public async Task <IActionResult> ExtensionWebHookHandler(string name, CancellationToken token, [FromServices] IScriptWebHookProvider provider) { if (provider.TryGetHandler(name, out HttpHandler handler)) { // must either be authorized at the admin level, or system level with // a matching key name string keyName = DefaultScriptWebHookProvider.GetKeyName(name); if (!AuthUtility.PrincipalHasAuthLevelClaim(User, AuthorizationLevel.System, keyName)) { return(Unauthorized()); } var requestMessage = new HttpRequestMessageFeature(this.HttpContext).HttpRequestMessage; HttpResponseMessage response = await handler.ConvertAsync(requestMessage, token); var result = new ObjectResult(response); result.Formatters.Add(new HttpResponseMessageOutputFormatter()); return(result); } return(NotFound()); }
public async Task <IActionResult> ExtensionWebHookHandler(string name, CancellationToken token, [FromServices] IScriptWebHookProvider provider) { if (provider.TryGetHandler(name, out HttpHandler handler)) { string keyName = DefaultScriptWebHookProvider.GetKeyName(name); var authResult = await _authorizationService.AuthorizeAsync(User, keyName, PolicyNames.SystemAuthLevel); if (!authResult.Succeeded) { return(Unauthorized()); } var requestMessage = new HttpRequestMessageFeature(this.HttpContext).HttpRequestMessage; HttpResponseMessage response = await handler.ConvertAsync(requestMessage, token); var result = new ObjectResult(response); result.Formatters.Add(new HttpResponseMessageOutputFormatter()); return(result); } return(NotFound()); }
public static void AddScriptPolicies(this AuthorizationOptions options) { options.AddPolicy(PolicyNames.AdminAuthLevel, p => { p.AddScriptAuthenticationSchemes(); p.AddRequirements(new AuthLevelRequirement(AuthorizationLevel.Admin)); }); options.AddPolicy(PolicyNames.SystemAuthLevel, p => { p.AddScriptAuthenticationSchemes(); p.AddRequirements(new AuthLevelRequirement(AuthorizationLevel.System)); }); options.AddPolicy(PolicyNames.AdminAuthLevelOrInternal, p => { p.AddScriptAuthenticationSchemes(); p.RequireAssertion(async c => { if (c.Resource is AuthorizationFilterContext filterContext) { if (filterContext.HttpContext.Request.IsAppServiceInternalRequest()) { return(true); } var authorizationService = filterContext.HttpContext.RequestServices.GetRequiredService <IAuthorizationService>(); AuthorizationResult result = await authorizationService.AuthorizeAsync(c.User, PolicyNames.AdminAuthLevel); return(result.Succeeded); } return(false); }); }); options.AddPolicy(PolicyNames.SystemKeyAuthLevel, p => { p.AddScriptAuthenticationSchemes(); p.RequireAssertion(c => { if (c.Resource is AuthorizationFilterContext filterContext) { if (filterContext.HttpContext.Request.IsAppServiceInternalRequest()) { return(true); } string keyName = null; object keyNameObject = filterContext.RouteData.Values["extensionName"]; if (keyNameObject != null) { keyName = DefaultScriptWebHookProvider.GetKeyName(keyNameObject.ToString()); } else { keyNameObject = filterContext.RouteData.Values["keyName"]; if (keyNameObject != null) { keyName = keyNameObject.ToString(); } } if (!string.IsNullOrEmpty(keyName) && AuthUtility.PrincipalHasAuthLevelClaim(filterContext.HttpContext.User, AuthorizationLevel.System, keyName)) { return(true); } } return(false); }); }); }