From f4321ba18d6ea5a39f7c2e03f50e43bff72bc228 Mon Sep 17 00:00:00 2001 From: Ihor Chornyi Date: Thu, 10 Sep 2020 02:32:26 +0300 Subject: [PATCH 1/6] Allow empty claim value to mimic behaviour of ASP.NET RequireClaim(type) --- src/Ocelot/Authorization/ClaimsAuthorizer.cs | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/Ocelot/Authorization/ClaimsAuthorizer.cs b/src/Ocelot/Authorization/ClaimsAuthorizer.cs index 7f1f150a8..be7981717 100644 --- a/src/Ocelot/Authorization/ClaimsAuthorizer.cs +++ b/src/Ocelot/Authorization/ClaimsAuthorizer.cs @@ -67,6 +67,13 @@ List urlPathPlaceholderNameAndValues else { // static claim + + //if required value is not specified + if (string.IsNullOrEmpty(required.Value)) + { + continue; + } + var authorized = values.Data.Contains(required.Value); if (!authorized) { From bf713f6b1777caadd9cc7952be943f9785b0f759 Mon Sep 17 00:00:00 2001 From: raman-m Date: Mon, 17 Jul 2023 16:32:29 +0300 Subject: [PATCH 2/6] Back to original code change --- src/Ocelot/Authorization/ClaimsAuthorizer.cs | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/Ocelot/Authorization/ClaimsAuthorizer.cs b/src/Ocelot/Authorization/ClaimsAuthorizer.cs index be7981717..7e139d1ea 100644 --- a/src/Ocelot/Authorization/ClaimsAuthorizer.cs +++ b/src/Ocelot/Authorization/ClaimsAuthorizer.cs @@ -66,14 +66,13 @@ List urlPathPlaceholderNameAndValues } else { - // static claim - //if required value is not specified if (string.IsNullOrEmpty(required.Value)) { continue; } - + + // static claim var authorized = values.Data.Contains(required.Value); if (!authorized) { From 3ed044e196e20cdae699ea8c78495a2c296e606a Mon Sep 17 00:00:00 2001 From: raman-m Date: Mon, 17 Jul 2023 20:29:10 +0300 Subject: [PATCH 3/6] SYSLIB1045 Use 'GeneratedRegexAttribute' to generate the regular expression implementation at compile-time. Convert to 'GeneratedRegexAttribute' --- src/Ocelot/Authorization/ClaimsAuthorizer.cs | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/Ocelot/Authorization/ClaimsAuthorizer.cs b/src/Ocelot/Authorization/ClaimsAuthorizer.cs index 7e139d1ea..1ac778ccc 100644 --- a/src/Ocelot/Authorization/ClaimsAuthorizer.cs +++ b/src/Ocelot/Authorization/ClaimsAuthorizer.cs @@ -5,7 +5,7 @@ namespace Ocelot.Authorization { - public class ClaimsAuthorizer : IClaimsAuthorizer + public partial class ClaimsAuthorizer : IClaimsAuthorizer { private readonly IClaimsParser _claimsParser; @@ -32,7 +32,7 @@ List urlPathPlaceholderNameAndValues if (values.Data != null) { // dynamic claim - var match = Regex.Match(required.Value, @"^{(?.+)}$"); + var match = VariableRegex().Match(required.Value); if (match.Success) { var variableName = match.Captures[0].Value; @@ -66,7 +66,7 @@ List urlPathPlaceholderNameAndValues } else { - //if required value is not specified + // if required value is not specified if (string.IsNullOrEmpty(required.Value)) { continue; @@ -89,5 +89,8 @@ List urlPathPlaceholderNameAndValues return new OkResponse(true); } + + [GeneratedRegex("^{(?.+)}$")] + private static partial Regex VariableRegex(); } } From b513ba8e5924284fdc03652fb55f142ada612e8b Mon Sep 17 00:00:00 2001 From: raman-m Date: Mon, 17 Jul 2023 20:40:53 +0300 Subject: [PATCH 4/6] SA1601 Partial elements should be documented. Add XML-docs for the ClaimsAuthorizer class --- src/Ocelot/Authorization/ClaimsAuthorizer.cs | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/Ocelot/Authorization/ClaimsAuthorizer.cs b/src/Ocelot/Authorization/ClaimsAuthorizer.cs index 1ac778ccc..776aa48a9 100644 --- a/src/Ocelot/Authorization/ClaimsAuthorizer.cs +++ b/src/Ocelot/Authorization/ClaimsAuthorizer.cs @@ -5,6 +5,12 @@ namespace Ocelot.Authorization { + /// + /// Authorizer which is implemented using Claims-based authorization. + /// + /// Microsoft Learn: Claims-based authorization in ASP.NET Core. + /// + /// public partial class ClaimsAuthorizer : IClaimsAuthorizer { private readonly IClaimsParser _claimsParser; From 094b448a68b1e473c21060a5f959ba226294ca40 Mon Sep 17 00:00:00 2001 From: Raman Maksimchuk Date: Thu, 7 Nov 2024 20:10:21 +0300 Subject: [PATCH 5/6] Re-apply original changes --- src/Ocelot/Authorization/ClaimsAuthorizer.cs | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/src/Ocelot/Authorization/ClaimsAuthorizer.cs b/src/Ocelot/Authorization/ClaimsAuthorizer.cs index 776aa48a9..453afb1a1 100644 --- a/src/Ocelot/Authorization/ClaimsAuthorizer.cs +++ b/src/Ocelot/Authorization/ClaimsAuthorizer.cs @@ -5,13 +5,9 @@ namespace Ocelot.Authorization { - /// - /// Authorizer which is implemented using Claims-based authorization. - /// - /// Microsoft Learn: Claims-based authorization in ASP.NET Core. - /// - /// - public partial class ClaimsAuthorizer : IClaimsAuthorizer + /// Authorizer which is implemented using Claims-based authorization. + /// Microsoft Learn: Claims-based authorization in ASP.NET Core. + public class ClaimsAuthorizer : IClaimsAuthorizer { private readonly IClaimsParser _claimsParser; @@ -38,7 +34,7 @@ List urlPathPlaceholderNameAndValues if (values.Data != null) { // dynamic claim - var match = VariableRegex().Match(required.Value); + var match = Regex.Match(required.Value, @"^{(?.+)}$"); if (match.Success) { var variableName = match.Captures[0].Value; @@ -95,8 +91,5 @@ List urlPathPlaceholderNameAndValues return new OkResponse(true); } - - [GeneratedRegex("^{(?.+)}$")] - private static partial Regex VariableRegex(); } } From 935bbd9d6b747caa872f50a259f4fa580c5b8196 Mon Sep 17 00:00:00 2001 From: Raman Maksimchuk Date: Thu, 7 Nov 2024 20:35:59 +0300 Subject: [PATCH 6/6] Optimization: continue early at the beginning of the iteration aka Checks-block --- src/Ocelot/Authorization/ClaimsAuthorizer.cs | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/src/Ocelot/Authorization/ClaimsAuthorizer.cs b/src/Ocelot/Authorization/ClaimsAuthorizer.cs index 453afb1a1..a9d43cb0d 100644 --- a/src/Ocelot/Authorization/ClaimsAuthorizer.cs +++ b/src/Ocelot/Authorization/ClaimsAuthorizer.cs @@ -6,7 +6,7 @@ namespace Ocelot.Authorization { /// Authorizer which is implemented using Claims-based authorization. - /// Microsoft Learn: Claims-based authorization in ASP.NET Core. + /// Microsoft Learn: Claims-based authorization in ASP.NET Core. public class ClaimsAuthorizer : IClaimsAuthorizer { private readonly IClaimsParser _claimsParser; @@ -24,8 +24,12 @@ List urlPathPlaceholderNameAndValues { foreach (var required in routeClaimsRequirement) { - var values = _claimsParser.GetValuesByClaimType(claimsPrincipal.Claims, required.Key); + if (string.IsNullOrEmpty(required.Value) || string.IsNullOrWhiteSpace(required.Value)) + { + continue; // if required value is not specified + } + var values = _claimsParser.GetValuesByClaimType(claimsPrincipal.Claims, required.Key); if (values.IsError) { return new ErrorResponse(values.Errors); @@ -68,12 +72,11 @@ List urlPathPlaceholderNameAndValues } else { - // if required value is not specified - if (string.IsNullOrEmpty(required.Value)) - { - continue; - } - + //// if required value is not specified + //if (string.IsNullOrEmpty(required.Value)) + //{ + // continue; + //} // static claim var authorized = values.Data.Contains(required.Value); if (!authorized)