fix

afedyanin · Oct 23, 2023 · 2479638 · 2479638
1 parent 83a11aa
commit 2479638
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 5 deletions.
diff --git a/src/BlazorBff/AuthorizationRegistrar.cs b/src/BlazorBff/AuthorizationRegistrar.cs
@@ -78,9 +78,7 @@ private static Task OnTokenValidated(TokenValidatedContext context)
  Console.WriteLine($"access token={accessToken}");
 #endif
 
- var resources = new string[] { "account", "blazor-client" };
-
- roles.AddRange(JwtRolesHelper.ExtractRoles(accessToken, resources));
+ roles.AddRange(JwtRolesHelper.ExtractRoles(accessToken));
 
  // Get reoles from DB if req
  roles.AddRange(GetRolesByUserIdentity(context.Principal));

diff --git a/src/BlazorBff/Helpers/JwtRolesHelper.cs b/src/BlazorBff/Helpers/JwtRolesHelper.cs
@@ -11,8 +11,16 @@ public static class JwtRolesHelper
 
  public static string[] ExtractRoles(
  string? rawJwtAccessToken,
- string[] resources,
  bool includeRealmRoles = false)
+ {
+ var resources = Array.Empty<string>();
+ return ExtractRoles(rawJwtAccessToken, resources, includeRealmRoles);
+ }
+
+ public static string[] ExtractRoles(
+ string? rawJwtAccessToken,
+ string[] resources,
+ bool includeRealmRoles = false)
  {
  if (string.IsNullOrEmpty(rawJwtAccessToken))
  {
@@ -67,8 +75,9 @@ private static string[] GetResourceAccessRoles(Claim? resourceAccessClaim, strin
  }
 
  var roles = new List<string>();
+ var resourceKeys = resourceNames.Any() ? resourceNames : resourceAccess.Keys;
 
- foreach (var resource in resourceNames)
+ foreach (var resource in resourceKeys)
  {
  if (resourceAccess.TryGetValue(resource, out var resourceRolesDict))
  {

diff --git a/tests/BlazorBff.Tests/Helpers/JwtRolesHelperTest.cs b/tests/BlazorBff.Tests/Helpers/JwtRolesHelperTest.cs
@@ -37,9 +37,31 @@ public void CanGetRolesWithSeveralResources()
  var roles = JwtRolesHelper.ExtractRoles(_jwtRawString2, new string[] { "account", "blazor-client" });
  Assert.That(roles, Is.Not.Null);
  Assert.That(roles, Has.Length.EqualTo(5));
+ // account
  Assert.That(roles, Has.Member("manage-account"));
  Assert.That(roles, Has.Member("manage-account-links"));
  Assert.That(roles, Has.Member("view-profile"));
+ // client
+ Assert.That(roles, Has.Member("role1"));
+ Assert.That(roles, Has.Member("role2"));
+ }
+
+ [Test]
+ public void CanGetRolesWithAllResources()
+ {
+ var roles = JwtRolesHelper.ExtractRoles(_jwtRawString2, true);
+ Assert.That(roles, Is.Not.Null);
+ Assert.That(roles, Has.Length.EqualTo(9));
+ // realm
+ Assert.That(roles, Has.Member("default-roles-myrealm"));
+ Assert.That(roles, Has.Member("offline_access"));
+ Assert.That(roles, Has.Member("uma_authorization"));
+ Assert.That(roles, Has.Member("myrole"));
+ // account
+ Assert.That(roles, Has.Member("manage-account"));
+ Assert.That(roles, Has.Member("manage-account-links"));
+ Assert.That(roles, Has.Member("view-profile"));
+ // client
  Assert.That(roles, Has.Member("role1"));
  Assert.That(roles, Has.Member("role2"));
  }