tsai
/
squidex
mirror of https://github.com/Squidex/squidex.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Check app name

pull/519/head
Sebastian 6 years ago
parent
95b8d93c7b
commit
b2b9d148a3
2 changed files with 19 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 14
      backend/src/Squidex.Web/Extensions.cs
  2. 7
      backend/src/Squidex.Web/Pipeline/AppResolver.cs

14
backend/src/Squidex.Web/Extensions.cs
View File

@ -23,8 +23,20 @@ namespace Squidex.Web
return clientId?.GetClientParts().ClientId;
}
public static (string? App, string? ClientId) GetClientParts(this string clientId)
public static (string? App, string? ClientId) GetClient(this ClaimsPrincipal principal)
{
var clientId = principal.FindFirst(OpenIdClaims.ClientId)?.Value;
return clientId.GetClientParts();
}
public static (string? App, string? ClientId) GetClientParts(this string? clientId)
{
if (clientId == null)
{
return (null, null);
}
var parts = clientId.Split(':', '~');
if (parts.Length == 1)

7
backend/src/Squidex.Web/Pipeline/AppResolver.cs
View File

@ -99,7 +99,12 @@ namespace Squidex.Web.Pipeline
private static (string?, PermissionSet?) FindByOpenIdClient(IAppEntity app, ClaimsPrincipal user)
{
var clientId = user.GetClientId();
var (appName, clientId) = user.GetClient();
if (app.Name != appName)
{
return (null, null);
}
if (clientId != null && app.Clients.TryGetValue(clientId, out var client) && app.Roles.TryGet(app.Name, client.Role, out var role))
{

Write Preview
Loading…
Cancel
Save