Merge branch 'main' into pse/add-event-hub-transport

PascalSenn · PascalSenn · commit ecdbd00ccd1f · 2024-06-12T19:24:41.000+02:00
diff --git a/src/Server/src/AspNet/Security/EnsureAuthenticatedMiddleware.cs b/src/Server/src/AspNet/Security/EnsureAuthenticatedMiddleware.cs
@@ -30,32 +30,38 @@ public async Task InvokeAsync(HttpContext context)
 
                 return;
             }
-            else
+
+            if (context.Request.Path.StartsWithSegments("/api")
+                || context.Request.Path.StartsWithSegments("/graphql")
+                || context.Request.Path.StartsWithSegments("/signalR")
+                || context.Request.Path.StartsWithSegments("/error"))
             {
-                if (context.Request.Path.StartsWithSegments("/api")
-                    || context.Request.Path.StartsWithSegments("/graphql")
-                    || context.Request.Path.StartsWithSegments("/signalR")
-                    || context.Request.Path.StartsWithSegments("/error"))
+                if (HasIdOpsRole(context))
                 {
-                    if (HasIdOpsRole(context))
-                    {
-                        await _next(context);
-                    }
-                    else
-                    {
-                        context.Response.StatusCode = 403;
-                        await context.Response.WriteAsync("Access denied!");
-                    }
+                    await _next(context);
                 }
-                else if (!context.User.Identity.IsAuthenticated)
+                else
+                {
+                    context.Response.StatusCode = 403;
+                    await context.Response.WriteAsync("Access denied!");
+                }
+            }
+            else if (!context.User.Identity.IsAuthenticated)
+            {
+                if (context.Request.Path == "/")
                 {
                     await context.ChallengeAsync();
                 }
                 else
                 {
-                    await _next(context);
+                    context.Response.StatusCode = 403;
+                    await context.Response.WriteAsync("Access denied!");
                 }
             }
+            else
+            {
+                await _next(context);
+            }
         }
 
         private bool HasIdOpsRole(HttpContext context)

Original file line number	Diff line number	Diff line change
`@@ -30,32 +30,38 @@ public async Task InvokeAsync(HttpContext context)`
`30`	`30`
`31`	`31`	`return;`
`32`	`32`	`}`
`33`		`- else`
	`33`	`+`
	`34`	`+ if (context.Request.Path.StartsWithSegments("/api")`
	`35`	`+ \|\| context.Request.Path.StartsWithSegments("/graphql")`
	`36`	`+ \|\| context.Request.Path.StartsWithSegments("/signalR")`
	`37`	`+ \|\| context.Request.Path.StartsWithSegments("/error"))`
`34`	`38`	`{`
`35`		`- if (context.Request.Path.StartsWithSegments("/api")`
`36`		`- \|\| context.Request.Path.StartsWithSegments("/graphql")`
`37`		`- \|\| context.Request.Path.StartsWithSegments("/signalR")`
`38`		`- \|\| context.Request.Path.StartsWithSegments("/error"))`
	`39`	`+ if (HasIdOpsRole(context))`
`39`	`40`	`{`
`40`		`- if (HasIdOpsRole(context))`
`41`		`- {`
`42`		`- await _next(context);`
`43`		`- }`
`44`		`- else`
`45`		`- {`
`46`		`- context.Response.StatusCode = 403;`
`47`		`- await context.Response.WriteAsync("Access denied!");`
`48`		`- }`
	`41`	`+ await _next(context);`
`49`	`42`	`}`
`50`		`- else if (!context.User.Identity.IsAuthenticated)`
	`43`	`+ else`
	`44`	`+ {`
	`45`	`+ context.Response.StatusCode = 403;`
	`46`	`+ await context.Response.WriteAsync("Access denied!");`
	`47`	`+ }`
	`48`	`+ }`
	`49`	`+ else if (!context.User.Identity.IsAuthenticated)`
	`50`	`+ {`
	`51`	`+ if (context.Request.Path == "/")`
`51`	`52`	`{`
`52`	`53`	`await context.ChallengeAsync();`
`53`	`54`	`}`
`54`	`55`	`else`
`55`	`56`	`{`
`56`		`- await _next(context);`
	`57`	`+ context.Response.StatusCode = 403;`
	`58`	`+ await context.Response.WriteAsync("Access denied!");`
`57`	`59`	`}`
`58`	`60`	`}`
	`61`	`+ else`
	`62`	`+ {`
	`63`	`+ await _next(context);`
	`64`	`+ }`
`59`	`65`	`}`
`60`	`66`
`61`	`67`	`private bool HasIdOpsRole(HttpContext context)`