Skip to content

Commit f2893bb

Browse files
idseefeldidseefeld
authored
Merge pull request #124 from idseefeld/develop
Update for sas token parsing
2 parents 8ce536b + 58bc0dc commit f2893bb

File tree

1 file changed

+49
-15
lines changed

1 file changed

+49
-15
lines changed

src/UmbracoFileSystemProviders.Azure/AzureFileSystem.cs

Lines changed: 49 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -627,26 +627,60 @@ private static CloudBlobContainer CreateContainer(CloudBlobClient cloudBlobClien
627627
}
628628

629629
CloudBlobContainer container = cloudBlobClient.GetContainerReference(containerName.ToLowerInvariant());
630-
if (cloudBlobClient.Credentials.IsSAS)
630+
if (!container.Exists())
631631
{
632-
// Shared access signatures (SAS) have some limitations compared to shared access keys
633-
// read more on: https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1
634-
string[] sasTokenProperties = cloudBlobClient.Credentials.SASToken.Split("&".ToCharArray(), StringSplitOptions.RemoveEmptyEntries);
635-
bool isAccountSas = sasTokenProperties.Where(k => k.ToLowerInvariant().StartsWith("si=")).FirstOrDefault() == null;
636-
if (isAccountSas)
632+
if (cloudBlobClient.Credentials.IsSAS)
637633
{
638-
container.CreateIfNotExists();
634+
// Shared access signatures (SAS) have some limitations compared to shared access keys
635+
// read more on: https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1
636+
string[] sasTokenProperties = cloudBlobClient.Credentials.SASToken.Split("&".ToCharArray(), StringSplitOptions.RemoveEmptyEntries);
637+
bool isAccountSas = sasTokenProperties.Where(k => k.ToLowerInvariant().StartsWith("ss=")).FirstOrDefault() != null;
639638

640-
// permissions can't be set!
641-
}
639+
string allowedServices = sasTokenProperties.Where(k => k.ToLowerInvariant().StartsWith("ss=")).FirstOrDefault();
640+
if (allowedServices != null)
641+
{
642+
allowedServices = allowedServices.Split('=')[1].ToLower();
643+
}
644+
else
645+
{
646+
allowedServices = string.Empty;
647+
}
642648

643-
return container;
644-
}
649+
string resourceTypes = sasTokenProperties.Where(k => k.ToLowerInvariant().StartsWith("srt=")).FirstOrDefault();
650+
if (resourceTypes != null)
651+
{
652+
resourceTypes = resourceTypes.Split('=')[1].ToLower();
653+
}
654+
else
655+
{
656+
resourceTypes = string.Empty;
657+
}
645658

646-
if (!container.Exists())
647-
{
648-
container.CreateIfNotExists();
649-
container.SetPermissions(new BlobContainerPermissions { PublicAccess = accessType });
659+
string permissions = sasTokenProperties.Where(k => k.ToLowerInvariant().StartsWith("sp=")).FirstOrDefault();
660+
if (permissions != null)
661+
{
662+
permissions = permissions.Split('=')[1].ToLower();
663+
}
664+
else
665+
{
666+
permissions = string.Empty;
667+
}
668+
669+
bool canCreateContainer = allowedServices.Contains('b') && resourceTypes.Contains('c') && permissions.Contains('c');
670+
if (canCreateContainer)
671+
{
672+
container.CreateIfNotExists();
673+
674+
// cannot set permissions with sas access
675+
}
676+
}
677+
else
678+
{
679+
container.CreateIfNotExists();
680+
BlobContainerPermissions newPermissions = container.GetPermissions();
681+
newPermissions.PublicAccess = accessType;
682+
container.SetPermissions(newPermissions);
683+
}
650684
}
651685

652686
return container;

0 commit comments

Comments
 (0)