Remove RequiredPolicy (#9399)

Author: HaoK

src/Security/Authorization/Core/ref/Microsoft.AspNetCore.Authorization.netcoreapp3.0.cs

@@ -47,7 +47,6 @@ public partial class AuthorizationOptions
         public AuthorizationOptions() { }
         public Microsoft.AspNetCore.Authorization.AuthorizationPolicy DefaultPolicy { [System.Runtime.CompilerServices.CompilerGeneratedAttribute]get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute]set { } }
         public bool InvokeHandlersAfterFailure { [System.Runtime.CompilerServices.CompilerGeneratedAttribute]get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute]set { } }
-        public Microsoft.AspNetCore.Authorization.AuthorizationPolicy RequiredPolicy { [System.Runtime.CompilerServices.CompilerGeneratedAttribute]get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute]set { } }
         public void AddPolicy(string name, Microsoft.AspNetCore.Authorization.AuthorizationPolicy policy) { }
         public void AddPolicy(string name, System.Action<Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder> configurePolicy) { }
         public Microsoft.AspNetCore.Authorization.AuthorizationPolicy GetPolicy(string name) { throw null; }
@@ -127,7 +126,6 @@ public partial class DefaultAuthorizationPolicyProvider : Microsoft.AspNetCore.A
         public DefaultAuthorizationPolicyProvider(Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authorization.AuthorizationOptions> options) { }
         public System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy> GetDefaultPolicyAsync() { throw null; }
         public virtual System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy> GetPolicyAsync(string policyName) { throw null; }
-        public System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy> GetRequiredPolicyAsync() { throw null; }
     }
     public partial class DefaultAuthorizationService : Microsoft.AspNetCore.Authorization.IAuthorizationService
     {
@@ -157,7 +155,6 @@ public partial interface IAuthorizationPolicyProvider
     {
         System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy> GetDefaultPolicyAsync();
         System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy> GetPolicyAsync(string policyName);
-        System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy> GetRequiredPolicyAsync();
     }
     public partial interface IAuthorizationRequirement
     {

src/Security/Authorization/Core/src/AuthorizationOptions.cs

@@ -27,18 +27,6 @@ public class AuthorizationOptions
         /// </remarks>
         public AuthorizationPolicy DefaultPolicy { get; set; } = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
 
-        /// <summary>
-        /// Gets or sets the required authorization policy. Defaults to null.
-        /// </summary>
-        /// <remarks>
-        /// By default the required policy is null.
-        /// 
-        /// If a required policy has been specified then it is always evaluated, even if there are no
-        /// <see cref="IAuthorizeData"/> instances for a resource. If a resource has <see cref="IAuthorizeData"/>
-        /// then they are evaluated together with the required policy.
-        /// </remarks>
-        public AuthorizationPolicy RequiredPolicy { get; set; }
-
         /// <summary>
         /// Add an authorization policy with the provided name.
         /// </summary>

src/Security/Authorization/Core/src/AuthorizationPolicy.cs

@@ -176,17 +176,6 @@ public static async Task<AuthorizationPolicy> CombineAsync(IAuthorizationPolicyP
                 }
             }
 
-            var requiredPolicy = await policyProvider.GetRequiredPolicyAsync();
-            if (requiredPolicy != null)
-            {
-                if (policyBuilder == null)
-                {
-                    policyBuilder = new AuthorizationPolicyBuilder();
-                }
-
-                policyBuilder.Combine(requiredPolicy);
-            }
-
             return policyBuilder?.Build();
         }
     }

src/Security/Authorization/Core/src/DefaultAuthorizationPolicyProvider.cs

@@ -15,7 +15,6 @@ public class DefaultAuthorizationPolicyProvider : IAuthorizationPolicyProvider
     {
         private readonly AuthorizationOptions _options;
         private Task<AuthorizationPolicy> _cachedDefaultPolicy;
-        private Task<AuthorizationPolicy> _cachedRequiredPolicy;
 
         /// <summary>
         /// Creates a new instance of <see cref="DefaultAuthorizationPolicyProvider"/>.
@@ -40,15 +39,6 @@ public Task<AuthorizationPolicy> GetDefaultPolicyAsync()
             return GetCachedPolicy(ref _cachedDefaultPolicy, _options.DefaultPolicy);
         }
 
-        /// <summary>
-        /// Gets the required authorization policy.
-        /// </summary>
-        /// <returns>The required authorization policy.</returns>
-        public Task<AuthorizationPolicy> GetRequiredPolicyAsync()
-        {
-            return GetCachedPolicy(ref _cachedRequiredPolicy, _options.RequiredPolicy);
-        }
-
         private Task<AuthorizationPolicy> GetCachedPolicy(ref Task<AuthorizationPolicy> cachedPolicy, AuthorizationPolicy currentPolicy)
         {
             var local = cachedPolicy;

src/Security/Authorization/Core/src/IAuthorizationPolicyProvider.cs

@@ -22,11 +22,5 @@ public interface IAuthorizationPolicyProvider
         /// </summary>
         /// <returns>The default authorization policy.</returns>
         Task<AuthorizationPolicy> GetDefaultPolicyAsync();
-
-        /// <summary>
-        /// Gets the required authorization policy.
-        /// </summary>
-        /// <returns>The required authorization policy.</returns>
-        Task<AuthorizationPolicy> GetRequiredPolicyAsync();
     }
 }

src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs

@@ -51,6 +51,12 @@ public async Task Invoke(HttpContext context)
 
             // IMPORTANT: Changes to authorization logic should be mirrored in MVC's AuthorizeFilter
             var authorizeData = endpoint?.Metadata.GetOrderedMetadata<IAuthorizeData>() ?? Array.Empty<IAuthorizeData>();
+            if (authorizeData.Count() == 0)
+            {
+                await _next(context);
+                return;
+            }
+            
             var policy = await AuthorizationPolicy.CombineAsync(_policyProvider, authorizeData);
             if (policy == null)
             {

src/Security/Authorization/test/AuthorizationMiddlewareTests.cs

@@ -41,25 +41,6 @@ public async Task NoEndpoint_AnonymousUser_Allows()
             Assert.True(next.Called);
         }
 
-        [Fact]
-        public async Task NoEndpointWithRequired_AnonymousUser_Challenges()
-        {
-            // Arrange
-            var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
-            var policyProvider = new Mock<IAuthorizationPolicyProvider>();
-            policyProvider.Setup(p => p.GetRequiredPolicyAsync()).ReturnsAsync(policy);
-            var next = new TestRequestDelegate();
-
-            var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
-            var context = GetHttpContext(anonymous: true);
-
-            // Act
-            await middleware.Invoke(context);
-
-            // Assert
-            Assert.False(next.Called);
-        }
-
         [Fact]
         public async Task HasEndpointWithoutAuth_AnonymousUser_Allows()
         {
@@ -79,26 +60,6 @@ public async Task HasEndpointWithoutAuth_AnonymousUser_Allows()
             Assert.True(next.Called);
         }
 
-        [Fact]
-        public async Task HasEndpointWithRequiredWithoutAuth_AnonymousUser_Challenges()
-        {
-            // Arrange
-            var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
-            var policyProvider = new Mock<IAuthorizationPolicyProvider>();
-            policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy);
-            policyProvider.Setup(p => p.GetRequiredPolicyAsync()).ReturnsAsync(policy);
-            var next = new TestRequestDelegate();
-
-            var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
-            var context = GetHttpContext(anonymous: true, endpoint: CreateEndpoint());
-
-            // Act
-            await middleware.Invoke(context);
-
-            // Assert
-            Assert.False(next.Called);
-        }
-
         [Fact]
         public async Task HasEndpointWithAuth_AnonymousUser_Challenges()
         {
@@ -148,29 +109,23 @@ public async Task OnAuthorizationAsync_WillCallPolicyProvider()
             var policy = new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build();
             var policyProvider = new Mock<IAuthorizationPolicyProvider>();
             var getPolicyCount = 0;
-            var getRequiredPolicyCount = 0;
             policyProvider.Setup(p => p.GetPolicyAsync(It.IsAny<string>())).ReturnsAsync(policy)
                 .Callback(() => getPolicyCount++);
-            policyProvider.Setup(p => p.GetRequiredPolicyAsync()).ReturnsAsync(policy)
-                .Callback(() => getRequiredPolicyCount++);
             var next = new TestRequestDelegate();
             var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
             var context = GetHttpContext(anonymous: true, endpoint: CreateEndpoint(new AuthorizeAttribute("whatever")));
 
             // Act & Assert
             await middleware.Invoke(context);
             Assert.Equal(1, getPolicyCount);
-            Assert.Equal(1, getRequiredPolicyCount);
             Assert.Equal(1, next.CalledCount);
 
             await middleware.Invoke(context);
             Assert.Equal(2, getPolicyCount);
-            Assert.Equal(2, getRequiredPolicyCount);
             Assert.Equal(2, next.CalledCount);
 
             await middleware.Invoke(context);
             Assert.Equal(3, getPolicyCount);
-            Assert.Equal(3, getRequiredPolicyCount);
             Assert.Equal(3, next.CalledCount);
         }
 

src/Security/samples/CustomPolicyProvider/Authorization/MinimumAgePolicyProvider.cs

@@ -27,8 +27,6 @@ public MinimumAgePolicyProvider(IOptions<AuthorizationOptions> options)
 
         public Task<AuthorizationPolicy> GetDefaultPolicyAsync() => FallbackPolicyProvider.GetDefaultPolicyAsync();
 
-        public Task<AuthorizationPolicy> GetRequiredPolicyAsync() => FallbackPolicyProvider.GetRequiredPolicyAsync();
-
         // Policies are looked up by string name, so expect 'parameters' (like age)
         // to be embedded in the policy names. This is abstracted away from developers
         // by the more strongly-typed attributes derived from AuthorizeAttribute
@@ -49,4 +47,4 @@ public Task<AuthorizationPolicy> GetPolicyAsync(string policyName)
             return FallbackPolicyProvider.GetPolicyAsync(policyName);
         }
     }
-}
+}