tk/Ocelot
1
0
Fork 0
mirror of https://github.com/nsnail/Ocelot.git synced 2025-09-18 10:42:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

rename authorisation to authorization

Browse Source
This commit is contained in:
TomPallister
2020-12-01 16:54:52 +00:00
parent b2dd70f59c
commit b46fedac24
43 changed files with 295 additions and 295 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/Ocelot/Authorisation/ClaimValueNotAuthorisedError.cs
View File

@@ -1,13 +0,0 @@
namespace Ocelot.Authorisation
{
using Ocelot.Errors;
using System.Net;
public class ClaimValueNotAuthorisedError : Error
{
public ClaimValueNotAuthorisedError(string message)
: base(message, OcelotErrorCode.ClaimValueNotAuthorisedError, 403)
{
}
}
}

12
src/Ocelot/Authorisation/Middleware/AuthorisationMiddlewareMiddlewareExtensions.cs
View File

@@ -1,12 +0,0 @@
namespace Ocelot.Authorisation.Middleware
{
using Microsoft.AspNetCore.Builder;
public static class AuthorisationMiddlewareMiddlewareExtensions
{
public static IApplicationBuilder UseAuthorisationMiddleware(this IApplicationBuilder builder)
{
return builder.UseMiddleware<AuthorisationMiddleware>();
}
}
}

12
src/Ocelot/Authorisation/ScopeNotAuthorisedError.cs
View File

@@ -1,12 +0,0 @@
namespace Ocelot.Authorisation
{
using Ocelot.Errors;
public class ScopeNotAuthorisedError : Error
{
public ScopeNotAuthorisedError(string message)
: base(message, OcelotErrorCode.ScopeNotAuthorisedError, 403)
{
}
}
}

13
src/Ocelot/Authorization/ClaimValueNotAuthorizedError.cs Normal file
View File

@@ -0,0 +1,13 @@
namespace Ocelot.Authorization
{
using Ocelot.Errors;
using System.Net;
public class ClaimValueNotAuthorizedError : Error
{
public ClaimValueNotAuthorizedError(string message)
: base(message, OcelotErrorCode.ClaimValueNotAuthorizedError, 403)
{
}
}
}

24
src/Ocelot/Authorisation/ClaimsAuthoriser.cs → src/Ocelot/Authorization/ClaimsAuthorizer.cs
View File

@@ -1,4 +1,4 @@
namespace Ocelot.Authorisation
namespace Ocelot.Authorization
{
using Ocelot.Infrastructure.Claims.Parser;
using Ocelot.DownstreamRouteFinder.UrlMatcher;
@@ -8,16 +8,16 @@
using System.Security.Claims;
using System.Text.RegularExpressions;
public class ClaimsAuthoriser : IClaimsAuthoriser
public class ClaimsAuthorizer : IClaimsAuthorizer
{
private readonly IClaimsParser _claimsParser;
public ClaimsAuthoriser(IClaimsParser claimsParser)
public ClaimsAuthorizer(IClaimsParser claimsParser)
{
_claimsParser = claimsParser;
}
public Response<bool> Authorise(
public Response<bool> Authorize(
ClaimsPrincipal claimsPrincipal,
Dictionary<string, string> routeClaimsRequirement,
List<PlaceholderNameAndValue> urlPathPlaceholderNameAndValues
@@ -45,10 +45,10 @@
{
// match
var actualValue = matchingPlaceholders[0].Value;
var authorised = values.Data.Contains(actualValue);
if (!authorised)
var authorized = values.Data.Contains(actualValue);
if (!authorized)
{
return new ErrorResponse<bool>(new ClaimValueNotAuthorisedError(
return new ErrorResponse<bool>(new ClaimValueNotAuthorizedError(
$"dynamic claim value for {variableName} of {string.Join(", ", values.Data)} is not the same as required value: {actualValue}"));
}
}
@@ -57,12 +57,12 @@
// config error
if (matchingPlaceholders.Length == 0)
{
return new ErrorResponse<bool>(new ClaimValueNotAuthorisedError(
return new ErrorResponse<bool>(new ClaimValueNotAuthorizedError(
$"config error: requires variable claim value: {variableName} placeholders does not contain that variable: {string.Join(", ", urlPathPlaceholderNameAndValues.Select(p => p.Name))}"));
}
else
{
return new ErrorResponse<bool>(new ClaimValueNotAuthorisedError(
return new ErrorResponse<bool>(new ClaimValueNotAuthorizedError(
$"config error: requires variable claim value: {required.Value} but placeholders are ambiguous: {string.Join(", ", urlPathPlaceholderNameAndValues.Where(p => p.Name.Equals(variableName)).Select(p => p.Value))}"));
}
}
@@ -70,10 +70,10 @@
else
{
// static claim
var authorised = values.Data.Contains(required.Value);
if (!authorised)
var authorized = values.Data.Contains(required.Value);
if (!authorized)
{
return new ErrorResponse<bool>(new ClaimValueNotAuthorisedError(
return new ErrorResponse<bool>(new ClaimValueNotAuthorizedError(
$"claim value: {string.Join(", ", values.Data)} is not the same as required value: {required.Value} for type: {required.Key}"));
}
}

10
src/Ocelot/Authorisation/IClaimsAuthoriser.cs → src/Ocelot/Authorization/IClaimsAuthorizer.cs
View File

@@ -2,16 +2,16 @@
using Ocelot.Responses;
using System.Security.Claims;
namespace Ocelot.Authorisation
namespace Ocelot.Authorization
{
using System.Collections.Generic;
public interface IClaimsAuthoriser
public interface IClaimsAuthorizer
{
Response<bool> Authorise(
Response<bool> Authorize(
ClaimsPrincipal claimsPrincipal,
Dictionary<string, string> routeClaimsRequirement,
List<PlaceholderNameAndValue> urlPathPlaceholderNameAndValues
List<PlaceholderNameAndValue> urlPathPlaceholderNameAndValues
);
}
}
}

8
src/Ocelot/Authorisation/IScopesAuthoriser.cs → src/Ocelot/Authorization/IScopesAuthorizer.cs
View File

@@ -1,12 +1,12 @@
using Ocelot.Responses;
using System.Security.Claims;
namespace Ocelot.Authorisation
namespace Ocelot.Authorization
{
using System.Collections.Generic;
public interface IScopesAuthoriser
public interface IScopesAuthorizer
{
Response<bool> Authorise(ClaimsPrincipal claimsPrincipal, List<string> routeAllowedScopes);
Response<bool> Authorize(ClaimsPrincipal claimsPrincipal, List<string> routeAllowedScopes);
}
}
}

66
src/Ocelot/Authorisation/Middleware/AuthorisationMiddleware.cs → src/Ocelot/Authorization/Middleware/AuthorizationMiddleware.cs
View File

@@ -1,4 +1,4 @@
namespace Ocelot.Authorisation.Middleware
namespace Ocelot.Authorization.Middleware
{
using Ocelot.Configuration;
using Ocelot.Logging;
@@ -8,21 +8,21 @@
using Microsoft.AspNetCore.Http;
using Ocelot.DownstreamRouteFinder.Middleware;
public class AuthorisationMiddleware : OcelotMiddleware
public class AuthorizationMiddleware : OcelotMiddleware
{
private readonly RequestDelegate _next;
private readonly IClaimsAuthoriser _claimsAuthoriser;
private readonly IScopesAuthoriser _scopesAuthoriser;
private readonly IClaimsAuthorizer _claimsAuthorizer;
private readonly IScopesAuthorizer _scopesAuthorizer;
public AuthorisationMiddleware(RequestDelegate next,
IClaimsAuthoriser claimsAuthoriser,
IScopesAuthoriser scopesAuthoriser,
public AuthorizationMiddleware(RequestDelegate next,
IClaimsAuthorizer claimsAuthorizer,
IScopesAuthorizer scopesAuthorizer,
IOcelotLoggerFactory loggerFactory)
: base(loggerFactory.CreateLogger<AuthorisationMiddleware>())
: base(loggerFactory.CreateLogger<AuthorizationMiddleware>())
{
_next = next;
_claimsAuthoriser = claimsAuthoriser;
_scopesAuthoriser = scopesAuthoriser;
_claimsAuthorizer = claimsAuthorizer;
_scopesAuthorizer = scopesAuthorizer;
}
public async Task Invoke(HttpContext httpContext)
@@ -33,65 +33,65 @@
{
Logger.LogInformation("route is authenticated scopes must be checked");
var authorised = _scopesAuthoriser.Authorise(httpContext.User, downstreamRoute.AuthenticationOptions.AllowedScopes);
var authorized = _scopesAuthorizer.Authorize(httpContext.User, downstreamRoute.AuthenticationOptions.AllowedScopes);
if (authorised.IsError)
if (authorized.IsError)
{
Logger.LogWarning("error authorising user scopes");
Logger.LogWarning("error authorizing user scopes");
httpContext.Items.UpsertErrors(authorised.Errors);
httpContext.Items.UpsertErrors(authorized.Errors);
return;
}
if (IsAuthorised(authorised))
if (IsAuthorized(authorized))
{
Logger.LogInformation("user scopes is authorised calling next authorisation checks");
Logger.LogInformation("user scopes is authorized calling next authorization checks");
}
else
{
Logger.LogWarning("user scopes is not authorised setting pipeline error");
Logger.LogWarning("user scopes is not authorized setting pipeline error");
httpContext.Items.SetError(new UnauthorisedError(
httpContext.Items.SetError(new UnauthorizedError(
$"{httpContext.User.Identity.Name} unable to access {downstreamRoute.UpstreamPathTemplate.OriginalValue}"));
}
}
if (!IsOptionsHttpMethod(httpContext) && IsAuthorisedRoute(downstreamRoute))
if (!IsOptionsHttpMethod(httpContext) && IsAuthorizedRoute(downstreamRoute))
{
Logger.LogInformation("route is authorised");
Logger.LogInformation("route is authorized");
var authorised = _claimsAuthoriser.Authorise(httpContext.User, downstreamRoute.RouteClaimsRequirement, httpContext.Items.TemplatePlaceholderNameAndValues());
var authorized = _claimsAuthorizer.Authorize(httpContext.User, downstreamRoute.RouteClaimsRequirement, httpContext.Items.TemplatePlaceholderNameAndValues());
if (authorised.IsError)
if (authorized.IsError)
{
Logger.LogWarning($"Error whilst authorising {httpContext.User.Identity.Name}. Setting pipeline error");
Logger.LogWarning($"Error whilst authorizing {httpContext.User.Identity.Name}. Setting pipeline error");
httpContext.Items.UpsertErrors(authorised.Errors);
httpContext.Items.UpsertErrors(authorized.Errors);
return;
}
if (IsAuthorised(authorised))
if (IsAuthorized(authorized))
{
Logger.LogInformation($"{httpContext.User.Identity.Name} has succesfully been authorised for {downstreamRoute.UpstreamPathTemplate.OriginalValue}.");
Logger.LogInformation($"{httpContext.User.Identity.Name} has succesfully been authorized for {downstreamRoute.UpstreamPathTemplate.OriginalValue}.");
await _next.Invoke(httpContext);
}
else
{
Logger.LogWarning($"{httpContext.User.Identity.Name} is not authorised to access {downstreamRoute.UpstreamPathTemplate.OriginalValue}. Setting pipeline error");
Logger.LogWarning($"{httpContext.User.Identity.Name} is not authorized to access {downstreamRoute.UpstreamPathTemplate.OriginalValue}. Setting pipeline error");
httpContext.Items.SetError(new UnauthorisedError($"{httpContext.User.Identity.Name} is not authorised to access {downstreamRoute.UpstreamPathTemplate.OriginalValue}"));
httpContext.Items.SetError(new UnauthorizedError($"{httpContext.User.Identity.Name} is not authorized to access {downstreamRoute.UpstreamPathTemplate.OriginalValue}"));
}
}
else
{
Logger.LogInformation($"{downstreamRoute.DownstreamPathTemplate.Value} route does not require user to be authorised");
Logger.LogInformation($"{downstreamRoute.DownstreamPathTemplate.Value} route does not require user to be authorized");
await _next.Invoke(httpContext);
}
}
private static bool IsAuthorised(Response<bool> authorised)
private static bool IsAuthorized(Response<bool> authorized)
{
return authorised.Data;
return authorized.Data;
}
private static bool IsAuthenticatedRoute(DownstreamRoute route)
@@ -99,9 +99,9 @@
return route.IsAuthenticated;
}
private static bool IsAuthorisedRoute(DownstreamRoute route)
private static bool IsAuthorizedRoute(DownstreamRoute route)
{
return route.IsAuthorised;
return route.IsAuthorized;
}
private static bool IsOptionsHttpMethod(HttpContext httpContext)

12
src/Ocelot/Authorization/Middleware/AuthorizationMiddlewareMiddlewareExtensions.cs Normal file
View File

@@ -0,0 +1,12 @@
namespace Ocelot.Authorization.Middleware
{
using Microsoft.AspNetCore.Builder;
public static class AuthorizationMiddlewareMiddlewareExtensions
{
public static IApplicationBuilder UseAuthorizationMiddleware(this IApplicationBuilder builder)
{
return builder.UseMiddleware<AuthorizationMiddleware>();
}
}
}

12
src/Ocelot/Authorization/ScopeNotAuthorizedError.cs Normal file
View File

@@ -0,0 +1,12 @@
namespace Ocelot.Authorization
{
using Ocelot.Errors;
public class ScopeNotAuthorizedError : Error
{
public ScopeNotAuthorizedError(string message)
: base(message, OcelotErrorCode.ScopeNotAuthorizedError, 403)
{
}
}
}

94
src/Ocelot/Authorisation/ScopesAuthoriser.cs → src/Ocelot/Authorization/ScopesAuthorizer.cs
View File

@@ -1,47 +1,47 @@
using Ocelot.Responses;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
namespace Ocelot.Authorisation
{
using Infrastructure.Claims.Parser;
public class ScopesAuthoriser : IScopesAuthoriser
{
private readonly IClaimsParser _claimsParser;
private readonly string _scope = "scope";
public ScopesAuthoriser(IClaimsParser claimsParser)
{
_claimsParser = claimsParser;
}
public Response<bool> Authorise(ClaimsPrincipal claimsPrincipal, List<string> routeAllowedScopes)
{
if (routeAllowedScopes == null || routeAllowedScopes.Count == 0)
{
return new OkResponse<bool>(true);
}
var values = _claimsParser.GetValuesByClaimType(claimsPrincipal.Claims, _scope);
if (values.IsError)
{
return new ErrorResponse<bool>(values.Errors);
}
var userScopes = values.Data;
var matchesScopes = routeAllowedScopes.Intersect(userScopes).ToList();
if (matchesScopes.Count == 0)
{
return new ErrorResponse<bool>(
new ScopeNotAuthorisedError($"no one user scope: '{string.Join(",", userScopes)}' match with some allowed scope: '{string.Join(",", routeAllowedScopes)}'"));
}
return new OkResponse<bool>(true);
}
}
}
using Ocelot.Responses;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
namespace Ocelot.Authorization
{
using Infrastructure.Claims.Parser;
public class ScopesAuthorizer : IScopesAuthorizer
{
private readonly IClaimsParser _claimsParser;
private readonly string _scope = "scope";
public ScopesAuthorizer(IClaimsParser claimsParser)
{
_claimsParser = claimsParser;
}
public Response<bool> Authorize(ClaimsPrincipal claimsPrincipal, List<string> routeAllowedScopes)
{
if (routeAllowedScopes == null || routeAllowedScopes.Count == 0)
{
return new OkResponse<bool>(true);
}
var values = _claimsParser.GetValuesByClaimType(claimsPrincipal.Claims, _scope);
if (values.IsError)
{
return new ErrorResponse<bool>(values.Errors);
}
var userScopes = values.Data;
var matchesScopes = routeAllowedScopes.Intersect(userScopes).ToList();
if (matchesScopes.Count == 0)
{
return new ErrorResponse<bool>(
new ScopeNotAuthorizedError($"no one user scope: '{string.Join(",", userScopes)}' match with some allowed scope: '{string.Join(",", routeAllowedScopes)}'"));
}
return new OkResponse<bool>(true);
}
}
}

6
src/Ocelot/Authorisation/UnauthorisedError.cs → src/Ocelot/Authorization/UnauthorizedError.cs
View File

@@ -1,10 +1,10 @@
namespace Ocelot.Authorisation
namespace Ocelot.Authorization
{
using Ocelot.Errors;
public class UnauthorisedError : Error
public class UnauthorizedError : Error
{
public UnauthorisedError(string message)
public UnauthorizedError(string message)
: base(message, OcelotErrorCode.UnauthorizedError, 403)
{
}

8
src/Ocelot/Authorisation/UserDoesNotHaveClaimError.cs → src/Ocelot/Authorization/UserDoesNotHaveClaimError.cs
View File

@@ -1,12 +1,12 @@
namespace Ocelot.Authorisation
{
namespace Ocelot.Authorization
{
using Ocelot.Errors;
public class UserDoesNotHaveClaimError : Error
{
public UserDoesNotHaveClaimError(string message)
public UserDoesNotHaveClaimError(string message)
: base(message, OcelotErrorCode.UserDoesNotHaveClaimError, 403)
{
}
}
}
}

8
src/Ocelot/Configuration/Builder/DownstreamReRouteBuilder.cs
View File

@@ -18,7 +18,7 @@ namespace Ocelot.Configuration.Builder
private List<ClaimToThing> _claimsToHeaders;
private List<ClaimToThing> _claimToClaims;
private Dictionary<string, string> _routeClaimRequirement;
private bool _isAuthorised;
private bool _isAuthorized;
private List<ClaimToThing> _claimToQueries;
private List<ClaimToThing> _claimToDownstreamPath;
private string _requestIdHeaderKey;
@@ -101,9 +101,9 @@ namespace Ocelot.Configuration.Builder
return this;
}
public DownstreamRouteBuilder WithIsAuthorised(bool input)
public DownstreamRouteBuilder WithIsAuthorized(bool input)
{
_isAuthorised = input;
_isAuthorized = input;
return this;
}
@@ -289,7 +289,7 @@ namespace Ocelot.Configuration.Builder
_claimToClaims,
_claimToDownstreamPath,
_isAuthenticated,
_isAuthorised,
_isAuthorized,
_authenticationOptions,
new DownstreamPathTemplate(_downstreamPathTemplate),
_loadBalancerKey,

8
src/Ocelot/Configuration/Builder/RouteOptionsBuilder.cs
View File

@@ -3,7 +3,7 @@ namespace Ocelot.Configuration.Builder
public class RouteOptionsBuilder
{
private bool _isAuthenticated;
private bool _isAuthorised;
private bool _isAuthorized;
private bool _isCached;
private bool _enableRateLimiting;
private bool _useServiceDiscovery;
@@ -20,9 +20,9 @@ namespace Ocelot.Configuration.Builder
return this;
}
public RouteOptionsBuilder WithIsAuthorised(bool isAuthorised)
public RouteOptionsBuilder WithIsAuthorized(bool isAuthorized)
{
_isAuthorised = isAuthorised;
_isAuthorized = isAuthorized;
return this;
}
@@ -40,7 +40,7 @@ namespace Ocelot.Configuration.Builder
public RouteOptions Build()
{
return new RouteOptions(_isAuthenticated, _isAuthorised, _isCached, _enableRateLimiting, _useServiceDiscovery);
return new RouteOptions(_isAuthenticated, _isAuthorized, _isCached, _enableRateLimiting, _useServiceDiscovery);
}
}
}

10
src/Ocelot/Configuration/Creator/RouteOptionsCreator.cs
View File

@@ -1,6 +1,6 @@
namespace Ocelot.Configuration.Creator
{
using Ocelot.Configuration.Builder;
{
using Ocelot.Configuration.Builder;
using Ocelot.Configuration.File;
public class RouteOptionsCreator : IRouteOptionsCreator
@@ -8,14 +8,14 @@ namespace Ocelot.Configuration.Creator
public RouteOptions Create(FileRoute fileRoute)
{
var isAuthenticated = IsAuthenticated(fileRoute);
var isAuthorised = IsAuthorised(fileRoute);
var isAuthorized = IsAuthorized(fileRoute);
var isCached = IsCached(fileRoute);
var enableRateLimiting = IsEnableRateLimiting(fileRoute);
var useServiceDiscovery = !string.IsNullOrEmpty(fileRoute.ServiceName);
var options = new RouteOptionsBuilder()
.WithIsAuthenticated(isAuthenticated)
.WithIsAuthorised(isAuthorised)
.WithIsAuthorized(isAuthorized)
.WithIsCached(isCached)
.WithRateLimiting(enableRateLimiting)
.WithUseServiceDiscovery(useServiceDiscovery)
@@ -34,7 +34,7 @@ namespace Ocelot.Configuration.Creator
return !string.IsNullOrEmpty(fileRoute.AuthenticationOptions?.AuthenticationProviderKey);
}
private bool IsAuthorised(FileRoute fileRoute)
private bool IsAuthorized(FileRoute fileRoute)
{
return fileRoute.RouteClaimsRequirement?.Count > 0;
}

2
src/Ocelot/Configuration/Creator/RoutesCreator.cs
View File

@@ -119,7 +119,7 @@ namespace Ocelot.Configuration.Creator
.WithClaimsToHeaders(claimsToHeaders)
.WithClaimsToClaims(claimsToClaims)
.WithRouteClaimsRequirement(fileRoute.RouteClaimsRequirement)
.WithIsAuthorised(fileRouteOptions.IsAuthorised)
.WithIsAuthorized(fileRouteOptions.IsAuthorized)
.WithClaimsToQueries(claimsToQueries)
.WithClaimsToDownstreamPath(claimsToDownstreamPath)
.WithRequestIdKey(requestIdKey)

6
src/Ocelot/Configuration/DownstreamRoute.cs
View File

@@ -31,7 +31,7 @@ namespace Ocelot.Configuration
List<ClaimToThing> claimsToClaims,
List<ClaimToThing> claimsToPath,
bool isAuthenticated,
bool isAuthorised,
bool isAuthorized,
AuthenticationOptions authenticationOptions,
DownstreamPathTemplate downstreamPathTemplate,
string loadBalancerKey,
@@ -69,7 +69,7 @@ namespace Ocelot.Configuration
ClaimsToClaims = claimsToClaims ?? new List<ClaimToThing>();
ClaimsToPath = claimsToPath ?? new List<ClaimToThing>();
IsAuthenticated = isAuthenticated;
IsAuthorised = isAuthorised;
IsAuthorized = isAuthorized;
AuthenticationOptions = authenticationOptions;
DownstreamPathTemplate = downstreamPathTemplate;
LoadBalancerKey = loadBalancerKey;
@@ -102,7 +102,7 @@ namespace Ocelot.Configuration
public List<ClaimToThing> ClaimsToClaims { get; }
public List<ClaimToThing> ClaimsToPath { get; }
public bool IsAuthenticated { get; }
public bool IsAuthorised { get; }
public bool IsAuthorized { get; }
public AuthenticationOptions AuthenticationOptions { get; }
public DownstreamPathTemplate DownstreamPathTemplate { get; }
public string LoadBalancerKey { get; }

6
src/Ocelot/Configuration/RouteOptions.cs
View File

@@ -2,17 +2,17 @@ namespace Ocelot.Configuration
{
public class RouteOptions
{
public RouteOptions(bool isAuthenticated, bool isAuthorised, bool isCached, bool isEnableRateLimiting, bool useServiceDiscovery)
public RouteOptions(bool isAuthenticated, bool isAuthorized, bool isCached, bool isEnableRateLimiting, bool useServiceDiscovery)
{
IsAuthenticated = isAuthenticated;
IsAuthorised = isAuthorised;
IsAuthorized = isAuthorized;
IsCached = isCached;
EnableRateLimiting = isEnableRateLimiting;
UseServiceDiscovery = useServiceDiscovery;
}
public bool IsAuthenticated { get; private set; }
public bool IsAuthorised { get; private set; }
public bool IsAuthorized { get; private set; }
public bool IsCached { get; private set; }
public bool EnableRateLimiting { get; private set; }
public bool UseServiceDiscovery { get; private set; }

6
src/Ocelot/DependencyInjection/OcelotBuilder.cs
View File

@@ -5,7 +5,7 @@ namespace Ocelot.DependencyInjection
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.DependencyInjection.Extensions;
using Microsoft.Extensions.Options;
using Ocelot.Authorisation;
using Ocelot.Authorization;
using Ocelot.Cache;
using Ocelot.Claims;
using Ocelot.Configuration;
@@ -96,8 +96,8 @@ namespace Ocelot.DependencyInjection
Services.TryAddSingleton<IOcelotLoggerFactory, AspDotNetLoggerFactory>();
Services.TryAddSingleton<IRemoveOutputHeaders, RemoveOutputHeaders>();
Services.TryAddSingleton<IClaimToThingConfigurationParser, ClaimToThingConfigurationParser>();
Services.TryAddSingleton<IClaimsAuthoriser, ClaimsAuthoriser>();
Services.TryAddSingleton<IScopesAuthoriser, ScopesAuthoriser>();
Services.TryAddSingleton<IClaimsAuthorizer, ClaimsAuthorizer>();
Services.TryAddSingleton<IScopesAuthorizer, ScopesAuthorizer>();
Services.TryAddSingleton<IAddClaimsToRequest, AddClaimsToRequest>();
Services.TryAddSingleton<IAddHeadersToRequest, AddHeadersToRequest>();
Services.TryAddSingleton<IAddQueriesToRequest, AddQueriesToRequest>();

4
src/Ocelot/Errors/OcelotErrorCode.cs
View File

@@ -16,8 +16,8 @@
NoInstructionsError = 11,
InstructionNotForClaimsError = 12,
UnauthorizedError = 13,
ClaimValueNotAuthorisedError = 14,
ScopeNotAuthorisedError = 15,
ClaimValueNotAuthorizedError = 14,
ScopeNotAuthorizedError = 15,
UserDoesNotHaveClaimError = 16,
DownstreamPathTemplateContainsSchemeError = 17,
DownstreamPathNullOrEmptyError = 18,

12
src/Ocelot/Middleware/OcelotPipelineConfiguration.cs
View File

@@ -39,22 +39,22 @@
public Func<HttpContext, Func<Task>, Task> AuthenticationMiddleware { get; set; }
/// <summary>
/// This is to allow the user to run any extra authorisation before the Ocelot authentication
/// This is to allow the user to run any extra authorization before the Ocelot authentication
/// kicks in
/// </summary>
/// <value>
/// <placeholder>This is to allow the user to run any extra authorisation before the Ocelot authentication
/// <placeholder>This is to allow the user to run any extra authorization before the Ocelot authentication
/// kicks in</placeholder>
/// </value>
public Func<HttpContext, Func<Task>, Task> PreAuthorisationMiddleware { get; set; }
public Func<HttpContext, Func<Task>, Task> PreAuthorizationMiddleware { get; set; }
/// <summary>
/// This allows the user to completely override the ocelot authorisation middleware
/// This allows the user to completely override the ocelot authorization middleware
/// </summary>
/// <value>
/// <placeholder>This allows the user to completely override the ocelot authorisation middleware</placeholder>
/// <placeholder>This allows the user to completely override the ocelot authorization middleware</placeholder>
/// </value>
public Func<HttpContext, Func<Task>, Task> AuthorisationMiddleware { get; set; }
public Func<HttpContext, Func<Task>, Task> AuthorizationMiddleware { get; set; }
/// <summary>
/// This allows the user to implement there own query string manipulation logic

16
src/Ocelot/Middleware/OcelotPipelineExtensions.cs
View File

@@ -8,7 +8,7 @@
using Ocelot.Responder.Middleware;
using Ocelot.Security.Middleware;
using Ocelot.Authentication.Middleware;
using Ocelot.Authorisation.Middleware;
using Ocelot.Authorization.Middleware;
using Ocelot.Cache.Middleware;
using Ocelot.Claims.Middleware;
using Ocelot.DownstreamRouteFinder.Middleware;
@@ -102,23 +102,23 @@
app.Use(pipelineConfiguration.AuthenticationMiddleware);
}
// The next thing we do is look at any claims transforms in case this is important for authorisation
// The next thing we do is look at any claims transforms in case this is important for authorization
app.UseClaimsToClaimsMiddleware();
// Allow pre authorisation logic. The idea being people might want to run something custom before what is built in.
app.UseIfNotNull(pipelineConfiguration.PreAuthorisationMiddleware);
// Allow pre authorization logic. The idea being people might want to run something custom before what is built in.
app.UseIfNotNull(pipelineConfiguration.PreAuthorizationMiddleware);
// Now we have authenticated and done any claims transformation we
// can authorise the request
// can authorize the request
// We allow the ocelot middleware to be overriden by whatever the
// user wants
if (pipelineConfiguration.AuthorisationMiddleware == null)
if (pipelineConfiguration.AuthorizationMiddleware == null)
{
app.UseAuthorisationMiddleware();
app.UseAuthorizationMiddleware();
}
else
{
app.Use(pipelineConfiguration.AuthorisationMiddleware);
app.Use(pipelineConfiguration.AuthorizationMiddleware);
}
// Now we can run the claims to headers transformation middleware

4
src/Ocelot/Responder/ErrorsToHttpStatusCodeMapper.cs
View File

@@ -14,8 +14,8 @@ namespace Ocelot.Responder
}
if (errors.Any(e => e.Code == OcelotErrorCode.UnauthorizedError
|| e.Code == OcelotErrorCode.ClaimValueNotAuthorisedError
|| e.Code == OcelotErrorCode.ScopeNotAuthorisedError
|| e.Code == OcelotErrorCode.ClaimValueNotAuthorizedError
|| e.Code == OcelotErrorCode.ScopeNotAuthorizedError
|| e.Code == OcelotErrorCode.UserDoesNotHaveClaimError
|| e.Code == OcelotErrorCode.CannotFindClaimError))
{