mirror of
https://github.com/bitwarden/server.git
synced 2024-11-21 12:05:42 +01:00
Add AuthorizeOrThrowAsync extension method (#4790)
This commit is contained in:
parent
ab8c3af685
commit
2384e0b7ef
@ -1,7 +1,6 @@
|
|||||||
using Bit.Api.AdminConsole.Models.Request;
|
using Bit.Api.AdminConsole.Models.Request;
|
||||||
using Bit.Api.AdminConsole.Models.Response;
|
using Bit.Api.AdminConsole.Models.Response;
|
||||||
using Bit.Api.Models.Response;
|
using Bit.Api.Models.Response;
|
||||||
using Bit.Api.Utilities;
|
|
||||||
using Bit.Api.Vault.AuthorizationHandlers.Collections;
|
using Bit.Api.Vault.AuthorizationHandlers.Collections;
|
||||||
using Bit.Api.Vault.AuthorizationHandlers.Groups;
|
using Bit.Api.Vault.AuthorizationHandlers.Groups;
|
||||||
using Bit.Core.AdminConsole.OrganizationFeatures.Groups.Interfaces;
|
using Bit.Core.AdminConsole.OrganizationFeatures.Groups.Interfaces;
|
||||||
@ -11,6 +10,7 @@ using Bit.Core.Context;
|
|||||||
using Bit.Core.Exceptions;
|
using Bit.Core.Exceptions;
|
||||||
using Bit.Core.Repositories;
|
using Bit.Core.Repositories;
|
||||||
using Bit.Core.Services;
|
using Bit.Core.Services;
|
||||||
|
using Bit.Core.Utilities;
|
||||||
using Microsoft.AspNetCore.Authorization;
|
using Microsoft.AspNetCore.Authorization;
|
||||||
using Microsoft.AspNetCore.Mvc;
|
using Microsoft.AspNetCore.Mvc;
|
||||||
|
|
||||||
|
@ -2,7 +2,6 @@
|
|||||||
using Bit.Api.AdminConsole.Models.Response.Organizations;
|
using Bit.Api.AdminConsole.Models.Response.Organizations;
|
||||||
using Bit.Api.Models.Request.Organizations;
|
using Bit.Api.Models.Request.Organizations;
|
||||||
using Bit.Api.Models.Response;
|
using Bit.Api.Models.Response;
|
||||||
using Bit.Api.Utilities;
|
|
||||||
using Bit.Api.Vault.AuthorizationHandlers.Collections;
|
using Bit.Api.Vault.AuthorizationHandlers.Collections;
|
||||||
using Bit.Api.Vault.AuthorizationHandlers.OrganizationUsers;
|
using Bit.Api.Vault.AuthorizationHandlers.OrganizationUsers;
|
||||||
using Bit.Core;
|
using Bit.Core;
|
||||||
@ -22,6 +21,7 @@ using Bit.Core.OrganizationFeatures.OrganizationSubscriptions.Interface;
|
|||||||
using Bit.Core.OrganizationFeatures.OrganizationUsers.Interfaces;
|
using Bit.Core.OrganizationFeatures.OrganizationUsers.Interfaces;
|
||||||
using Bit.Core.Repositories;
|
using Bit.Core.Repositories;
|
||||||
using Bit.Core.Services;
|
using Bit.Core.Services;
|
||||||
|
using Bit.Core.Utilities;
|
||||||
using Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
|
using Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
|
||||||
using Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Requests;
|
using Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Requests;
|
||||||
using Microsoft.AspNetCore.Authorization;
|
using Microsoft.AspNetCore.Authorization;
|
||||||
|
@ -1,6 +1,5 @@
|
|||||||
using Bit.Api.Models.Request;
|
using Bit.Api.Models.Request;
|
||||||
using Bit.Api.Models.Response;
|
using Bit.Api.Models.Response;
|
||||||
using Bit.Api.Utilities;
|
|
||||||
using Bit.Api.Vault.AuthorizationHandlers.Collections;
|
using Bit.Api.Vault.AuthorizationHandlers.Collections;
|
||||||
using Bit.Core.Context;
|
using Bit.Core.Context;
|
||||||
using Bit.Core.Entities;
|
using Bit.Core.Entities;
|
||||||
@ -9,6 +8,7 @@ using Bit.Core.Models.Data;
|
|||||||
using Bit.Core.OrganizationFeatures.OrganizationCollections.Interfaces;
|
using Bit.Core.OrganizationFeatures.OrganizationCollections.Interfaces;
|
||||||
using Bit.Core.Repositories;
|
using Bit.Core.Repositories;
|
||||||
using Bit.Core.Services;
|
using Bit.Core.Services;
|
||||||
|
using Bit.Core.Utilities;
|
||||||
using Microsoft.AspNetCore.Authorization;
|
using Microsoft.AspNetCore.Authorization;
|
||||||
using Microsoft.AspNetCore.Mvc;
|
using Microsoft.AspNetCore.Mvc;
|
||||||
|
|
||||||
|
@ -1,7 +1,8 @@
|
|||||||
using System.Security.Claims;
|
using System.Security.Claims;
|
||||||
|
using Bit.Core.Exceptions;
|
||||||
using Microsoft.AspNetCore.Authorization;
|
using Microsoft.AspNetCore.Authorization;
|
||||||
|
|
||||||
namespace Bit.Api.Utilities;
|
namespace Bit.Core.Utilities;
|
||||||
|
|
||||||
public static class AuthorizationServiceExtensions
|
public static class AuthorizationServiceExtensions
|
||||||
{
|
{
|
||||||
@ -29,4 +30,26 @@ public static class AuthorizationServiceExtensions
|
|||||||
|
|
||||||
return service.AuthorizeAsync(user, resource: null, new[] { requirement });
|
return service.AuthorizeAsync(user, resource: null, new[] { requirement });
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Performs an authorization check and throws a <see cref="Bit.Core.Exceptions.NotFoundException"/> if the
|
||||||
|
/// check fails or the resource is null.
|
||||||
|
/// </summary>
|
||||||
|
public static async Task AuthorizeOrThrowAsync(this IAuthorizationService service,
|
||||||
|
ClaimsPrincipal user, object resource, IAuthorizationRequirement requirement)
|
||||||
|
{
|
||||||
|
ArgumentNullException.ThrowIfNull(service);
|
||||||
|
ArgumentNullException.ThrowIfNull(requirement);
|
||||||
|
|
||||||
|
if (resource == null)
|
||||||
|
{
|
||||||
|
throw new NotFoundException();
|
||||||
|
}
|
||||||
|
|
||||||
|
var authorizationResult = await service.AuthorizeAsync(user, resource, requirement);
|
||||||
|
if (!authorizationResult.Succeeded)
|
||||||
|
{
|
||||||
|
throw new NotFoundException();
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
@ -0,0 +1,38 @@
|
|||||||
|
using System.Security.Claims;
|
||||||
|
using Bit.Core.Exceptions;
|
||||||
|
using Microsoft.AspNetCore.Authorization;
|
||||||
|
using Microsoft.AspNetCore.Authorization.Infrastructure;
|
||||||
|
using NSubstitute;
|
||||||
|
using Xunit;
|
||||||
|
using AuthorizationServiceExtensions = Bit.Core.Utilities.AuthorizationServiceExtensions;
|
||||||
|
|
||||||
|
namespace Bit.Core.Test.Utilities;
|
||||||
|
|
||||||
|
public class AuthorizationServiceExtensionTests
|
||||||
|
{
|
||||||
|
[Fact]
|
||||||
|
async Task AuthorizeOrThrowAsync_ThrowsNotFoundException_IfResourceIsNull()
|
||||||
|
{
|
||||||
|
var authorizationService = Substitute.For<IAuthorizationService>();
|
||||||
|
await Assert.ThrowsAsync<NotFoundException>(() =>
|
||||||
|
AuthorizationServiceExtensions.AuthorizeOrThrowAsync(authorizationService, new ClaimsPrincipal(),
|
||||||
|
null, new OperationAuthorizationRequirement()));
|
||||||
|
}
|
||||||
|
|
||||||
|
[Fact]
|
||||||
|
async Task AuthorizeOrThrowAsync_ThrowsNotFoundException_IfAuthorizationFails()
|
||||||
|
{
|
||||||
|
var authorizationService = Substitute.For<IAuthorizationService>();
|
||||||
|
var claimsPrincipal = new ClaimsPrincipal();
|
||||||
|
var requirement = new OperationAuthorizationRequirement();
|
||||||
|
var resource = new object();
|
||||||
|
|
||||||
|
authorizationService
|
||||||
|
.AuthorizeAsync(claimsPrincipal, resource, Arg.Is<IEnumerable<IAuthorizationRequirement>>(r =>
|
||||||
|
r.First() == requirement))
|
||||||
|
.Returns(AuthorizationResult.Failed());
|
||||||
|
|
||||||
|
await Assert.ThrowsAsync<NotFoundException>(() =>
|
||||||
|
AuthorizationServiceExtensions.AuthorizeOrThrowAsync(authorizationService, claimsPrincipal, resource, requirement));
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user