#746 Multiple values in static claims#2131
#746 Multiple values in static claims#2131asrasya-kosha wants to merge 1 commit intoThreeMammals:developfrom
Conversation
|
Thank you for the PR! |
|
@raman-m reviewing it right now... |
ggnaegi
left a comment
There was a problem hiding this comment.
@raman-m @asrasya-kosha Ok for me, but the ClaimsAuthorizer code is difficult to read. I think we could probably refactor it a bit.
| { | ||
| // dynamic claim | ||
| var match = Regex.Match(required.Value, @"^{(?<variable>.+)}$"); | ||
| var match = Regex.Match(required.Value!.FirstOrDefault() ?? string.Empty, "^{(?<variable>.+)}$"); |
There was a problem hiding this comment.
That's not your code, I agree, Maybe we could use a compiled Regex and enhance security by specifying a timeout, 10 seconds...
[GeneratedRegex("^{(?<variable>.+)}$", RegexOptions.Compiled, 10000)]
private static partial Regex DynamicClaimRegex();There was a problem hiding this comment.
in GenerateRegex, RegexOptions.Compiled is ignored
There was a problem hiding this comment.
We have well known open PR by Mohsen who followed Regex best practices, see #1348
|
Thanks for code review! But you know I will return to feature PRs after v23.3 Hotfixes release. |
@raman-m I'll add acceptance tests and new unit tests (I thought I added them but I'll have a look once again) this weekend and update the PR. The line ending changes are perhaps a GitHub issue? because I don't see them in rider when I do sa side by side compare. Thanks |
| { | ||
| // dynamic claim | ||
| var match = Regex.Match(required.Value, @"^{(?<variable>.+)}$"); | ||
| var match = Regex.Match(required.Value!.FirstOrDefault() ?? string.Empty, "^{(?<variable>.+)}$"); |
There was a problem hiding this comment.
in GenerateRegex, RegexOptions.Compiled is ignored
|
@asrasya-kosha Please work on code review issues. |
|
@asrasya-kosha commented on Aug 20, 2024
The changes in line endings are not due to GitHub; rather, they are caused by your IDE. GitHub simply identifies the different line endings and highlights those lines.
We have Visual Studio IDE settings for line endings here: .editorconfig#L19-L21 (common settings), *.{cs,vb} (C# CRLF ending). However, there is no settings file for Rider IDE. |
8204bbd to
d2b9a2b
Compare
d2b9a2b to
a6eae47
Compare
4734c9d to
b0cdbd6
Compare
908d84f to
0678e7a
Compare
|
@raman-m any idea when this will be deployed to production? |
I have no idea! |
Dear Asrasya, 🟨 Yellow card penalty❗Ignoring our code reviews, our requests, and questions shows that you are not following our development process and are neglecting your own open pull request. This situation is confusing me. Please start communicating with our team; otherwise, we will have to make a decision. |
|
@asrasya-kosha commented on Jul 31, 2024
What did you mean by the term "static claims"? You meant static routes, right? Got it! |
|
@raman-m I have updated the PR. Have a look please and let me know your comments. Thanks |
|
@asrasya-kosha Please be honest with us—do you help in developing the product, or do you create problems in the project? What is your LinkedIn profile? |
|
Thanks @raman-m, You did not have to be so arrogant about this. I do not work for you and am not answerable to you either. You can keep your project and your congratulations to yourself - try to be humble from next time and get some life instead of fussing about every small thing. |
Closes #746
Proposed Changes
RouteClaimsRequirements to accept multiple values for a single keyClaimsAuthorizerto validate with any of the given values for a key for a static claimClaimsAuthorizerfor dynamic claims to only accept the first value for a given keyNote: The proposed changes will only apply to static claims and should not affect dynamic claims.