feat: Add DefaultAuthenticationSchemes option

Signed-off-by: Sagilio <Sagilio@outlook.com>

Author: sagilio

.github/workflows/build-and-release.yml

@@ -83,11 +83,11 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v2
 
-      - name: Dry-run semantic-release
+      - name: Run semantic-release
         run: |
           export PATH=$PATH:$(yarn global bin)
           yarn global add semantic-release@17.2.4
-          semantic-release -d
+          semantic-release
 
   release-build-version:
     runs-on: windows-latest

src/Casbin.AspNetCore.Core/CasbinAuthorizationOptions.cs

@@ -10,8 +10,9 @@ public class CasbinAuthorizationOptions
         public string? DefaultModelPath { get; set; }
         public string? DefaultPolicyPath { get; set; }
         public Func<IServiceProvider, Model?, Enforcer>? DefaultEnforcerFactory { get; set; }
-        public string PreferSubClaimType { get; set; } = ClaimTypes.NameIdentifier;
+        public string? DefaultAuthenticationSchemes { get; set; }
         public IRequestTransformer? DefaultRequestTransformer { get; set; }
+        public string PreferSubClaimType { get; set; } = ClaimTypes.NameIdentifier;
         public bool AllowAnyone { get; set; } = false;
     }
 }

src/Casbin.AspNetCore.Core/CoreServiceCollectionExtension.cs

@@ -50,10 +50,10 @@ public static IServiceCollection AddCasbinAuthorizationCore(
             services.TryAddSingleton<ICasbinAuthorizationContextFactory, DefaultCasbinAuthorizationContextFactory>();
             services.TryAddScoped<IEnforceService, DefaultEnforcerService>();
             services.TryAddSingleton<IRequestTransformersCache, RequestTransformersCache>();
-            services.AddScoped<IAuthorizationHandler, CasbinAuthorizationHandler>();
-            services.AddSingleton<IRequestTransformer, BasicRequestTransformer>();
-            services.AddSingleton<IRequestTransformer, RbacRequestTransformer>();
-            services.AddSingleton<IRequestTransformer, KeyMatchRequestTransformer>();
+            services.TryAddScoped<IAuthorizationHandler, CasbinAuthorizationHandler>();
+            services.TryAddSingleton<IRequestTransformer, BasicRequestTransformer>();
+            services.TryAddSingleton<IRequestTransformer, RbacRequestTransformer>();
+            services.TryAddSingleton<IRequestTransformer, KeyMatchRequestTransformer>();
             services.AddAuthorizationCore();
             return services;
         }

src/Casbin.AspNetCore/Abstractions/ICasbinAuthorizationPolicyProvider.cs

@@ -0,0 +1,10 @@
+using System.Collections.Generic;
+using Microsoft.AspNetCore.Authorization;
+
+namespace Casbin.AspNetCore.Authorization
+{
+    public interface ICasbinAuthorizationPolicyProvider
+    {
+        public AuthorizationPolicy GetAuthorizationPolicy(IEnumerable<ICasbinAuthorizationData> authorizationData);
+    }
+}

src/Casbin.AspNetCore/Abstractions/ICasbinPolicyCreator.cs

@@ -25,7 +25,7 @@ public static IApplicationBuilder UseCasbinAuthorization(this IApplicationBuilde
 
         private static void VerifyServicesRegistered(IApplicationBuilder app)
         {
-            if (app.ApplicationServices.GetService(typeof(ICasbinPolicyCreator)) == null)
+            if (app.ApplicationServices.GetService(typeof(ICasbinAuthorizationPolicyProvider)) == null)
             {
                 throw new InvalidOperationException($"Unable to find the required services. Please add all the required services by calling '{nameof(IServiceCollection)}.{nameof(ServiceCollectionExtension.AddCasbinAuthorization)}' inside the call to 'ConfigureServices(...)' in the application startup code.");
             }

src/Casbin.AspNetCore/AppBuilderExtensions.cs

@@ -15,10 +15,10 @@ public class CasbinAuthorizationMiddleware
         private static readonly object s_casbinAuthorizationMiddlewareWithEndpointInvokedValue = new();
 
         private readonly RequestDelegate _next;
-        private readonly ICasbinPolicyCreator _policyCreator;
+        private readonly ICasbinAuthorizationPolicyProvider _policyCreator;
         private readonly IOptions<CasbinAuthorizationOptions> _options;
 
-        public CasbinAuthorizationMiddleware(RequestDelegate next, ICasbinPolicyCreator policyCreator, IOptions<CasbinAuthorizationOptions> options)
+        public CasbinAuthorizationMiddleware(RequestDelegate next, ICasbinAuthorizationPolicyProvider policyCreator, IOptions<CasbinAuthorizationOptions> options)
         {
             _next = next ?? throw new ArgumentNullException(nameof(next));
             _policyCreator = policyCreator ?? throw new ArgumentNullException(nameof(policyCreator));
@@ -48,7 +48,7 @@ public async Task Invoke(HttpContext context)
             }
 
             bool allowAnyone = _options.Value.AllowAnyone;
-            var policy = _policyCreator.Create(authorizeData);
+            var policy = _policyCreator.GetAuthorizationPolicy(authorizeData);
 
             AuthenticateResult? authenticateResult = null;
             if (allowAnyone is false)

src/Casbin.AspNetCore/CasbinAuthorizationMiddleware.cs

@@ -1,49 +1,77 @@
 using System;
 using System.Collections.Generic;
+using System.Linq;
 using Microsoft.AspNetCore.Authorization;
+using Microsoft.Extensions.Options;
+using Microsoft.JSInterop;
 
 namespace Casbin.AspNetCore.Authorization.Policy
 {
-    public class CasbinPolicyCreator : ICasbinPolicyCreator
+    public class DefaultCasbinAuthorizationPolicyProvider : ICasbinAuthorizationPolicyProvider
     {
-        public CasbinPolicyCreator()
+        public DefaultCasbinAuthorizationPolicyProvider(IOptions<CasbinAuthorizationOptions> options)
         {
-            _emptyPolicy = new AuthorizationPolicy(_casbinAuthorizationRequirements, Array.Empty<string>());
+            if (options is null)
+            {
+                throw new NullReferenceException(nameof(options));
+            }
+
+            string? defaultAuthenticationSchemes = options.Value.DefaultAuthenticationSchemes;
+            ICollection<string> authenticationSchemes = new List<string>();
+            if (defaultAuthenticationSchemes is not null)
+            {
+                AddAuthenticationSchemes(authenticationSchemes, defaultAuthenticationSchemes);
+            }
+            _defaultPolicy = new AuthorizationPolicy(_casbinAuthorizationRequirements, authenticationSchemes);
         }
 
         private readonly IEnumerable<IAuthorizationRequirement> _casbinAuthorizationRequirements =
-            new []{CasbinAuthorizationRequirement.Requirement};
+            new[] { CasbinAuthorizationRequirement.Requirement };
 
-        private readonly AuthorizationPolicy _emptyPolicy;
+        private readonly AuthorizationPolicy _defaultPolicy;
 
-        public AuthorizationPolicy Create(IEnumerable<ICasbinAuthorizationData> authorizationData)
+        public AuthorizationPolicy GetAuthorizationPolicy(IEnumerable<ICasbinAuthorizationData> authorizationData)
         {
             if (authorizationData is null)
             {
                 throw new ArgumentNullException(nameof(authorizationData));
             }
 
-            IList<string>? authenticationSchemes = null;
+            ICollection<string>? authenticationSchemes = null;
             foreach (var data in authorizationData)
             {
-                string[]? authTypesSplit = data.AuthenticationSchemes?.Split(',');
-                if (authTypesSplit is null || authTypesSplit.Length > 0 is false)
+                if (string.IsNullOrWhiteSpace(data.AuthenticationSchemes))
                 {
-                    return _emptyPolicy;
+                    continue;
                 }
 
-                authenticationSchemes ??= new List<string>();
+                authenticationSchemes = _defaultPolicy.AuthenticationSchemes as ICollection<string> ??
+                                        _defaultPolicy.AuthenticationSchemes.ToList();
+
+                AddAuthenticationSchemes(authenticationSchemes, data.AuthenticationSchemes);
+            }
 
-                foreach (var authType in authTypesSplit)
+            return authenticationSchemes is not null
+                    ? new AuthorizationPolicy(_casbinAuthorizationRequirements, authenticationSchemes)
+                    : _defaultPolicy;
+        }
+
+        private static void AddAuthenticationSchemes(ICollection<string> authenticationSchemes,
+            string authenticationSchemesString)
+        {
+            string[] authTypesSplit = authenticationSchemesString.Split(',');
+            if (authTypesSplit.Length == 0)
+            {
+                return;
+            }
+
+            foreach (var authType in authTypesSplit)
+            {
+                if (string.IsNullOrWhiteSpace(authType) is false)
                 {
-                    if (string.IsNullOrWhiteSpace(authType) is false)
-                    {
-                        authenticationSchemes.Add(authType.Trim());
-                    }
+                    authenticationSchemes.Add(authType.Trim());
                 }
             }
-
-            return authenticationSchemes is null ? _emptyPolicy : new AuthorizationPolicy(_casbinAuthorizationRequirements, authenticationSchemes);
         }
     }
 }

src/Casbin.AspNetCore/Policy/CasbinPolicyCreator.cs

@@ -30,7 +30,7 @@ public static IServiceCollection AddCasbinAuthorization(this IServiceCollection
             ServiceLifetime defaultModelProviderLifeTime = ServiceLifetime.Scoped)
         {
             services.TryAddTransient<ICasbinEvaluator, CasbinEvaluator>();
-            services.TryAddSingleton<ICasbinPolicyCreator, CasbinPolicyCreator>();
+            services.TryAddSingleton<ICasbinAuthorizationPolicyProvider, DefaultCasbinAuthorizationPolicyProvider>();
             services.TryAddSingleton<ICasbinAuthorizationMiddlewareResultHandler, CasbinAuthorizationMiddlewareResultHandler>();
             services.AddCasbinAuthorizationCore(configureOptions, defaultEnforcerProviderLifeTime, defaultModelProviderLifeTime);
             return services;

src/Casbin.AspNetCore/ServiceCollectionExtension.cs

@@ -7,7 +7,6 @@
 using Casbin.AspNetCore.Tests.Fixtures;
 using Casbin.AspNetCore.Tests.Utilities;
 using Microsoft.AspNetCore.Authentication;
-using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.DependencyInjection;
 using Xunit;
 
@@ -16,14 +15,14 @@ namespace Casbin.AspNetCore.Tests
     public class CasbinEvaluatorTest : IClassFixture<TestServerFixture>
     {
         private readonly IServiceProvider _serviceProvider;
-        private readonly ICasbinPolicyCreator _casbinPolicyCreator;
+        private readonly ICasbinAuthorizationPolicyProvider _casbinPolicyCreator;
         private readonly ICasbinAuthorizationContextFactory _casbinAuthorizationContextFactory;
         private const string s_defaultScheme = "context.User";
 
         public CasbinEvaluatorTest(TestServerFixture testServerFixture)
         {
             _serviceProvider = testServerFixture.TestServer.Services;
-            _casbinPolicyCreator = _serviceProvider.GetRequiredService<ICasbinPolicyCreator>();
+            _casbinPolicyCreator = _serviceProvider.GetRequiredService<ICasbinAuthorizationPolicyProvider>();
             _casbinAuthorizationContextFactory = _serviceProvider.GetRequiredService<ICasbinAuthorizationContextFactory>();
         }
 
@@ -47,7 +46,7 @@ public async Task ShouldBasicAuthorizeAsync(
             var casbinEvaluator = _serviceProvider.GetRequiredService<ICasbinEvaluator>();
             var casbinContext = _casbinAuthorizationContextFactory.CreateContext(
                 new CasbinAuthorizeAttribute(resource, action), httpContext);
-            var policy = _casbinPolicyCreator.Create(casbinContext.AuthorizationData);
+            var policy = _casbinPolicyCreator.GetAuthorizationPolicy(casbinContext.AuthorizationData);
             var result = AuthenticateResult.Success(new AuthenticationTicket(httpContext.User, s_defaultScheme));
 
             // Act
@@ -80,7 +79,7 @@ public async Task ShouldBasicAuthorizeWhenSpecIssuerAsync(
             var casbinEvaluator = _serviceProvider.GetRequiredService<ICasbinEvaluator>();
             var casbinContext = _casbinAuthorizationContextFactory.CreateContext(
                 new CasbinAuthorizeAttribute(resource, action) { Issuer = testIssuer }, httpContext);
-            var policy = _casbinPolicyCreator.Create(casbinContext.AuthorizationData);
+            var policy = _casbinPolicyCreator.GetAuthorizationPolicy(casbinContext.AuthorizationData);
             var result = AuthenticateResult.Success(new AuthenticationTicket(httpContext.User, s_defaultScheme));
 
             // Act
@@ -112,7 +111,7 @@ public async Task ShouldBasicAuthorizeWhenSpecSubClaimTypeAsync(
             var casbinContext = _casbinAuthorizationContextFactory.CreateContext(
                 new CasbinAuthorizeAttribute(resource, action) { PreferSubClaimType = testClaimType },
                 httpContext);
-            var policy = _casbinPolicyCreator.Create(casbinContext.AuthorizationData);
+            var policy = _casbinPolicyCreator.GetAuthorizationPolicy(casbinContext.AuthorizationData);
             var result = AuthenticateResult.Success(new AuthenticationTicket(httpContext.User, s_defaultScheme));
 
             // Act