Skip to content

Commit d2cbe3b

Browse files
whamm86whamm86
committed
Accept json object in token claim
1 parent 9df9fa7 commit d2cbe3b

2 files changed

Lines changed: 52 additions & 3 deletions

File tree

src/AasSecurity/SecurityService.cs

Lines changed: 50 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@
2424
using System.Security.Cryptography.X509Certificates;
2525
using System.Text;
2626
using System.Text.Json;
27+
using System.Text.Json.Nodes;
2728
using System.Web;
2829
using AasSecurity.Exceptions;
2930
using AasSecurity.Models;
@@ -40,6 +41,7 @@
4041
using Microsoft.IdentityModel.JsonWebTokens;
4142
using Microsoft.IdentityModel.Tokens;
4243
using Namotion.Reflection;
44+
using Newtonsoft.Json;
4345
using Newtonsoft.Json.Linq;
4446
using static QRCoder.PayloadGenerator;
4547
using File = AasCore.Aas3_0.File;
@@ -238,12 +240,58 @@ public void parseAccessRuleFile()
238240
if (claim.StartsWith("token:"))
239241
{
240242
var value = tokenClaims?.Where(tc => tc.Type == claim).FirstOrDefault()?.Value;
241-
condition[c.Key] = conditionValue.Replace($"CLAIM({claim})", $"\"{value}\"");
243+
if (value.StartsWith("{"))
244+
{
245+
var dict = JsonConvert.DeserializeObject<Dictionary<string, List<string>>>(value);
246+
247+
var key = dict.Keys.First();
248+
249+
if (dict != null && dict.TryGetValue(key, out var roles))
250+
{
251+
var valueBuildString = new StringBuilder("");
252+
253+
foreach (var role in roles)
254+
{
255+
valueBuildString = valueBuildString.Append($"{key}:{role}");
256+
257+
if (roles.IndexOf(role) < roles.Count - 1)
258+
{
259+
valueBuildString.Append(" ");
260+
}
261+
}
262+
value = valueBuildString.ToString();
263+
}
264+
}
265+
var replaced = conditionValue.Replace($"CLAIM({claim})", $"\"{value}\"");
266+
condition[c.Key] = replaced;
242267
}
243268
if (claim == accessRole)
244269
{
245270
var value = tokenClaims?.Where(tc => tc.Type == claim).FirstOrDefault()?.Value;
246-
condition[c.Key] = conditionValue.Replace($"CLAIM({accessRole})", $"\"{value}\"");
271+
if (value.StartsWith("{"))
272+
{
273+
var dict = JsonConvert.DeserializeObject<Dictionary<string, List<string>>>(value);
274+
275+
var key = dict.Keys.First();
276+
277+
if (dict != null && dict.TryGetValue(key, out var roles))
278+
{
279+
var valueBuildString = new StringBuilder("");
280+
281+
foreach (var role in roles)
282+
{
283+
valueBuildString = valueBuildString.Append($"{role}");
284+
285+
if (roles.IndexOf(role) < roles.Count - 1)
286+
{
287+
valueBuildString.Append(" ");
288+
}
289+
}
290+
value = valueBuildString.ToString();
291+
}
292+
}
293+
var replaced = conditionValue.Replace($"CLAIM({claim})", $"\"{value}\"");
294+
condition[c.Key] = replaced;
247295
}
248296
}
249297
}

src/AasxServerDB/EntityFrameworkPersistenceService.cs

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1966,7 +1966,8 @@ private bool IsSubmodelPresent(AasContext db, Dictionary<string, string>? securi
19661966

19671967
if (securityCondition != null)
19681968
{
1969-
smDBQuery = smDBQuery.Where(securityCondition["sm."]);
1969+
var securityConditionSM = securityCondition["sm."];
1970+
smDBQuery = smDBQuery.Where(securityConditionSM);
19701971

19711972
if (!string.IsNullOrEmpty(aasIdentifier))
19721973
{

0 commit comments

Comments
 (0)