Merge pull request #2 from Jakab-Laszlo/feature/any-policies

AnyPolicies attribute
+semver:minor

Author: tibitoth

AutSoftCore.sln

@@ -32,6 +32,8 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Tools", "Tools", "{4E394277
 		README.md = README.md
 	EndProjectSection
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AutSoft.AspNetCore.Auth", "src\AutSoft.AspNetCore.Auth\AutSoft.AspNetCore.Auth.csproj", "{6B158B44-E28E-4276-BB65-72CDA4163F39}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -62,6 +64,10 @@ Global
 		{D4D62897-E6D6-484E-AE4E-F3A0347ADD88}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{D4D62897-E6D6-484E-AE4E-F3A0347ADD88}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{D4D62897-E6D6-484E-AE4E-F3A0347ADD88}.Release|Any CPU.Build.0 = Release|Any CPU
+		{6B158B44-E28E-4276-BB65-72CDA4163F39}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{6B158B44-E28E-4276-BB65-72CDA4163F39}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{6B158B44-E28E-4276-BB65-72CDA4163F39}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{6B158B44-E28E-4276-BB65-72CDA4163F39}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -73,6 +79,7 @@ Global
 		{FF908529-9DDE-4DFB-ABA9-A2045E715B21} = {C46AA3F7-CBFE-428A-AA49-D1A1D40AB8A6}
 		{28371EF8-D3D3-40CA-AAE9-29D80AE0BF3F} = {C46AA3F7-CBFE-428A-AA49-D1A1D40AB8A6}
 		{D4D62897-E6D6-484E-AE4E-F3A0347ADD88} = {7029D162-AEB0-4B68-A21E-90ABCD21DAD3}
+		{6B158B44-E28E-4276-BB65-72CDA4163F39} = {C46AA3F7-CBFE-428A-AA49-D1A1D40AB8A6}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {E4767DF1-41A6-4BF0-A957-2718986D8BC7}

src/AutSoft.All/AutSoft.All.csproj

@@ -7,6 +7,7 @@
   </PropertyGroup>
 
   <ItemGroup>
+    <ProjectReference Include="..\AutSoft.AspNetCore.Auth\AutSoft.AspNetCore.Auth.csproj" />
     <ProjectReference Include="..\AutSoft.DbScaffolding.Identity\AutSoft.DbScaffolding.Identity.csproj" />
     <ProjectReference Include="..\AutSoft.Linq\AutSoft.Linq.csproj" />
   </ItemGroup>

src/AutSoft.All/ServiceCollectionExtensions.cs

@@ -1,3 +1,4 @@
+using AutSoft.AspNetCore.Auth;
 using AutSoft.Common;
 
 using Microsoft.Extensions.DependencyInjection;
@@ -15,6 +16,9 @@ public static class ServiceCollectionExtensions
     /// <returns>Expanded service collection</returns>
     public static IServiceCollection AddAutSoftAll(this IServiceCollection services)
     {
-        return services.AddAutSoftCommon();
+        services.AddAutSoftAspNetCoreAuth();
+        services.AddAutSoftCommon();
+
+        return services;
     }
 }

src/AutSoft.AspNetCore.Auth/AnyPolicies/AnyPoliciesAuthorizationHandler.cs

@@ -0,0 +1,42 @@
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace AutSoft.AspNetCore.Auth.AnyPolicies;
+
+/// <summary>
+/// Evulate the policies in the <see cref="AnyPoliciesRequirement"/> with OR relationship,
+/// so it is enough for one policy to pass the authorization requirement
+/// </summary>
+public class AnyPoliciesAuthorizationHandler : AuthorizationHandler<AnyPoliciesRequirement>
+{
+    private readonly IServiceProvider _serviceProvider;
+
+    /// <summary>
+    /// Initialize a new instance of the <see cref="AnyPoliciesAuthorizationHandler"/> class.
+    /// </summary>
+    /// <param name="serviceProvider">An instance of <see cref="IServiceProvider"/></param>
+    public AnyPoliciesAuthorizationHandler(IServiceProvider serviceProvider)
+    {
+        // Not possible to inject IAuthorizationService, because it would be a circular reference
+        _serviceProvider = serviceProvider;
+    }
+
+    /// <summary>
+    /// Evulate the policies in the <see cref="AnyPoliciesRequirement"/> with OR relationship,
+    /// with the help of <see cref="IAuthorizationService"/>
+    /// </summary>
+    protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, AnyPoliciesRequirement requirement)
+    {
+        var authorizationService = _serviceProvider.GetRequiredService<IAuthorizationService>();
+
+        foreach (var policy in requirement.Policies)
+        {
+            var result = await authorizationService.AuthorizeAsync(context.User, context.Resource, policy);
+            if (result.Succeeded)
+            {
+                context.Succeed(requirement);
+                return;
+            }
+        }
+    }
+}

src/AutSoft.AspNetCore.Auth/AnyPolicies/AnyPoliciesAuthorizeAttribute.cs

@@ -0,0 +1,38 @@
+using Microsoft.AspNetCore.Authorization;
+
+namespace AutSoft.AspNetCore.Auth.AnyPolicies;
+
+/// <summary>
+/// The policies, which are specified in the constructor or <see cref="Policies"/> property
+/// will be evulated with OR condition with help of <see cref="AnyPoliciesAuthorizationHandler"/>
+/// </summary>
+/// <remarks>
+/// The policies will be evulated in a new dinamically generated policy,
+/// what the <see cref="AnyPoliciesPolicyProvider"/> class generate.
+/// </remarks>
+public class AnyPoliciesAuthorizeAttribute : AuthorizeAttribute
+{
+    private string[] _policies = Array.Empty<string>();
+
+    /// <summary>
+    /// The policies in OR relationship
+    /// </summary>
+    public string[] Policies
+    {
+        get => _policies;
+        set
+        {
+            _policies = value;
+            Policy = AnyPoliciesPolicyProvider.GenerateDynamicPolicy(_policies);
+        }
+    }
+
+    /// <summary>
+    /// Initialize a new instance of the <see cref="AnyPoliciesAuthorizeAttribute"/> class.
+    /// </summary>
+    /// <param name="policies">The policies in OR relationship</param>
+    public AnyPoliciesAuthorizeAttribute(params string[] policies)
+    {
+        Policies = policies;
+    }
+}

src/AutSoft.AspNetCore.Auth/AnyPolicies/AnyPoliciesPolicyProvider.cs

@@ -0,0 +1,84 @@
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.Extensions.Options;
+
+namespace AutSoft.AspNetCore.Auth.AnyPolicies;
+
+/// <summary>
+/// Dynamically generate policies based on <see cref="AnyPoliciesAuthorizeAttribute"/>,
+/// that will contain a <see cref="AnyPoliciesRequirement"/> requirement.
+/// For anything not <see cref="AnyPoliciesAuthorizeAttribute"/>,
+/// the default policy provider (<see cref="DefaultAuthorizationPolicyProvider"/>) will return the policy.
+/// </summary>
+public class AnyPoliciesPolicyProvider : IAuthorizationPolicyProvider
+{
+    /// <summary>
+    /// Prefix of dinamically generated policy's name
+    /// </summary>
+    public const string PolicyPrefix = "AnyPolicies_";
+
+    private readonly DefaultAuthorizationPolicyProvider _fallbackPolicyProvider;
+
+    /// <summary>
+    /// Initialize a new instance of <see cref="AnyPoliciesPolicyProvider"/> class.
+    /// </summary>
+    /// <param name="options">Options of provider</param>
+    public AnyPoliciesPolicyProvider(IOptions<AuthorizationOptions> options)
+    {
+        _fallbackPolicyProvider = new DefaultAuthorizationPolicyProvider(options);
+    }
+
+    /// <summary>
+    /// Return with the name of policies from the name of dynamic policy
+    /// </summary>
+    /// <param name="dynamicPolicyName">The name of dinamic policy</param>
+    /// <returns>The name of policies</returns>
+    public static IEnumerable<string> GetPolicyNamesFromDynamicPolicy(string dynamicPolicyName)
+    {
+        return dynamicPolicyName[PolicyPrefix.Length..].Split(',');
+    }
+
+    /// <summary>
+    /// Generate a dynamic policy with the OR combine of policies
+    /// </summary>
+    /// <param name="policies">The policies to be combine</param>
+    /// <returns>The dynamic policy</returns>
+    public static string GenerateDynamicPolicy(IEnumerable<string> policies)
+    {
+        return PolicyPrefix + string.Join(",", policies);
+    }
+
+    /// <summary>
+    /// Return with the default authorization policy
+    /// </summary>
+    /// <returns>The default authorization policy</returns>
+    public Task<AuthorizationPolicy> GetDefaultPolicyAsync()
+    {
+        return _fallbackPolicyProvider.GetDefaultPolicyAsync();
+    }
+
+    /// <summary>
+    /// Return with the authorization policy with the specified policy name
+    /// </summary>
+    /// <param name="policyName">The specified policy name</param>
+    /// <returns>The authorization policy with the specified name</returns>
+    public Task<AuthorizationPolicy?> GetPolicyAsync(string policyName)
+    {
+        if (policyName.StartsWith(PolicyPrefix, StringComparison.OrdinalIgnoreCase))
+        {
+            var policies = GetPolicyNamesFromDynamicPolicy(policyName).ToArray();
+            var policy = new AuthorizationPolicyBuilder().AddRequirements(new AnyPoliciesRequirement(policies));
+            return Task.FromResult((AuthorizationPolicy?)policy.Build());
+        }
+
+        return _fallbackPolicyProvider.GetPolicyAsync(policyName);
+    }
+
+    /// <summary>
+    /// Return with the fallback policy
+    /// </summary>
+    /// <returns>The fallback policy</returns>
+    public Task<AuthorizationPolicy?> GetFallbackPolicyAsync()
+    {
+        return _fallbackPolicyProvider.GetFallbackPolicyAsync();
+    }
+}

src/AutSoft.AspNetCore.Auth/AnyPolicies/AnyPoliciesRequirement.cs

@@ -0,0 +1,23 @@
+using Microsoft.AspNetCore.Authorization;
+
+namespace AutSoft.AspNetCore.Auth.AnyPolicies;
+
+/// <summary>
+/// Requirement of wanted to combine OR authorizations
+/// </summary>
+public class AnyPoliciesRequirement : IAuthorizationRequirement
+{
+    /// <summary>
+    /// Initialize a new instance of <see cref="AnyPoliciesRequirement"/> class.
+    /// </summary>
+    /// <param name="policies">Array of policies to be combined</param>
+    public AnyPoliciesRequirement(params string[] policies)
+    {
+        Policies = policies;
+    }
+
+    /// <summary>
+    /// Policies to be combine OR
+    /// </summary>
+    public IEnumerable<string> Policies { get; }
+}

src/AutSoft.AspNetCore.Auth/AutSoft.AspNetCore.Auth.csproj

@@ -0,0 +1,13 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>net6.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Authorization" />
+  </ItemGroup>
+
+</Project>

src/AutSoft.AspNetCore.Auth/ServiceCollectionExtensions.cs

@@ -0,0 +1,24 @@
+using AutSoft.AspNetCore.Auth.AnyPolicies;
+
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace AutSoft.AspNetCore.Auth;
+
+/// <summary>
+/// Register all relevant services into dependency injection container
+/// </summary>
+public static class ServiceCollectionExtensions
+{
+    /// <summary>
+    /// Register all relevant services into dependency injection container
+    /// </summary>
+    /// <returns>Expanded service collection</returns>
+    public static IServiceCollection AddAutSoftAspNetCoreAuth(this IServiceCollection services)
+    {
+        services.AddSingleton<IAuthorizationPolicyProvider, AnyPoliciesPolicyProvider>();
+        services.AddSingleton<IAuthorizationHandler, AnyPoliciesAuthorizationHandler>();
+
+        return services;
+    }
+}

src/Directory.Packages.props

@@ -7,6 +7,7 @@
   <ItemGroup>
     <PackageVersion Include="AutoMapper" Version="11.0.1" />
     <PackageVersion Include="EntityFrameworkCore.Scaffolding.Handlebars" Version="6.0.3" />
+    <PackageVersion Include="Microsoft.AspNetCore.Authorization" Version="6.0.8" />
     <PackageVersion Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="6.0.8" />
     <PackageVersion Include="Microsoft.EntityFrameworkCore" Version="6.0.8" />
     <PackageVersion Include="Microsoft.EntityFrameworkCore.Design" Version="6.0.8" />