Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

#214 authorization improvements #2659

Merged
merged 10 commits into from Apr 11, 2020
Merged

#214 authorization improvements #2659

merged 10 commits into from Apr 11, 2020

Conversation

mperk
Copy link
Contributor

@mperk mperk commented Jan 16, 2020

Resolve first item in #214
MethodInvocationAuthorizationService should check Roles

maliming
maliming reviewed Jan 17, 2020
View reviewed changes
...rk/src/Volo.Abp.Authorization/Volo/Abp/Authorization/MethodInvocationAuthorizationService.cs Outdated
{
throw new AbpAuthorizationException("Authorization failed! User has not logged in.");
throw new AbpAuthorizationException("Authorization failed! Given roles has not granted: " + authorizationAttribute.Roles);
}
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hi @mperk

Policy and Roles should be combined, which means we have to check them together, We can build a combination of Policy and Roles .

 await _authorizationService.CheckAsync(authorizationPolicy);

https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.authorization.authorizationpolicybuilder?view=aspnetcore-3.1

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because AuthorizationPolicyBuilder can also add AuthenticationSchemes, we should also test it. As mentioned in #214

- [ ] MethodInvocationAuthorizationService should also evaluate the auth schema (not sure) .

Copy link
Contributor Author

@mperk mperk Jan 17, 2020
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok thank you for quick reply. I will research and develop

@hikalkan hikalkan added this to the 2.1 milestone Jan 17, 2020
@hikalkan hikalkan self-requested a review January 17, 2020 16:17
maliming
maliming reviewed Jan 20, 2020
View reviewed changes
framework/test/Volo.Abp.Authorization.Tests/Volo/Abp/Authorization/Authorization_Tests.cs Outdated
Comment on lines 57 to 70
public async Task Should_Not_Allow_To_Call_Method_If_Has_No_Role_ProtectedByRole_Async()
{
await Assert.ThrowsAsync<AbpAuthorizationException>(async () =>
{
await _myAuthorizedService1.ProtectedByRole().ConfigureAwait(false);
}).ConfigureAwait(false);
}

[Fact]
public async Task Should_Allow_To_Call_Method_If_Has_No_Role_ProtectedByRole_Async()
{
int result = await _myAuthorizedService1.ProtectedByRole().ConfigureAwait(false);
result.ShouldBe(42);
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

await _myAuthorizedService1.ProtectedByRole().ConfigureAwait(false);

I guess one of the unit test methods will fail.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, it is fail. I am still developing for that. Had very little.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @maliming ,
I finished finally. You can check.

@maliming
Copy link
Member

hi @mperk
I made some changes. see 583cdba

Regarding AuthenticationSchemes, if we use Authorize attribute in the web layer controller, the authentication function of Asp Net Core will automatically handle Policy, Roles, AuthenticationSchemes.

MethodInvocationAuthorizationService is more for application services.

Will AuthenticationScheme be used in application services? I'm not sure.

If we want to handle AuthenticationSchemes, we need to use HttpContext.

@mperk
Copy link
Contributor Author

mperk commented Jan 21, 2020

hi @mperk
I made some changes. see 583cdba

Regarding AuthenticationSchemes, if we use Authorize attribute in the web layer controller, the authentication function of Asp Net Core will automatically handle Policy, Roles, AuthenticationSchemes.

MethodInvocationAuthorizationService is more for application services.

Will AuthenticationScheme be used in application services? I'm not sure.

If we want to handle AuthenticationSchemes, we need to use HttpContext.

Very good. Thanks.

@hikalkan hikalkan modified the milestones: 2.1, 2.2 Feb 20, 2020
@hikalkan
Copy link
Member

hikalkan commented Mar 3, 2020

As I see, some unit tests are failing.

image

Message: 
    System.ArgumentNullException : Value cannot be null. (Parameter 'policy')
  Stack Trace: 
    AuthorizationServiceExtensions.AuthorizeAsync(IAuthorizationService service, ClaimsPrincipal user, Object resource, AuthorizationPolicy policy)
    AbpAuthorizationServiceExtensions.AuthorizeAsync(IAuthorizationService authorizationService, Object resource, AuthorizationPolicy policy) line 30
    AbpAuthorizationServiceExtensions.AuthorizeAsync(IAuthorizationService authorizationService, AuthorizationPolicy policy) line 39
    AbpAuthorizationServiceExtensions.IsGrantedAsync(IAuthorizationService authorizationService, AuthorizationPolicy policy) line 81
    AbpAuthorizationServiceExtensions.CheckAsync(IAuthorizationService authorizationService, AuthorizationPolicy policy) line 120
    MethodInvocationAuthorizationService.CheckAsync(MethodInvocationAuthorizationContext context) line 32
    AuthorizationInterceptor.AuthorizeAsync(IAbpMethodInvocation invocation) line 24
    AuthorizationInterceptor.InterceptAsync(IAbpMethodInvocation invocation) line 18
    CastleAsyncAbpInterceptorAdapter`1.InterceptAsync(IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed) line 20
    ControllerActionInvoker.<InvokeInnerFilterAsync>g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
    ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
    ResourceInvoker.Rethrow(ExceptionContextSealed context)
    ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
    ResourceInvoker.InvokeNextResourceFilter()
    --- End of stack trace from previous location where exception was thrown ---
    ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
    ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
    ResourceInvoker.InvokeFilterPipelineAsync()
    --- End of stack trace from previous location where exception was thrown ---
    ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
    EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
    AbpUnitOfWorkMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) line 23
    <<UseMiddlewareInterface>b__1>d.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
    AbpExceptionHandlingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) line 32
    AbpExceptionHandlingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) line 52
    <<UseMiddlewareInterface>b__1>d.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
    AbpAuditingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) line 37
    AbpAuditingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) line 54
    <<UseMiddlewareInterface>b__1>d.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
    AuthorizationMiddleware.Invoke(HttpContext context)
    FakeAuthenticationMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) line 29
    <<UseMiddlewareInterface>b__1>d.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
    RequestLocalizationMiddleware.Invoke(HttpContext context)
    AbpRequestLocalizationMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) line 34
    <<UseMiddlewareInterface>b__1>d.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
    AbpCorrelationIdMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) line 27
    <<UseMiddlewareInterface>b__1>d.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
    <<SendAsync>g__RunRequestAsync|0>d.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
    ClientHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
    HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
    AbpAspNetCoreTestBase`1.GetResponseAsync(String url, HttpStatusCode expectedStatusCode) line 46
    AbpAspNetCoreTestBase`1.GetResponseAsStringAsync(String url, HttpStatusCode expectedStatusCode) line 35
    AuthTestController_Tests.Should_Authorize_For_Defined_And_Allowed_Permission() line 84
    --- End of stack trace from previous location where exception was thrown ---

@hikalkan hikalkan modified the milestones: 2.2, 2.3 Mar 3, 2020
@maliming
Copy link
Member

maliming commented Mar 4, 2020

@hikalkan I fixed the unit tests.

@hikalkan hikalkan modified the milestones: 2.3, 2.4, 2.5 Mar 18, 2020
@hikalkan hikalkan modified the milestones: 2.4, 2.5 Mar 18, 2020
@ebicoglu ebicoglu modified the milestones: 2.5, 2.6 Apr 10, 2020
@hikalkan hikalkan merged commit 63cb2f0 into abpframework:dev Apr 11, 2020
@hikalkan
Copy link
Member

Thanks to both of you :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maliming maliming maliming left review comments

@hikalkan hikalkan Awaiting requested review from hikalkan

Assignees
No one assigned
Labels
abp-framework enhancement
Projects
None yet
Milestone
2.6
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@mperk @maliming @hikalkan @ebicoglu