Skip to content
This repository has been archived by the owner on Nov 20, 2018. It is now read-only.

DefaultForbid/SignOutSchemes + tests #870

Merged
merged 1 commit into from
Jun 14, 2017
Merged

DefaultForbid/SignOutSchemes + tests #870

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 23 additions & 0 deletions src/Microsoft.AspNetCore.Authentication.Abstractions/AuthenticationOptions.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,19 @@ public void AddScheme(string name, Action<AuthenticationSchemeBuilder> configure
SchemeMap[name] = builder;
}

/// <summary>
/// Adds an <see cref="AuthenticationScheme"/>.
/// </summary>
/// <typeparam name="THandler">The <see cref="IAuthenticationHandler"/> responsible for the scheme.</typeparam>
/// <param name="name">The name of the scheme being added.</param>
/// <param name="displayName">The display name for the scheme.</param>
public void AddScheme<THandler>(string name, string displayName) where THandler : IAuthenticationHandler
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesn't look like this will be used outside of tests. No?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure it will, it's what end users could call to add handlers, its analogous to what hosting does: https://github.com/aspnet/IISIntegration/blob/dev/src/Microsoft.AspNetCore.Server.IISIntegration/IISMiddleware.cs#L53

except that's adding directly to the scheme provider rather than during startup/configure services.

Keep in mind, there's NOTHING on the builder, so the question I'm asking now is if we should nuke all of the Action<AuthenticationSchemeBuilder>... It was more useful when we had a bag on the builder that could be configured.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Its just Name + DisplayName + Type, I guess its slightly more future proof with the action.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But mainly I just wanted the sugar, we had a bug for this that got punted to 2.1, but since I'm here and adding tests :) aspnet/Security#1186

=> AddScheme(name, b =>
{
b.DisplayName = displayName;
b.HandlerType = typeof(THandler);
});

/// <summary>
/// Used by as the default scheme by <see cref="IAuthenticationService.AuthenticateAsync(HttpContext, string)"/>.
/// </summary>
Expand All @@ -57,9 +70,19 @@ public void AddScheme(string name, Action<AuthenticationSchemeBuilder> configure
/// </summary>
public string DefaultSignInScheme { get; set; }

/// <summary>
/// Used by as the default scheme by <see cref="IAuthenticationService.SignOutAsync(HttpContext, string, AuthenticationProperties)"/>.
/// </summary>
public string DefaultSignOutScheme { get; set; }

/// <summary>
/// Used by as the default scheme by <see cref="IAuthenticationService.ChallengeAsync(HttpContext, string, AuthenticationProperties)"/>.
/// </summary>
public string DefaultChallengeScheme { get; set; }

/// <summary>
/// Used by as the default scheme by <see cref="IAuthenticationService.ForbidAsync(HttpContext, string, AuthenticationProperties)"/>.
/// </summary>
public string DefaultForbidScheme { get; set; }
}
}
16 changes: 16 additions & 0 deletions src/Microsoft.AspNetCore.Authentication.Abstractions/IAuthenticationSchemeProvider.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,14 @@ public interface IAuthenticationSchemeProvider
/// <returns>The scheme that will be used by default for <see cref="IAuthenticationService.ChallengeAsync(HttpContext, string, AuthenticationProperties)"/>.</returns>
Task<AuthenticationScheme> GetDefaultChallengeSchemeAsync();

/// <summary>
/// Returns the scheme that will be used by default for <see cref="IAuthenticationService.ForbidAsync(HttpContext, string, AuthenticationProperties)"/>.
/// This is typically specified via <see cref="AuthenticationOptions.DefaultForbidScheme"/>.
/// Otherwise, this will fallback to <see cref="GetDefaultChallengeSchemeAsync"/> .
/// </summary>
/// <returns>The scheme that will be used by default for <see cref="IAuthenticationService.ForbidAsync(HttpContext, string, AuthenticationProperties)"/>.</returns>
Task<AuthenticationScheme> GetDefaultForbidSchemeAsync();

/// <summary>
/// Returns the scheme that will be used by default for <see cref="IAuthenticationService.SignInAsync(HttpContext, string, System.Security.Claims.ClaimsPrincipal, AuthenticationProperties)"/>.
/// This is typically specified via <see cref="AuthenticationOptions.DefaultSignInScheme"/>.
Expand All @@ -49,6 +57,14 @@ public interface IAuthenticationSchemeProvider
/// <returns>The scheme that will be used by default for <see cref="IAuthenticationService.SignInAsync(HttpContext, string, System.Security.Claims.ClaimsPrincipal, AuthenticationProperties)"/>.</returns>
Task<AuthenticationScheme> GetDefaultSignInSchemeAsync();

/// <summary>
/// Returns the scheme that will be used by default for <see cref="IAuthenticationService.SignOutAsync(HttpContext, string, AuthenticationProperties)"/>.
/// This is typically specified via <see cref="AuthenticationOptions.DefaultSignOutScheme"/>.
/// Otherwise, this will fallback to <see cref="GetDefaultSignInSchemeAsync"/> .
/// </summary>
/// <returns>The scheme that will be used by default for <see cref="IAuthenticationService.SignOutAsync(HttpContext, string, AuthenticationProperties)"/>.</returns>
Task<AuthenticationScheme> GetDefaultSignOutSchemeAsync();

/// <summary>
/// Registers a scheme for use by <see cref="IAuthenticationService"/>.
/// </summary>
Expand Down
30 changes: 30 additions & 0 deletions src/Microsoft.AspNetCore.Authentication.Core/AuthenticationSchemeProvider.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,21 @@ public Task<AuthenticationScheme> GetDefaultChallengeSchemeAsync()
return Task.FromResult<AuthenticationScheme>(null);
}

/// <summary>
/// Returns the scheme that will be used by default for <see cref="IAuthenticationService.ForbidAsync(HttpContext, string, AuthenticationProperties)"/>.
/// This is typically specified via <see cref="AuthenticationOptions.DefaultForbidScheme"/>.
/// Otherwise, this will fallback to <see cref="GetDefaultChallengeSchemeAsync"/> .
/// </summary>
/// <returns>The scheme that will be used by default for <see cref="IAuthenticationService.ForbidAsync(HttpContext, string, AuthenticationProperties)"/>.</returns>
public Task<AuthenticationScheme> GetDefaultForbidSchemeAsync()
{
if (_options.DefaultForbidScheme != null)
{
return GetSchemeAsync(_options.DefaultForbidScheme);
}
return GetDefaultChallengeSchemeAsync();
}

/// <summary>
/// Returns the scheme that will be used by default for <see cref="IAuthenticationService.SignInAsync(HttpContext, string, System.Security.Claims.ClaimsPrincipal, AuthenticationProperties)"/>.
/// This is typically specified via <see cref="AuthenticationOptions.DefaultSignInScheme"/>.
Expand All @@ -94,6 +109,21 @@ public Task<AuthenticationScheme> GetDefaultSignInSchemeAsync()
return Task.FromResult<AuthenticationScheme>(null);
}

/// <summary>
/// Returns the scheme that will be used by default for <see cref="IAuthenticationService.SignOutAsync(HttpContext, string, AuthenticationProperties)"/>.
/// This is typically specified via <see cref="AuthenticationOptions.DefaultSignOutScheme"/>.
/// Otherwise, this will fallback to <see cref="GetDefaultSignInSchemeAsync"/> .
/// </summary>
/// <returns>The scheme that will be used by default for <see cref="IAuthenticationService.SignOutAsync(HttpContext, string, AuthenticationProperties)"/>.</returns>
public Task<AuthenticationScheme> GetDefaultSignOutSchemeAsync()
{
if (_options.DefaultSignOutScheme != null)
{
return GetSchemeAsync(_options.DefaultSignOutScheme);
}
return GetDefaultSignInSchemeAsync();
}

/// <summary>
/// Returns the <see cref="AuthenticationScheme"/> matching the name, or null.
/// </summary>
Expand Down
120 changes: 120 additions & 0 deletions test/Microsoft.AspNetCore.Authentication.Core.Test/AuthenticationSchemeProviderTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,120 @@
// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.

using System;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection;
using Xunit;

namespace Microsoft.AspNetCore.Authentication
{
public class AuthenticationSchemeProviderTests
{
[Fact]
public async Task DefaultSignOutFallsbackToSignIn()
{
var services = new ServiceCollection().AddOptions().AddAuthenticationCore(o =>
{
o.AddScheme<Handler>("signin", "whatever");
o.AddScheme<Handler>("foobly", "whatever");
o.DefaultSignInScheme = "signin";
}).BuildServiceProvider();

var provider = services.GetRequiredService<IAuthenticationSchemeProvider>();
var scheme = await provider.GetDefaultSignOutSchemeAsync();
Assert.NotNull(scheme);
Assert.Equal("signin", scheme.Name);
}

[Fact]
public async Task DefaultForbidFallsbackToChallenge()
{
var services = new ServiceCollection().AddOptions().AddAuthenticationCore(o =>
{
o.AddScheme<Handler>("challenge", "whatever");
o.AddScheme<Handler>("foobly", "whatever");
o.DefaultChallengeScheme = "challenge";
}).BuildServiceProvider();

var provider = services.GetRequiredService<IAuthenticationSchemeProvider>();
var scheme = await provider.GetDefaultForbidSchemeAsync();
Assert.NotNull(scheme);
Assert.Equal("challenge", scheme.Name);
}

[Fact]
public async Task DefaultSchemesFallbackToOnlyScheme()
{
var services = new ServiceCollection().AddOptions().AddAuthenticationCore(o =>
{
o.AddScheme<Handler>("single", "whatever");
}).BuildServiceProvider();

var provider = services.GetRequiredService<IAuthenticationSchemeProvider>();
Assert.Equal("single", (await provider.GetDefaultForbidSchemeAsync()).Name);
Assert.Equal("single", (await provider.GetDefaultAuthenticateSchemeAsync()).Name);
Assert.Equal("single", (await provider.GetDefaultChallengeSchemeAsync()).Name);
Assert.Equal("single", (await provider.GetDefaultSignInSchemeAsync()).Name);
Assert.Equal("single", (await provider.GetDefaultSignOutSchemeAsync()).Name);
}

[Fact]
public async Task DefaultSchemesAreSet()
{
var services = new ServiceCollection().AddOptions().AddAuthenticationCore(o =>
{
o.AddScheme<Handler>("A", "whatever");
o.AddScheme<Handler>("B", "whatever");
o.AddScheme<Handler>("C", "whatever");
o.DefaultChallengeScheme = "A";
o.DefaultForbidScheme = "B";
o.DefaultSignInScheme = "C";
o.DefaultSignOutScheme = "A";
o.DefaultAuthenticateScheme = "C";
}).BuildServiceProvider();

var provider = services.GetRequiredService<IAuthenticationSchemeProvider>();
Assert.Equal("B", (await provider.GetDefaultForbidSchemeAsync()).Name);
Assert.Equal("C", (await provider.GetDefaultAuthenticateSchemeAsync()).Name);
Assert.Equal("A", (await provider.GetDefaultChallengeSchemeAsync()).Name);
Assert.Equal("C", (await provider.GetDefaultSignInSchemeAsync()).Name);
Assert.Equal("A", (await provider.GetDefaultSignOutSchemeAsync()).Name);
}

private class Handler : IAuthenticationHandler
{
public Task<AuthenticateResult> AuthenticateAsync()
{
throw new NotImplementedException();
}

public Task ChallengeAsync(AuthenticationProperties properties)
{
throw new NotImplementedException();
}

public Task ForbidAsync(AuthenticationProperties properties)
{
throw new NotImplementedException();
}

public Task InitializeAsync(AuthenticationScheme scheme, HttpContext context)
{
throw new NotImplementedException();
}

public Task SignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
{
throw new NotImplementedException();
}

public Task SignOutAsync(AuthenticationProperties properties)
{
throw new NotImplementedException();
}
}

}
}