From a47ced724c29b19b2adb8a1ecfb871a4ce06e3db Mon Sep 17 00:00:00 2001 From: Harald Wolff-Thobaben Date: Sat, 28 May 2022 19:25:25 +0200 Subject: [PATCH] Improvements to A&A classes --- ln.http/HttpPrincipal.cs | 45 +++++++++++++++--------------------- ln.http/HttpRouter.cs | 5 +++- ln.http/RoleAuthorization.cs | 4 ++-- 3 files changed, 25 insertions(+), 29 deletions(-) diff --git a/ln.http/HttpPrincipal.cs b/ln.http/HttpPrincipal.cs index 0f94ca6..6411342 100644 --- a/ln.http/HttpPrincipal.cs +++ b/ln.http/HttpPrincipal.cs @@ -1,6 +1,4 @@ using System.Collections.Generic; -using System.Text; -using ln.http.router; namespace ln.http { @@ -9,35 +7,30 @@ namespace ln.http public string UniqueId { get; set; } public string Username { get; set; } - public HttpPrincipal AuthenticatedPrincipal { get; set; } + /** + * If this principal is a delegated one, authenticated by another principal + */ + public HttpPrincipal AuthenticatedPrincipal { get; } - private Dictionary permissions = new Dictionary(); - public IEnumerable> Permissions => permissions; + private HashSet _roles = new HashSet(); + public IReadOnlySet Roles => _roles; - public void AddPermission(string roleName, HttpAccessRights accessRights) + public bool HasRole(string role) => _roles.Contains(role); + + public HttpPrincipal(string uniquedId, string username, string[] roles) { - if (permissions.TryGetValue(roleName, out HttpAccessRights roleAccessFlags)) - { - roleAccessFlags |= accessRights; - permissions[roleName] = roleAccessFlags; - } - else - { - permissions.Add(roleName, accessRights); - } + UniqueId = uniquedId; + Username = username; + foreach (var role in roles) + _roles.Add(role); } - public void RemovePermission(string roleName, HttpAccessRights accessRights) - { - if (permissions.TryGetValue(roleName, out HttpAccessRights roleAccessFlags)) - { - roleAccessFlags &= ~accessRights; - permissions[roleName] = roleAccessFlags; - } - } - public bool HasPermission(string roleName, HttpAccessRights accessRights) => - permissions.TryGetValue(roleName, out HttpAccessRights roleAccessFlags) && - ((roleAccessFlags & accessRights) == accessRights); + public HttpPrincipal(string uniquedId, string username, string[] roles, HttpPrincipal authenticatedPrincipal) : + this(uniquedId, username, roles) + { + AuthenticatedPrincipal = authenticatedPrincipal; + } + public override string ToString() { if (AuthenticatedPrincipal is null) diff --git a/ln.http/HttpRouter.cs b/ln.http/HttpRouter.cs index 06679db..52f159f 100644 --- a/ln.http/HttpRouter.cs +++ b/ln.http/HttpRouter.cs @@ -162,7 +162,10 @@ namespace ln.http public bool Route(HttpContext httpContext) { if (AuthenticationRequired && httpContext.AuthenticatedPrincipal is null) - return false; + { + httpContext.Response = HttpResponse.Unauthorized().Header("WWW-Authenticate", "Basic"); + return true; + } if ((AuthorizationDelegate is not null) && (!AuthorizationDelegate(httpContext))) return false; diff --git a/ln.http/RoleAuthorization.cs b/ln.http/RoleAuthorization.cs index b978db7..63e9edd 100644 --- a/ln.http/RoleAuthorization.cs +++ b/ln.http/RoleAuthorization.cs @@ -5,9 +5,9 @@ namespace ln.http { public static class RoleAuthorization { - public static HttpAuthorizationDelegate Require(string roleName, HttpAccessRights accessRights) + public static HttpAuthorizationDelegate Require(string roleName) { - return context => context.AuthenticatedPrincipal?.HasPermission(roleName, accessRights) ?? false; + return context => context.AuthenticatedPrincipal?.HasRole(roleName) ?? false; } public static HttpAuthorizationDelegate RequireAll(params HttpAuthorizationDelegate[] authorizationDelegates)