-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
#913 #1066 ScopesAuthorizer refactoring #1478
base: develop
Are you sure you want to change the base?
Conversation
The build is broken, it fails on irrelevant part from this PR. #1436 fixes is I think. |
This is still an issue. Adding my 👍 to get this small and valuable PR merged. |
Please do the following:
|
Mehmet, Unfortunately the last build is failed: 5 acceptance tests have failed! Why is your PR code so unstable? |
I haven't found out the reason why the tests failed with a quick look. I couldn't figure out the tests structure. When I have time I'll look into it. |
@mehyaa Could you add me as collaborator to your forked repo please? I will fix develop branch because now it has the diff, but both develop branches should be identical. |
@raman-m I've fixed the tests. Failing tests were written for the bug that requires one of allowed scopes. I've changed the claims and allowed scopes on tests so they can test the correct conditions. For adding new tests to test |
@raman-m I've added you as collaborator on my fork, you can fix the diff or guide me to how-to. |
Interestingly some irrelevant tests fail irregularly. |
Thanks for fixing of failed tests!
No, at least one new test should cover claims logic having them multiple in the related config property. Come on! We've changed the logic from single Scope to multiple ones! And it is definitely right time to cover these changes. I have idea: let's write tests for each linked issue:
Sounds good? |
Thanks for adding me as collaborator! |
Don't worry! This is unstable scenario: Ocelot.AcceptanceTests.ConfigurationReloadTests.should_reload_config_on_change |
@mehyaa |
Predecessor |
Scopes can be a space separated list in a single claim. Include this possibility on allowed scopes check.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewing the currently open PR #1431 would be beneficial, as it involves the development of similar changes, but with a more in-depth analysis of the problem within the context of existing auth-provider functionality.
if (scope.Contains(' ')) | ||
{ | ||
userScopes = scope.Split(' ', StringSplitOptions.RemoveEmptyEntries); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's impossible to predict the body (serialized data) of the token from an unknown Auth-provider.
May I ask which Auth provider you utilize in your project?
|
||
if (!matchesScopes.Any()) | ||
if (routeAllowedScopes.Except(userScopes).Any()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This logic inversion is feasible, yet it appears redundant. It seems to be a minor refactoring aimed at reducing the number of lines in the code.
Finally, it is useless change!
Additionally, the valuable suggestion from the previous code review was overlooked. This recommendation is more logical than the favored Except
helper.
|
||
var matchesScopes = routeAllowedScopes.Intersect(userScopes); | ||
if (userScopes.Count == 1) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The if
-block ought to be relocated to IClaimsParser
to preserve the existing logic intact. Consequently, you must inject your specialized IClaimsParser
service to generate the precise list of claims.
@mehyaa commented on Sep 14, 2023
Okay, I just visited your repository and realized I don't have permission to sync the fork because you haven't added me as a collaborator yet. |
Easy pal, I've added you as collaborator on Sep 14, 2023 and you have performed Sync fork operation on Sep 15, 2023. I've not perform any operation on that fork afterwards so I have no idea why you are not a collaborator now. I've added you as collaborator again now but your attitude is not elegant, I have no grudge or what so ever towards you so why should I lie for anything, you can ask again kindly for this or anything within my reach. Later. |
Thank you for adding me as a collaborator! |
Fixes #913 #1066
Scopes can be a space separated list in a single claim. Include this possibility on allowed scopes check.
Proposed Changes
Predecessor