diff --git a/src/BasicSample/Program.cs b/src/BasicSample/Program.cs index 4369d9e..54b1289 100644 --- a/src/BasicSample/Program.cs +++ b/src/BasicSample/Program.cs @@ -44,14 +44,14 @@ type Query { // remove claims to see the failure var authorizedUser = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim("role", "Admin") })); - string json = await schema.ExecuteAsync(_ => + string json = await schema.ExecuteAsync(options => { - _.Query = "{ viewer { id name } }"; - _.ValidationRules = serviceProvider + options.Query = "{ viewer { id name } }"; + options.ValidationRules = serviceProvider .GetServices() .Concat(DocumentValidator.CoreRules); - _.RequestServices = serviceProvider; - _.UserContext = new GraphQLUserContext { User = authorizedUser }; + options.RequestServices = serviceProvider; + options.UserContext = new GraphQLUserContext { User = authorizedUser }; }); Console.WriteLine(json); diff --git a/src/Directory.Build.props b/src/Directory.Build.props index cb62433..ee3685a 100644 --- a/src/Directory.Build.props +++ b/src/Directory.Build.props @@ -1,7 +1,7 @@ - 4.0.0-preview + 4.1.0-preview 8.0 Joe McBride MIT diff --git a/src/GraphQL.Authorization.ApiTests/GraphQL.Authorization.approved.txt b/src/GraphQL.Authorization.ApiTests/GraphQL.Authorization.approved.txt index e532611..8839758 100644 --- a/src/GraphQL.Authorization.ApiTests/GraphQL.Authorization.approved.txt +++ b/src/GraphQL.Authorization.ApiTests/GraphQL.Authorization.approved.txt @@ -63,6 +63,9 @@ namespace GraphQL.Authorization public ClaimAuthorizationRequirement(string claimType, System.Collections.Generic.IEnumerable allowedValues) { } public ClaimAuthorizationRequirement(string claimType, params string[] allowedValues) { } public ClaimAuthorizationRequirement(string claimType, System.Collections.Generic.IEnumerable allowedValues, System.Collections.Generic.IEnumerable displayValues) { } + public System.Collections.Generic.IEnumerable AllowedValues { get; } + public string ClaimType { get; } + public System.Collections.Generic.IEnumerable DisplayValues { get; } public System.Threading.Tasks.Task Authorize(GraphQL.Authorization.AuthorizationContext context) { } } public interface IAuthorizationEvaluator diff --git a/src/GraphQL.Authorization/Requirements/ClaimAuthorizationRequirement.cs b/src/GraphQL.Authorization/Requirements/ClaimAuthorizationRequirement.cs index 395d1e1..35f4904 100644 --- a/src/GraphQL.Authorization/Requirements/ClaimAuthorizationRequirement.cs +++ b/src/GraphQL.Authorization/Requirements/ClaimAuthorizationRequirement.cs @@ -11,10 +11,6 @@ namespace GraphQL.Authorization /// public class ClaimAuthorizationRequirement : IAuthorizationRequirement { - private readonly string _claimType; - private readonly IEnumerable _displayValues; - private readonly IEnumerable _allowedValues; - /// /// Creates a new instance of with /// the specified claim type. @@ -53,11 +49,28 @@ public ClaimAuthorizationRequirement(string claimType, params string[] allowedVa /// public ClaimAuthorizationRequirement(string claimType, IEnumerable allowedValues, IEnumerable displayValues) { - _claimType = claimType ?? throw new ArgumentNullException(nameof(claimType)); - _allowedValues = allowedValues ?? Enumerable.Empty(); - _displayValues = displayValues; + ClaimType = claimType ?? throw new ArgumentNullException(nameof(claimType)); + AllowedValues = allowedValues ?? Enumerable.Empty(); + DisplayValues = displayValues; } + /// + /// Claim type that claims principal from should have. + /// + public string ClaimType { get; } + + /// + /// List of claim values, which, if present, the claim must match. + /// + public IEnumerable AllowedValues { get; } + + /// + /// Specifies the set of displayed claim values that will be used + /// to generate an error message if the requirement is not met. + /// If null then values from are used. + /// + public IEnumerable DisplayValues { get; } + /// public Task Authorize(AuthorizationContext context) { @@ -65,29 +78,29 @@ public Task Authorize(AuthorizationContext context) if (context.User != null) { - if (_allowedValues == null || !_allowedValues.Any()) + if (AllowedValues == null || !AllowedValues.Any()) { found = context.User.Claims.Any( - claim => string.Equals(claim.Type, _claimType, StringComparison.OrdinalIgnoreCase)); + claim => string.Equals(claim.Type, ClaimType, StringComparison.OrdinalIgnoreCase)); } else { found = context.User.Claims.Any( - claim => string.Equals(claim.Type, _claimType, StringComparison.OrdinalIgnoreCase) - && _allowedValues.Contains(claim.Value, StringComparer.Ordinal)); + claim => string.Equals(claim.Type, ClaimType, StringComparison.OrdinalIgnoreCase) + && AllowedValues.Contains(claim.Value, StringComparer.Ordinal)); } } if (!found) { - if (_allowedValues != null && _allowedValues.Any()) + if (AllowedValues != null && AllowedValues.Any()) { - string values = string.Join(", ", _displayValues ?? _allowedValues); - context.ReportError($"Required claim '{_claimType}' with any value of '{values}' is not present."); + string values = string.Join(", ", DisplayValues ?? AllowedValues); + context.ReportError($"Required claim '{ClaimType}' with any value of '{values}' is not present."); } else { - context.ReportError($"Required claim '{_claimType}' is not present."); + context.ReportError($"Required claim '{ClaimType}' is not present."); } }