1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-21 12:05:42 +01:00

Add AuthorizeOrThrowAsync extension method (#4790)

This commit is contained in:
Thomas Rittson 2024-09-23 08:45:14 +10:00 committed by GitHub
parent ab8c3af685
commit 2384e0b7ef
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 65 additions and 4 deletions

View File

@ -1,7 +1,6 @@
using Bit.Api.AdminConsole.Models.Request; using Bit.Api.AdminConsole.Models.Request;
using Bit.Api.AdminConsole.Models.Response; using Bit.Api.AdminConsole.Models.Response;
using Bit.Api.Models.Response; using Bit.Api.Models.Response;
using Bit.Api.Utilities;
using Bit.Api.Vault.AuthorizationHandlers.Collections; using Bit.Api.Vault.AuthorizationHandlers.Collections;
using Bit.Api.Vault.AuthorizationHandlers.Groups; using Bit.Api.Vault.AuthorizationHandlers.Groups;
using Bit.Core.AdminConsole.OrganizationFeatures.Groups.Interfaces; using Bit.Core.AdminConsole.OrganizationFeatures.Groups.Interfaces;
@ -11,6 +10,7 @@ using Bit.Core.Context;
using Bit.Core.Exceptions; using Bit.Core.Exceptions;
using Bit.Core.Repositories; using Bit.Core.Repositories;
using Bit.Core.Services; using Bit.Core.Services;
using Bit.Core.Utilities;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;

View File

@ -2,7 +2,6 @@
using Bit.Api.AdminConsole.Models.Response.Organizations; using Bit.Api.AdminConsole.Models.Response.Organizations;
using Bit.Api.Models.Request.Organizations; using Bit.Api.Models.Request.Organizations;
using Bit.Api.Models.Response; using Bit.Api.Models.Response;
using Bit.Api.Utilities;
using Bit.Api.Vault.AuthorizationHandlers.Collections; using Bit.Api.Vault.AuthorizationHandlers.Collections;
using Bit.Api.Vault.AuthorizationHandlers.OrganizationUsers; using Bit.Api.Vault.AuthorizationHandlers.OrganizationUsers;
using Bit.Core; using Bit.Core;
@ -22,6 +21,7 @@ using Bit.Core.OrganizationFeatures.OrganizationSubscriptions.Interface;
using Bit.Core.OrganizationFeatures.OrganizationUsers.Interfaces; using Bit.Core.OrganizationFeatures.OrganizationUsers.Interfaces;
using Bit.Core.Repositories; using Bit.Core.Repositories;
using Bit.Core.Services; using Bit.Core.Services;
using Bit.Core.Utilities;
using Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces; using Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
using Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Requests; using Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Requests;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;

View File

@ -1,6 +1,5 @@
using Bit.Api.Models.Request; using Bit.Api.Models.Request;
using Bit.Api.Models.Response; using Bit.Api.Models.Response;
using Bit.Api.Utilities;
using Bit.Api.Vault.AuthorizationHandlers.Collections; using Bit.Api.Vault.AuthorizationHandlers.Collections;
using Bit.Core.Context; using Bit.Core.Context;
using Bit.Core.Entities; using Bit.Core.Entities;
@ -9,6 +8,7 @@ using Bit.Core.Models.Data;
using Bit.Core.OrganizationFeatures.OrganizationCollections.Interfaces; using Bit.Core.OrganizationFeatures.OrganizationCollections.Interfaces;
using Bit.Core.Repositories; using Bit.Core.Repositories;
using Bit.Core.Services; using Bit.Core.Services;
using Bit.Core.Utilities;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;

View File

@ -1,7 +1,8 @@
using System.Security.Claims; using System.Security.Claims;
using Bit.Core.Exceptions;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
namespace Bit.Api.Utilities; namespace Bit.Core.Utilities;
public static class AuthorizationServiceExtensions public static class AuthorizationServiceExtensions
{ {
@ -29,4 +30,26 @@ public static class AuthorizationServiceExtensions
return service.AuthorizeAsync(user, resource: null, new[] { requirement }); return service.AuthorizeAsync(user, resource: null, new[] { requirement });
} }
/// <summary>
/// Performs an authorization check and throws a <see cref="Bit.Core.Exceptions.NotFoundException"/> if the
/// check fails or the resource is null.
/// </summary>
public static async Task AuthorizeOrThrowAsync(this IAuthorizationService service,
ClaimsPrincipal user, object resource, IAuthorizationRequirement requirement)
{
ArgumentNullException.ThrowIfNull(service);
ArgumentNullException.ThrowIfNull(requirement);
if (resource == null)
{
throw new NotFoundException();
}
var authorizationResult = await service.AuthorizeAsync(user, resource, requirement);
if (!authorizationResult.Succeeded)
{
throw new NotFoundException();
}
}
} }

View File

@ -0,0 +1,38 @@
using System.Security.Claims;
using Bit.Core.Exceptions;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Authorization.Infrastructure;
using NSubstitute;
using Xunit;
using AuthorizationServiceExtensions = Bit.Core.Utilities.AuthorizationServiceExtensions;
namespace Bit.Core.Test.Utilities;
public class AuthorizationServiceExtensionTests
{
[Fact]
async Task AuthorizeOrThrowAsync_ThrowsNotFoundException_IfResourceIsNull()
{
var authorizationService = Substitute.For<IAuthorizationService>();
await Assert.ThrowsAsync<NotFoundException>(() =>
AuthorizationServiceExtensions.AuthorizeOrThrowAsync(authorizationService, new ClaimsPrincipal(),
null, new OperationAuthorizationRequirement()));
}
[Fact]
async Task AuthorizeOrThrowAsync_ThrowsNotFoundException_IfAuthorizationFails()
{
var authorizationService = Substitute.For<IAuthorizationService>();
var claimsPrincipal = new ClaimsPrincipal();
var requirement = new OperationAuthorizationRequirement();
var resource = new object();
authorizationService
.AuthorizeAsync(claimsPrincipal, resource, Arg.Is<IEnumerable<IAuthorizationRequirement>>(r =>
r.First() == requirement))
.Returns(AuthorizationResult.Failed());
await Assert.ThrowsAsync<NotFoundException>(() =>
AuthorizationServiceExtensions.AuthorizeOrThrowAsync(authorizationService, claimsPrincipal, resource, requirement));
}
}