Exemplo n.º 1
0
 public BaleaTagHelper(
     IHttpContextAccessor httpContextAccessor,
     IRuntimeAuthorizationServerStore store,
     IPermissionEvaluator permissionEvaluator)
 {
     this.httpContextAccessor = httpContextAccessor ?? throw new ArgumentNullException(nameof(httpContextAccessor));
     this.store = store ?? throw new ArgumentNullException(nameof(store));
     this.permissionEvaluator = permissionEvaluator ?? throw new ArgumentNullException(nameof(permissionEvaluator));
 }
Exemplo n.º 2
0
 public BaleaPolicyEvaluator(
     IAuthorizationService authorization,
     IRuntimeAuthorizationServerStore store,
     BaleaOptions options)
     : base(authorization)
 {
     _store   = store;
     _options = options;
 }
Exemplo n.º 3
0
 public BaleaPolicyEvaluator(
     IAuthorizationService authorization,
     IRuntimeAuthorizationServerStore store,
     BaleaOptions options,
     ILogger <BaleaPolicyEvaluator> logger)
 {
     _authorization = authorization;
     _store         = store;
     _options       = options;
     _logger        = logger;
 }
Exemplo n.º 4
0
 public AbacAuthorizationHandler(
     AbacAuthorizationContextFactory abacAuthorizationContextFactory,
     IRuntimeAuthorizationServerStore runtimeAuthorizationServerStore,
     ILogger <AbacAuthorizationHandler> logger)
 {
     Ensure.Argument.NotNull(abacAuthorizationContextFactory, nameof(abacAuthorizationContextFactory));
     Ensure.Argument.NotNull(runtimeAuthorizationServerStore, nameof(runtimeAuthorizationServerStore));
     Ensure.Argument.NotNull(logger, nameof(logger));
     _abacAuthorizationContextFactory = abacAuthorizationContextFactory;
     _runtimeAuthorizationServerStore = runtimeAuthorizationServerStore;
     _logger = logger;
 }
Exemplo n.º 5
0
        public async Task InvokeAsync(HttpContext context, IRuntimeAuthorizationServerStore store, BaleaOptions options)
        {
            var endpoint = context.GetEndpoint();

            if (context.User.Identity.IsAuthenticated && endpoint.Metadata.GetMetadata <IAuthorizeData>() != null)
            {
                if (context.Items.ContainsKey(AuthorizationMiddlewareInvokedKey))
                {
                    ThrowMissingAuthMiddlewareException();
                }

                var authorization = await store
                                    .FindAuthorizationAsync(context.User);

                if (!context.Response.HasStarted && options.UnauthorizedFallback != null && !authorization.Roles.Any())
                {
                    await options.UnauthorizedFallback(context);

                    return;
                }

                var roleClaims = authorization.Roles
                                 .Where(role => role.Enabled)
                                 .Select(role => new Claim(options.DefaultClaimTypeMap.RoleClaimType, role.Name));

                var permissionClaims = authorization.Roles
                                       .SelectMany(role => role.GetPermissions())
                                       .Distinct()
                                       .Select(permission => new Claim(options.DefaultClaimTypeMap.PermissionClaimType, permission));

                var identity = new ClaimsIdentity(
                    authenticationType: nameof(BaleaMiddleware),
                    nameType: options.DefaultClaimTypeMap.NameClaimType,
                    roleType: options.DefaultClaimTypeMap.RoleClaimType);

                identity.AddClaims(roleClaims);
                identity.AddClaims(permissionClaims);

                if (authorization.Delegation != null)
                {
                    identity.AddClaim(new Claim(BaleaClaims.DelegatedBy, authorization.Delegation.Who));
                    identity.AddClaim(new Claim(BaleaClaims.DelegatedFrom, authorization.Delegation.From.ToString()));
                    identity.AddClaim(new Claim(BaleaClaims.DelegatedTo, authorization.Delegation.To.ToString()));
                }

                context.User.AddIdentity(identity);
            }

            await _next(context);
        }