public async Task <IActionResult> ListAsync([FromRoute] string mount)
{
_server.AssertAuthorized(this);
var(backend, path) = _server.ResolveAuthMount(mount);
if (backend == null)
{
throw new VaultServerException(
HttpStatusCode.NotFound,
$"no handler for route '{mount}'");
}
try
{
RememberMe();
var list = await backend.ListAsync(path);
return(base.Ok(
new ReadResponse <KeysData>
{
Data = new KeysData
{
Keys = list?.ToArray(),
}
}));
}
catch (Exception ex)
{
return(await DecodeException(ex));
}
}
public async Task <AuthInfo> CreateToken([Required, FromBody] string payload)
{
var http = _httpAcc.HttpContext;
var jobj = JObject.Parse(payload);
_server.AssertAuthorized(http, ParametersFrom(jobj));
var create = jobj.ToObject <CreateParameters>();
var state = await _manager.AddTokenAsync(create, "foo", "foo");
return(new AuthInfo
{
Accessor = state.Accessor,
ClientToken = state.Id,
LeaseDuration = state.Ttl,
Metadata = state.Metadata,
Policies = state.Policies,
Renewable = state.Renewable,
});
}
public ServerSettings GetSettings()
{
_server.AssertAuthorized(this, isSudo: true);
return(_server.Settings);
}
public static void AssertAuthorized(this MockServer server, Controller controller,
Dictionary <string, string> parameters = null,
bool isSudo = false, Func <string, bool> isCreate = null)
{
var urlHelper = controller.Url;
var routeData = controller.RouteData;
var http = controller.HttpContext;
var auth = AuthContext.From(http);
var meth = http.Request.Method.ToUpper();
// Resolve the auth info based on the current token
// extracted from the current request in HttpContext
AuthInfo authInfo = null;
if (!string.IsNullOrEmpty(auth?.Token))
{
try { authInfo = server.GetToken(auth.Token).Result; } catch (Exception) {}
}
if (authInfo == null)
{
throw new System.Security.SecurityException("permission denied");
}
// Resolve the request-specific path, we
// need this first to help resolve cap next
var path = urlHelper.RouteUrl(routeData.Values);
path = PathMap <object> .NormalizePath(path);
// TODO: remove this hard-codedness
if (path.StartsWith("v1/"))
{
path = path.Substring(3);
}
// Resolve the capability
string cap;
if (meth == "DELETE")
{
cap = Capability.Delete;
}
else if (meth == "PUT" || meth == "POST")
{
cap = isCreate == null || !isCreate(path) ? Capability.Update : Capability.Create;
}
else if (meth == "LIST" || (meth == "GET" &&
http.Request.Query.ContainsKey(Util.HttpListAttribute.ListQuery)))
{
cap = Capability.List;
}
else if (meth == "GET")
{
cap = Capability.Read;
}
else
{
throw new InvalidOperationException("cannot decipher capability from method");
}
// Finally, assert the authorization based on all these derived elements
server.AssertAuthorized(cap, path, parameters, isSudo, authInfo.Policies);
}