fix: Add CancellationToken to Identity handlers

jarvis · jarvis · commit d65c8e7cf863 · 2026-01-25T15:03:49.000Z
- PathAwareAuthorizationHandler: Pass context.RequestAborted to WriteAsync
- RequiredPermissionAuthorizationHandler: Extract CancellationToken from HttpContext and pass to HasPermissionAsync

Note: UserRegisteredEmailHandler and TokenGeneratedLogHandler already have proper CancellationToken handling.
diff --git a/src/Modules/Identity/Modules.Identity/Authorization/PathAwareAuthorizationHandler.cs b/src/Modules/Identity/Modules.Identity/Authorization/PathAwareAuthorizationHandler.cs
@@ -1,4 +1,4 @@
-﻿using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Authorization.Policy;
 using Microsoft.AspNetCore.Http;
 
@@ -38,7 +38,7 @@ public async Task HandleAsync(
 
             // If no endpoint is found, return 404 explicitly
             context.Response.StatusCode = StatusCodes.Status404NotFound;
-            await context.Response.WriteAsync("Endpoint not found.");
+            await context.Response.WriteAsync("Endpoint not found.", context.RequestAborted).ConfigureAwait(false);
             return;
         }
 
diff --git a/src/Modules/Identity/Modules.Identity/Authorization/RequiredPermissionAuthorizationHandler.cs b/src/Modules/Identity/Modules.Identity/Authorization/RequiredPermissionAuthorizationHandler.cs
@@ -1,4 +1,4 @@
-﻿using FSH.Framework.Shared.Identity.Claims;
+using FSH.Framework.Shared.Identity.Claims;
 using FSH.Modules.Identity.Contracts.Services;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
@@ -12,9 +12,10 @@ protected override async Task HandleRequirementAsync(AuthorizationHandlerContext
         ArgumentNullException.ThrowIfNull(context);
         ArgumentNullException.ThrowIfNull(requirement);
 
+        var httpContext = context.Resource as HttpContext;
         var endpoint = context.Resource switch
         {
-            HttpContext httpContext => httpContext.GetEndpoint(),
+            HttpContext ctx => ctx.GetEndpoint(),
             Endpoint ep => ep,
             _ => null,
         };
@@ -27,7 +28,9 @@ protected override async Task HandleRequirementAsync(AuthorizationHandlerContext
             context.Succeed(requirement);
             return;
         }
-        if (context.User?.GetUserId() is { } userId && await userService.HasPermissionAsync(userId, requiredPermissions.First()))
+
+        var cancellationToken = httpContext?.RequestAborted ?? CancellationToken.None;
+        if (context.User?.GetUserId() is { } userId && await userService.HasPermissionAsync(userId, requiredPermissions.First(), cancellationToken).ConfigureAwait(false))
         {
             context.Succeed(requirement);
         }
