[HttpWorker]Fix identities serialization (#5459)

pragnagopa · web-flow · commit acfb16269746 · 2020-01-14T18:59:27.000-08:00
diff --git a/src/WebJobs.Script/Extensions/HttpRequestExtensions.cs b/src/WebJobs.Script/Extensions/HttpRequestExtensions.cs
@@ -5,6 +5,7 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Net.Http.Headers;
+using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Extensions;
@@ -110,7 +111,7 @@ public static bool IsMediaTypeOctetOrMultipart(this HttpRequest request)
         public static async Task<JObject> GetRequestAsJObject(this HttpRequest request)
         {
             var jObjectHttp = new JObject();
-            jObjectHttp["Url"] = $"{(request.IsHttps ? "https" : "http")}://{request.Host.ToString()}{request.Path.ToString()}{request.QueryString.ToString()}"; // [http|https]://{url}{path}{query}
+            jObjectHttp["Url"] = $"{(request.IsHttps ? "https" : "http")}://{request.Host.ToString()}{request.Path.ToString()}{request.QueryString.ToString()}";
             jObjectHttp["Method"] = request.Method.ToString();
             if (request.Query != null)
             {
@@ -131,7 +132,7 @@ public static async Task<JObject> GetRequestAsJObject(this HttpRequest request)
 
             if (request.HttpContext?.User?.Identities != null)
             {
-                jObjectHttp["Identities"] = JsonConvert.SerializeObject(request.HttpContext.User.Identities);
+                jObjectHttp["Identities"] = GetUserIdentitiesAsString(request.HttpContext.User.Identities);
             }
 
             // parse request body as content-type
@@ -165,5 +166,14 @@ internal static IDictionary<string, string> GetQueryCollectionAsDictionary(this
             }
             return queryParamsDictionary;
         }
+
+        internal static string GetUserIdentitiesAsString(IEnumerable<ClaimsIdentity> claimsIdentities)
+        {
+            return JsonConvert.SerializeObject(claimsIdentities, new JsonSerializerSettings
+            {
+                // Claims property in Identities had circular reference to property 'Subject'
+                ReferenceLoopHandling = ReferenceLoopHandling.Ignore
+            });
+        }
     }
 }
diff --git a/test/WebJobs.Script.Tests/Extensions/HttpRequestExtensionsTest.cs b/test/WebJobs.Script.Tests/Extensions/HttpRequestExtensionsTest.cs
@@ -3,6 +3,8 @@
 
 using System;
 using System.Collections.Generic;
+using System.Security.Claims;
+using System.Security.Principal;
 using System.Text;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Azure.WebJobs.Script.Config;
@@ -39,5 +41,27 @@ public void IsAppServiceInternalRequest_ReturnsExpectedResult()
                 Assert.True(request.IsAppServiceInternalRequest());
             }
         }
+
+        [Fact]
+        public void ConvertUserIdentitiesToString_RemovesCircularReference()
+        {
+            string expectedUserIdentities = "[{\"AuthenticationType\":\"TestAuthType\",\"IsAuthenticated\":true";
+            IIdentity identity = new TestIdentity();
+            Claim claim = new Claim("authlevel", "admin", "test", "LOCAL AUTHORITY", "LOCAL AUTHORITY");
+            List<Claim> claims = new List<Claim>() { claim };
+            ClaimsIdentity claimsIdentity = new ClaimsIdentity(identity, claims);
+            List<ClaimsIdentity> claimsIdentities = new List<ClaimsIdentity>() { claimsIdentity };
+            string userIdentitiesString = HttpRequestExtensions.GetUserIdentitiesAsString(claimsIdentities);
+            Assert.Contains(expectedUserIdentities, userIdentitiesString);
+        }
+    }
+
+    internal class TestIdentity : IIdentity
+    {
+        public string AuthenticationType => "TestAuthType";
+
+        public bool IsAuthenticated => true;
+
+        public string Name => "TestIdentityName";
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,7 @@`
`5`	`5`	`using System.Collections.Generic;`
`6`	`6`	`using System.Linq;`
`7`	`7`	`using System.Net.Http.Headers;`
	`8`	`+using System.Security.Claims;`
`8`	`9`	`using System.Threading.Tasks;`
`9`	`10`	`using Microsoft.AspNetCore.Http;`
`10`	`11`	`using Microsoft.AspNetCore.Http.Extensions;`
`@@ -110,7 +111,7 @@ public static bool IsMediaTypeOctetOrMultipart(this HttpRequest request)`
`110`	`111`	`public static async Task<JObject> GetRequestAsJObject(this HttpRequest request)`
`111`	`112`	`{`
`112`	`113`	`var jObjectHttp = new JObject();`
`113`		`- jObjectHttp["Url"] = $"{(request.IsHttps ? "https" : "http")}://{request.Host.ToString()}{request.Path.ToString()}{request.QueryString.ToString()}"; // [http\|https]://{url}{path}{query}`
	`114`	`+ jObjectHttp["Url"] = $"{(request.IsHttps ? "https" : "http")}://{request.Host.ToString()}{request.Path.ToString()}{request.QueryString.ToString()}";`
`114`	`115`	`jObjectHttp["Method"] = request.Method.ToString();`
`115`	`116`	`if (request.Query != null)`
`116`	`117`	`{`
`@@ -131,7 +132,7 @@ public static async Task<JObject> GetRequestAsJObject(this HttpRequest request)`
`131`	`132`
`132`	`133`	`if (request.HttpContext?.User?.Identities != null)`
`133`	`134`	`{`
`134`		`- jObjectHttp["Identities"] = JsonConvert.SerializeObject(request.HttpContext.User.Identities);`
	`135`	`+ jObjectHttp["Identities"] = GetUserIdentitiesAsString(request.HttpContext.User.Identities);`
`135`	`136`	`}`
`136`	`137`
`137`	`138`	`// parse request body as content-type`
`@@ -165,5 +166,14 @@ internal static IDictionary<string, string> GetQueryCollectionAsDictionary(this`
`165`	`166`	`}`
`166`	`167`	`return queryParamsDictionary;`
`167`	`168`	`}`
	`169`	`+`
	`170`	`+ internal static string GetUserIdentitiesAsString(IEnumerable<ClaimsIdentity> claimsIdentities)`
	`171`	`+ {`
	`172`	`+ return JsonConvert.SerializeObject(claimsIdentities, new JsonSerializerSettings`
	`173`	`+ {`
	`174`	`+ // Claims property in Identities had circular reference to property 'Subject'`
	`175`	`+ ReferenceLoopHandling = ReferenceLoopHandling.Ignore`
	`176`	`+ });`
	`177`	`+ }`
`168`	`178`	`}`
`169`	`179`	`}`