Skip to content
This repository has been archived by the owner on Jul 31, 2024. It is now read-only.

Commit

Permalink
Improve query on cors origins. #3395 (#4203)
Browse files Browse the repository at this point in the history
  • Loading branch information
@brockallen
brockallen authored Mar 30, 2020
1 parent 9fb1aee commit 91f3211
Show file tree
Hide file tree
Showing 8 changed files with 47 additions and 53 deletions.
2 changes: 2 additions & 0 deletions src/EntityFramework.Storage/migrations/SqlServer/createdb.bat
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
dotnet ef database update -c PersistedGrantDbContext
dotnet ef database update -c ConfigurationDbContext
8 changes: 8 additions & 0 deletions src/EntityFramework.Storage/src/DbContexts/ConfigurationDbContext.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,14 @@ public ConfigurationDbContext(DbContextOptions<TContext> options, ConfigurationS
/// </value>
public DbSet<Client> Clients { get; set; }

/// <summary>
/// Gets or sets the clients' CORS origins.
/// </summary>
/// <value>
/// The clients CORS origins.
/// </value>
public DbSet<ClientCorsOrigin> ClientCorsOrigins { get; set; }

/// <summary>
/// Gets or sets the identity resources.
/// </summary>
Expand Down
8 changes: 8 additions & 0 deletions src/EntityFramework.Storage/src/Interfaces/IConfigurationDbContext.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,14 @@ public interface IConfigurationDbContext : IDisposable
/// The clients.
/// </value>
DbSet<Client> Clients { get; set; }

/// <summary>
/// Gets or sets the clients' CORS origins.
/// </summary>
/// <value>
/// The clients CORS origins.
/// </value>
DbSet<ClientCorsOrigin> ClientCorsOrigins { get; set; }

/// <summary>
/// Gets or sets the identity resources.
Expand Down
1 change: 1 addition & 0 deletions src/EntityFramework/host/Properties/launchSettings.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
"profiles": {
"Host": {
"commandName": "Project",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
},
Expand Down
24 changes: 10 additions & 14 deletions src/EntityFramework/migrations/SqlServer/Configuration/ClientsConsole.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ public static IEnumerable<Client> Get()
ClientId = "client",
ClientSecrets = {new Secret("secret".Sha256())},
AllowedGrantTypes = GrantTypes.ClientCredentials,
AllowedScopes = {"api1", "api2.read_only", IdentityServerConstants.LocalApi.ScopeName}
AllowedScopes = { "feature1", "feature2", IdentityServerConstants.LocalApi.ScopeName}
},

///////////////////////////////////////////
Expand All @@ -48,7 +48,7 @@ public static IEnumerable<Client> Get()
},
AccessTokenType = AccessTokenType.Jwt,
AllowedGrantTypes = GrantTypes.ClientCredentials,
AllowedScopes = {"api1", "api2.read_only"}
AllowedScopes = { "feature1", "feature2" }
},

///////////////////////////////////////////
Expand All @@ -73,7 +73,7 @@ public static IEnumerable<Client> Get()
}
},
AllowedGrantTypes = GrantTypes.ClientCredentials,
AllowedScopes = {"api1", "api2.read_only"}
AllowedScopes = { "feature1", "feature2" }
},

///////////////////////////////////////////
Expand All @@ -84,7 +84,7 @@ public static IEnumerable<Client> Get()
ClientId = "client.custom",
ClientSecrets = {new Secret("secret".Sha256())},
AllowedGrantTypes = {"custom", "custom.nosubject"},
AllowedScopes = {"api1", "api2.read_only"}
AllowedScopes = { "feature1", "feature2" }
},

///////////////////////////////////////////
Expand All @@ -100,8 +100,7 @@ public static IEnumerable<Client> Get()
{
IdentityServerConstants.StandardScopes.OpenId,
"custom.profile",
"api1",
"api2.read_only"
"feature1", "feature2"
}
},

Expand All @@ -118,8 +117,7 @@ public static IEnumerable<Client> Get()
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Email,
"api1",
"api2.read_only"
"feature1", "feature2"
}
},

Expand All @@ -140,8 +138,7 @@ public static IEnumerable<Client> Get()
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
"api1",
"api2.read_only"
"feature1", "feature2"
}
},
///////////////////////////////////////////
Expand All @@ -163,8 +160,7 @@ public static IEnumerable<Client> Get()
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
"api1",
"api2.read_only"
"feature1", "feature2"
}
},

Expand All @@ -177,7 +173,7 @@ public static IEnumerable<Client> Get()
ClientId = "roclient.reference",
ClientSecrets = {new Secret("secret".Sha256())},
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowedScopes = {"api1", "api2.read_only"},
AllowedScopes = {"feature1", "feature2"},
AccessTokenType = AccessTokenType.Reference
},

Expand All @@ -201,7 +197,7 @@ public static IEnumerable<Client> Get()
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
"api1", "api2.read_only", "api2.full_access"
"feature1", "feature2"
}
}
};
Expand Down
8 changes: 4 additions & 4 deletions src/EntityFramework/migrations/SqlServer/Configuration/ClientsWeb.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ public static IEnumerable<Client> Get()
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
"api1", "api2.read_only", "api2.full_access"
"feature1", "feature2"
}
},

Expand Down Expand Up @@ -73,7 +73,7 @@ public static IEnumerable<Client> Get()
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
"api1", "api2.read_only"
"feature1", "feature2"
}
},

Expand Down Expand Up @@ -105,7 +105,7 @@ public static IEnumerable<Client> Get()
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
"api1", "api2.read_only"
"feature1", "feature2"
}
},

Expand Down Expand Up @@ -137,7 +137,7 @@ public static IEnumerable<Client> Get()
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
"api1", "api2.read_only"
"feature1", "feature2"
}
}
};
Expand Down
32 changes: 7 additions & 25 deletions src/EntityFramework/migrations/SqlServer/Configuration/Resources.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,12 +28,12 @@ public class Resources
// simple version with ctor
new ApiResource("api1", "Some API 1")
{
// this is needed for introspection when using reference tokens
ApiSecrets = { new Secret("secret".Sha256()) },
//// this is needed for introspection when using reference tokens
//ApiSecrets = { new Secret("secret".Sha256()) },

//AllowedSigningAlgorithms = { "RS256", "ES256" }

Scopes = { "api1" }
Scopes = { "feature1" }
},

// expanded version if more control is needed
Expand All @@ -54,35 +54,17 @@ public class Resources
JwtClaimTypes.Email
},

Scopes = { "api2.full_access", "api2.read_only", "api2.internal" }
Scopes = { "feature2", "feature3" }
}
};

public static IEnumerable<ApiScope> ApiScopes = new[]
{
// local API
// todo: dom, should we also use a resource id for this?
new ApiScope(LocalApi.ScopeName),
new ApiScope("api1"),
new ApiScope
{
Name = "api2.full_access",
DisplayName = "Full access to API 2"
},
new ApiScope
{
Name = "api2.read_only",
DisplayName = "Read only access to API 2"
},
new ApiScope
{
Name = "api2.internal",
ShowInDiscoveryDocument = false,
UserClaims =
{
"internal_id"
}
},
new ApiScope("feature1"),
new ApiScope("feature2"),
new ApiScope("feature3"),
new ApiScope
{
Name = "transaction"
Expand Down
17 changes: 7 additions & 10 deletions src/EntityFramework/src/Services/CorsPolicyService.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,19 +42,16 @@ public CorsPolicyService(IHttpContextAccessor context, ILogger<CorsPolicyService
/// <returns></returns>
public async Task<bool> IsOriginAllowedAsync(string origin)
{
// doing this here and not in the ctor because: https://github.com/aspnet/CORS/issues/105
var dbContext = _context.HttpContext.RequestServices.GetRequiredService<IConfigurationDbContext>();

origin = origin.ToLowerInvariant();

var origins = await dbContext.Clients.AsNoTracking()
.Include(x => x.AllowedCorsOrigins).AsNoTracking()
.SelectMany(x => x.AllowedCorsOrigins.Select(y => y.Origin))
.ToListAsync();

var distinctOrigins = origins.Where(x => x != null).Distinct();
// doing this here and not in the ctor because: https://github.com/aspnet/CORS/issues/105
var dbContext = _context.HttpContext.RequestServices.GetRequiredService<IConfigurationDbContext>();

var isAllowed = distinctOrigins.Contains(origin, StringComparer.OrdinalIgnoreCase);
var query = from o in dbContext.ClientCorsOrigins
where o.Origin == origin
select o;

var isAllowed = await query.AnyAsync();

_logger.LogDebug("Origin {origin} is allowed: {originAllowed}", origin, isAllowed);

Expand Down

0 comments on commit 91f3211

Please sign in to comment.