#746 Multiple values in static claims

[asrasya-kosha]

Closes #746

• Multiple values for single key in RouteClaimsRequirement #746

Proposed Changes

• Changed RouteClaimsRequirements to accept multiple values for a single key
• Changed ClaimsAuthorizer to validate with any of the given values for a key for a static claim
• Adjusted ClaimsAuthorizer for dynamic claims to only accept the first value for a given key
• Added test cases

Note: The proposed changes will only apply to static claims and should not affect dynamic claims.

[raman-m]

Thank you for the PR!
Please note that the development process mandates the inclusion of both unit and acceptance tests for every new feature and bug fix. New features should be accompanied by tests that cover the new functionality. Additionally, merely fixing existing tests does not suffice to warrant approval of the PR.

[ggnaegi]

@raman-m reviewing it right now...

[ggnaegi]

@raman-m @asrasya-kosha Ok for me, but the ClaimsAuthorizer code is difficult to read. I think we could probably refactor it a bit.

[ggnaegi]

That's not your code, I agree, Maybe we could use a compiled Regex and enhance security by specifying a timeout, 10 seconds...

[GeneratedRegex("^{(?<variable>.+)}$", RegexOptions.Compiled, 10000)]
private static partial Regex DynamicClaimRegex();

[RaynaldM]

in GenerateRegex, RegexOptions.Compiled is ignored

[raman-m]

We have well known open PR by Mohsen who followed Regex best practices, see #1348

[raman-m]

@ggnaegi reviewed on Aug 8

Thanks for code review! But you know I will return to feature PRs after v23.3 Hotfixes release.
Also this PR has a lot of fake changes probably because of line endings problem so it's hard to read real changes.

[asrasya-kosha]

Thank you for the PR! Please note that the development process mandates the inclusion of both unit and acceptance tests for every new feature and bug fix. New features should be accompanied by tests that cover the new functionality. Additionally, merely fixing existing tests does not suffice to warrant approval of the PR.

@raman-m I'll add acceptance tests and new unit tests (I thought I added them but I'll have a look once again) this weekend and update the PR. The line ending changes are perhaps a GitHub issue? because I don't see them in rider when I do sa side by side compare. Thanks

[RaynaldM]

in GenerateRegex, RegexOptions.Compiled is ignored

[raman-m]

@asrasya-kosha Please work on code review issues.
Also, we have to add at least one acceptance test.

[raman-m]

@asrasya-kosha commented on Aug 20, 2024

The line ending changes are perhaps a GitHub issue?

The changes in line endings are not due to GitHub; rather, they are caused by your IDE. GitHub simply identifies the different line endings and highlights those lines.

because I don't see them in Rider when I do so side by side compare.

We have Visual Studio IDE settings for line endings here: .editorconfig#L19-L21 (common settings), *.{cs,vb} (C# CRLF ending). However, there is no settings file for Rider IDE.
The main issue is the .gitattributes file for Git, which means our settings do not override EOL and commits are made as-is (both CRLF for Windows and LF for Linux). Local/global Git settings may sometimes override EOL in this file.
Since you're using Rider IDE, ensure that your Git environment does not override EOL (a mixed mode is preferred).

[humbberto]

@raman-m any idea when this will be deployed to production?

[raman-m]

@humbberto commented on December 5

I have no idea!
To be fair, the PR has merge conflicts, so it can't be reviewed yet, but it's in good shape and has been added to the Winter'26 milestone. The official feature in the NuGet package should be available after that milestone is released, hopefully in March 2026. Since we don't have the team capacity to deliver sooner, I might change the strategy to roll out minor 25.* versions to get the feature into production earlier.

[raman-m]

TO: @asrasya-kosha

Dear Asrasya,
After a year and a half, this PR has been abandoned. As our project has evolved, many commits have been merged into the develop branch, resulting in merge conflicts with your PR.

🟨 Yellow card penalty❗

Ignoring our code reviews, our requests, and questions shows that you are not following our development process and are neglecting your own open pull request. This situation is confusing me. Please start communicating with our team; otherwise, we will have to make a decision.

[raman-m]

@asrasya-kosha commented on Jul 31, 2024

Note: The proposed changes will only apply to static claims and should not affect dynamic claims.

What did you mean by the term "static claims"? You meant static routes, right? Got it!
First, we could discuss the additional feature of global configuration for static routes. Once the global configuration is correctly implemented in this PR, I will help with developing this feature for dynamic routes.

[asrasya-kosha]

@raman-m I have updated the PR. Have a look please and let me know your comments. Thanks

[coveralls]

coverage: 93.51% (+0.001%) from 93.509%
when pulling c533f85 on asrasya-kosha:feature/multiple-values-in-routeclaims
into 55095d8 on ThreeMammals:develop.

[raman-m]

@asrasya-kosha
Why did you update the PR? I had already resolved the previous merge conflicts, but after your force push, I can’t see the diff anymore, making it impossible to tell/understand what was changed. On top of that, you introduced a bunch of unnecessary changes aka EOL Gotchas during the rebase, like adding the docker/build.sh file. I am just wondering why you added this file? And should I be congratulating you on including multiple fake changes in the Files changed tab?

Please be honest with us—do you help in developing the product, or do you create problems in the project?

What is your LinkedIn profile?

[asrasya-kosha]

Thanks @raman-m, You did not have to be so arrogant about this. I do not work for you and am not answerable to you either. You can keep your project and your congratulations to yourself - try to be humble from next time and get some life instead of fussing about every small thing.
Simple advice - just use the setting to hide the whitespace changes while reviewing PRs instead of writing 200 lines of KB about EOLs. C# does not care about whitespaces, am sure you know.
Force pushes can be reverted, you simply had to ask properly, in-fact if you had properly replied, I would have reverted my force push.
Anyways - all the best for your projects