-
Notifications
You must be signed in to change notification settings - Fork 820
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'master' of https://github.com/ayende/ravendb
- Loading branch information
Showing
548 changed files
with
47,291 additions
and
31,732 deletions.
There are no files selected for viewing
104 changes: 104 additions & 0 deletions
104
Bundles/Raven.Bundles.Tests/Authorization/Bugs/Matthew.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,104 @@ | ||
extern alias client; | ||
using Raven.Client.Exceptions; | ||
using client::Raven.Bundles.Authorization.Model; | ||
using System.Collections.Generic; | ||
using Raven.Client; | ||
using Xunit; | ||
|
||
namespace Raven.Bundles.Tests.Authorization.Bugs | ||
{ | ||
public class Matthew : AuthorizationTest | ||
{ | ||
[Fact] | ||
public void AuthorizationDemo_Works() | ||
{ | ||
// Arrange | ||
using (IDocumentSession session = store.OpenSession()) | ||
{ | ||
session.Store( | ||
new AuthorizationRole | ||
{ | ||
Id = "Authorization/Roles/Nurses", | ||
Permissions = | ||
{ | ||
new OperationPermission | ||
{ | ||
Allow = true, | ||
Operation = "Appointment/Schedule", | ||
Tags = new List<string> {"Patient"} | ||
} | ||
} | ||
}); | ||
|
||
// Allow doctors to authorize hospitalizations | ||
session.Store( | ||
new AuthorizationRole | ||
{ | ||
Id = "Authorization/Roles/Doctors", | ||
Permissions = | ||
{ | ||
new OperationPermission | ||
{ | ||
Allow = true, | ||
Operation = "Hospitalization/Authorize", | ||
Tags = new List<string> {"Patient"} | ||
} | ||
} | ||
}); | ||
// Associate Patient with clinic | ||
var maryMallon = new Patient {Id = "Patients/MaryMallon"}; | ||
session.Store(maryMallon); | ||
client::Raven.Client.Authorization.AuthorizationClientExtensions.SetAuthorizationFor(session, maryMallon, | ||
new DocumentAuthorization | ||
{ | ||
Tags = | ||
{ | ||
"Clinics/Kirya", | ||
"Patient" | ||
} | ||
}); | ||
|
||
// Associate Doctor with clinic | ||
session.Store( | ||
new AuthorizationUser | ||
{ | ||
Id = "Authorization/Users/DrHowser", | ||
Name = "Doogie Howser", | ||
Roles = {"Authorization/Roles/Doctors"}, | ||
Permissions = | ||
{ | ||
new OperationPermission | ||
{ | ||
Allow = true, | ||
Operation = "Patient/View", | ||
Tags = new List<string> {"Clinics/Kirya"} | ||
}, | ||
} | ||
}); | ||
session.SaveChanges(); | ||
} | ||
|
||
|
||
// Assert | ||
using (IDocumentSession session = store.OpenSession()) | ||
{ | ||
client::Raven.Client.Authorization.AuthorizationClientExtensions.SecureFor(session, | ||
"Authorization/Users/NotDrHowser", | ||
"Hospitalization/Authorize"); | ||
var readVetoException = Assert.Throws<ReadVetoException>(() => session.Load<Patient>("Patients/MaryMallon")); | ||
Assert.Contains( | ||
"Could not find user: Authorization/Users/NotDrHowser for secured document: Patients/MaryMallon", | ||
readVetoException.Message); | ||
} | ||
} | ||
} | ||
|
||
public class Patient | ||
{ | ||
public string Id { get; set; } | ||
|
||
public void AuthorizeHospitalization() | ||
{ | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 change: 1 addition & 0 deletions
1
Bundles/Raven.Bundles.Tests/Replication/ReplicationDestinationDisabled.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,58 +1,79 @@ | ||
using System; | ||
using System.Collections.Concurrent; | ||
using System.IO; | ||
using System.Net; | ||
using Raven.Abstractions.Data; | ||
using Raven.Abstractions.OAuth; | ||
|
||
namespace Raven.Abstractions.Connection | ||
{ | ||
public class HttpRavenRequestFactory | ||
{ | ||
public int? RequestTimeoutInMs { get; set; } | ||
|
||
private bool RefreshOauthToken(RavenConnectionStringOptions options, WebResponse response) | ||
readonly ConcurrentDictionary<string, AbstractAuthenticator> authenticators = new ConcurrentDictionary<string, AbstractAuthenticator>(); | ||
|
||
public void ConfigureRequest(RavenConnectionStringOptions options, WebRequest request) | ||
{ | ||
var oauthSource = response.Headers["OAuth-Source"]; | ||
if (string.IsNullOrEmpty(oauthSource)) | ||
return false; | ||
if (RequestTimeoutInMs.HasValue) | ||
request.Timeout = RequestTimeoutInMs.Value; | ||
|
||
var authRequest = PrepareOAuthRequest(options, oauthSource); | ||
using (var authResponse = authRequest.GetResponse()) | ||
using (var stream = authResponse.GetResponseStreamWithHttpDecompression()) | ||
using (var reader = new StreamReader(stream)) | ||
if (options.ApiKey == null) | ||
{ | ||
options.CurrentOAuthToken = "Bearer " + reader.ReadToEnd(); | ||
request.Credentials = options.Credentials ?? CredentialCache.DefaultNetworkCredentials; | ||
return; | ||
} | ||
return true; | ||
} | ||
|
||
private HttpWebRequest PrepareOAuthRequest(RavenConnectionStringOptions options, string oauthSource) | ||
{ | ||
var authRequest = (HttpWebRequest) WebRequest.Create(oauthSource); | ||
authRequest.Credentials = options.Credentials; | ||
authRequest.Headers["Accept-Encoding"] = "deflate,gzip"; | ||
authRequest.Accept = "application/json;charset=UTF-8"; | ||
var webRequestEventArgs = new WebRequestEventArgs { Request = request }; | ||
|
||
authRequest.Headers["grant_type"] = "client_credentials"; | ||
|
||
if (string.IsNullOrEmpty(options.ApiKey) == false) | ||
authRequest.Headers["Api-Key"] = options.ApiKey; | ||
AbstractAuthenticator existingAuthenticator; | ||
if (authenticators.TryGetValue(options.ApiKey, out existingAuthenticator)) | ||
{ | ||
existingAuthenticator.ConfigureRequest(this, webRequestEventArgs); | ||
} | ||
else | ||
{ | ||
var basicAuthenticator = new BasicAuthenticator(options.ApiKey, enableBasicAuthenticationOverUnsecuredHttp: false); | ||
var securedAuthenticator = new SecuredAuthenticator(options.ApiKey); | ||
|
||
return authRequest; | ||
basicAuthenticator.ConfigureRequest(this, webRequestEventArgs); | ||
securedAuthenticator.ConfigureRequest(this, webRequestEventArgs); | ||
} | ||
} | ||
|
||
public void ConfigureRequest(RavenConnectionStringOptions options, WebRequest request) | ||
public HttpRavenRequest Create(string url, string method, RavenConnectionStringOptions connectionStringOptions) | ||
{ | ||
request.Credentials = options.Credentials ?? CredentialCache.DefaultNetworkCredentials; | ||
|
||
if (RequestTimeoutInMs.HasValue) | ||
request.Timeout = RequestTimeoutInMs.Value; | ||
|
||
if (string.IsNullOrEmpty(options.CurrentOAuthToken) == false) | ||
request.Headers["Authorization"] = options.CurrentOAuthToken; | ||
return new HttpRavenRequest(url, method, ConfigureRequest, HandleUnauthorizedResponse, connectionStringOptions); | ||
} | ||
|
||
public HttpRavenRequest Create(string url, string method, RavenConnectionStringOptions connectionStringOptions) | ||
private bool HandleUnauthorizedResponse(RavenConnectionStringOptions options, WebResponse webResponse) | ||
{ | ||
return new HttpRavenRequest(url, method, ConfigureRequest, RefreshOauthToken, connectionStringOptions); | ||
if (options.ApiKey == null) | ||
return false; | ||
|
||
var oauthSource = webResponse.Headers["OAuth-Source"]; | ||
|
||
var useBasicAuthenticator = | ||
string.IsNullOrEmpty(oauthSource) == false && | ||
oauthSource.EndsWith("/OAuth/API-Key", StringComparison.CurrentCultureIgnoreCase) == false; | ||
|
||
var authenticator = authenticators.GetOrAdd( | ||
options.ApiKey, | ||
apiKey => | ||
{ | ||
if (useBasicAuthenticator) | ||
{ | ||
return new BasicAuthenticator(apiKey, enableBasicAuthenticationOverUnsecuredHttp: false); | ||
} | ||
return new SecuredAuthenticator(apiKey); | ||
}); | ||
|
||
if (useBasicAuthenticator == false) | ||
oauthSource = options.Url + "/OAuth/API-Key"; | ||
|
||
var result = authenticator.DoOAuthRequest(oauthSource); | ||
return result != null; | ||
} | ||
} | ||
} |
Oops, something went wrong.