Force to clear the claims principal when user is not found.

2 years ago · abb8cfc963
5 changed files with 22 additions and 5 deletions
--- a/framework/src/Volo.Abp.AspNetCore/Volo/Abp/AspNetCore/Security/Claims/AbpDynamicClaimsMiddleware.cs
+++ b/framework/src/Volo.Abp.AspNetCore/Volo/Abp/AspNetCore/Security/Claims/AbpDynamicClaimsMiddleware.cs
@ -15,7 +15,7 @@ public class AbpDynamicClaimsMiddleware : IMiddleware, ITransientDependency
        if (currentUser.IsAuthenticated)
        {
            var abpClaimsPrincipalFactory = context.RequestServices.GetRequiredService<IAbpClaimsPrincipalFactory>();
-            await abpClaimsPrincipalFactory.CreateDynamicAsync(context.User);
+            context.User = await abpClaimsPrincipalFactory.CreateDynamicAsync(context.User);
        }

        await next(context);
--- a/framework/src/Volo.Abp.Security/System/Security/Principal/AbpClaimsIdentityExtensions.cs
+++ b/framework/src/Volo.Abp.Security/System/Security/Principal/AbpClaimsIdentityExtensions.cs
@ -250,6 +250,7 @@ public static class AbpClaimsIdentityExtensions
        return claimsIdentity;
    }

+
    public static ClaimsIdentity AddOrReplace(this ClaimsIdentity claimsIdentity, Claim claim)
    {
        Check.NotNull(claimsIdentity, nameof(claimsIdentity));
@ -275,5 +276,4 @@ public static class AbpClaimsIdentityExtensions

        return principal;
    }
-
 }
--- a/framework/src/Volo.Abp.Security/Volo/Abp/Security/Claims/AbpClaimsPrincipalContributorContext.cs
+++ b/framework/src/Volo.Abp.Security/Volo/Abp/Security/Claims/AbpClaimsPrincipalContributorContext.cs
@ -8,7 +8,7 @@ namespace Volo.Abp.Security.Claims;
 public class AbpClaimsPrincipalContributorContext
 {
    [NotNull]
-    public ClaimsPrincipal ClaimsPrincipal { get; }
+    public ClaimsPrincipal ClaimsPrincipal { get; set; }

    [NotNull]
    public IServiceProvider ServiceProvider { get; }
--- a/framework/src/Volo.Abp.Security/Volo/Abp/Security/Claims/AbpClaimsPrincipalFactory.cs
+++ b/framework/src/Volo.Abp.Security/Volo/Abp/Security/Claims/AbpClaimsPrincipalFactory.cs
@ -49,7 +49,7 @@ public class AbpClaimsPrincipalFactory : IAbpClaimsPrincipalFactory, ITransientD
                await contributor.ContributeAsync(context);
            }

-            return claimsPrincipal;
+            return context.ClaimsPrincipal;
        }
    }
 }
--- a/modules/identity/src/Volo.Abp.Identity.Domain/Volo/Abp/Identity/IdentityDynamicClaimsPrincipalContributor.cs
+++ b/modules/identity/src/Volo.Abp.Identity.Domain/Volo/Abp/Identity/IdentityDynamicClaimsPrincipalContributor.cs
@ -1,6 +1,11 @@
+using System;
+using System.Collections.Generic;
 using System.Linq;
+using System.Security.Claims;
 using System.Security.Principal;
 using System.Threading.Tasks;
+using Microsoft.Extensions.Logging;
+using Volo.Abp.Domain.Entities;
 using Volo.Abp.Security.Claims;

 namespace Volo.Abp.Identity;
@ -17,7 +22,19 @@ public class IdentityDynamicClaimsPrincipalContributor : AbpDynamicClaimsPrincip
        }

        var dynamicClaimsCache = context.GetRequiredService<IdentityDynamicClaimsPrincipalContributorCache>();
-        var dynamicClaims = await dynamicClaimsCache.GetAsync(userId.Value, identity.FindTenantId());
+        List<AbpClaimCacheItem> dynamicClaims;
+        try
+        {
+            dynamicClaims = await dynamicClaimsCache.GetAsync(userId.Value, identity.FindTenantId());
+        }
+        catch (EntityNotFoundException e)
+        {
+            // In case if user not found, We force to clear the claims principal.
+            context.ClaimsPrincipal = new ClaimsPrincipal(new ClaimsIdentity());
+            var logger = context.GetRequiredService<Logger<IdentityDynamicClaimsPrincipalContributor>>();
+            logger.LogWarning(e, $"User not found: {userId.Value}");
+            return;
+        }

        await MapCommonClaimsAsync(identity, dynamicClaims);
        await AddDynamicClaims(identity, dynamicClaims);