tk/Ocelot
1
0
Fork 0
mirror of https://github.com/nsnail/Ocelot.git synced 2025-06-19 08:08:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

Feature/fix #240 (#243)

Browse Source 
* testing issue on train

* check multiple claims of the same type for authorisation
This commit is contained in:
Tom Pallister
2018-02-21 20:53:46 +00:00
committed by GitHub
parent 1e48a97294
commit 9f7478c91f
3 changed files with 153 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/Ocelot/Authorisation/ClaimsAuthoriser.cs
View File

@ -20,22 +20,22 @@ namespace Ocelot.Authorisation
{
foreach (var required in routeClaimsRequirement)
{
var value = _claimsParser.GetValue(claimsPrincipal.Claims, required.Key, string.Empty, 0);
var values = _claimsParser.GetValuesByClaimType(claimsPrincipal.Claims, required.Key);
if (value.IsError)
if (values.IsError)
{
return new ErrorResponse<bool>(value.Errors);
return new ErrorResponse<bool>(values.Errors);
}
if (value.Data != null)
if (values.Data != null)
{
var authorised = value.Data == required.Value;
var authorised = values.Data.Contains(required.Value);
if (!authorised)
{
return new ErrorResponse<bool>(new List<Error>
{
new ClaimValueNotAuthorisedError(
$"claim value: {value.Data} is not the same as required value: {required.Value} for type: {required.Key}")
$"claim value: {values.Data} is not the same as required value: {required.Value} for type: {required.Key}")
});
}
}