
if (authorization.IsEmpty() || !authorization.StartsWith(AuthConst.AuthPrefix))
{
return(0);
}
var identity = AuthReader.Read(authorization);
if (identity == null)
{
return(0);
}
else
{
return(identity.Id);
}
}
public void RetrieveGrantsForDirectory_Group_InvalidDirectory(string d)
{
Collectors.SettingsProvider = MockProvider();
var fProv = mocks.DynamicMock <IFilesStorageProviderV30>();
mocks.Replay(fProv);
AuthReader.RetrieveGrantsForDirectory(new UserGroup("Group", "Group", null), fProv, d);
}
public void RetrieveSubjectsForDirectory_InvalidDirectory(string d)
{
Collectors.SettingsProvider = MockProvider();
var fProv = mocks.DynamicMock <IFilesStorageProviderV30>();
mocks.Replay(fProv);
AuthReader.RetrieveSubjectsForDirectory(fProv, d);
}
public void RetrieveDenialsForDirectory_User_InvalidDirectory(string d)
{
Collectors.SettingsProvider = MockProvider();
var fProv = mocks.DynamicMock <IFilesStorageProviderV30>();
mocks.Replay(fProv);
AuthReader.RetrieveDenialsForDirectory(
new UserInfo("User", "User", "*****@*****.**", true, DateTime.Now, null), fProv, d);
}
public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
if (context.HttpContext.Request.Headers.ContainsKey(AuthConst.AuthKey) ||
context.HttpContext.Request.Cookies.ContainsKey(AuthConst.AuthKey))
{
var agents = context.HttpContext.Request.Headers[AuthConst.UserAgentKey].ToString();
string authorization = context.HttpContext.Request.Headers[AuthConst.AuthKey].ToString();
if (authorization.IsEmpty())
{
//如果header中没有读到尝试从cookie中读取
authorization = context.HttpContext.Request.Cookies[AuthConst.AuthKey];
}
if (!authorization.StartsWith(AuthConst.AuthPrefix))
{
context.Result = new RedirectResult(AuthConst.LoginUrl);
}
var identity = AuthReader.Read(authorization);
var descriptor = context.ActionDescriptor as ControllerActionDescriptor;
var permissionActionContext = new PermissionActionContext()
{
ActionName = descriptor.ActionName,
ControllerName = descriptor.ControllerName,
ControllerTypeInfo = descriptor.ControllerTypeInfo,
DisplayName = descriptor.DisplayName,
MethodInfo = descriptor.MethodInfo,
Path = context.HttpContext.Request.Path
};
if (identity.NotNull() &&
await AuthConst.CheckPermission(permissionActionContext, identity, HttpClientReader.Read(agents)))
{
await next();
}
else
{
context.Result = new StatusCodeResult(403);
}
}
else
{
context.Result = new RedirectResult(AuthConst.LoginUrl);
}
}
public void RetrieveSubjectsForDirectory_Sub()
{
var mocks = new MockRepository();
var prov = mocks.DynamicMock <ISettingsStorageProviderV30>();
var filesProv = mocks.DynamicMock <IFilesStorageProviderV30>();
var aclManager = mocks.DynamicMock <IAclManager>();
Expect.Call(prov.AclManager).Return(aclManager).Repeat.Any();
var dirName = Actions.ForDirectories.ResourceMasterPrefix +
AuthTools.GetDirectoryName(filesProv, "/Dir/Sub/");
Expect.Call(aclManager.RetrieveEntriesForResource(dirName)).Return(
new[]
{
new AclEntry(dirName, Actions.ForDirectories.List, "U.User1", Value.Grant),
new AclEntry(dirName, Actions.ForDirectories.UploadFiles, "U.User", Value.Grant),
new AclEntry(dirName, Actions.ForDirectories.DownloadFiles, "G.Group", Value.Grant),
new AclEntry(dirName, Actions.ForDirectories.CreateDirectories, "U.User", Value.Deny)
});
mocks.Replay(prov);
mocks.Replay(aclManager);
Collectors.SettingsProvider = prov;
var infos = AuthReader.RetrieveSubjectsForDirectory(filesProv, "/Dir/Sub/");
Assert.AreEqual(3, infos.Length, "Wrong info count");
Array.Sort(infos, delegate(SubjectInfo x, SubjectInfo y) { return(x.Name.CompareTo(y.Name)); });
Assert.AreEqual("Group", infos[0].Name, "Wrong subject name");
Assert.AreEqual(SubjectType.Group, infos[0].Type, "Wrong subject type");
Assert.AreEqual("User", infos[1].Name, "Wrong subject name");
Assert.AreEqual(SubjectType.User, infos[1].Type, "Wrong subject type");
Assert.AreEqual("User1", infos[2].Name, "Wrong subject name");
Assert.AreEqual(SubjectType.User, infos[2].Type, "Wrong subject type");
mocks.Verify(prov);
mocks.Verify(aclManager);
}
public void RetrieveSubjectsForPage()
{
var mocks = new MockRepository();
var prov = mocks.DynamicMock <ISettingsStorageProviderV30>();
var aclManager = mocks.DynamicMock <IAclManager>();
Expect.Call(prov.AclManager).Return(aclManager).Repeat.Any();
Expect.Call(aclManager.RetrieveEntriesForResource("P.NS.Page")).Return(
new[]
{
new AclEntry(Actions.ForPages.ResourceMasterPrefix + "Page", Actions.ForPages.ModifyPage, "U.User1",
Value.Grant),
new AclEntry(Actions.ForPages.ResourceMasterPrefix + "Page", Actions.ForPages.ManageCategories,
"U.User", Value.Grant),
new AclEntry(Actions.ForPages.ResourceMasterPrefix + "Page", Actions.ForPages.DeleteAttachments,
"G.Group", Value.Grant),
new AclEntry(Actions.ForPages.ResourceMasterPrefix + "Page", Actions.ForPages.DeleteAttachments,
"U.User", Value.Deny)
});
mocks.Replay(prov);
mocks.Replay(aclManager);
Collectors.SettingsProvider = prov;
var infos = AuthReader.RetrieveSubjectsForPage(new PageInfo("NS.Page", null, DateTime.Now));
Assert.AreEqual(3, infos.Length, "Wrong info count");
Array.Sort(infos, delegate(SubjectInfo x, SubjectInfo y) { return(x.Name.CompareTo(y.Name)); });
Assert.AreEqual("Group", infos[0].Name, "Wrong subject name");
Assert.AreEqual(SubjectType.Group, infos[0].Type, "Wrong subject type");
Assert.AreEqual("User", infos[1].Name, "Wrong subject name");
Assert.AreEqual(SubjectType.User, infos[1].Type, "Wrong subject type");
Assert.AreEqual("User1", infos[2].Name, "Wrong subject name");
Assert.AreEqual(SubjectType.User, infos[2].Type, "Wrong subject type");
mocks.Verify(prov);
mocks.Verify(aclManager);
}
public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
if (AuthConst.AuthType == AuthType.Internal)
{
if (context.HttpContext.Request.Headers.ContainsKey(AuthConst.AuthKey) ||
context.HttpContext.Request.Cookies.ContainsKey(AuthConst.AuthKey))
{
var agents = context.HttpContext.Request.Headers[AuthConst.UserAgentKey].ToString();
string authorization = context.HttpContext.Request.Headers[AuthConst.AuthKey].ToString();
if (authorization.IsEmpty())
{
//如果header中没有读到尝试从cookie中读取
authorization = context.HttpContext.Request.Cookies[AuthConst.AuthKey];
}
if (!authorization.StartsWith(AuthConst.AuthPrefix))
{
context.Result = new RedirectResult(AuthConst.LoginUrl);
}
var identity = AuthReader.Read(authorization);
if (identity.NotNull() &&
await AuthConst.CheckAuth(identity, HttpClientReader.Read(agents)))
{
await next();
}
else
{
context.Result = new RedirectResult(AuthConst.LoginUrl);
}
}
else
{
context.Result = new RedirectResult(AuthConst.LoginUrl);
}
}
else
{
throw new NotImplementedException();
}
}
