mirror of
https://github.com/bitwarden/server.git
synced 2024-11-24 12:35:25 +01:00
Add AuthorizeOrThrowAsync extension method (#4790)
This commit is contained in:
parent
ab8c3af685
commit
2384e0b7ef
@ -1,7 +1,6 @@
|
||||
using Bit.Api.AdminConsole.Models.Request;
|
||||
using Bit.Api.AdminConsole.Models.Response;
|
||||
using Bit.Api.Models.Response;
|
||||
using Bit.Api.Utilities;
|
||||
using Bit.Api.Vault.AuthorizationHandlers.Collections;
|
||||
using Bit.Api.Vault.AuthorizationHandlers.Groups;
|
||||
using Bit.Core.AdminConsole.OrganizationFeatures.Groups.Interfaces;
|
||||
@ -11,6 +10,7 @@ using Bit.Core.Context;
|
||||
using Bit.Core.Exceptions;
|
||||
using Bit.Core.Repositories;
|
||||
using Bit.Core.Services;
|
||||
using Bit.Core.Utilities;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
|
||||
|
@ -2,7 +2,6 @@
|
||||
using Bit.Api.AdminConsole.Models.Response.Organizations;
|
||||
using Bit.Api.Models.Request.Organizations;
|
||||
using Bit.Api.Models.Response;
|
||||
using Bit.Api.Utilities;
|
||||
using Bit.Api.Vault.AuthorizationHandlers.Collections;
|
||||
using Bit.Api.Vault.AuthorizationHandlers.OrganizationUsers;
|
||||
using Bit.Core;
|
||||
@ -22,6 +21,7 @@ using Bit.Core.OrganizationFeatures.OrganizationSubscriptions.Interface;
|
||||
using Bit.Core.OrganizationFeatures.OrganizationUsers.Interfaces;
|
||||
using Bit.Core.Repositories;
|
||||
using Bit.Core.Services;
|
||||
using Bit.Core.Utilities;
|
||||
using Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
|
||||
using Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Requests;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
|
@ -1,6 +1,5 @@
|
||||
using Bit.Api.Models.Request;
|
||||
using Bit.Api.Models.Response;
|
||||
using Bit.Api.Utilities;
|
||||
using Bit.Api.Vault.AuthorizationHandlers.Collections;
|
||||
using Bit.Core.Context;
|
||||
using Bit.Core.Entities;
|
||||
@ -9,6 +8,7 @@ using Bit.Core.Models.Data;
|
||||
using Bit.Core.OrganizationFeatures.OrganizationCollections.Interfaces;
|
||||
using Bit.Core.Repositories;
|
||||
using Bit.Core.Services;
|
||||
using Bit.Core.Utilities;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
|
||||
|
@ -1,7 +1,8 @@
|
||||
using System.Security.Claims;
|
||||
using Bit.Core.Exceptions;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
|
||||
namespace Bit.Api.Utilities;
|
||||
namespace Bit.Core.Utilities;
|
||||
|
||||
public static class AuthorizationServiceExtensions
|
||||
{
|
||||
@ -29,4 +30,26 @@ public static class AuthorizationServiceExtensions
|
||||
|
||||
return service.AuthorizeAsync(user, resource: null, new[] { requirement });
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Performs an authorization check and throws a <see cref="Bit.Core.Exceptions.NotFoundException"/> if the
|
||||
/// check fails or the resource is null.
|
||||
/// </summary>
|
||||
public static async Task AuthorizeOrThrowAsync(this IAuthorizationService service,
|
||||
ClaimsPrincipal user, object resource, IAuthorizationRequirement requirement)
|
||||
{
|
||||
ArgumentNullException.ThrowIfNull(service);
|
||||
ArgumentNullException.ThrowIfNull(requirement);
|
||||
|
||||
if (resource == null)
|
||||
{
|
||||
throw new NotFoundException();
|
||||
}
|
||||
|
||||
var authorizationResult = await service.AuthorizeAsync(user, resource, requirement);
|
||||
if (!authorizationResult.Succeeded)
|
||||
{
|
||||
throw new NotFoundException();
|
||||
}
|
||||
}
|
||||
}
|
@ -0,0 +1,38 @@
|
||||
using System.Security.Claims;
|
||||
using Bit.Core.Exceptions;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Authorization.Infrastructure;
|
||||
using NSubstitute;
|
||||
using Xunit;
|
||||
using AuthorizationServiceExtensions = Bit.Core.Utilities.AuthorizationServiceExtensions;
|
||||
|
||||
namespace Bit.Core.Test.Utilities;
|
||||
|
||||
public class AuthorizationServiceExtensionTests
|
||||
{
|
||||
[Fact]
|
||||
async Task AuthorizeOrThrowAsync_ThrowsNotFoundException_IfResourceIsNull()
|
||||
{
|
||||
var authorizationService = Substitute.For<IAuthorizationService>();
|
||||
await Assert.ThrowsAsync<NotFoundException>(() =>
|
||||
AuthorizationServiceExtensions.AuthorizeOrThrowAsync(authorizationService, new ClaimsPrincipal(),
|
||||
null, new OperationAuthorizationRequirement()));
|
||||
}
|
||||
|
||||
[Fact]
|
||||
async Task AuthorizeOrThrowAsync_ThrowsNotFoundException_IfAuthorizationFails()
|
||||
{
|
||||
var authorizationService = Substitute.For<IAuthorizationService>();
|
||||
var claimsPrincipal = new ClaimsPrincipal();
|
||||
var requirement = new OperationAuthorizationRequirement();
|
||||
var resource = new object();
|
||||
|
||||
authorizationService
|
||||
.AuthorizeAsync(claimsPrincipal, resource, Arg.Is<IEnumerable<IAuthorizationRequirement>>(r =>
|
||||
r.First() == requirement))
|
||||
.Returns(AuthorizationResult.Failed());
|
||||
|
||||
await Assert.ThrowsAsync<NotFoundException>(() =>
|
||||
AuthorizationServiceExtensions.AuthorizeOrThrowAsync(authorizationService, claimsPrincipal, resource, requirement));
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user