From abb8cfc9634ebfa07c7218364aabb359df28bbd0 Mon Sep 17 00:00:00 2001 From: maliming Date: Thu, 9 Nov 2023 13:46:38 +0800 Subject: [PATCH] Force to clear the claims principal when user is not found. --- .../Claims/AbpDynamicClaimsMiddleware.cs | 2 +- .../Principal/AbpClaimsIdentityExtensions.cs | 2 +- .../AbpClaimsPrincipalContributorContext.cs | 2 +- .../Claims/AbpClaimsPrincipalFactory.cs | 2 +- ...entityDynamicClaimsPrincipalContributor.cs | 19 ++++++++++++++++++- 5 files changed, 22 insertions(+), 5 deletions(-) diff --git a/framework/src/Volo.Abp.AspNetCore/Volo/Abp/AspNetCore/Security/Claims/AbpDynamicClaimsMiddleware.cs b/framework/src/Volo.Abp.AspNetCore/Volo/Abp/AspNetCore/Security/Claims/AbpDynamicClaimsMiddleware.cs index 6e2a55ab39..33b7b3f16e 100644 --- a/framework/src/Volo.Abp.AspNetCore/Volo/Abp/AspNetCore/Security/Claims/AbpDynamicClaimsMiddleware.cs +++ b/framework/src/Volo.Abp.AspNetCore/Volo/Abp/AspNetCore/Security/Claims/AbpDynamicClaimsMiddleware.cs @@ -15,7 +15,7 @@ public class AbpDynamicClaimsMiddleware : IMiddleware, ITransientDependency if (currentUser.IsAuthenticated) { var abpClaimsPrincipalFactory = context.RequestServices.GetRequiredService(); - await abpClaimsPrincipalFactory.CreateDynamicAsync(context.User); + context.User = await abpClaimsPrincipalFactory.CreateDynamicAsync(context.User); } await next(context); diff --git a/framework/src/Volo.Abp.Security/System/Security/Principal/AbpClaimsIdentityExtensions.cs b/framework/src/Volo.Abp.Security/System/Security/Principal/AbpClaimsIdentityExtensions.cs index d8141a31ed..2661298405 100644 --- a/framework/src/Volo.Abp.Security/System/Security/Principal/AbpClaimsIdentityExtensions.cs +++ b/framework/src/Volo.Abp.Security/System/Security/Principal/AbpClaimsIdentityExtensions.cs @@ -250,6 +250,7 @@ public static class AbpClaimsIdentityExtensions return claimsIdentity; } + public static ClaimsIdentity AddOrReplace(this ClaimsIdentity claimsIdentity, Claim claim) { Check.NotNull(claimsIdentity, nameof(claimsIdentity)); @@ -275,5 +276,4 @@ public static class AbpClaimsIdentityExtensions return principal; } - } diff --git a/framework/src/Volo.Abp.Security/Volo/Abp/Security/Claims/AbpClaimsPrincipalContributorContext.cs b/framework/src/Volo.Abp.Security/Volo/Abp/Security/Claims/AbpClaimsPrincipalContributorContext.cs index 442bcf867e..6b9aff1a66 100644 --- a/framework/src/Volo.Abp.Security/Volo/Abp/Security/Claims/AbpClaimsPrincipalContributorContext.cs +++ b/framework/src/Volo.Abp.Security/Volo/Abp/Security/Claims/AbpClaimsPrincipalContributorContext.cs @@ -8,7 +8,7 @@ namespace Volo.Abp.Security.Claims; public class AbpClaimsPrincipalContributorContext { [NotNull] - public ClaimsPrincipal ClaimsPrincipal { get; } + public ClaimsPrincipal ClaimsPrincipal { get; set; } [NotNull] public IServiceProvider ServiceProvider { get; } diff --git a/framework/src/Volo.Abp.Security/Volo/Abp/Security/Claims/AbpClaimsPrincipalFactory.cs b/framework/src/Volo.Abp.Security/Volo/Abp/Security/Claims/AbpClaimsPrincipalFactory.cs index a55be7a82b..77635d72f4 100644 --- a/framework/src/Volo.Abp.Security/Volo/Abp/Security/Claims/AbpClaimsPrincipalFactory.cs +++ b/framework/src/Volo.Abp.Security/Volo/Abp/Security/Claims/AbpClaimsPrincipalFactory.cs @@ -49,7 +49,7 @@ public class AbpClaimsPrincipalFactory : IAbpClaimsPrincipalFactory, ITransientD await contributor.ContributeAsync(context); } - return claimsPrincipal; + return context.ClaimsPrincipal; } } } diff --git a/modules/identity/src/Volo.Abp.Identity.Domain/Volo/Abp/Identity/IdentityDynamicClaimsPrincipalContributor.cs b/modules/identity/src/Volo.Abp.Identity.Domain/Volo/Abp/Identity/IdentityDynamicClaimsPrincipalContributor.cs index 6572c08b7a..82f5874d63 100644 --- a/modules/identity/src/Volo.Abp.Identity.Domain/Volo/Abp/Identity/IdentityDynamicClaimsPrincipalContributor.cs +++ b/modules/identity/src/Volo.Abp.Identity.Domain/Volo/Abp/Identity/IdentityDynamicClaimsPrincipalContributor.cs @@ -1,6 +1,11 @@ +using System; +using System.Collections.Generic; using System.Linq; +using System.Security.Claims; using System.Security.Principal; using System.Threading.Tasks; +using Microsoft.Extensions.Logging; +using Volo.Abp.Domain.Entities; using Volo.Abp.Security.Claims; namespace Volo.Abp.Identity; @@ -17,7 +22,19 @@ public class IdentityDynamicClaimsPrincipalContributor : AbpDynamicClaimsPrincip } var dynamicClaimsCache = context.GetRequiredService(); - var dynamicClaims = await dynamicClaimsCache.GetAsync(userId.Value, identity.FindTenantId()); + List dynamicClaims; + try + { + dynamicClaims = await dynamicClaimsCache.GetAsync(userId.Value, identity.FindTenantId()); + } + catch (EntityNotFoundException e) + { + // In case if user not found, We force to clear the claims principal. + context.ClaimsPrincipal = new ClaimsPrincipal(new ClaimsIdentity()); + var logger = context.GetRequiredService>(); + logger.LogWarning(e, $"User not found: {userId.Value}"); + return; + } await MapCommonClaimsAsync(identity, dynamicClaims); await AddDynamicClaims(identity, dynamicClaims);