Policy tool enhancements (#123)

joshkempner · web-flow · commit 91d8ef5c814d · 2022-07-07T14:21:13.000-04:00
* Adds "--app-id" option to "add-app" subcommand
* Adds "--app-uri" as an option for add-app subcommand. Defaults to "http://localhost" which is deliberately different from the previous hard-coded default.
* Fixes bug that made --user-name optional when adding a user. Changed to object initializers for Option&lt;T&gt; construction to avoid similar such bugs in the future.
* Changes role name comparison to be case-insensitive.
* Fixes spelling of "principal" (was "principle"). This is a breaking change since it impacts multiple public interfaces that were created in RD 0.9.0.
diff --git a/src/ReactiveDomain.IdentityStorage.Tests/MockPrincipal.cs b/src/ReactiveDomain.IdentityStorage.Tests/MockPrincipal.cs
@@ -2,7 +2,7 @@
 
 namespace ReactiveDomain.IdentityStorage.Tests
 {
-    internal class MockPrinciple : IPrinciple
+    internal class MockPrincipal : IPrincipal
     {
         public string Provider { get; set; }
 
diff --git a/src/ReactiveDomain.IdentityStorage.Tests/SubjectRmTests.cs b/src/ReactiveDomain.IdentityStorage.Tests/SubjectRmTests.cs
@@ -64,12 +64,12 @@ public void can_get_subject_ids()
             Assert.Equal(sub3, testSub);
         }
         [Fact]
-        public void can_get_subject_id_for_principle()
+        public void can_get_subject_id_for_principal()
         {
             var userId = Guid.NewGuid();            
             var subjectId = AddNewSubject(userId, provider: AuthProvider, domain: AuthDomain);
-            var user = new MockPrinciple { Provider = AuthProvider, Domain = AuthDomain, SId = userId.ToString() };
-            Assert.True(_rm.TryGetSubjectIdForPrinciple(user, out var id));
+            var user = new MockPrincipal { Provider = AuthProvider, Domain = AuthDomain, SId = userId.ToString() };
+            Assert.True(_rm.TryGetSubjectIdForPrincipal(user, out var id));
             Assert.Equal(subjectId, id);
         }
         [Fact]
diff --git a/src/ReactiveDomain.IdentityStorage/ReadModels/PrincipalWrapper.cs b/src/ReactiveDomain.IdentityStorage/ReadModels/PrincipalWrapper.cs
@@ -0,0 +1,29 @@
+﻿using System.DirectoryServices.AccountManagement;
+using ReactiveDomain.Util;
+
+namespace ReactiveDomain.IdentityStorage.ReadModels
+{
+
+    public interface IPrincipal
+    {
+        string Provider { get; }
+        string Domain { get; }
+        string SId { get; }
+    }
+    public class PrincipalWrapper : IPrincipal
+    {
+        private readonly UserPrincipal _principal;
+
+        public PrincipalWrapper(UserPrincipal principal)
+        {
+            Ensure.NotNull(principal, nameof(principal));
+            _principal = principal;
+        }
+
+        public string Provider => _principal.ContextType.ToString();
+
+        public string Domain => _principal.Context.Name;
+
+        public string SId => _principal.Sid.ToString();
+    }
+}
diff --git a/src/ReactiveDomain.IdentityStorage/ReadModels/PrincipleWrapper.cs b/src/ReactiveDomain.IdentityStorage/ReadModels/PrincipleWrapper.cs
diff --git a/src/ReactiveDomain.IdentityStorage/ReadModels/SubjectsRm.cs b/src/ReactiveDomain.IdentityStorage/ReadModels/SubjectsRm.cs
@@ -48,14 +48,14 @@ public bool TryGetSubjectIdForUser(Guid userId, string provider, string domain,
             }
             return false;
         }
-        public bool TryGetSubjectIdForPrinciple(IPrinciple principle, out Guid subjectId)
+        public bool TryGetSubjectIdForPrincipal(IPrincipal principal, out Guid subjectId)
         {
             try
             {
 
-                if (SubjectsBySubClaim.TryGetValue(GetDomainCategory(principle.Provider, principle.Domain), out var subList))
+                if (SubjectsBySubClaim.TryGetValue(GetDomainCategory(principal.Provider, principal.Domain), out var subList))
                 {
-                    return subList.TryGetValue(principle.SId, out subjectId);
+                    return subList.TryGetValue(principal.SId, out subjectId);
                 }
             }
             catch
diff --git a/src/ReactiveDomain.IdentityStorage/Services/UserValidation.cs b/src/ReactiveDomain.IdentityStorage/Services/UserValidation.cs
@@ -89,7 +89,7 @@ public ValidationResult Validate(string domainName, string userName, string pass
 
                         if (authSucceeded)
                         {
-                            //build the Claims Principle to return in the token
+                            //build the Claims Principal to return in the token
                             result.IsValidated = true;
                             _userStore.UserAuthenticated(user, domainName, contextType.ToString(), remoteHttpAddress, clientId);
                             var additionalClaims = _userStore.GetAdditionalClaims(userId);
diff --git a/src/ReactiveDomain.PolicyTool/Program.cs b/src/ReactiveDomain.PolicyTool/Program.cs

Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,7 @@`
`2`	`2`
`3`	`3`	`namespace ReactiveDomain.IdentityStorage.Tests`
`4`	`4`	`{`
`5`		`- internal class MockPrinciple : IPrinciple`
	`5`	`+ internal class MockPrincipal : IPrincipal`
`6`	`6`	`{`
`7`	`7`	`public string Provider { get; set; }`
`8`	`8`
Original file line number	Diff line number	Diff line change
`@@ -64,12 +64,12 @@ public void can_get_subject_ids()`
`64`	`64`	`Assert.Equal(sub3, testSub);`
`65`	`65`	`}`
`66`	`66`	`[Fact]`
`67`		`- public void can_get_subject_id_for_principle()`
	`67`	`+ public void can_get_subject_id_for_principal()`
`68`	`68`	`{`
`69`	`69`	`var userId = Guid.NewGuid();`
`70`	`70`	`var subjectId = AddNewSubject(userId, provider: AuthProvider, domain: AuthDomain);`
`71`		`- var user = new MockPrinciple { Provider = AuthProvider, Domain = AuthDomain, SId = userId.ToString() };`
`72`		`- Assert.True(_rm.TryGetSubjectIdForPrinciple(user, out var id));`
	`71`	`+ var user = new MockPrincipal { Provider = AuthProvider, Domain = AuthDomain, SId = userId.ToString() };`
	`72`	`+ Assert.True(_rm.TryGetSubjectIdForPrincipal(user, out var id));`
`73`	`73`	`Assert.Equal(subjectId, id);`
`74`	`74`	`}`
`75`	`75`	`[Fact]`
Original file line number	Diff line number	Diff line change
`@@ -48,14 +48,14 @@ public bool TryGetSubjectIdForUser(Guid userId, string provider, string domain,`
`48`	`48`	`}`
`49`	`49`	`return false;`
`50`	`50`	`}`
`51`		`- public bool TryGetSubjectIdForPrinciple(IPrinciple principle, out Guid subjectId)`
	`51`	`+ public bool TryGetSubjectIdForPrincipal(IPrincipal principal, out Guid subjectId)`
`52`	`52`	`{`
`53`	`53`	`try`
`54`	`54`	`{`
`55`	`55`
`56`		`- if (SubjectsBySubClaim.TryGetValue(GetDomainCategory(principle.Provider, principle.Domain), out var subList))`
	`56`	`+ if (SubjectsBySubClaim.TryGetValue(GetDomainCategory(principal.Provider, principal.Domain), out var subList))`
`57`	`57`	`{`
`58`		`- return subList.TryGetValue(principle.SId, out subjectId);`
	`58`	`+ return subList.TryGetValue(principal.SId, out subjectId);`
`59`	`59`	`}`
`60`	`60`	`}`
`61`	`61`	`catch`
Original file line number	Diff line number	Diff line change
`@@ -89,7 +89,7 @@ public ValidationResult Validate(string domainName, string userName, string pass`
`89`	`89`
`90`	`90`	`if (authSucceeded)`
`91`	`91`	`{`
`92`		`- //build the Claims Principle to return in the token`
	`92`	`+ //build the Claims Principal to return in the token`
`93`	`93`	`result.IsValidated = true;`
`94`	`94`	`_userStore.UserAuthenticated(user, domainName, contextType.ToString(), remoteHttpAddress, clientId);`
`95`	`95`	`var additionalClaims = _userStore.GetAdditionalClaims(userId);`