From 6ea1a877331ad22ad25cfbfc60d3e4b2fe477fc8 Mon Sep 17 00:00:00 2001 From: Arturo Martinez Date: Fri, 18 Nov 2022 15:38:27 -0600 Subject: [PATCH 1/3] adding guards for started response after AuthorizeAsync --- .build/release.props | 4 +- ...ctions.Authorize.SampleFunctions.V4.csproj | 2 +- .../FunctionsHttpAuthorizationHandler.cs | 42 +++++++++++-------- 3 files changed, 27 insertions(+), 21 deletions(-) diff --git a/.build/release.props b/.build/release.props index afc7ab6..6a58291 100644 --- a/.build/release.props +++ b/.build/release.props @@ -4,9 +4,9 @@ Arturo Martinez DarkLoop DarkLoop.Azure.Functions.Authorize - false + true 3.0.0.0 - 3.1.1 + 3.1.2 $(Version).0 https://github.com/dark-loop/functions-authorize https://github.com/dark-loop/functions-authorize/blob/master/LICENSE diff --git a/sample/Darkloop.Azure.Functions.Authorize.SampleFunctions.V4/Darkloop.Azure.Functions.Authorize.SampleFunctions.V4.csproj b/sample/Darkloop.Azure.Functions.Authorize.SampleFunctions.V4/Darkloop.Azure.Functions.Authorize.SampleFunctions.V4.csproj index 5c3c564..87dbdd4 100644 --- a/sample/Darkloop.Azure.Functions.Authorize.SampleFunctions.V4/Darkloop.Azure.Functions.Authorize.SampleFunctions.V4.csproj +++ b/sample/Darkloop.Azure.Functions.Authorize.SampleFunctions.V4/Darkloop.Azure.Functions.Authorize.SampleFunctions.V4.csproj @@ -6,7 +6,7 @@ - + diff --git a/src/DarkLoop.Azure.Functions.Authorize/Security/FunctionsHttpAuthorizationHandler.cs b/src/DarkLoop.Azure.Functions.Authorize/Security/FunctionsHttpAuthorizationHandler.cs index 22b0a35..e3265e7 100644 --- a/src/DarkLoop.Azure.Functions.Authorize/Security/FunctionsHttpAuthorizationHandler.cs +++ b/src/DarkLoop.Azure.Functions.Authorize/Security/FunctionsHttpAuthorizationHandler.cs @@ -36,39 +36,45 @@ public async Task OnAuthorizingFunctionInstance(FunctionExecutingContext functio if (context.Result is ChallengeResult challenge) { - if (challenge.AuthenticationSchemes != null && challenge.AuthenticationSchemes.Count > 0) + if (!httpContext.Response.HasStarted) { - foreach (var scheme in challenge.AuthenticationSchemes) + if (challenge.AuthenticationSchemes != null && challenge.AuthenticationSchemes.Count > 0) { - await httpContext.ChallengeAsync(scheme); + foreach (var scheme in challenge.AuthenticationSchemes) + { + await httpContext.ChallengeAsync(scheme); + } } - } - else - { - await httpContext.ChallengeAsync(); + else + { + await httpContext.ChallengeAsync(); + } + + await SetResponseAsync("Unauthorized", httpContext.Response); } - await SetResponseAsync("Unauthorized", httpContext.Response); - // need to make sure function stops executing. At this moment this is the only way. BombFunctionInstance(HttpStatusCode.Unauthorized); } if (context.Result is ForbidResult forbid) { - if (forbid.AuthenticationSchemes != null && forbid.AuthenticationSchemes.Count > 0) + if (!httpContext.Response.HasStarted) { - foreach (var scheme in forbid.AuthenticationSchemes) + if (forbid.AuthenticationSchemes != null && forbid.AuthenticationSchemes.Count > 0) { - await httpContext.ForbidAsync(scheme); + foreach (var scheme in forbid.AuthenticationSchemes) + { + await httpContext.ForbidAsync(scheme); + } + } + else + { + await httpContext.ForbidAsync(); } - } - else - { - await httpContext.ForbidAsync(); - } - await SetResponseAsync("Forbidden", httpContext.Response); + await SetResponseAsync("Forbidden", httpContext.Response); + } // need to make sure function stops executing. At this moment this is the only way. BombFunctionInstance(HttpStatusCode.Forbidden); From 514525f096fbd00f71ed23ebc40d3a71000fbffc Mon Sep 17 00:00:00 2001 From: Arturo Martinez Date: Fri, 18 Nov 2022 15:40:55 -0600 Subject: [PATCH 2/3] adding guards for started response after AuthorizeAsync --- .build/release.props | 4 +- ...ctions.Authorize.SampleFunctions.V4.csproj | 2 +- .../FunctionsHttpAuthorizationHandler.cs | 42 ++++++++----------- 3 files changed, 21 insertions(+), 27 deletions(-) diff --git a/.build/release.props b/.build/release.props index 6a58291..afc7ab6 100644 --- a/.build/release.props +++ b/.build/release.props @@ -4,9 +4,9 @@ Arturo Martinez DarkLoop DarkLoop.Azure.Functions.Authorize - true + false 3.0.0.0 - 3.1.2 + 3.1.1 $(Version).0 https://github.com/dark-loop/functions-authorize https://github.com/dark-loop/functions-authorize/blob/master/LICENSE diff --git a/sample/Darkloop.Azure.Functions.Authorize.SampleFunctions.V4/Darkloop.Azure.Functions.Authorize.SampleFunctions.V4.csproj b/sample/Darkloop.Azure.Functions.Authorize.SampleFunctions.V4/Darkloop.Azure.Functions.Authorize.SampleFunctions.V4.csproj index 87dbdd4..5c3c564 100644 --- a/sample/Darkloop.Azure.Functions.Authorize.SampleFunctions.V4/Darkloop.Azure.Functions.Authorize.SampleFunctions.V4.csproj +++ b/sample/Darkloop.Azure.Functions.Authorize.SampleFunctions.V4/Darkloop.Azure.Functions.Authorize.SampleFunctions.V4.csproj @@ -6,7 +6,7 @@ - + diff --git a/src/DarkLoop.Azure.Functions.Authorize/Security/FunctionsHttpAuthorizationHandler.cs b/src/DarkLoop.Azure.Functions.Authorize/Security/FunctionsHttpAuthorizationHandler.cs index e3265e7..22b0a35 100644 --- a/src/DarkLoop.Azure.Functions.Authorize/Security/FunctionsHttpAuthorizationHandler.cs +++ b/src/DarkLoop.Azure.Functions.Authorize/Security/FunctionsHttpAuthorizationHandler.cs @@ -36,45 +36,39 @@ public async Task OnAuthorizingFunctionInstance(FunctionExecutingContext functio if (context.Result is ChallengeResult challenge) { - if (!httpContext.Response.HasStarted) + if (challenge.AuthenticationSchemes != null && challenge.AuthenticationSchemes.Count > 0) { - if (challenge.AuthenticationSchemes != null && challenge.AuthenticationSchemes.Count > 0) + foreach (var scheme in challenge.AuthenticationSchemes) { - foreach (var scheme in challenge.AuthenticationSchemes) - { - await httpContext.ChallengeAsync(scheme); - } + await httpContext.ChallengeAsync(scheme); } - else - { - await httpContext.ChallengeAsync(); - } - - await SetResponseAsync("Unauthorized", httpContext.Response); + } + else + { + await httpContext.ChallengeAsync(); } + await SetResponseAsync("Unauthorized", httpContext.Response); + // need to make sure function stops executing. At this moment this is the only way. BombFunctionInstance(HttpStatusCode.Unauthorized); } if (context.Result is ForbidResult forbid) { - if (!httpContext.Response.HasStarted) + if (forbid.AuthenticationSchemes != null && forbid.AuthenticationSchemes.Count > 0) { - if (forbid.AuthenticationSchemes != null && forbid.AuthenticationSchemes.Count > 0) + foreach (var scheme in forbid.AuthenticationSchemes) { - foreach (var scheme in forbid.AuthenticationSchemes) - { - await httpContext.ForbidAsync(scheme); - } + await httpContext.ForbidAsync(scheme); } - else - { - await httpContext.ForbidAsync(); - } - - await SetResponseAsync("Forbidden", httpContext.Response); } + else + { + await httpContext.ForbidAsync(); + } + + await SetResponseAsync("Forbidden", httpContext.Response); // need to make sure function stops executing. At this moment this is the only way. BombFunctionInstance(HttpStatusCode.Forbidden); From eb815478666d161de9d936749ef99cde5bb66404 Mon Sep 17 00:00:00 2001 From: Arturo Martinez Date: Fri, 18 Nov 2022 15:46:02 -0600 Subject: [PATCH 3/3] adding guards for started response after AuthorizeAsync --- .build/release.props | 4 +- .../FunctionsHttpAuthorizationHandler.cs | 42 +++++++++++-------- 2 files changed, 26 insertions(+), 20 deletions(-) diff --git a/.build/release.props b/.build/release.props index afc7ab6..6a58291 100644 --- a/.build/release.props +++ b/.build/release.props @@ -4,9 +4,9 @@ Arturo Martinez DarkLoop DarkLoop.Azure.Functions.Authorize - false + true 3.0.0.0 - 3.1.1 + 3.1.2 $(Version).0 https://github.com/dark-loop/functions-authorize https://github.com/dark-loop/functions-authorize/blob/master/LICENSE diff --git a/src/DarkLoop.Azure.Functions.Authorize/Security/FunctionsHttpAuthorizationHandler.cs b/src/DarkLoop.Azure.Functions.Authorize/Security/FunctionsHttpAuthorizationHandler.cs index 22b0a35..e3265e7 100644 --- a/src/DarkLoop.Azure.Functions.Authorize/Security/FunctionsHttpAuthorizationHandler.cs +++ b/src/DarkLoop.Azure.Functions.Authorize/Security/FunctionsHttpAuthorizationHandler.cs @@ -36,39 +36,45 @@ public async Task OnAuthorizingFunctionInstance(FunctionExecutingContext functio if (context.Result is ChallengeResult challenge) { - if (challenge.AuthenticationSchemes != null && challenge.AuthenticationSchemes.Count > 0) + if (!httpContext.Response.HasStarted) { - foreach (var scheme in challenge.AuthenticationSchemes) + if (challenge.AuthenticationSchemes != null && challenge.AuthenticationSchemes.Count > 0) { - await httpContext.ChallengeAsync(scheme); + foreach (var scheme in challenge.AuthenticationSchemes) + { + await httpContext.ChallengeAsync(scheme); + } } - } - else - { - await httpContext.ChallengeAsync(); + else + { + await httpContext.ChallengeAsync(); + } + + await SetResponseAsync("Unauthorized", httpContext.Response); } - await SetResponseAsync("Unauthorized", httpContext.Response); - // need to make sure function stops executing. At this moment this is the only way. BombFunctionInstance(HttpStatusCode.Unauthorized); } if (context.Result is ForbidResult forbid) { - if (forbid.AuthenticationSchemes != null && forbid.AuthenticationSchemes.Count > 0) + if (!httpContext.Response.HasStarted) { - foreach (var scheme in forbid.AuthenticationSchemes) + if (forbid.AuthenticationSchemes != null && forbid.AuthenticationSchemes.Count > 0) { - await httpContext.ForbidAsync(scheme); + foreach (var scheme in forbid.AuthenticationSchemes) + { + await httpContext.ForbidAsync(scheme); + } + } + else + { + await httpContext.ForbidAsync(); } - } - else - { - await httpContext.ForbidAsync(); - } - await SetResponseAsync("Forbidden", httpContext.Response); + await SetResponseAsync("Forbidden", httpContext.Response); + } // need to make sure function stops executing. At this moment this is the only way. BombFunctionInstance(HttpStatusCode.Forbidden);