Hugging Face's logo

AbdulElahGwaith
/
google-api-dotnet-client

Model card Files
xet
Community
google-api-dotnet-client
File size: 2,488 Bytes
7b715bc
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 
/*
Copyright 2018 Google Inc

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    https://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using System;
using System.Linq;
using System.Threading.Tasks;

namespace Google.Apis.Auth.AspNetCore3;

internal class GoogleScopedAuthorizationHandler : AuthorizationHandler<GoogleScopedRequirement>
{
    private readonly IHttpContextAccessor _httpContextAccessor;

    public GoogleScopedAuthorizationHandler(IHttpContextAccessor httpContextAccessor) =>
        _httpContextAccessor = httpContextAccessor;

    protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, GoogleScopedRequirement requirement)
    {
        var httpContext = _httpContextAccessor.HttpContext;

        // Ask the auth storage provider, usually cookies, for the users signed-in data; if the user is signed in.
        AuthenticateResult auth = await httpContext.AuthenticateAsync(requirement.Scheme);
        var authed = auth.Succeeded && !auth.None;
        
        // Determine if any scopes still require authorization.
        var existingScope = authed && auth.Properties.Items.TryGetValue(Consts.ScopeName, out var existingScope0) ? existingScope0 : "";
        var existingScopes = existingScope.Split(Consts.ScopeSplitter, StringSplitOptions.RemoveEmptyEntries);
        var additionalScopes = requirement.Scopes.Except(existingScopes).ToList();
        if (!authed || additionalScopes.Any())
        {
            // Add the missing scopes to the HttpContext.
            // Since we don't succeed here, authorization will fail with Forbidden. On Forbid,
            // we used these to determine whether we need to do incrementatl auth and Challenge
            // or really Forbid.
            httpContext.Items[Consts.HttpContextAdditionalScopeName] = string.Join(" ", additionalScopes);
        }
        else
        {
            context.Succeed(requirement);
        }
    }
}