Change private fields to public properties for ClaimAuthorizationRequirement (#178)

sungam3r · web-flow · commit a193954402be · 2021-12-11T22:01:10.000+03:00
diff --git a/src/BasicSample/Program.cs b/src/BasicSample/Program.cs
@@ -44,14 +44,14 @@ type Query {
             // remove claims to see the failure
             var authorizedUser = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim("role", "Admin") }));
 
-            string json = await schema.ExecuteAsync(_ =>
+            string json = await schema.ExecuteAsync(options =>
             {
-                _.Query = "{ viewer { id name } }";
-                _.ValidationRules = serviceProvider
+                options.Query = "{ viewer { id name } }";
+                options.ValidationRules = serviceProvider
                     .GetServices<IValidationRule>()
                     .Concat(DocumentValidator.CoreRules);
-                _.RequestServices = serviceProvider;
-                _.UserContext = new GraphQLUserContext { User = authorizedUser };
+                options.RequestServices = serviceProvider;
+                options.UserContext = new GraphQLUserContext { User = authorizedUser };
             });
 
             Console.WriteLine(json);
diff --git a/src/Directory.Build.props b/src/Directory.Build.props
@@ -1,7 +1,7 @@
 <Project>
 
   <PropertyGroup>
-    <VersionPrefix>4.0.0-preview</VersionPrefix>
+    <VersionPrefix>4.1.0-preview</VersionPrefix>
     <LangVersion>8.0</LangVersion>
     <Authors>Joe McBride</Authors>
     <PackageLicenseExpression>MIT</PackageLicenseExpression>
diff --git a/src/GraphQL.Authorization.ApiTests/GraphQL.Authorization.approved.txt b/src/GraphQL.Authorization.ApiTests/GraphQL.Authorization.approved.txt
@@ -63,6 +63,9 @@ namespace GraphQL.Authorization
         public ClaimAuthorizationRequirement(string claimType, System.Collections.Generic.IEnumerable<string> allowedValues) { }
         public ClaimAuthorizationRequirement(string claimType, params string[] allowedValues) { }
         public ClaimAuthorizationRequirement(string claimType, System.Collections.Generic.IEnumerable<string> allowedValues, System.Collections.Generic.IEnumerable<string> displayValues) { }
+        public System.Collections.Generic.IEnumerable<string> AllowedValues { get; }
+        public string ClaimType { get; }
+        public System.Collections.Generic.IEnumerable<string> DisplayValues { get; }
         public System.Threading.Tasks.Task Authorize(GraphQL.Authorization.AuthorizationContext context) { }
     }
     public interface IAuthorizationEvaluator
diff --git a/src/GraphQL.Authorization/Requirements/ClaimAuthorizationRequirement.cs b/src/GraphQL.Authorization/Requirements/ClaimAuthorizationRequirement.cs
@@ -11,10 +11,6 @@ namespace GraphQL.Authorization
     /// </summary>
     public class ClaimAuthorizationRequirement : IAuthorizationRequirement
     {
-        private readonly string _claimType;
-        private readonly IEnumerable<string> _displayValues;
-        private readonly IEnumerable<string> _allowedValues;
-
         /// <summary>
         /// Creates a new instance of <see cref="ClaimAuthorizationRequirement"/> with
         /// the specified claim type.
@@ -53,41 +49,58 @@ public ClaimAuthorizationRequirement(string claimType, params string[] allowedVa
         /// </summary>
         public ClaimAuthorizationRequirement(string claimType, IEnumerable<string> allowedValues, IEnumerable<string> displayValues)
         {
-            _claimType = claimType ?? throw new ArgumentNullException(nameof(claimType));
-            _allowedValues = allowedValues ?? Enumerable.Empty<string>();
-            _displayValues = displayValues;
+            ClaimType = claimType ?? throw new ArgumentNullException(nameof(claimType));
+            AllowedValues = allowedValues ?? Enumerable.Empty<string>();
+            DisplayValues = displayValues;
         }
 
+        /// <summary>
+        /// Claim type that claims principal from <see cref="AuthorizationContext"/> should have.
+        /// </summary>
+        public string ClaimType { get; }
+
+        /// <summary>
+        /// List of claim values, which, if present, the claim must match.
+        /// </summary>
+        public IEnumerable<string> AllowedValues { get; }
+
+        /// <summary>
+        /// Specifies the set of displayed claim values that will be used
+        /// to generate an error message if the requirement is not met.
+        /// If null then values from <see cref="AllowedValues"/> are used.
+        /// </summary>
+        public IEnumerable<string> DisplayValues { get; }
+
         /// <inheritdoc />
         public Task Authorize(AuthorizationContext context)
         {
             bool found = false;
 
             if (context.User != null)
             {
-                if (_allowedValues == null || !_allowedValues.Any())
+                if (AllowedValues == null || !AllowedValues.Any())
                 {
                     found = context.User.Claims.Any(
-                        claim => string.Equals(claim.Type, _claimType, StringComparison.OrdinalIgnoreCase));
+                        claim => string.Equals(claim.Type, ClaimType, StringComparison.OrdinalIgnoreCase));
                 }
                 else
                 {
                     found = context.User.Claims.Any(
-                        claim => string.Equals(claim.Type, _claimType, StringComparison.OrdinalIgnoreCase)
-                             && _allowedValues.Contains(claim.Value, StringComparer.Ordinal));
+                        claim => string.Equals(claim.Type, ClaimType, StringComparison.OrdinalIgnoreCase)
+                             && AllowedValues.Contains(claim.Value, StringComparer.Ordinal));
                 }
             }
 
             if (!found)
             {
-                if (_allowedValues != null && _allowedValues.Any())
+                if (AllowedValues != null && AllowedValues.Any())
                 {
-                    string values = string.Join(", ", _displayValues ?? _allowedValues);
-                    context.ReportError($"Required claim '{_claimType}' with any value of '{values}' is not present.");
+                    string values = string.Join(", ", DisplayValues ?? AllowedValues);
+                    context.ReportError($"Required claim '{ClaimType}' with any value of '{values}' is not present.");
                 }
                 else
                 {
-                    context.ReportError($"Required claim '{_claimType}' is not present.");
+                    context.ReportError($"Required claim '{ClaimType}' is not present.");
                 }
             }
 

Original file line number	Diff line number	Diff line change
`@@ -11,10 +11,6 @@ namespace GraphQL.Authorization`
`11`	`11`	`/// </summary>`
`12`	`12`	`public class ClaimAuthorizationRequirement : IAuthorizationRequirement`
`13`	`13`	`{`
`14`		`- private readonly string _claimType;`
`15`		`- private readonly IEnumerable<string> _displayValues;`
`16`		`- private readonly IEnumerable<string> _allowedValues;`
`17`		`-`
`18`	`14`	`/// <summary>`
`19`	`15`	`/// Creates a new instance of <see cref="ClaimAuthorizationRequirement"/> with`
`20`	`16`	`/// the specified claim type.`
`@@ -53,41 +49,58 @@ public ClaimAuthorizationRequirement(string claimType, params string[] allowedVa`
`53`	`49`	`/// </summary>`
`54`	`50`	`public ClaimAuthorizationRequirement(string claimType, IEnumerable<string> allowedValues, IEnumerable<string> displayValues)`
`55`	`51`	`{`
`56`		`- _claimType = claimType ?? throw new ArgumentNullException(nameof(claimType));`
`57`		`- _allowedValues = allowedValues ?? Enumerable.Empty<string>();`
`58`		`- _displayValues = displayValues;`
	`52`	`+ ClaimType = claimType ?? throw new ArgumentNullException(nameof(claimType));`
	`53`	`+ AllowedValues = allowedValues ?? Enumerable.Empty<string>();`
	`54`	`+ DisplayValues = displayValues;`
`59`	`55`	`}`
`60`	`56`
	`57`	`+ /// <summary>`
	`58`	`+ /// Claim type that claims principal from <see cref="AuthorizationContext"/> should have.`
	`59`	`+ /// </summary>`
	`60`	`+ public string ClaimType { get; }`
	`61`	`+`
	`62`	`+ /// <summary>`
	`63`	`+ /// List of claim values, which, if present, the claim must match.`
	`64`	`+ /// </summary>`
	`65`	`+ public IEnumerable<string> AllowedValues { get; }`
	`66`	`+`
	`67`	`+ /// <summary>`
	`68`	`+ /// Specifies the set of displayed claim values that will be used`
	`69`	`+ /// to generate an error message if the requirement is not met.`
	`70`	`+ /// If null then values from <see cref="AllowedValues"/> are used.`
	`71`	`+ /// </summary>`
	`72`	`+ public IEnumerable<string> DisplayValues { get; }`
	`73`	`+`
`61`	`74`	`/// <inheritdoc />`
`62`	`75`	`public Task Authorize(AuthorizationContext context)`
`63`	`76`	`{`
`64`	`77`	`bool found = false;`
`65`	`78`
`66`	`79`	`if (context.User != null)`
`67`	`80`	`{`
`68`		`- if (_allowedValues == null \|\| !_allowedValues.Any())`
	`81`	`+ if (AllowedValues == null \|\| !AllowedValues.Any())`
`69`	`82`	`{`
`70`	`83`	`found = context.User.Claims.Any(`
`71`		`- claim => string.Equals(claim.Type, _claimType, StringComparison.OrdinalIgnoreCase));`
	`84`	`+ claim => string.Equals(claim.Type, ClaimType, StringComparison.OrdinalIgnoreCase));`
`72`	`85`	`}`
`73`	`86`	`else`
`74`	`87`	`{`
`75`	`88`	`found = context.User.Claims.Any(`
`76`		`- claim => string.Equals(claim.Type, _claimType, StringComparison.OrdinalIgnoreCase)`
`77`		`- && _allowedValues.Contains(claim.Value, StringComparer.Ordinal));`
	`89`	`+ claim => string.Equals(claim.Type, ClaimType, StringComparison.OrdinalIgnoreCase)`
	`90`	`+ && AllowedValues.Contains(claim.Value, StringComparer.Ordinal));`
`78`	`91`	`}`
`79`	`92`	`}`
`80`	`93`
`81`	`94`	`if (!found)`
`82`	`95`	`{`
`83`		`- if (_allowedValues != null && _allowedValues.Any())`
	`96`	`+ if (AllowedValues != null && AllowedValues.Any())`
`84`	`97`	`{`
`85`		`- string values = string.Join(", ", _displayValues ?? _allowedValues);`
`86`		`- context.ReportError($"Required claim '{_claimType}' with any value of '{values}' is not present.");`
	`98`	`+ string values = string.Join(", ", DisplayValues ?? AllowedValues);`
	`99`	`+ context.ReportError($"Required claim '{ClaimType}' with any value of '{values}' is not present.");`
`87`	`100`	`}`
`88`	`101`	`else`
`89`	`102`	`{`
`90`		`- context.ReportError($"Required claim '{_claimType}' is not present.");`
	`103`	`+ context.ReportError($"Required claim '{ClaimType}' is not present.");`
`91`	`104`	`}`
`92`	`105`	`}`
`93`	`106`