Added messages for all UnauthorizedAccessException (#6786)
* Added messages for all UnauthorizedAccessException * Adjust unit tests for changes in UnauthorizedAccessException messages --------- Co-authored-by: Tracy Boehrer <trboehre@microsoft.com>
This commit is contained in:
tracyboehrer
GitHub
Родитель
673dbca7ec
Коммит
4952e8fcb5
|
|
@ -65,7 +65,7 @@ namespace Microsoft.Bot.Builder
|
|||
if (!isAuthDisabled)
|
||||
{
|
||||
// No auth header. Auth is required. Request is not authorized.
|
||||
throw new UnauthorizedAccessException();
|
||||
throw new UnauthorizedAccessException("No Authorization header");
|
||||
}
|
||||
|
||||
// In the scenario where auth is disabled, we still want to have the
|
||||
|
|
|
|||
|
|
@ -133,13 +133,13 @@ namespace Microsoft.Bot.Connector.Authentication
|
|||
if (identity == null)
|
||||
{
|
||||
// No valid identity. Not Authorized.
|
||||
throw new UnauthorizedAccessException("Invalid Identity");
|
||||
throw new UnauthorizedAccessException("No valid Identity");
|
||||
}
|
||||
|
||||
if (!identity.IsAuthenticated)
|
||||
{
|
||||
// The token is in some way invalid. Not Authorized.
|
||||
throw new UnauthorizedAccessException("Token Not Authenticated");
|
||||
throw new UnauthorizedAccessException("Identity Not Authenticated");
|
||||
}
|
||||
|
||||
// Now check that the AppID in the claimset matches
|
||||
|
|
|
|||
|
|
@ -75,7 +75,7 @@ namespace Microsoft.Bot.Connector.Authentication
|
|||
if (!isAuthDisabled)
|
||||
{
|
||||
// No auth header. Auth is required. Request is not authorized.
|
||||
throw new UnauthorizedAccessException();
|
||||
throw new UnauthorizedAccessException("No Authorization header");
|
||||
}
|
||||
|
||||
// In the scenario where auth is disabled, we still want to have the
|
||||
|
|
@ -107,7 +107,7 @@ namespace Microsoft.Bot.Connector.Authentication
|
|||
{
|
||||
if (string.IsNullOrWhiteSpace(channelIdHeader) && !await _credentialsFactory.IsAuthenticationDisabledAsync(cancellationToken).ConfigureAwait(false))
|
||||
{
|
||||
throw new UnauthorizedAccessException();
|
||||
throw new UnauthorizedAccessException("No Channel ID header");
|
||||
}
|
||||
|
||||
var claimsIdentity = await JwtTokenValidation.ValidateAuthHeader(authHeader, new DelegatingCredentialProvider(_credentialsFactory), GetChannelProvider(), channelIdHeader, httpClient: _authHttpClient).ConfigureAwait(false);
|
||||
|
|
|
|||
|
|
@ -100,13 +100,13 @@ namespace Microsoft.Bot.Connector.Authentication
|
|||
if (identity == null)
|
||||
{
|
||||
// No valid identity. Not Authorized.
|
||||
throw new UnauthorizedAccessException();
|
||||
throw new UnauthorizedAccessException("No valid identity");
|
||||
}
|
||||
|
||||
if (!identity.IsAuthenticated)
|
||||
{
|
||||
// The token is in some way invalid. Not Authorized.
|
||||
throw new UnauthorizedAccessException();
|
||||
throw new UnauthorizedAccessException("Identity Not Authenticated");
|
||||
}
|
||||
|
||||
// Now check that the AppID in the claimset matches
|
||||
|
|
@ -121,7 +121,7 @@ namespace Microsoft.Bot.Connector.Authentication
|
|||
if (audienceClaim == null)
|
||||
{
|
||||
// The relevant audience Claim MUST be present. Not Authorized.
|
||||
throw new UnauthorizedAccessException();
|
||||
throw new UnauthorizedAccessException("Missing aud claim");
|
||||
}
|
||||
|
||||
// The AppId from the claim in the token must match the AppId specified by the developer.
|
||||
|
|
@ -130,7 +130,7 @@ namespace Microsoft.Bot.Connector.Authentication
|
|||
if (string.IsNullOrWhiteSpace(appIdFromClaim))
|
||||
{
|
||||
// Claim is present, but doesn't have a value. Not Authorized.
|
||||
throw new UnauthorizedAccessException();
|
||||
throw new UnauthorizedAccessException("Missing AppId claim");
|
||||
}
|
||||
|
||||
if (!await credentials.IsValidAppIdAsync(appIdFromClaim).ConfigureAwait(false))
|
||||
|
|
@ -187,13 +187,13 @@ namespace Microsoft.Bot.Connector.Authentication
|
|||
if (string.IsNullOrWhiteSpace(serviceUrlClaim))
|
||||
{
|
||||
// Claim must be present. Not Authorized.
|
||||
throw new UnauthorizedAccessException();
|
||||
throw new UnauthorizedAccessException("Missing serviceurl claim");
|
||||
}
|
||||
|
||||
if (!string.Equals(serviceUrlClaim, serviceUrl, StringComparison.OrdinalIgnoreCase))
|
||||
{
|
||||
// Claim must match. Not Authorized.
|
||||
throw new UnauthorizedAccessException();
|
||||
throw new UnauthorizedAccessException("serviceurl claim mismatch");
|
||||
}
|
||||
|
||||
return identity;
|
||||
|
|
|
|||
|
|
@ -157,13 +157,13 @@ namespace Microsoft.Bot.Connector.Authentication
|
|||
if (identity == null)
|
||||
{
|
||||
// No valid identity. Not Authorized.
|
||||
throw new UnauthorizedAccessException("Invalid Identity");
|
||||
throw new UnauthorizedAccessException("No valid Identity");
|
||||
}
|
||||
|
||||
if (!identity.IsAuthenticated)
|
||||
{
|
||||
// The token is in some way invalid. Not Authorized.
|
||||
throw new UnauthorizedAccessException("Token Not Authenticated");
|
||||
throw new UnauthorizedAccessException("Identity Not Authenticated");
|
||||
}
|
||||
|
||||
// Now check that the AppID in the claimset matches
|
||||
|
|
|
|||
|
|
@ -104,13 +104,13 @@ namespace Microsoft.Bot.Connector.Authentication
|
|||
if (identity == null)
|
||||
{
|
||||
// No valid identity. Not Authorized.
|
||||
throw new UnauthorizedAccessException();
|
||||
throw new UnauthorizedAccessException("No valid identity");
|
||||
}
|
||||
|
||||
if (!identity.IsAuthenticated)
|
||||
{
|
||||
// The token is in some way invalid. Not Authorized.
|
||||
throw new UnauthorizedAccessException();
|
||||
throw new UnauthorizedAccessException("Identity Not Authenticated");
|
||||
}
|
||||
|
||||
// Now check that the AppID in the claimset matches
|
||||
|
|
@ -125,7 +125,7 @@ namespace Microsoft.Bot.Connector.Authentication
|
|||
if (audienceClaim == null)
|
||||
{
|
||||
// The relevant audience Claim MUST be present. Not Authorized.
|
||||
throw new UnauthorizedAccessException();
|
||||
throw new UnauthorizedAccessException("Missing aud claim");
|
||||
}
|
||||
|
||||
// The AppId from the claim in the token must match the AppId specified by the developer.
|
||||
|
|
@ -134,7 +134,7 @@ namespace Microsoft.Bot.Connector.Authentication
|
|||
if (string.IsNullOrWhiteSpace(appIdFromClaim))
|
||||
{
|
||||
// Claim is present, but doesn't have a value. Not Authorized.
|
||||
throw new UnauthorizedAccessException();
|
||||
throw new UnauthorizedAccessException("Empty aud claim");
|
||||
}
|
||||
|
||||
if (!await credentials.IsValidAppIdAsync(appIdFromClaim).ConfigureAwait(false))
|
||||
|
|
@ -149,13 +149,13 @@ namespace Microsoft.Bot.Connector.Authentication
|
|||
if (string.IsNullOrWhiteSpace(serviceUrlClaim))
|
||||
{
|
||||
// Claim must be present. Not Authorized.
|
||||
throw new UnauthorizedAccessException();
|
||||
throw new UnauthorizedAccessException("Missing serviceurl claim");
|
||||
}
|
||||
|
||||
if (!string.Equals(serviceUrlClaim, serviceUrl, StringComparison.OrdinalIgnoreCase))
|
||||
{
|
||||
// Claim must match. Not Authorized.
|
||||
throw new UnauthorizedAccessException();
|
||||
throw new UnauthorizedAccessException("serviceurl claim mismatch");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -109,13 +109,13 @@ namespace Microsoft.Bot.Connector.Authentication
|
|||
if (identity == null)
|
||||
{
|
||||
// No valid identity. Not Authorized.
|
||||
throw new UnauthorizedAccessException();
|
||||
throw new UnauthorizedAccessException("No valid identity");
|
||||
}
|
||||
|
||||
if (!identity.IsAuthenticated)
|
||||
{
|
||||
// The token is in some way invalid. Not Authorized.
|
||||
throw new UnauthorizedAccessException();
|
||||
throw new UnauthorizedAccessException("Identity Not Authenticated");
|
||||
}
|
||||
|
||||
// Now check that the AppID in the claimset matches
|
||||
|
|
@ -130,7 +130,7 @@ namespace Microsoft.Bot.Connector.Authentication
|
|||
if (audienceClaim == null)
|
||||
{
|
||||
// The relevant audience Claim MUST be present. Not Authorized.
|
||||
throw new UnauthorizedAccessException();
|
||||
throw new UnauthorizedAccessException("Missing aud claim");
|
||||
}
|
||||
|
||||
// The AppId from the claim in the token must match the AppId specified by the developer.
|
||||
|
|
@ -139,7 +139,7 @@ namespace Microsoft.Bot.Connector.Authentication
|
|||
if (string.IsNullOrWhiteSpace(appIdFromClaim))
|
||||
{
|
||||
// Claim is present, but doesn't have a value. Not Authorized.
|
||||
throw new UnauthorizedAccessException();
|
||||
throw new UnauthorizedAccessException("aud claim empty");
|
||||
}
|
||||
|
||||
if (!await credentials.IsValidAppIdAsync(appIdFromClaim).ConfigureAwait(false))
|
||||
|
|
@ -154,13 +154,13 @@ namespace Microsoft.Bot.Connector.Authentication
|
|||
if (string.IsNullOrWhiteSpace(serviceUrlClaim))
|
||||
{
|
||||
// Claim must be present. Not Authorized.
|
||||
throw new UnauthorizedAccessException();
|
||||
throw new UnauthorizedAccessException("Missing serviceurl claim");
|
||||
}
|
||||
|
||||
if (!string.Equals(serviceUrlClaim, serviceUrl, StringComparison.OrdinalIgnoreCase))
|
||||
{
|
||||
// Claim must match. Not Authorized.
|
||||
throw new UnauthorizedAccessException();
|
||||
throw new UnauthorizedAccessException("serviceurl claim mismatch");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -66,7 +66,7 @@ namespace Microsoft.Bot.Connector.Authentication
|
|||
if (!isAuthDisabled)
|
||||
{
|
||||
// No Auth Header and Auth is required. Request is not authorized.
|
||||
throw new UnauthorizedAccessException();
|
||||
throw new UnauthorizedAccessException("No Authorization header");
|
||||
}
|
||||
|
||||
// Check if the activity is for a skill call and is coming from the Emulator.
|
||||
|
|
|
|||
|
|
@ -88,7 +88,7 @@ namespace Microsoft.Bot.Connector.Authentication
|
|||
{
|
||||
if (string.IsNullOrWhiteSpace(channelIdHeader) && !await _credentialsFactory.IsAuthenticationDisabledAsync(cancellationToken).ConfigureAwait(false))
|
||||
{
|
||||
throw new UnauthorizedAccessException();
|
||||
throw new UnauthorizedAccessException("No Channel ID header");
|
||||
}
|
||||
|
||||
var claimsIdentity = await JwtTokenValidation_ValidateAuthHeaderAsync(authHeader, channelIdHeader, null, cancellationToken).ConfigureAwait(false);
|
||||
|
|
@ -128,7 +128,7 @@ namespace Microsoft.Bot.Connector.Authentication
|
|||
if (!isAuthDisabled)
|
||||
{
|
||||
// No Auth Header. Auth is required. Request is not authorized.
|
||||
throw new UnauthorizedAccessException();
|
||||
throw new UnauthorizedAccessException("No Authorization header");
|
||||
}
|
||||
|
||||
// Check if the activity is for a skill call and is coming from the Emulator.
|
||||
|
|
@ -244,13 +244,13 @@ namespace Microsoft.Bot.Connector.Authentication
|
|||
if (identity == null)
|
||||
{
|
||||
// No valid identity. Not Authorized.
|
||||
throw new UnauthorizedAccessException("Invalid Identity");
|
||||
throw new UnauthorizedAccessException("No valid Identity");
|
||||
}
|
||||
|
||||
if (!identity.IsAuthenticated)
|
||||
{
|
||||
// The token is in some way invalid. Not Authorized.
|
||||
throw new UnauthorizedAccessException("Token Not Authenticated");
|
||||
throw new UnauthorizedAccessException("Identity Not Authenticated");
|
||||
}
|
||||
|
||||
var versionClaim = identity.Claims.FirstOrDefault(c => c.Type == AuthenticationConstants.VersionClaim);
|
||||
|
|
@ -428,13 +428,13 @@ namespace Microsoft.Bot.Connector.Authentication
|
|||
if (identity == null)
|
||||
{
|
||||
// No valid identity. Not Authorized.
|
||||
throw new UnauthorizedAccessException();
|
||||
throw new UnauthorizedAccessException("No valid identity");
|
||||
}
|
||||
|
||||
if (!identity.IsAuthenticated)
|
||||
{
|
||||
// The token is in some way invalid. Not Authorized.
|
||||
throw new UnauthorizedAccessException();
|
||||
throw new UnauthorizedAccessException("Identity no authenticated");
|
||||
}
|
||||
|
||||
// Now check that the AppID in the claimset matches
|
||||
|
|
@ -449,7 +449,7 @@ namespace Microsoft.Bot.Connector.Authentication
|
|||
if (audienceClaim == null)
|
||||
{
|
||||
// The relevant audience Claim MUST be present. Not Authorized.
|
||||
throw new UnauthorizedAccessException();
|
||||
throw new UnauthorizedAccessException("Missing aud claim");
|
||||
}
|
||||
|
||||
// The AppId from the claim in the token must match the AppId specified by the developer.
|
||||
|
|
@ -458,7 +458,7 @@ namespace Microsoft.Bot.Connector.Authentication
|
|||
if (string.IsNullOrWhiteSpace(appIdFromClaim))
|
||||
{
|
||||
// Claim is present, but doesn't have a value. Not Authorized.
|
||||
throw new UnauthorizedAccessException();
|
||||
throw new UnauthorizedAccessException("Empty aud claim");
|
||||
}
|
||||
|
||||
if (!await _credentialsFactory.IsValidAppIdAsync(appIdFromClaim, cancellationToken).ConfigureAwait(false))
|
||||
|
|
@ -473,13 +473,13 @@ namespace Microsoft.Bot.Connector.Authentication
|
|||
if (string.IsNullOrWhiteSpace(serviceUrlClaim))
|
||||
{
|
||||
// Claim must be present. Not Authorized.
|
||||
throw new UnauthorizedAccessException();
|
||||
throw new UnauthorizedAccessException("Missing serviceurl claim");
|
||||
}
|
||||
|
||||
if (!string.Equals(serviceUrlClaim, serviceUrl, StringComparison.OrdinalIgnoreCase))
|
||||
{
|
||||
// Claim must match. Not Authorized.
|
||||
throw new UnauthorizedAccessException();
|
||||
throw new UnauthorizedAccessException("serviceurl claim mismatch");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -178,13 +178,13 @@ namespace Microsoft.Bot.Connector.Authentication
|
|||
if (identity == null)
|
||||
{
|
||||
// No valid identity. Not Authorized.
|
||||
throw new UnauthorizedAccessException("Invalid Identity");
|
||||
throw new UnauthorizedAccessException("No valid Identity");
|
||||
}
|
||||
|
||||
if (!identity.IsAuthenticated)
|
||||
{
|
||||
// The token is in some way invalid. Not Authorized.
|
||||
throw new UnauthorizedAccessException("Token Not Authenticated");
|
||||
throw new UnauthorizedAccessException("Identity Not Authenticated");
|
||||
}
|
||||
|
||||
var versionClaim = identity.Claims.FirstOrDefault(c => c.Type == AuthenticationConstants.VersionClaim);
|
||||
|
|
|
|||
|
|
@ -88,13 +88,13 @@ namespace Microsoft.Bot.Connector.Tests.Authentication
|
|||
// Null identity
|
||||
var exception = await Assert.ThrowsAsync<UnauthorizedAccessException>(
|
||||
async () => await SkillValidation.ValidateIdentityAsync(null, mockCredentials.Object));
|
||||
Assert.Equal("Invalid Identity", exception.Message);
|
||||
Assert.Equal("No valid Identity", exception.Message);
|
||||
|
||||
// not authenticated identity
|
||||
mockIdentity.Setup(x => x.IsAuthenticated).Returns(false);
|
||||
exception = await Assert.ThrowsAsync<UnauthorizedAccessException>(
|
||||
async () => await SkillValidation.ValidateIdentityAsync(mockIdentity.Object, mockCredentials.Object));
|
||||
Assert.Equal("Token Not Authenticated", exception.Message);
|
||||
Assert.Equal("Identity Not Authenticated", exception.Message);
|
||||
|
||||
// No version claims
|
||||
mockIdentity.Setup(x => x.IsAuthenticated).Returns(true);
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче