示例#1
0
        public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
        {
            var user = context.HttpContext.User;

            var appName = context.RouteData.Values["app"]?.ToString();

            if (!string.IsNullOrWhiteSpace(appName))
            {
                var isFrontend = user.IsInClient(DefaultClients.Frontend);

                var app = await appProvider.GetAppAsync(appName, !isFrontend);

                if (app == null)
                {
                    var log = context.HttpContext.RequestServices?.GetService <ISemanticLog>();

                    log?.LogWarning(w => w
                                    .WriteProperty("message", "Cannot find app with the given name.")
                                    .WriteProperty("appId", "404")
                                    .WriteProperty("appName", appName));

                    context.Result = new NotFoundResult();
                    return;
                }

                string?clientId = null;

                var(role, permissions) = FindByOpenIdSubject(app, user, isFrontend);

                if (permissions == null)
                {
                    (clientId, role, permissions) = FindByOpenIdClient(app, user, isFrontend);
                }

                if (permissions == null)
                {
                    (clientId, role, permissions) = FindAnonymousClient(app, isFrontend);
                }

                if (permissions != null)
                {
                    var identity = user.Identities.First();

                    if (!string.IsNullOrWhiteSpace(role))
                    {
                        identity.AddClaim(new Claim(ClaimTypes.Role, role));
                    }

                    foreach (var permission in permissions)
                    {
                        identity.AddClaim(new Claim(SquidexClaimTypes.Permissions, permission.Id));
                    }

                    if (user.Token() == null && clientId != null)
                    {
                        identity.AddClaim(new Claim(OpenIdClaims.ClientId, clientId));
                    }
                }

                var requestContext = SetContext(context.HttpContext, app);

                if (!AllowAnonymous(context) && !HasPermission(appName, requestContext))
                {
                    if (string.IsNullOrWhiteSpace(user.Identity?.AuthenticationType))
                    {
                        context.Result = new UnauthorizedResult();
                    }
                    else
                    {
                        var log = context.HttpContext.RequestServices?.GetService <ISemanticLog>();

                        log?.LogWarning(w => w
                                        .WriteProperty("message", "Authenticated user has no permission to access the app.")
                                        .WriteProperty("appId", app.Id.ToString())
                                        .WriteProperty("appName", appName));

                        context.Result = new NotFoundResult();
                    }

                    return;
                }

                context.HttpContext.Features.Set <IAppFeature>(new AppFeature(app));
                context.HttpContext.Response.Headers.Add("X-AppId", app.Id.ToString());
            }
            else
            {
                SetContext(context.HttpContext, null !);
            }

            await next();
        }
示例#2
0
        public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
        {
            var user = context.HttpContext.User;

            var appName = context.RouteData.Values["app"]?.ToString();

            if (!string.IsNullOrWhiteSpace(appName))
            {
                var isFrontend = user.IsInClient(DefaultClients.Frontend);

                var app = await appProvider.GetAppAsync(appName, !isFrontend);

                if (app == null)
                {
                    context.Result = new NotFoundResult();
                    return;
                }

                var(role, permissions) = FindByOpenIdSubject(app, user, isFrontend);

                if (permissions == null)
                {
                    (role, permissions) = FindByOpenIdClient(app, user, isFrontend);
                }

                if (permissions == null)
                {
                    (role, permissions) = FindAnonymousClient(app, isFrontend);
                }

                if (permissions != null)
                {
                    var identity = user.Identities.First();

                    if (!string.IsNullOrWhiteSpace(role))
                    {
                        identity.AddClaim(new Claim(ClaimTypes.Role, role));
                    }

                    foreach (var permission in permissions)
                    {
                        identity.AddClaim(new Claim(SquidexClaimTypes.Permissions, permission.Id));
                    }
                }

                var requestContext = SetContext(context.HttpContext, app);

                if (!AllowAnonymous(context) && !HasPermission(appName, requestContext))
                {
                    if (string.IsNullOrWhiteSpace(user.Identity.AuthenticationType))
                    {
                        context.Result = new UnauthorizedResult();
                    }
                    else
                    {
                        context.Result = new NotFoundResult();
                    }

                    return;
                }

                context.HttpContext.Features.Set <IAppFeature>(new AppFeature(app.NamedId()));
                context.HttpContext.Response.Headers.Add("X-AppId", app.Id.ToString());
            }
            else
            {
                SetContext(context.HttpContext, null !);
            }

            await next();
        }
示例#3
0
        public async Task Should_return_not_found_if_app_name_is_null(string?app)
        {
            SetupUser();

            actionExecutingContext.RouteData.Values["app"] = app;

            await sut.OnActionExecutionAsync(actionExecutingContext, next);

            Assert.IsType <NotFoundResult>(actionExecutingContext.Result);
            Assert.False(isNextCalled);

            A.CallTo(() => appProvider.GetAppAsync(A <string> ._, false, httpContext.RequestAborted))
            .MustNotHaveHappened();
        }
示例#4
0
        public async Task Should_return_not_found_if_app_not_found()
        {
            SetupUser();

            A.CallTo(() => appProvider.GetAppAsync(appName, false))
            .Returns(Task.FromResult <IAppEntity?>(null));

            await sut.OnActionExecutionAsync(actionExecutingContext, next);

            Assert.IsType <NotFoundResult>(actionExecutingContext.Result);
            Assert.False(isNextCalled);
        }