Skip to content

Commit

Permalink
Fixed authorize interceptor not skipping non auth directives. (#5706)
Browse files Browse the repository at this point in the history
  • Loading branch information
@michaelstaib
michaelstaib committed Jan 22, 2023
1 parent ba942cc commit b927300
Show file tree
Hide file tree
Showing 3 changed files with 54 additions and 41 deletions.
14 changes: 0 additions & 14 deletions src/HotChocolate/Caching/HotChocolate.Caching.sln
View file
Expand Up @@ -7,12 +7,8 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{4B17EC9B-719
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "HotChocolate.Caching", "src\Caching\HotChocolate.Caching.csproj", "{EFB34018-4E3E-4FD2-BB0F-0CD9B534F3B7}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "HotChocolate.Caching.Http", "src\Caching.Http\HotChocolate.Caching.Http.csproj", "{F6DB8BF3-C52E-4C7A-9592-577901125BDD}"
EndProject
Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "test", "test", "{0655A72B-6DC9-4706-A15B-BC6CDE1085AC}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "HotChocolate.Caching.Http.Tests", "test\Caching.Http.Tests\HotChocolate.Caching.Http.Tests.csproj", "{2C77C7EE-577A-42B8-9CC0-612C134F2E89}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "HotChocolate.Caching.Tests", "test\Caching.Tests\HotChocolate.Caching.Tests.csproj", "{E16E7EF4-4CC9-4867-9A62-9837960CD976}"
EndProject
Global
Expand All @@ -28,23 +24,13 @@ Global
{EFB34018-4E3E-4FD2-BB0F-0CD9B534F3B7}.Debug|Any CPU.Build.0 = Debug|Any CPU
{EFB34018-4E3E-4FD2-BB0F-0CD9B534F3B7}.Release|Any CPU.ActiveCfg = Release|Any CPU
{EFB34018-4E3E-4FD2-BB0F-0CD9B534F3B7}.Release|Any CPU.Build.0 = Release|Any CPU
{F6DB8BF3-C52E-4C7A-9592-577901125BDD}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{F6DB8BF3-C52E-4C7A-9592-577901125BDD}.Debug|Any CPU.Build.0 = Debug|Any CPU
{F6DB8BF3-C52E-4C7A-9592-577901125BDD}.Release|Any CPU.ActiveCfg = Release|Any CPU
{F6DB8BF3-C52E-4C7A-9592-577901125BDD}.Release|Any CPU.Build.0 = Release|Any CPU
{2C77C7EE-577A-42B8-9CC0-612C134F2E89}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{2C77C7EE-577A-42B8-9CC0-612C134F2E89}.Debug|Any CPU.Build.0 = Debug|Any CPU
{2C77C7EE-577A-42B8-9CC0-612C134F2E89}.Release|Any CPU.ActiveCfg = Release|Any CPU
{2C77C7EE-577A-42B8-9CC0-612C134F2E89}.Release|Any CPU.Build.0 = Release|Any CPU
{E16E7EF4-4CC9-4867-9A62-9837960CD976}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{E16E7EF4-4CC9-4867-9A62-9837960CD976}.Debug|Any CPU.Build.0 = Debug|Any CPU
{E16E7EF4-4CC9-4867-9A62-9837960CD976}.Release|Any CPU.ActiveCfg = Release|Any CPU
{E16E7EF4-4CC9-4867-9A62-9837960CD976}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(NestedProjects) = preSolution
{EFB34018-4E3E-4FD2-BB0F-0CD9B534F3B7} = {4B17EC9B-7197-45CB-BD67-17F7120A0321}
{F6DB8BF3-C52E-4C7A-9592-577901125BDD} = {4B17EC9B-7197-45CB-BD67-17F7120A0321}
{2C77C7EE-577A-42B8-9CC0-612C134F2E89} = {0655A72B-6DC9-4706-A15B-BC6CDE1085AC}
{E16E7EF4-4CC9-4867-9A62-9837960CD976} = {0655A72B-6DC9-4706-A15B-BC6CDE1085AC}
EndGlobalSection
EndGlobal
52 changes: 31 additions & 21 deletions src/HotChocolate/Core/src/Authorization/AuthorizationTypeInterceptor.cs
View file
Expand Up @@ -255,16 +255,21 @@ private void CheckForValidationAuth(ObjectTypeInfo type)

var directives = GetOrCreateDirectives(type.TypeReg);
var length = directives.Count;
var start = directives.GetReference();
ref var start = ref directives.GetReference();

for (var i = length - 1; i >= 0; i--)
{
var directive = Unsafe.Add(ref start, i).AsValue<AuthorizeDirective>();
var directive = Unsafe.Add(ref start, i);

if (directive.Apply is ApplyPolicy.Validation)
if (directive.Type.Name.EqualsOrdinal(Authorize))
{
_schemaContextData[AuthorizationRequestPolicy] = true;
return;
var authDir = directive.AsValue<AuthorizeDirective>();

if (authDir.Apply is ApplyPolicy.Validation)
{
_schemaContextData[AuthorizationRequestPolicy] = true;
return;
}
}
}
}
Expand Down Expand Up @@ -325,28 +330,33 @@ private void CheckForValidationAuth(ObjectTypeInfo type)
{
var directives = GetOrCreateDirectives(authTypeReg);
var length = directives.Count;
var start = directives.GetReference();
ref var start = ref directives.GetReference();

for (var i = length - 1; i >= 0; i--)
{
var directive = Unsafe.Add(ref start, i).AsValue<AuthorizeDirective>();
var directive = Unsafe.Add(ref start, i);

if (directive.Apply is ApplyPolicy.Validation)
if (directive.Type.Name.EqualsOrdinal(Authorize))
{
_schemaContextData[AuthorizationRequestPolicy] = true;
continue;
}
var authDir = directive.AsValue<AuthorizeDirective>();

if (isNodeField && (options?.SkipNodeFields(directive) ?? false))
{
continue;
}
if (authDir.Apply is ApplyPolicy.Validation)
{
_schemaContextData[AuthorizationRequestPolicy] = true;
continue;
}

fieldDef.MiddlewareDefinitions.Insert(
0,
CreateAuthMiddleware(
directive,
schemaServices));
if (isNodeField && (options?.SkipNodeFields(authDir) ?? false))
{
continue;
}

fieldDef.MiddlewareDefinitions.Insert(
0,
CreateAuthMiddleware(
authDir,
schemaServices));
}
}
}

Expand Down Expand Up @@ -489,7 +499,7 @@ private static bool IsAuthorizedType<T>(T definition)
var length = directives.Count;

#if NET6_0_OR_GREATER
var start = MemoryMarshal.GetReference(CollectionsMarshal.AsSpan(directives));
ref var start = ref MemoryMarshal.GetReference(CollectionsMarshal.AsSpan(directives));
#endif

for (var i = 0; i < length; i++)
Expand Down
29 changes: 23 additions & 6 deletions src/HotChocolate/Core/test/Authorization.Tests/AnnotationBasedAuthorizationTests.cs
View file
Expand Up @@ -3,6 +3,7 @@
using HotChocolate.Execution;
using HotChocolate.Resolvers;
using HotChocolate.Types;
using HotChocolate.Types.Descriptors;
using HotChocolate.Types.Relay;
using HotChocolate.Utilities;
using Microsoft.Extensions.DependencyInjection;
Expand Down Expand Up @@ -574,8 +575,9 @@ public async Task Skip_Authorize_On_Node_Field()
.Services
.BuildServiceProvider();

[FooDirective]
[Authorize("QUERY", ApplyPolicy.Validation)]
public sealed class Query
public sealed class Query
{
[NodeResolver]
public Person? GetPerson(string id)
Expand All @@ -592,24 +594,27 @@ public sealed class Query
[Authorize("READ_AUTH", ApplyPolicy.Validation)]
public bool? ThisIsAuthorizedOnValidation() => true;

[ID(nameof(Person))] public string Test() => "abc";
[ID(nameof(Person))]
public string Test() => "abc";
}

[Authorize("READ_PERSON")]
public sealed record Person(string Id, string? Name);
public sealed record Person(string Id, string? Name);

public sealed record Street(string? Value) : ICityOrStreet;
public sealed record Street(string? Value) : ICityOrStreet;

[Authorize("READ_CITY", Apply = ApplyPolicy.AfterResolver)]
public sealed record City(string? Value) : ICityOrStreet;
public sealed record City(string? Value) : ICityOrStreet;

[UnionType]
public interface ICityOrStreet { }

private sealed class AuthHandler : IAuthorizationHandler
{
private readonly Func<IMiddlewareContext, AuthorizeDirective, AuthorizeResult> _resolver;
private readonly Func<AuthorizationContext, AuthorizeDirective, AuthorizeResult> _validation;

private readonly Func<AuthorizationContext, AuthorizeDirective, AuthorizeResult>
_validation;

public AuthHandler(AuthorizeResult result)
{
Expand Down Expand Up @@ -655,4 +660,16 @@ public AuthHandler(AuthorizeResult resolver, AuthorizeResult validation)
return new(AuthorizeResult.Allowed);
}
}

[DirectiveType(DirectiveLocation.Object)]
public sealed class FooDirective { }

public sealed class FooDirectiveAttribute : ObjectTypeDescriptorAttribute
{
public override void OnConfigure(
IDescriptorContext context,
IObjectTypeDescriptor descriptor,
Type type)
=> descriptor.Directive(new FooDirective());
}
}

0 comments on commit b927300

Please sign in to comment.