Skip to content
This repository has been archived by the owner on Dec 14, 2018. It is now read-only.

Filter should call through to AuthorizationService #4385

Closed
wants to merge 2 commits into from
Closed

Filter should call through to AuthorizationService #4385

wants to merge 2 commits into from

Conversation

HaoK
Copy link
Member

@HaoK HaoK commented Mar 30, 2016

kevinchalet
kevinchalet reviewed Mar 30, 2016
View reviewed changes
src/Microsoft.AspNetCore.Mvc.Core/Authorization/AuthorizeFilter.cs
@@ -75,7 +75,6 @@ public AuthorizeFilter(AuthorizationPolicy policy)

// Note: Default Anonymous User is new ClaimsPrincipal(new ClaimsIdentity())
if (httpContext.User == null ||
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm pretty sure @Tratcher told me once that this property couldn't be null, but maybe things have changed.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still can't, at least not with our DefaultHttpContext, but who knows what implementation is under this HttpContext... :-)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hehe yeah, people do unexpected things sometimes 😄

FWIW, I'd personally remove this null check and treat null principals like empty ones, specially since the authorization service is fine with null values.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess we could flow null into the auth service as well.

@Eilon Eilon mentioned this pull request Apr 15, 2016
Closed
@HaoK
Copy link
Member Author

HaoK commented May 23, 2016

@Eilon who should sign off on this change?

@HaoK HaoK force-pushed the haok/3-30filter branch from e06e7de to b35987b Compare May 23, 2016 19:11
@Eilon
Copy link
Member

Eilon commented May 24, 2016

Assigned to @kichalla to review.

kichalla
kichalla reviewed May 24, 2016
View reviewed changes
test/Microsoft.AspNetCore.Mvc.Core.Test/Authorization/AuthorizeFilterTest.cs
// Arrange
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build());
var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization(), anonymous: true);
authorizationContext.HttpContext.User = new ClaimsPrincipal();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

add a variation for null user?

@kichalla
Copy link
Member

:shipit: after responding to the minor comment

@HaoK
Copy link
Member Author

HaoK commented May 24, 2016

f54a964

@HaoK HaoK closed this May 24, 2016
@kevinchalet kevinchalet mentioned this pull request Aug 15, 2016
Merged
@HaoK HaoK deleted the haok/3-30filter branch August 7, 2017 17:10
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees

@kichalla kichalla

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@HaoK @Eilon @kichalla @Tratcher @kevinchalet @dnfclas