-
Notifications
You must be signed in to change notification settings - Fork 117
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #22 from iayti/feature/CAS-18_Authorization
Feature/cas 18 authorization
- Loading branch information
Showing
29 changed files
with
576 additions
and
263 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
72 changes: 72 additions & 0 deletions
72
src/Common/Application/Common/Behaviours/AuthorizationBehaviour.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
using Application.Common.Exceptions; | ||
using Application.Common.Interfaces; | ||
using MediatR; | ||
using Microsoft.Extensions.Logging; | ||
using System; | ||
using System.Linq; | ||
using System.Reflection; | ||
using System.Threading; | ||
using System.Threading.Tasks; | ||
using Application.Common.Security; | ||
|
||
namespace Application.Common.Behaviours | ||
{ | ||
public class AuthorizationBehaviour<TRequest, TResponse> : IPipelineBehavior<TRequest, TResponse> | ||
{ | ||
private readonly ILogger<TRequest> _logger; | ||
private readonly ICurrentUserService _currentUserService; | ||
private readonly IIdentityService _identityService; | ||
|
||
public AuthorizationBehaviour( | ||
ILogger<TRequest> logger, | ||
ICurrentUserService currentUserService, | ||
IIdentityService identityService) | ||
{ | ||
_logger = logger; | ||
_currentUserService = currentUserService; | ||
_identityService = identityService; | ||
} | ||
|
||
public async Task<TResponse> Handle(TRequest request, CancellationToken cancellationToken, RequestHandlerDelegate<TResponse> next) | ||
{ | ||
var authorizeAttributes = request.GetType().GetCustomAttributes<AuthorizeAttribute>(); | ||
|
||
if (authorizeAttributes.Any()) | ||
{ | ||
// Must be authenticated user | ||
if (_currentUserService.UserId == null) | ||
{ | ||
throw new UnauthorizedAccessException(); | ||
} | ||
|
||
var authorizeAttributesWithRoles = authorizeAttributes.Where(a => !string.IsNullOrWhiteSpace(a.Roles)); | ||
|
||
if (authorizeAttributesWithRoles.Any()) | ||
{ | ||
foreach (var roles in authorizeAttributesWithRoles.Select(a => a.Roles.Split(','))) | ||
{ | ||
var authorized = false; | ||
foreach (var role in roles) | ||
{ | ||
var isInRole = await _identityService.UserIsInRole(_currentUserService.UserId, role.Trim()); | ||
if (isInRole) | ||
{ | ||
authorized = true; | ||
continue; | ||
} | ||
} | ||
|
||
// Must be a member of at least one role in roles | ||
if (!authorized) | ||
{ | ||
throw new ForbiddenAccessException(); | ||
} | ||
} | ||
} | ||
} | ||
|
||
// User is authorized / authorization not required | ||
return await next(); | ||
} | ||
} | ||
} |
9 changes: 9 additions & 0 deletions
9
src/Common/Application/Common/Exceptions/ForbiddenAccessException.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
using System; | ||
|
||
namespace Application.Common.Exceptions | ||
{ | ||
public class ForbiddenAccessException : Exception | ||
{ | ||
public ForbiddenAccessException() : base() { } | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
18 changes: 18 additions & 0 deletions
18
src/Common/Application/Common/Security/AuthorizeAttribute.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
using System; | ||
|
||
namespace Application.Common.Security | ||
{ | ||
[AttributeUsage(AttributeTargets.Class, AllowMultiple = true, Inherited = true)] | ||
public class AuthorizeAttribute : Attribute | ||
{ | ||
/// <summary> | ||
/// Initializes a new instance of the <see cref="AuthorizeAttribute"/> class. | ||
/// </summary> | ||
public AuthorizeAttribute() { } | ||
|
||
/// <summary> | ||
/// Gets or sets a comma delimited list of roles that are allowed to access the resource. | ||
/// </summary> | ||
public string Roles { get; set; } | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.