Fix for #1849

mathewc · mathewc · commit 4529fd6fe44d · 2017-08-30T13:40:41.000-07:00
diff --git a/src/WebJobs.Script/Extensions/HttpRequestMessageExtensions.cs b/src/WebJobs.Script/Extensions/HttpRequestMessageExtensions.cs
@@ -60,19 +60,21 @@ public static bool IsAuthDisabled(this HttpRequestMessage request)
         /// the specified level.
         /// </summary>
         /// <param name="request">The request.</param>
-        /// <param name="level">The level to check.</param>
+        /// <param name="levelToCheck">The level to check.</param>
         /// <param name="keyName">Optional key name if key based auth is being used</param>
         /// <returns>True if the request is authorized at the specified level,
         /// false otherwise.</returns>
-        public static bool HasAuthorizationLevel(this HttpRequestMessage request, AuthorizationLevel level, string keyName = null)
+        public static bool HasAuthorizationLevel(this HttpRequestMessage request, AuthorizationLevel levelToCheck, string keyName = null)
         {
-            if (request.IsAuthDisabled())
+            if (request.IsAuthDisabled() || levelToCheck == AuthorizationLevel.Anonymous)
             {
+                // when auth is disabled or the required level is Anonymous
+                // the request is authorized
                 return true;
             }
 
-            var authorizationLevel = request.GetAuthorizationLevel();
-            if (authorizationLevel == AuthorizationLevel.Admin)
+            var requestAuthorizationLevel = request.GetAuthorizationLevel();
+            if (requestAuthorizationLevel == AuthorizationLevel.Admin)
             {
                 // requests authorized at admin level are always allowed
                 return true;
@@ -89,7 +91,7 @@ public static bool HasAuthorizationLevel(this HttpRequestMessage request, Author
             }
 
             // otherwise, the request level must exactly match the required level
-            return authorizationLevel == level;
+            return requestAuthorizationLevel == levelToCheck;
         }
 
         public static string GetHeaderValueOrDefault(this HttpRequestMessage request, string headerName)
diff --git a/test/WebJobs.Script.Tests/Extensions/HttpRequestMessageExtensions.cs b/test/WebJobs.Script.Tests/Extensions/HttpRequestMessageExtensions.cs
@@ -133,19 +133,23 @@ public void HasAuthorizationLevel_ReturnsExpectedValue()
         {
             var request = new HttpRequestMessage();
             Assert.True(request.HasAuthorizationLevel(AuthorizationLevel.Anonymous));
-
             Assert.False(request.HasAuthorizationLevel(AuthorizationLevel.Function));
+            Assert.False(request.HasAuthorizationLevel(AuthorizationLevel.Admin));
+
             request.SetProperty(ScriptConstants.AzureFunctionsHttpRequestAuthorizationLevelKey, AuthorizationLevel.Anonymous);
+            Assert.True(request.HasAuthorizationLevel(AuthorizationLevel.Anonymous));
             Assert.False(request.HasAuthorizationLevel(AuthorizationLevel.Function));
+            Assert.False(request.HasAuthorizationLevel(AuthorizationLevel.Admin));
+
             request.SetProperty(ScriptConstants.AzureFunctionsHttpRequestAuthorizationLevelKey, AuthorizationLevel.Function);
+            Assert.True(request.HasAuthorizationLevel(AuthorizationLevel.Anonymous));
             Assert.True(request.HasAuthorizationLevel(AuthorizationLevel.Function));
-            Assert.False(request.HasAuthorizationLevel(AuthorizationLevel.Anonymous));
-
             Assert.False(request.HasAuthorizationLevel(AuthorizationLevel.Admin));
+
             request.SetProperty(ScriptConstants.AzureFunctionsHttpRequestAuthorizationLevelKey, AuthorizationLevel.Admin);
-            Assert.True(request.HasAuthorizationLevel(AuthorizationLevel.Admin));
-            Assert.True(request.HasAuthorizationLevel(AuthorizationLevel.Function));
             Assert.True(request.HasAuthorizationLevel(AuthorizationLevel.Anonymous));
+            Assert.True(request.HasAuthorizationLevel(AuthorizationLevel.Function));
+            Assert.True(request.HasAuthorizationLevel(AuthorizationLevel.Admin));
 
             request.SetProperty(ScriptConstants.AzureFunctionsHttpRequestAuthorizationLevelKey, AuthorizationLevel.Anonymous);
             Assert.False(request.HasAuthorizationLevel(AuthorizationLevel.Admin));

Original file line number	Diff line number	Diff line change
`@@ -60,19 +60,21 @@ public static bool IsAuthDisabled(this HttpRequestMessage request)`
`60`	`60`	`/// the specified level.`
`61`	`61`	`/// </summary>`
`62`	`62`	`/// <param name="request">The request.</param>`
`63`		`- /// <param name="level">The level to check.</param>`
	`63`	`+ /// <param name="levelToCheck">The level to check.</param>`
`64`	`64`	`/// <param name="keyName">Optional key name if key based auth is being used</param>`
`65`	`65`	`/// <returns>True if the request is authorized at the specified level,`
`66`	`66`	`/// false otherwise.</returns>`
`67`		`- public static bool HasAuthorizationLevel(this HttpRequestMessage request, AuthorizationLevel level, string keyName = null)`
	`67`	`+ public static bool HasAuthorizationLevel(this HttpRequestMessage request, AuthorizationLevel levelToCheck, string keyName = null)`
`68`	`68`	`{`
`69`		`- if (request.IsAuthDisabled())`
	`69`	`+ if (request.IsAuthDisabled() \|\| levelToCheck == AuthorizationLevel.Anonymous)`
`70`	`70`	`{`
	`71`	`+ // when auth is disabled or the required level is Anonymous`
	`72`	`+ // the request is authorized`
`71`	`73`	`return true;`
`72`	`74`	`}`
`73`	`75`
`74`		`- var authorizationLevel = request.GetAuthorizationLevel();`
`75`		`- if (authorizationLevel == AuthorizationLevel.Admin)`
	`76`	`+ var requestAuthorizationLevel = request.GetAuthorizationLevel();`
	`77`	`+ if (requestAuthorizationLevel == AuthorizationLevel.Admin)`
`76`	`78`	`{`
`77`	`79`	`// requests authorized at admin level are always allowed`
`78`	`80`	`return true;`
`@@ -89,7 +91,7 @@ public static bool HasAuthorizationLevel(this HttpRequestMessage request, Author`
`89`	`91`	`}`
`90`	`92`
`91`	`93`	`// otherwise, the request level must exactly match the required level`
`92`		`- return authorizationLevel == level;`
	`94`	`+ return requestAuthorizationLevel == levelToCheck;`
`93`	`95`	`}`
`94`	`96`
`95`	`97`	`public static string GetHeaderValueOrDefault(this HttpRequestMessage request, string headerName)`