Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

#913 #1066 ScopesAuthorizer refactoring #1478

Open
wants to merge 13 commits into
base: develop
Choose a base branch
from

Conversation

mehyaa
Copy link

@mehyaa mehyaa commented May 31, 2021

Fixes #913 #1066

Scopes can be a space separated list in a single claim. Include this possibility on allowed scopes check.

Proposed Changes

  • Split user scope values with space character if scope claim is an single claim and its value has space character(s)
  • User scopes must have all allowed scopes

Predecessor

@mehyaa
Copy link
Author

mehyaa commented Jun 1, 2021

The build is broken, it fails on irrelevant part from this PR. #1436 fixes is I think.

@PatrickDelancy
Copy link

This is still an issue. Adding my 👍 to get this small and valuable PR merged.

@raman-m
Copy link
Member

raman-m commented Jun 30, 2023

Please do the following:

  • Merge PR 1
  • Rebase feature branch onto develop
  • Resolve all merge conflicts

@raman-m
Copy link
Member

raman-m commented Aug 18, 2023

Mehmet,
Thanks for resolving of merge conflicts!

Unfortunately the last build is failed: 5 acceptance tests have failed!

Why is your PR code so unstable?

@mehyaa
Copy link
Author

mehyaa commented Aug 18, 2023

I haven't found out the reason why the tests failed with a quick look. I couldn't figure out the tests structure. When I have time I'll look into it.

@raman-m
Copy link
Member

raman-m commented Aug 24, 2023

@mehyaa
The feature branch has been rebased onto ThreeMammals:develop successfully!
The build has failed with 5 tests!
Code review will start after fixing of these failed tests.
Also, some new tests should cover your proposed changes in the ScopesAuthorizer class.

Could you add me as collaborator to your forked repo please? I will fix develop branch because now it has the diff, but both develop branches should be identical.

@raman-m raman-m added bug Identified as a potential bug proposal Proposal for a new functionality in Ocelot needs feedback Issue is waiting on feedback before acceptance labels Aug 24, 2023
@raman-m raman-m added help wanted Not actively being worked on. If you plan to contribute, please drop a note. medium effort Likely a few days of development effort labels Aug 24, 2023
@mehyaa
Copy link
Author

mehyaa commented Sep 14, 2023

@raman-m I've fixed the tests. Failing tests were written for the bug that requires one of allowed scopes. I've changed the claims and allowed scopes on tests so they can test the correct conditions.

For adding new tests to test ScopesAuthorizer, the current tests seem pretty sufficient.

@mehyaa
Copy link
Author

mehyaa commented Sep 14, 2023

@raman-m I've added you as collaborator on my fork, you can fix the diff or guide me to how-to.

@mehyaa
Copy link
Author

mehyaa commented Sep 15, 2023

Interestingly some irrelevant tests fail irregularly.

@raman-m
Copy link
Member

raman-m commented Sep 15, 2023

@mehyaa commented on Sep 14, 11:38 AM

Thanks for fixing of failed tests!


For adding new tests to test ScopesAuthorizer, the current tests seem pretty sufficient.

No, at least one new test should cover claims logic having them multiple in the related config property.
Simultaneously, we should update current tests to be green. Because each test covers specific atomic feature.

Come on! We've changed the logic from single Scope to multiple ones! And it is definitely right time to cover these changes.

I have idea: let's write tests for each linked issue:

Sounds good?

@raman-m
Copy link
Member

raman-m commented Sep 15, 2023

@mehyaa commented on Sep 14, 11:42 AM

Thanks for adding me as collaborator!
Now your develop branch is up to date with ThreeMammals:develop. So, I've performed Sync fork operation.
Done!
You can start rebasing of current branches onto (creation of new ones from) your develop branch.

@raman-m
Copy link
Member

raman-m commented Sep 15, 2023

@mehyaa commented on Sep 15

Don't worry! This is unstable scenario: Ocelot.AcceptanceTests.ConfigurationReloadTests.should_reload_config_on_change
The next run fixes the build usually.
Truly speaking, I am tired of this test too. I will create bug issue soon for this test.

@raman-m raman-m changed the title ScopesAuthorizer refactoring #913 #1066 ScopesAuthorizer refactoring Sep 15, 2023
@raman-m
Copy link
Member

raman-m commented Jan 21, 2024

@mehyaa
Why not to continue working? Firstly resolving all merge conflicts and merging from develop...

@raman-m raman-m added 2023 Annual 2023 release Authorization Ocelot feature: Authorization and removed help wanted Not actively being worked on. If you plan to contribute, please drop a note. medium effort Likely a few days of development effort needs feedback Issue is waiting on feedback before acceptance labels Jan 21, 2024
@raman-m raman-m added this to the Annual 2023 milestone Mar 5, 2024
@raman-m
Copy link
Member

raman-m commented Oct 19, 2024

@raman-m raman-m added Winter'25 Winter 2025 release and removed Oct'24 October 2024 release labels Oct 26, 2024
@raman-m raman-m modified the milestones: October'24, Autumn'24 Oct 26, 2024
Copy link
Member

@raman-m raman-m left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewing the currently open PR #1431 would be beneficial, as it involves the development of similar changes, but with a more in-depth analysis of the problem within the context of existing auth-provider functionality.

Comment on lines +37 to +40
if (scope.Contains(' '))
{
userScopes = scope.Split(' ', StringSplitOptions.RemoveEmptyEntries);
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's impossible to predict the body (serialized data) of the token from an unknown Auth-provider.
May I ask which Auth provider you utilize in your project?


if (!matchesScopes.Any())
if (routeAllowedScopes.Except(userScopes).Any())
Copy link
Member

@raman-m raman-m Nov 5, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This logic inversion is feasible, yet it appears redundant. It seems to be a minor refactoring aimed at reducing the number of lines in the code.
Finally, it is useless change!

Additionally, the valuable suggestion from the previous code review was overlooked. This recommendation is more logical than the favored Except helper.


var matchesScopes = routeAllowedScopes.Intersect(userScopes);
if (userScopes.Count == 1)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The if-block ought to be relocated to IClaimsParser to preserve the existing logic intact. Consequently, you must inject your specialized IClaimsParser service to generate the precise list of claims.

@raman-m
Copy link
Member

raman-m commented Nov 5, 2024

@mehyaa commented on Sep 14, 2023

I've added you as collaborator on my fork, you can fix the diff or guide me to how-to.

Okay, I just visited your repository and realized I don't have permission to sync the fork because you haven't added me as a collaborator yet.
image
Why are you lying to me? This is ridiculous and unacceptable!

@mehyaa
Copy link
Author

mehyaa commented Nov 5, 2024

@mehyaa commented on Sep 14, 2023

I've added you as collaborator on my fork, you can fix the diff or guide me to how-to.

Okay, I just visited your repository and realized I don't have permission to sync the fork because you haven't added me as a collaborator yet.
...
Why are you lying to me? This is ridiculous and unacceptable!

Easy pal, I've added you as collaborator on Sep 14, 2023 and you have performed Sync fork operation on Sep 15, 2023. I've not perform any operation on that fork afterwards so I have no idea why you are not a collaborator now. I've added you as collaborator again now but your attitude is not elegant, I have no grudge or what so ever towards you so why should I lie for anything, you can ask again kindly for this or anything within my reach. Later.

@raman-m
Copy link
Member

raman-m commented Nov 6, 2024

Thank you for adding me as a collaborator!
Are you planning to address the code review issues further to resolve them?

@raman-m raman-m requested review from RaynaldM and ggnaegi November 6, 2024 10:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Authorization Ocelot feature: Authorization bug Identified as a potential bug high High priority proposal Proposal for a new functionality in Ocelot Winter'25 Winter 2025 release
Projects
None yet
4 participants