public InProductTrainingModule(
IInProductTrainingController inProductTrainingController,
IMetadataRegistry metadataRegistry,
IPolicyEvaluator policyEvaluator,
ILoggerFactory loggerFactory)
: base(InProductTrainingServiceBootstrapper.ServiceNameShort, metadataRegistry, policyEvaluator, loggerFactory)
{
_inProductTrainingController = inProductTrainingController;
CreateRoute("CreateInProductTrainingView", HttpMethod.Post, $"{BaseInProductTrainingUrl}/viewed", CreateInProductTrainingViewAsync)
.Description("Create a new InProductTraining resource")
.StatusCodes(HttpStatusCode.Created, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.BadRequest, HttpStatusCode.InternalServerError)
.RequestFormat(InProductTrainingViewRequest.Example())
.ResponseFormat(InProductTrainingViewResponse.Example());
CreateRoute("GetViewedInProductTraining", HttpMethod.Get, $"{BaseInProductTrainingUrl}/viewed/{{clientApplicationId:int}}", GetViewedInProductTrainingAsync)
.Description("Get a InProductTrainingView resource by it's identifier.")
.StatusCodes(HttpStatusCode.OK, HttpStatusCode.BadRequest, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.InternalServerError, HttpStatusCode.NotFound)
.ResponseFormat(InProductTrainingViewResponse.Example());
CreateRoute("CreateWizardView", HttpMethod.Post, $"{BaseWizardsUrl}/viewed", CreateWizardViewAsync)
.Description("Create a new wizard view resource")
.StatusCodes(HttpStatusCode.Created, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.BadRequest, HttpStatusCode.InternalServerError)
.RequestFormat(ViewedWizard.Example())
.ResponseFormat(WizardViewResponse.Example());
CreateRoute("GetWizardViewsByUserId", HttpMethod.Get, $"{BaseWizardsUrl}/viewed/{{userId:guid}}", GetWizardViewsByUserIdAsync)
.Description("Get a wizard view resource by it's identifier.")
.StatusCodes(HttpStatusCode.OK, HttpStatusCode.BadRequest, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.InternalServerError, HttpStatusCode.NotFound)
.ResponseFormat(WizardViewResponse.Example());
}
public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context) + "is null");
}
if (context.ActionDescriptor.EndpointMetadata.Any(p => p is IAllowAnonymous))
{
return;
}
if (!context.ActionDescriptor.EndpointMetadata.Any(p => p is AuthorizeAttribute))
{
return;
}
IPolicyEvaluator policyEvaluator = context.HttpContext.RequestServices.GetRequiredService <IPolicyEvaluator>();
AuthenticateResult authenticateResult = await policyEvaluator.AuthenticateAsync(this.policy, context.HttpContext);
PolicyAuthorizationResult authorizeResult = await policyEvaluator.AuthorizeAsync(this.policy, authenticateResult, context.HttpContext, context);
if (authorizeResult.Challenged)
{
context.Result = new NavyblueUnAuthorizeResult("Authorization Failed");
}
else if (authorizeResult.Forbidden)
{
context.Result = new ForbidResult(this.policy.AuthenticationSchemes.ToArray());
}
}
/// <summary>
/// Process an individual request.
/// </summary>
/// <param name="context">The context.</param>
/// <param name="policyEvaluator">The service which can evaluate an <see cref="AuthorizationPolicy" />.</param>
/// <returns>The task object representing the asynchronous operation.</returns>
public async Task Invoke(HttpContext context, IPolicyEvaluator policyEvaluator)
{
if (context.Request.Headers[Constants.ACCEPT_HTTP_HEADER] == Constants.SSE_CONTENT_TYPE)
{
if (!await AuthorizeAsync(context, policyEvaluator))
{
return;
}
DisableResponseBuffering(context);
HandleContentEncoding(context);
await context.Response.AcceptAsync(_serverSentEventsOptions.OnPrepareAccept);
ServerSentEventsClient client = new ServerSentEventsClient(Guid.NewGuid(), context.User, context.Response);
if (_serverSentEventsService.ReconnectInterval.HasValue)
{
await client.ChangeReconnectIntervalAsync(_serverSentEventsService.ReconnectInterval.Value, CancellationToken.None);
}
await ConnectClientAsync(context.Request, client);
await context.RequestAborted.WaitAsync();
await DisconnectClientAsync(context.Request, client);
}
else
{
await _next(context);
}
}
public AuthorizeIndexPageHandlerFilter(
IAuthorizationPolicyProvider policyProvider,
IPolicyEvaluator policyEvaluator)
{
this.policyProvider = policyProvider;
this.policyEvaluator = policyEvaluator;
}
private async Task <bool> AuthorizeAsync(HttpContext context, IPolicyEvaluator policyEvaluator)
{
bool authorized = false;
if (_serverSentEventsOptions.Authorization is null)
{
authorized = true;
}
else
{
if (_authorizationPolicy is null)
{
_authorizationPolicy = await AuthorizationPolicy.CombineAsync(_policyProvider, new[] { _serverSentEventsOptions.Authorization });
}
AuthenticateResult authenticateResult = await policyEvaluator.AuthenticateAsync(_authorizationPolicy, context);
PolicyAuthorizationResult authorizeResult = await policyEvaluator.AuthorizeAsync(_authorizationPolicy, authenticateResult, context, null);
if (authorizeResult.Challenged)
{
await ChallengeAsync(context);
}
else if (authorizeResult.Forbidden)
{
await ForbidAsync(context);
}
else
{
authorized = true;
}
}
return(authorized);
}
public ImpersonateTenantMiddleware(RequestDelegate next, IPolicyEvaluator policyEvaluator, IHttpClient httpClient, IAppSettingsReader appSettingsReader)
{
_policyEvaluator = policyEvaluator;
_httpClient = httpClient;
_tenantUrl = appSettingsReader.GetValue <string>("Tenant.Url").TrimEnd('/');
_next = next;
}
public AuthorizationFilter(
IAuthorizationPolicyProvider policyProvider,
IPolicyEvaluator policyEvaluator
)
{
_policyProvider = policyProvider;
_policyEvaluator = policyEvaluator;
}
public PolicyAuthorizationProvider(IPolicyEvaluator policyEvaluator, ILogger logger, bool logAuthorization,
bool logSuccesses)
{
_policyEvaluator = policyEvaluator;
_logger = logger;
_logAuthorization = logAuthorization;
_logSuccesses = logSuccesses;
}
public AuthorizationPolicyTagHelper(
IAuthorizationPolicyProvider policyProvider,
IPolicyEvaluator policyEvaluator,
IHttpContextAccessor httpContextAccessor)
{
this.policyProvider = policyProvider;
this.policyEvaluator = policyEvaluator;
this.httpContextAccessor = httpContextAccessor;
}
/// <summary>
/// Invokes the authorization filters for the controller action.
/// </summary>
/// <returns>Whether the user is authenticated or not.</returns>
internal static async Task <bool> InvokeAuthorizationFiltersForRequest(this ControllerContext controllerContext, ActionContext actionContext)
{
ControllerActionDescriptor actionDescriptor = controllerContext.ActionDescriptor;
var metadataCollection =
new EndpointMetadataCollection(actionDescriptor.EndpointMetadata.Union(new[] { actionDescriptor }));
IReadOnlyList <IAuthorizeData> authorizeData = metadataCollection.GetOrderedMetadata <IAuthorizeData>();
IAuthorizationPolicyProvider policyProvider = controllerContext.HttpContext.RequestServices
.GetRequiredService <IAuthorizationPolicyProvider>();
AuthorizationPolicy?policy = await AuthorizationPolicy.CombineAsync(policyProvider, authorizeData);
if (policy is not null)
{
IPolicyEvaluator policyEvaluator =
controllerContext.HttpContext.RequestServices.GetRequiredService <IPolicyEvaluator>();
AuthenticateResult authenticateResult =
await policyEvaluator.AuthenticateAsync(policy, controllerContext.HttpContext);
if (!authenticateResult.Succeeded)
{
return(false);
}
// TODO this is super hacky, but we rely on the FeatureAuthorizeHandler can still handle endpoints
// (The way before .NET 5). The .NET 5 way would need to use han http context, for the "inner" request
// with the nested controller
var resource = new Endpoint(null, metadataCollection, null);
PolicyAuthorizationResult authorizeResult =
await policyEvaluator.AuthorizeAsync(policy, authenticateResult, controllerContext.HttpContext, resource);
if (!authorizeResult.Succeeded)
{
return(false);
}
}
IList <FilterDescriptor> filters = actionDescriptor.FilterDescriptors;
var filterGrouping = new FilterGrouping(filters, controllerContext.HttpContext.RequestServices);
// because the continuation gets built from the inside out we need to reverse the filter list
// so that least specific filters (Global) get run first and the most specific filters (Action) get run last.
var authorizationFilters = filterGrouping.AuthorizationFilters.Reverse().ToList();
var asyncAuthorizationFilters = filterGrouping.AsyncAuthorizationFilters.Reverse().ToList();
if (authorizationFilters.Count == 0 && asyncAuthorizationFilters.Count == 0)
{
return(true);
}
// if the authorization filter returns a result, it means it failed to authorize
var authorizationFilterContext =
new AuthorizationFilterContext(actionContext, filters.Select(x => x.Filter).ToArray());
return(await ExecuteAuthorizationFiltersAsync(authorizationFilterContext, authorizationFilters, asyncAuthorizationFilters));
}
/// <summary>
/// Process an individual request.
/// </summary>
/// <param name="context">The context.</param>
/// <param name="policyEvaluator">The service which can evaluate an <see cref="AuthorizationPolicy" />.</param>
/// <returns>The task object representing the asynchronous operation.</returns>
public async Task Invoke(HttpContext context, IPolicyEvaluator policyEvaluator)
{
if (context.Request.Headers[Constants.ACCEPT_HTTP_HEADER] == Constants.SSE_CONTENT_TYPE)
{
if (!await AuthorizeAsync(context, policyEvaluator))
{
_logger.LogWarning($"{DateTime.Now.ToString()} : Invoke: AuthorizeAsync returned false for context.User.Identity.Name: {context.User?.Identity?.Name}");
return;
}
bool shouldAccept = context.ShouldAccept(_serverSentEventsOptions.OnShouldAccept);
if (!shouldAccept)
{
_logger.LogWarning($"{DateTime.Now.ToString()} : Invoke: ShouldAccept returned false for context.User.Identity.Name: {context.User?.Identity?.Name}");
return;
}
DisableResponseBuffering(context);
HandleContentEncoding(context);
await context.Response.AcceptAsync(_serverSentEventsOptions.OnPrepareAccept);
// Use an autogenerated Guid, useful if not using authentication.
//ServerSentEventsClient client = new ServerSentEventsClient(Guid.NewGuid(), context.User, context.Response);
// Set the Guid later to provide the opportunity for the Guid to be set by user code in the ClientConnected event hander
// Useful when using Authentication to allow the client to be associated with a user.
CancellationTokenSource _responseEndCts = new CancellationTokenSource();
ServerSentEventsClient client = new ServerSentEventsClient(Guid.NewGuid(), context.User, context.Response, _logger, _responseEndCts);
_logger.LogDebug($"{DateTime.Now.ToString()} : Invoke: Client Connected: ConnectedAt: {client.ConnectedAt} User.Identity.Name: {client.User?.Identity?.Name}");
if (_serverSentEventsService.ReconnectInterval.HasValue)
{
await client.ChangeReconnectIntervalAsync(_serverSentEventsService.ReconnectInterval.Value, CancellationToken.None);
}
await AddClientAsync(context.Request, client);
_responseEndCts.Token.Register(() => _logger.LogDebug("{0} : Invoke: _responseEndCts.Token has been cancelled", DateTime.Now.ToString()));
//await context.RequestAborted.WaitAsync();
// Wait until the task completes or the _responseEndCts token triggers
await Task.WhenAny(context.RequestAborted.WaitAsync(), Task.Delay(Timeout.Infinite, _responseEndCts.Token));
await RemoveClientAsync(context.Request, client);
}
else
{
await _next(context);
}
}
public ProjectGuestContextModule(
IMetadataRegistry metadataRegistry,
IPolicyEvaluator policyEvaluator,
IProjectGuestContextController projectGuestContextController,
ILoggerFactory loggerFactory)
: base(GuestServiceBootstrapper.ServiceNameShort, metadataRegistry, policyEvaluator, loggerFactory)
{
_projectGuestContextController = projectGuestContextController;
CreateRoute("SetProjectGuestContext", HttpMethod.Post, Routing.ProjectGuestContextRoute, SetProjectGuestContextAsync)
.Description("Sets the project guest context and creates guest sessions")
.StatusCodes(HttpStatusCode.OK, HttpStatusCode.BadRequest, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.InternalServerError)
.ResponseFormat(JsonConvert.SerializeObject(ProjectGuestContext.Example));
}
public MachinesModule(
IMachinesController machineController,
IMetadataRegistry metadataRegistry,
IPolicyEvaluator policyEvaluator,
ILoggerFactory loggerFactory)
: base(ServiceInformation.ServiceNameShort, metadataRegistry, policyEvaluator, loggerFactory)
{
_machinesController = machineController;
this.RequiresAuthentication();
CreateRoute("CreateMachine", HttpMethod.Post, Routing.Machines, CreateMachineAsync)
.Description("Create a new machine resource")
.StatusCodes(HttpStatusCode.Created, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.BadRequest, HttpStatusCode.InternalServerError)
.RequestFormat(Machine.Example())
.ResponseFormat(Machine.Example());
CreateRoute("GetMachineById", HttpMethod.Get, Routing.MachinesWithId, GetMachineByIdAsync)
.Description("Gets a machine by its unique identifier")
.StatusCodes(HttpStatusCode.OK, HttpStatusCode.BadRequest, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.InternalServerError, HttpStatusCode.NotFound)
.ResponseFormat(Machine.Example());
CreateRoute("GetMachineByKey", HttpMethod.Get, Routing.Machines, GetMachineByKeyAsync, c => c.Request.Query.ContainsKey("machinekey"))
.Description("Get a machine by machine key")
.StatusCodes(HttpStatusCode.OK, HttpStatusCode.BadRequest, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.InternalServerError, HttpStatusCode.NotFound)
.ResponseFormat(Machine.Example());
CreateRoute("UpdateMachine", HttpMethod.Put, Routing.MachinesWithId, UpdateMachineAsync)
.Description("Update a Principal resource.")
.StatusCodes(HttpStatusCode.OK, HttpStatusCode.BadRequest, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.InternalServerError, HttpStatusCode.NotFound)
.RequestFormat(Machine.Example())
.ResponseFormat(Machine.Example());
CreateRoute("DeleteMachine", HttpMethod.Delete, Routing.MachinesWithId, DeleteMachineAsync)
.Description("Deletes a machine")
.StatusCodes(HttpStatusCode.NoContent, HttpStatusCode.BadRequest, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.InternalServerError);
CreateRoute("ChangeMachineTenant", HttpMethod.Put, Routing.ChangeMachineTenant, ChangeMachineTenantAsync)
.Description("Changes a machine's tenant")
.StatusCodes(HttpStatusCode.OK, HttpStatusCode.BadRequest, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.InternalServerError, HttpStatusCode.NotFound)
.RequestFormat(Machine.Example())
.ResponseFormat(Machine.Example());
CreateRoute("GetTenantMachines", HttpMethod.Get, Routing.Machines, GetTenantMachinesAsync, c => !c.Request.Query.ContainsKey("machinekey"))
.Description("Retrieves a list of machines for the tenant")
.StatusCodes(HttpStatusCode.OK, HttpStatusCode.BadRequest, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.InternalServerError, HttpStatusCode.NotFound)
.ResponseFormat(new List <Machine> {
Machine.Example()
});
}
/// <inheritdoc />
public ProjectLobbyStateModule(IMetadataRegistry metadataRegistry,
IPolicyEvaluator policyEvaluator,
ILoggerFactory loggerFactory, IProjectLobbyStateController projectLobbyStateController) :
base(GuestServiceBootstrapper.ServiceNameShort, metadataRegistry, policyEvaluator, loggerFactory)
{
_projectLobbyStateController = projectLobbyStateController;
CreateRoute("GetProjectLobbyState", HttpMethod.Get, $"{Routing.ProjectsRoute}/{{projectId:guid}}/{Routing.ProjectLobbyStatePath}", GetProjectLobbyStateAsync)
.Description("Retrieves lobby state for a project.")
.StatusCodes(HttpStatusCode.OK, HttpStatusCode.BadRequest, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.NotFound, HttpStatusCode.InternalServerError)
.ResponseFormat(JsonConvert.SerializeObject(new ProjectLobbyState()));
CreateRoute("RecalculateProjectLobbyState", HttpMethod.Put, $"{Routing.ProjectsRoute}/{{projectId:guid}}/{Routing.ProjectLobbyStatePath}", RecalculateProjectLobbyStateAsync)
.Description("Recalculates the the lobby state of a project.")
.StatusCodes(HttpStatusCode.OK, HttpStatusCode.BadRequest, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.NotFound, HttpStatusCode.InternalServerError)
.ResponseFormat(ProjectLobbyState.Example());
}
public GuestInviteModule(
IMetadataRegistry metadataRegistry,
IPolicyEvaluator policyEvaluator,
IGuestInviteController guestInviteController,
ILoggerFactory loggerFactory)
: base(GuestServiceBootstrapper.ServiceNameShort, metadataRegistry, policyEvaluator, loggerFactory)
{
// Init DI
_guestInviteController = guestInviteController;
// initialize routes
CreateRoute("CreateGuestInvite", HttpMethod.Post, Routing.GuestInvitesRoute, CreateGuestInviteAsync)
.Description("Create a specific GuestInvite resource.")
.StatusCodes(HttpStatusCode.OK, HttpStatusCode.BadRequest, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.InternalServerError)
.ResponseFormat(JsonConvert.SerializeObject(new GuestInvite()));
CreateRoute("GetGuestInvite", HttpMethod.Get, $"{Routing.GuestInvitesRoute}/{{id:guid}}", GetGuestInviteAsync)
.Description("Retrieves a specific GuestInvite resource.")
.StatusCodes(HttpStatusCode.OK, HttpStatusCode.BadRequest, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.NotFound, HttpStatusCode.InternalServerError)
.ResponseFormat(JsonConvert.SerializeObject(new GuestInvite()));
CreateRoute("GetGuestInvites", HttpMethod.Get, $"{Routing.ProjectsRoute}/{{projectId:guid}}/{Routing.GuestInvitesPath}", GetValidGuestInvitesByProjectIdAsync)
.Description("Gets All GuestInvites for a specific Project.")
.StatusCodes(HttpStatusCode.OK, HttpStatusCode.BadRequest, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.InternalServerError)
.ResponseFormat(JsonConvert.SerializeObject(new List <GuestInvite> {
new GuestInvite()
}));
CreateRoute("GetGuestInvitesForUserAsync", HttpMethod.Post, $"{Routing.UsersRoute}/{Routing.GuestInvitesPath}", GetGuestInvitesForUserAsync)
.Description("Gets All GuestInvites for a specific User.")
.StatusCodes(HttpStatusCode.OK, HttpStatusCode.BadRequest, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.InternalServerError)
.ResponseFormat(JsonConvert.SerializeObject(new List <GuestInvite> {
new GuestInvite()
}));
CreateRoute("UpdateGuestInvite", HttpMethod.Put, $"{Routing.GuestInvitesRoute}/{{id:guid}}", UpdateGuestInviteAsync)
.Description("Update a specific GuestInvite resource.")
.StatusCodes(HttpStatusCode.OK, HttpStatusCode.BadRequest, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.NotFound, HttpStatusCode.InternalServerError)
.ResponseFormat(JsonConvert.SerializeObject(new GuestInvite()));
CreateRoute("IsGuestRegistrationRequired", HttpMethod.Get, $"{Routing.GuestInvitesRoute}/{Routing.IsGuestRegistrationRequiredPath}", IsGuestRegistrationRequired)
.Description("Check if the guest user require registration.")
.StatusCodes(HttpStatusCode.OK, HttpStatusCode.BadRequest, HttpStatusCode.Forbidden, HttpStatusCode.NotFound, HttpStatusCode.InternalServerError)
.ResponseFormat(JsonConvert.SerializeObject(true));
}
public GuestTenantModule(
IMetadataRegistry metadataRegistry,
IPolicyEvaluator policyEvaluator,
IGuestTenantController tenantController,
ILoggerFactory loggerFactory)
: base(GuestServiceBootstrapper.ServiceNameShort, metadataRegistry, policyEvaluator, loggerFactory)
{
// Init DI
_tenantController = tenantController;
// initialize routes
CreateRoute("GetGuestTenantIdsForCurrentUser", HttpMethod.Get, Routing.GuestTenantIdsRoute, GetTenantIdsForCurrentUserAsync)
.Description("Retrieves the list of tenantids for a guest user")
.StatusCodes(HttpStatusCode.OK, HttpStatusCode.BadRequest, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.InternalServerError)
.ResponseFormat(new List <Guid> {
Guid.Empty
});
}
public UserInviteModule(
IUserInvitesController userInvitesController,
IMetadataRegistry metadataRegistry,
IPolicyEvaluator policyEvaluator,
ILoggerFactory loggerFactory)
: base(ServiceInformation.ServiceNameShort, metadataRegistry, policyEvaluator, loggerFactory)
{
_userInviteController = userInvitesController;
this.RequiresAuthentication();
CreateRoute("CreateUserInviteListForTenant", HttpMethod.Post, Routing.UserInvites, _ => CreateUserInviteListForTenantAsync())
.Description("Email invites for passed user list")
.StatusCodes(HttpStatusCode.Created, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.BadRequest, HttpStatusCode.InternalServerError)
.RequestFormat(new List <UserInvite> {
UserInvite.Example()
})
.ResponseFormat(new List <UserInvite> {
UserInvite.Example()
});
CreateRoute("ResendEmailInvitation", HttpMethod.Post, Routing.ResendUserInvites, _ => ResendEmailInvitationAsync())
.Description("Resend Email invites for passed user list")
.StatusCodes(HttpStatusCode.Created, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.BadRequest, HttpStatusCode.InternalServerError)
.RequestFormat(new List <UserInvite> {
UserInvite.Example()
})
.ResponseFormat(new List <UserInvite> {
UserInvite.Example()
});
CreateRoute("GetUserInvitesForTenantAsync", HttpMethod.Get, Routing.UserInvites, GetUsersInvitedForTenantAsync)
.Description("Gets all invited users for Tenant")
.StatusCodes(HttpStatusCode.OK, HttpStatusCode.BadRequest, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.InternalServerError, HttpStatusCode.NotFound)
.ResponseFormat(new PagingMetadata <UserInvite> {
List = new List <UserInvite> {
UserInvite.Example()
}
});
}
/// <summary>
/// Invokes an IPolicyEvaluator to evaluate the given XML element in the given
/// context. An evaluator for the element must be registered in the PolicyManager
/// configuration (.config) file. Mappings are registered by element schema namespaces.
/// </summary>
/// <param name="element">The element to evaluate.</param>
/// <param name="context">The context under which to evaluate this element</param>
/// <returns>The EvaluationResult that the evaluator returns.</returns>
public static EvaluationResult invokeEvaluator(XmlElement element, IContext context)
{
EvaluationResult result = null;
// get class that corresponds to this element
// we use the namespace attribute for this tag
string className = (string)evaluatorMappings[element.NamespaceURI];
if (className == null)
{
return(new EvaluationResult(TAG, false, "Evaluator class not found for tag " +
element.LocalName + " in namespace " + element.NamespaceURI));
}
// check if an evaluator for this class is already instantiated
IPolicyEvaluator evaluator = (IPolicyEvaluator)evaluators[className];
if (evaluator == null)
{
// try to instantiate this evaluator
Type type = Type.GetType(className);
object o = Activator.CreateInstance(type);
if (o == null || !(o is IPolicyEvaluator))
{
return(new EvaluationResult(TAG, false, "Could not load evaluator for " + element.LocalName));
}
debug("instantiated evaluator for class " + className);
evaluator = (IPolicyEvaluator)o;
evaluators.Add(className, evaluator);
}
// now invoke the evaluator!
result = evaluator.evaluateExpression(element, context);
return(result);
}
public GroupsModule(
IGroupsController groupsController,
IMetadataRegistry metadataRegistry,
IPolicyEvaluator policyEvaluator,
ILoggerFactory loggerFactory)
: base(ServiceInformation.ServiceNameShort, metadataRegistry, policyEvaluator, loggerFactory)
{
_groupsController = groupsController;
this.RequiresAuthentication();
CreateRoute("CreateGroup", HttpMethod.Post, Routing.Groups, CreateGroupAsync)
.Description("Creates a new group")
.StatusCodes(HttpStatusCode.Created, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.BadRequest, HttpStatusCode.InternalServerError)
.RequestFormat(Group.Example())
.ResponseFormat(Group.Example());
CreateRoute("GetGroupById", HttpMethod.Get, Routing.GroupsWithId, GetGroupByIdAsync)
.Description("Get a group by its unique identifier")
.StatusCodes(HttpStatusCode.OK, HttpStatusCode.BadRequest, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.InternalServerError, HttpStatusCode.NotFound)
.ResponseFormat(Group.Example());
CreateRoute("GetGroupsForTenant", HttpMethod.Get, Routing.Groups, GetGroupsForTenantAsync)
.Description("Get Group for a tenant")
.StatusCodes(HttpStatusCode.OK, HttpStatusCode.BadRequest, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.InternalServerError, HttpStatusCode.NotFound)
.ResponseFormat(Group.Example());
CreateRoute("DeleteGroup", HttpMethod.Delete, Routing.GroupsWithId, DeleteGroupAsync)
.Description("Deletes a Group")
.StatusCodes(HttpStatusCode.NoContent, HttpStatusCode.BadRequest, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.InternalServerError);
CreateRoute("UpdateGroup", HttpMethod.Put, Routing.Groups, UpdateGroupAsync)
.Description("Updates an existing Group")
.StatusCodes(HttpStatusCode.OK, HttpStatusCode.BadRequest, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.InternalServerError, HttpStatusCode.NotFound)
.RequestFormat(Group.Example())
.ResponseFormat(Group.Example());
}
public AuthorizePageHandlerFilter(IAuthorizationPolicyProvider polP, IPolicyEvaluator polE)
{
policyProvider = polP;
policyEval = polE;
}
public async Task InvokeAsyncTest()
{
IServiceProvider serviceProvider = CreateServices();
//未指定权限时且为指定FallbackPolicy时 匿名用户可访问
using (IServiceScope serviceScope = serviceProvider.CreateScope())
{
IServiceProvider scopeServiceProvider = serviceScope.ServiceProvider;
var next = new TestRequestDelegate();
var middleware = CreateMiddleware(next.Invoke, scopeServiceProvider.GetRequiredService <IPolicyCombiner>());
var context = GetHttpContext(scopeServiceProvider);
IPolicyEvaluator policyEvaluator = scopeServiceProvider.GetRequiredService <IPolicyEvaluator>();
await middleware.InvokeAsync(context, MockAuthorizeDataManager(null), policyEvaluator);
next.Called.ShouldBeTrue();
}
//未指定权限但是指定FallbackPolicy时
serviceProvider = CreateServices(services =>
{
services.AddScoped <IAuthorizationPolicyProvider>(sp =>
{
var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
var policyProvider = new Mock <IAuthorizationPolicyProvider>();
policyProvider.Setup(p => p.GetFallbackPolicyAsync()).ReturnsAsync(policy);
return(policyProvider.Object);
});
});
using (IServiceScope serviceScope = serviceProvider.CreateScope())
{
IServiceProvider scopeServiceProvider = serviceScope.ServiceProvider;
var next = new TestRequestDelegate();
var middleware = CreateMiddleware(next.Invoke, scopeServiceProvider.GetRequiredService <IPolicyCombiner>());
var context = GetHttpContext(scopeServiceProvider);
IPolicyEvaluator policyEvaluator = scopeServiceProvider.GetRequiredService <IPolicyEvaluator>();
await middleware.InvokeAsync(context, MockAuthorizeDataManager(null), policyEvaluator);
next.Called.ShouldBeFalse();
}
serviceProvider = CreateServices();
using (IServiceScope serviceScope = serviceProvider.CreateScope())
{
IServiceProvider scopeServiceProvider = serviceScope.ServiceProvider;
var next = new TestRequestDelegate();
var middleware = CreateMiddleware(next.Invoke, scopeServiceProvider.GetRequiredService <IPolicyCombiner>());
IPolicyEvaluator policyEvaluator = scopeServiceProvider.GetRequiredService <IPolicyEvaluator>();
//允许匿名访问
var context = GetHttpContext(scopeServiceProvider);
await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData()
{
AllowedAnonymous = true
}), policyEvaluator);
next.Called.ShouldBeTrue();
//拒绝所有
next.Reset();
await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData()
{
DeniedAll = true
}), policyEvaluator);
next.Called.ShouldBeFalse();
//允许所有登录者 访问
next.Reset();
await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData()
{
AllowedAllRoles = true
}), policyEvaluator);
next.Called.ShouldBeFalse();
next.Reset();
ClaimsPrincipal principal = new ClaimsPrincipal();
ClaimsIdentity basicIdentity = new ClaimsIdentity(new Claim[] {
new Claim("Permission", "CanViewPage"),
new Claim(ClaimTypes.Role, "Administrator"),
new Claim(ClaimTypes.Role, "User"),
new Claim(ClaimTypes.NameIdentifier, "John")
}, "Basic", ClaimTypes.NameIdentifier, ClaimTypes.Role);
principal.AddIdentity(basicIdentity);
context = GetHttpContext(scopeServiceProvider, principal);
await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData()
{
AllowedAllRoles = true
}), policyEvaluator);
next.Called.ShouldBeTrue();
// 角色验证
next.Reset();
await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData()
{
AllowedRoles = new string[] { "User" }
}), policyEvaluator);
next.Called.ShouldBeTrue();
next.Reset();
await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData()
{
AllowedRoles = new string[] { "userRole" }
}), policyEvaluator);
next.Called.ShouldBeFalse();
//用户Id
next.Reset();
await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData()
{
AllowedUsers = new string[] { "user0" }
}), policyEvaluator);
next.Called.ShouldBeFalse();
next.Reset();
await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData()
{
AllowedUsers = new string[] { "John" }
}), policyEvaluator);
next.Called.ShouldBeTrue();
next.Reset();
await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData()
{
AllowedRoles = new string[] { "role0", "role1" }, AllowedUsers = new string[] { "user0" }
}), policyEvaluator);
next.Called.ShouldBeFalse();
next.Reset();
await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData()
{
AllowedRoles = new string[] { "role0", "role1" }, AllowedUsers = new string[] { "John" }
}), policyEvaluator);
next.Called.ShouldBeTrue();
next.Reset();
await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData()
{
AllowedRoles = new string[] { "Administrator", "role1" }, AllowedUsers = new string[] { "John00" }
}), policyEvaluator);
next.Called.ShouldBeTrue();
next.Reset();
await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData()
{
AllowedRoles = new string[] { "Administrator", "role1" }, AllowedUsers = new string[] { "John" }
}), policyEvaluator);
next.Called.ShouldBeTrue();
}
}
public AuthorizeTagHelper(IHttpContextAccessor httpContextAccessor, IAuthorizationPolicyProvider policyProvider, IPolicyEvaluator policyEvaluator)
{
_httpContextAccessor = httpContextAccessor;
_policyProvider = policyProvider;
_policyEvaluator = policyEvaluator;
}
public AuthorizationMiddleware(RequestDelegate next, AuthOptions options, IPolicyEvaluator policyEvaluator)
{
_next = next;
_options = options;
_policyEvaluator = policyEvaluator;
}
public GuestSessionModule(
IMetadataRegistry metadataRegistry,
IPolicyEvaluator policyEvaluator,
IGuestSessionController guestSessionController,
ILoggerFactory loggerFactory)
: base(GuestServiceBootstrapper.ServiceNameShort, metadataRegistry, policyEvaluator, loggerFactory)
{
// Init DI
_guestSessionController = guestSessionController;
// Initialize Routes
CreateRoute("GetGuestSession", HttpMethod.Get, $"{Routing.GuestSessionsRoute}/{{id:guid}}", GetGuestSessionAsync)
.Description("Retrieve a specific GuestSession resource.")
.StatusCodes(HttpStatusCode.OK, HttpStatusCode.BadRequest, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.NotFound, HttpStatusCode.InternalServerError)
.ResponseFormat(JsonConvert.SerializeObject(new GuestSession()));
CreateRoute("DeleteGuestSession", HttpMethod.Delete, $"{Routing.GuestSessionsRoute}/{{id:guid}}", DeleteGuestSessionAsync)
.Description("Delete a specific GuestSession resource.")
.StatusCodes(HttpStatusCode.OK, HttpStatusCode.BadRequest, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.InternalServerError);
CreateRoute("UpdateGuestSession", HttpMethod.Put, $"{Routing.GuestSessionsRoute}/{{id:guid}}", UpdateGuestSessionAsync)
.Description("Update a specific GuestSession resource.")
.StatusCodes(HttpStatusCode.OK, HttpStatusCode.BadRequest, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.NotFound, HttpStatusCode.InternalServerError)
.ResponseFormat(JsonConvert.SerializeObject(new GuestSession()));
CreateRoute("UpdateGuestSessionState", HttpMethod.Put, Routing.UpdateGuestSessionStateRoute, UpdateGuestSessionStateAsync)
.Description("Updates the guest session state")
.StatusCodes(HttpStatusCode.OK, HttpStatusCode.BadRequest, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.NotFound, HttpStatusCode.InternalServerError)
.RequestFormat(UpdateGuestSessionStateRequest.Example)
.ResponseFormat(UpdateGuestSessionStateResponse.Example);
CreateRoute("GetGuestSessions", HttpMethod.Get, $"{Routing.ProjectsRoute}/{{projectId:guid}}/{Routing.GuestSessionsPath}", GetGuestSessionsByProjectIdAsync)
.Description("Gets all valid GuestSessions for a specific project, excluding those with a GuestState of PromotedToProjectMember.")
.StatusCodes(HttpStatusCode.OK, HttpStatusCode.BadRequest, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.InternalServerError)
.ResponseFormat(JsonConvert.SerializeObject(new List <GuestSession> {
new GuestSession()
}));
CreateRoute("GetGuestSessionsByProjectForCurrentUser", HttpMethod.Get, $"{Routing.GetGuestSessionsByProjectForCurrentUserRoute}", GetGuestSessionsByProjectIdForCurrentUserAsync)
.Description("Gets all valid GuestSessions for a specific project and the requesting user, excluding those with a GuestState of PromotedToProjectMember.")
.StatusCodes(HttpStatusCode.OK, HttpStatusCode.BadRequest, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.NotFound, HttpStatusCode.InternalServerError)
.ResponseFormat(JsonConvert.SerializeObject(new List <GuestSession> {
new GuestSession()
}));
CreateRoute("GetGuestSessionsByProjectForUser", HttpMethod.Get, $"{Routing.GetGuestSessionsByProjectForUserRoute}", GetGuestSessionsByProjectIdForUserAsync)
.Description("Gets all valid GuestSessions for a specific project and user.")
.StatusCodes(HttpStatusCode.OK, HttpStatusCode.BadRequest, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.NotFound, HttpStatusCode.InternalServerError)
.ResponseFormat(JsonConvert.SerializeObject(new List <GuestSession> {
new GuestSession()
}));
CreateRoute("VerifyGuest", HttpMethod.Post, Routing.VerifyGuestRoute, VerifyGuestAsync)
.Description("Verify guest resource.")
.StatusCodes(HttpStatusCode.OK, HttpStatusCode.BadRequest, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.InternalServerError)
.ResponseFormat(JsonConvert.SerializeObject(new GuestVerificationResponse()));
CreateRoute("EmailHost", HttpMethod.Post, $"{Routing.GuestSessionsRoute}/{Routing.ProjectsPath}/{{accessCode}}/{Routing.EmailHostPath}", EmailHostAsync)
.Description("Send email to project host.")
.StatusCodes(HttpStatusCode.OK, HttpStatusCode.BadRequest, HttpStatusCode.Unauthorized, HttpStatusCode.Forbidden, HttpStatusCode.NotFound, HttpStatusCode.InternalServerError)
.ResponseFormat(JsonConvert.SerializeObject(new SendHostEmailResponse()));
}
public async Task InvokeAsync(HttpContext context, IAuthorizeDataManager authorizeDataManager, IPolicyEvaluator policyEvaluator)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
var endpoint = context.GetEndpoint();
if (endpoint != null)
{
// EndpointRoutingMiddleware uses this flag to check if the Authorization middleware processed auth metadata on the endpoint.
// The Authorization middleware can only make this claim if it observes an actual endpoint.
context.Items[AuthorizationMiddlewareInvokedWithEndpointKey] = AuthorizationMiddlewareWithEndpointInvokedValue;
}
var authorizeData = await authorizeDataManager.GetAuthorizeDataAsync();
if (authorizeData?.AllowedAnonymous == true)
{
await _next(context);
return;
}
var policy = await _policyCombiner.CombineAsync(authorizeData);
if (policy == null)
{
await _next(context);
return;
}
var authenticateResult = await policyEvaluator.AuthenticateAsync(policy, context);
// Note that the resource will be null if there is no matched endpoint
var authorizeResult = await policyEvaluator.AuthorizeAsync(policy, authenticateResult, context, resource : endpoint);
if (authorizeResult.Challenged)
{
if (policy.AuthenticationSchemes.Any())
{
foreach (var scheme in policy.AuthenticationSchemes)
{
await context.ChallengeAsync(scheme);
}
}
else
{
await context.ChallengeAsync();
}
return;
}
else if (authorizeResult.Forbidden)
{
if (policy.AuthenticationSchemes.Any())
{
foreach (var scheme in policy.AuthenticationSchemes)
{
await context.ForbidAsync(scheme);
}
}
else
{
await context.ForbidAsync();
}
return;
}
await _next(context);
}
public AuthorizationHandler(IPolicyEvaluator policyEvaluator)
{
this.policyEvaluator = policyEvaluator;
}
public UnAuthorizedRoleTagHelper(IHttpContextAccessor httpContextAccessor, IAuthorizationPolicyProvider policyProvider, IPolicyEvaluator policyEvaluator)
{
this.httpContextAccessor = httpContextAccessor;
authPolicyProvider = policyProvider;
this.policyEvaluator = policyEvaluator;
}
public SwaggerAuthorizedMiddleware(RequestDelegate next, IPolicyEvaluator policyEvaluator)
{
_next = next;
_policyEvaluator = policyEvaluator;
}
public async Task Invoke(HttpContext context, IProxyApplicationService applicationService, IPolicyEvaluator policyEvaluator)
{
var activeApplication = applicationService.GetActiveApplication();
var mode = context.Request.PathBase == ProxyMetaEndpoints.PathBase ? PathAuthOptions.AuthMode.Web :
activeApplication.GetPathMode(context.Request.Path);
if (!mode.HasValue)
{
context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
context.SetErrorDetail(Errors.Code.UnconfiguredPath, "Path has no authentication method configured.");
return;
}
if (mode == PathAuthOptions.AuthMode.None)
{
await _next(context);
return;
}
var policyName = mode == PathAuthOptions.AuthMode.Web ?
ProxyAuthComponents.GetWebPolicyName(activeApplication) :
ProxyAuthComponents.GetApiPolicyName(activeApplication);
var policy = await _policyProvider.GetPolicyAsync(policyName);
var authenticateResult = await policyEvaluator.AuthenticateAsync(policy, context);
var authorizeResult = await policyEvaluator.AuthorizeAsync(policy, authenticateResult, context, null);
var telemetry = context.Features.Get <RequestTelemetry>();
if (telemetry != null && authenticateResult.Succeeded)
{
telemetry.Context.User.Id = context.User.Identity.Name;
}
if (authorizeResult.Challenged)
{
await context.ChallengeAsync(policy.AuthenticationSchemes.First());
}
else if (authorizeResult.Forbidden)
{
await context.ForbidAsync(policy.AuthenticationSchemes.First());
}
else
{
await _next(context);
}
}
