Revert "refactor(Core.Application.Pipelines.Authorization): improve role matching logic"

ahmet-cetinkaya · ahmet-cetinkaya · commit d644af2fe47b · 2025-02-05T14:53:08.000+03:00
This reverts commit 156054c.
diff --git a/src/Core.Application/Pipelines/Authorization/AuthorizationBehavior.cs b/src/Core.Application/Pipelines/Authorization/AuthorizationBehavior.cs
@@ -40,21 +40,19 @@ private bool isHasRequiredRole(IEnumerable<string> identityRoles, ReadOnlySpan<c
     {
         bool isMatch = false;
         foreach (var role in identityRoles)
-        {
-            for (int i = 0, j = 0; i < requiredRoleClaims.Length; ++i)
+            for (int i = 0; i < requiredRoleClaims.Length; ++i)
             {
-                if (requiredRoleClaims[i] == role[j])
-                {
+                if (requiredRoleClaims[i] == ',')
+                    continue;
+
+                if (requiredRoleClaims[i] == role[i])
                     isMatch = true;
-                    if (j + 1 < role.Length) ++j;
-                }
                 else
                 {
                     isMatch = false;
-                    j = 0;
+                    break;
                 }
             }
-        }
 
         return isMatch;
     }
diff --git a/src/tests/Core.Application.Tests/Core.Application.Tests/Pipelines/AuthorizationBehaviorTests.cs b/src/tests/Core.Application.Tests/Core.Application.Tests/Pipelines/AuthorizationBehaviorTests.cs
@@ -25,7 +25,7 @@ public async Task Handle_ValidRequest_ReturnsResponse()
 
     public class ValidSecuredRequest : IRequest<int>, ISecuredRequest
     {
-        public IEnumerable<string> IdentityRoles { get; set; } = [];
+        public IEnumerable<string> IdentityRoles { get; set; }
         public ReadOnlySpan<char> RequiredRoleClaims => "".AsSpan();
     }
 
@@ -44,7 +44,7 @@ await Assert.ThrowsAsync<AuthenticationException>(
 
     public class InvalidSecuredRequest : IRequest<int>, ISecuredRequest
     {
-        public IEnumerable<string> IdentityRoles { get; set; } = [];
+        public IEnumerable<string> IdentityRoles { get; set; }
         public ReadOnlySpan<char> RequiredRoleClaims => "".AsSpan();
     }
 
@@ -69,7 +69,7 @@ await Assert.ThrowsAsync<AuthorizationException>(
 
     public class SecuredRequestWithRequiredRoleClaims : IRequest<int>, ISecuredRequest
     {
-        public IEnumerable<string> IdentityRoles { get; set; } = [];
+        public IEnumerable<string> IdentityRoles { get; set; }
         public ReadOnlySpan<char> RequiredRoleClaims => "admin".AsSpan();
     }
 
@@ -94,7 +94,7 @@ public async Task Handle_ValidRequest_WithRequiredRoleClaims_ReturnsResponse()
 
     public class SecuredRequestWithoutRequiredRoleClaims : IRequest<int>, ISecuredRequest
     {
-        public IEnumerable<string> IdentityRoles { get; set; } = [];
-        public ReadOnlySpan<char> RequiredRoleClaims => "editor,admin".AsSpan();
+        public IEnumerable<string> IdentityRoles { get; set; }
+        public ReadOnlySpan<char> RequiredRoleClaims => "admin".AsSpan();
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -40,21 +40,19 @@ private bool isHasRequiredRole(IEnumerable<string> identityRoles, ReadOnlySpan<c`
`40`	`40`	`{`
`41`	`41`	`bool isMatch = false;`
`42`	`42`	`foreach (var role in identityRoles)`
`43`		`- {`
`44`		`- for (int i = 0, j = 0; i < requiredRoleClaims.Length; ++i)`
	`43`	`+ for (int i = 0; i < requiredRoleClaims.Length; ++i)`
`45`	`44`	`{`
`46`		`- if (requiredRoleClaims[i] == role[j])`
`47`		`- {`
	`45`	`+ if (requiredRoleClaims[i] == ',')`
	`46`	`+ continue;`
	`47`	`+`
	`48`	`+ if (requiredRoleClaims[i] == role[i])`
`48`	`49`	`isMatch = true;`
`49`		`- if (j + 1 < role.Length) ++j;`
`50`		`- }`
`51`	`50`	`else`
`52`	`51`	`{`
`53`	`52`	`isMatch = false;`
`54`		`- j = 0;`
	`53`	`+ break;`
`55`	`54`	`}`
`56`	`55`	`}`
`57`		`- }`
`58`	`56`
`59`	`57`	`return isMatch;`
`60`	`58`	`}`
Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,7 @@ public async Task Handle_ValidRequest_ReturnsResponse()`
`25`	`25`
`26`	`26`	`public class ValidSecuredRequest : IRequest<int>, ISecuredRequest`
`27`	`27`	`{`
`28`		`- public IEnumerable<string> IdentityRoles { get; set; } = [];`
	`28`	`+ public IEnumerable<string> IdentityRoles { get; set; }`
`29`	`29`	`public ReadOnlySpan<char> RequiredRoleClaims => "".AsSpan();`
`30`	`30`	`}`
`31`	`31`
`@@ -44,7 +44,7 @@ await Assert.ThrowsAsync<AuthenticationException>(`
`44`	`44`
`45`	`45`	`public class InvalidSecuredRequest : IRequest<int>, ISecuredRequest`
`46`	`46`	`{`
`47`		`- public IEnumerable<string> IdentityRoles { get; set; } = [];`
	`47`	`+ public IEnumerable<string> IdentityRoles { get; set; }`
`48`	`48`	`public ReadOnlySpan<char> RequiredRoleClaims => "".AsSpan();`
`49`	`49`	`}`
`50`	`50`
`@@ -69,7 +69,7 @@ await Assert.ThrowsAsync<AuthorizationException>(`
`69`	`69`
`70`	`70`	`public class SecuredRequestWithRequiredRoleClaims : IRequest<int>, ISecuredRequest`
`71`	`71`	`{`
`72`		`- public IEnumerable<string> IdentityRoles { get; set; } = [];`
	`72`	`+ public IEnumerable<string> IdentityRoles { get; set; }`
`73`	`73`	`public ReadOnlySpan<char> RequiredRoleClaims => "admin".AsSpan();`
`74`	`74`	`}`
`75`	`75`
`@@ -94,7 +94,7 @@ public async Task Handle_ValidRequest_WithRequiredRoleClaims_ReturnsResponse()`
`94`	`94`
`95`	`95`	`public class SecuredRequestWithoutRequiredRoleClaims : IRequest<int>, ISecuredRequest`
`96`	`96`	`{`
`97`		`- public IEnumerable<string> IdentityRoles { get; set; } = [];`
`98`		`- public ReadOnlySpan<char> RequiredRoleClaims => "editor,admin".AsSpan();`
	`97`	`+ public IEnumerable<string> IdentityRoles { get; set; }`
	`98`	`+ public ReadOnlySpan<char> RequiredRoleClaims => "admin".AsSpan();`
`99`	`99`	`}`
`100`	`100`	`}`