Skip to content

Commit a7b6f53

Browse files
committed
Allow ApiTokenAuthorize attributes at class level
1 parent b8ed596 commit a7b6f53

2 files changed

Lines changed: 22 additions & 31 deletions

File tree

DNN Platform/DotNetNuke.Web/Api/ApiTokenAuthorizeAttribute.cs

Lines changed: 12 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -10,14 +10,10 @@ namespace DotNetNuke.Web.Api
1010
using DotNetNuke.Web.Api.Auth.ApiTokens;
1111
using DotNetNuke.Web.Api.Auth.ApiTokens.Models;
1212

13-
/// <summary>
14-
/// Attribute to authorize apis based on the api token used.
15-
/// </summary>
13+
/// <summary>Attribute to authorize apis based on the api token used.</summary>
1614
public class ApiTokenAuthorizeAttribute : AuthorizeAttributeBase, IOverrideDefaultAuthLevel
1715
{
18-
/// <summary>
19-
/// Initializes a new instance of the <see cref="ApiTokenAuthorizeAttribute"/> class.
20-
/// </summary>
16+
/// <summary>Initializes a new instance of the <see cref="ApiTokenAuthorizeAttribute"/> class.</summary>
2117
/// <param name="key">The Key to authenticate api.</param>
2218
/// <param name="resourceFile">The resource file for the token api.</param>
2319
/// <param name="scope">The required api token scope.</param>
@@ -28,29 +24,21 @@ public ApiTokenAuthorizeAttribute(string key, string resourceFile, ApiTokenScope
2824
this.Scope = scope;
2925
}
3026

31-
/// <summary>
32-
/// Gets or sets the Key for the api token.
33-
/// </summary>
34-
public string Key { get; set; } = string.Empty;
27+
/// <summary>Gets or sets the Key for the api token.</summary>
28+
public string Key { get; set; }
3529

36-
/// <summary>
37-
/// Gets or sets the resource file for the api token.
38-
/// </summary>
39-
public string ResourceFile { get; set; } = string.Empty;
30+
/// <summary>Gets or sets the resource file for the api token.</summary>
31+
public string ResourceFile { get; set; }
4032

41-
/// <summary>
42-
/// Gets or sets the required api token scope.
43-
/// </summary>
44-
public ApiTokenScope Scope { get; set; } = ApiTokenScope.User;
45-
46-
[Dependency]
33+
/// <summary>Gets or sets the required api token scope.</summary>
34+
public ApiTokenScope Scope { get; set; }
35+
36+
[Dependency]
4737
private IApiTokenController ApiTokenController { get; set; }
4838

49-
/// <summary>
50-
/// Check if the request is authorized.
51-
/// </summary>
39+
/// <summary>Check if the request is authorized.</summary>
5240
/// <param name="context">The authentication filter context.</param>
53-
/// <returns>True if authorized, false otherwise.</returns>
41+
/// <returns><see langword="true"/> if authorized, <see langword="false"/> otherwise.</returns>
5442
public override bool IsAuthorized(AuthFilterContext context)
5543
{
5644
var token = this.ApiTokenController.GetCurrentThreadApiToken();

DNN Platform/DotNetNuke.Web/Api/Auth/ApiTokens/ApiTokenController.cs

Lines changed: 10 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ namespace DotNetNuke.Web.Api.Auth.ApiTokens
99
using System.Linq;
1010
using System.Net.Http;
1111
using System.Net.Http.Headers;
12+
using System.Reflection;
1213
using System.Security.Cryptography;
1314
using System.Text;
1415
using System.Web;
@@ -99,17 +100,19 @@ public SortedDictionary<string, ApiTokenAttribute> ApiTokenKeyList(ApiTokenScope
99100
{
100101
var res = new SortedDictionary<string, ApiTokenAttribute>();
101102
var typeLocator = new TypeLocator();
102-
var attributes = typeLocator.GetAllMatchingTypes(
103-
t => t is { IsClass: true, IsAbstract: false, IsVisible: true, })
104-
.SelectMany(x => x.GetMethods())
105-
.SelectMany(m => m.GetCustomAttributes(typeof(ApiTokenAuthorizeAttribute), false))
106-
.Cast<ApiTokenAuthorizeAttribute>()
107-
.Where(a => a.Scope <= scope);
103+
var attributes =
104+
from type in typeLocator.GetAllMatchingTypes(t => t is { IsClass: true, IsAbstract: false, IsVisible: true, })
105+
let typeAttributes = type.GetCustomAttributes<ApiTokenAuthorizeAttribute>(inherit: false)
106+
from method in type.GetMethods()
107+
let methodAttributes = method.GetCustomAttributes<ApiTokenAuthorizeAttribute>(inherit: false)
108+
from attribute in typeAttributes.Concat(methodAttributes)
109+
where attribute.Scope <= scope
110+
select attribute;
108111

109112
foreach (var attr in attributes)
110113
{
111114
var key = attr.Key.ToLowerInvariant();
112-
var k = attr.Scope.ToString() + key;
115+
var k = $"{attr.Scope}{key}";
113116
if (!res.ContainsKey(k))
114117
{
115118
var name = DotNetNuke.Services.Localization.Localization.GetString(attr.Key + ".Text", attr.ResourceFile, locale);

0 commit comments

Comments
 (0)