Integrate authorization with Router/PageDisplay

Author: SteveSandersonMS

src/Components/Components/src/Auth/AttributeAuthorizeDataCache.cs

@@ -0,0 +1,42 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Concurrent;
+using System.Linq;
+using System.Reflection;
+using Microsoft.AspNetCore.Authorization;
+
+namespace Microsoft.AspNetCore.Components.Auth
+{
+    internal static class AttributeAuthorizeDataCache
+    {
+        private static ConcurrentDictionary<Type, IAuthorizeData[]> _cache
+            = new ConcurrentDictionary<Type, IAuthorizeData[]>();
+
+        public static IAuthorizeData[] GetAuthorizeDataForType(Type type)
+        {
+            IAuthorizeData[] result;
+            if (!_cache.TryGetValue(type, out result))
+            {
+                result = ComputeAuthorizeDataForType(type);
+                _cache[type] = result; // Safe race - doesn't matter if it overwrites
+            }
+
+            return result;
+        }
+
+        private static IAuthorizeData[] ComputeAuthorizeDataForType(Type type)
+        {
+            // Allow Anonymous skips all authorization
+            var allAttributes = type.GetCustomAttributes(inherit: true);
+            if (allAttributes.OfType<IAllowAnonymous>().Any())
+            {
+                return null;
+            }
+
+            var authorizeDataAttributes = allAttributes.OfType<IAuthorizeData>().ToArray();
+            return authorizeDataAttributes.Length > 0 ? authorizeDataAttributes : null;
+        }
+    }
+}

src/Components/Components/src/Auth/AuthorizeViewCore.razor

@@ -63,6 +63,11 @@ else
             throw new InvalidOperationException($"When using {nameof(AuthorizeView)}, do not specify both '{nameof(Authorized)}' and '{nameof(ChildContent)}'.");
         }
 
+        if (AuthenticationState == null)
+        {
+            throw new InvalidOperationException($"Authorization requires a cascading parameter of type Task<{nameof(AuthenticationState)}>. Consider using {typeof(CascadingAuthenticationState).Name} to supply this.");
+        }
+
         // First render in pending state
         // If the task has already completed, this render will be skipped
         currentAuthenticationState = null;

src/Components/Components/src/Layouts/PageDisplay.cs

@@ -5,8 +5,11 @@
 using System.Collections.Generic;
 using System.Reflection;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Components;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Components.Auth;
+using Microsoft.AspNetCore.Components.Internal;
 using Microsoft.AspNetCore.Components.Layouts;
+using Microsoft.AspNetCore.Components.RenderTree;
 
 namespace Microsoft.AspNetCore.Components
 {
@@ -16,9 +19,6 @@ namespace Microsoft.AspNetCore.Components
     /// </summary>
     public class PageDisplay : IComponent
     {
-        internal const string NameOfPage = nameof(Page);
-        internal const string NameOfPageParameters = nameof(PageParameters);
-
         private RenderHandle _renderHandle;
 
         /// <summary>
@@ -34,6 +34,18 @@ public class PageDisplay : IComponent
         [Parameter]
         public IDictionary<string, object> PageParameters { get; private set; }
 
+        /// <summary>
+        /// The content that will be displayed if the user is not authorized.
+        /// </summary>
+        [Parameter]
+        public RenderFragment<AuthenticationState> NotAuthorizedContent { get; private set; }
+
+        /// <summary>
+        /// The content that will be displayed while asynchronous authorization is in progress.
+        /// </summary>
+        [Parameter]
+        public RenderFragment AuthorizingContent { get; private set; }
+
         /// <inheritdoc />
         public void Configure(RenderHandle renderHandle)
         {
@@ -50,41 +62,80 @@ public Task SetParametersAsync(ParameterCollection parameters)
 
         private void Render()
         {
-            // In the middle, we render the requested page
-            var fragment = RenderComponentWithBody(Page, bodyParam: null);
+            // In the middle goes the requested page
+            var fragment = (RenderFragment)RenderPageWithParameters;
+
+            // Around that goes an AuthorizeViewCore
+            fragment = WrapInAuthorizeViewCore(fragment);
 
-            // Repeatedly wrap it in each layer of nested layout until we get
+            // Then repeatedly wrap that in each layer of nested layout until we get
             // to a layout that has no parent
             Type layoutType = Page;
             while ((layoutType = GetLayoutType(layoutType)) != null)
             {
-                fragment = RenderComponentWithBody(layoutType, fragment);
+                fragment = WrapInLayout(layoutType, fragment);
             }
 
             _renderHandle.Render(fragment);
         }
 
-        private RenderFragment RenderComponentWithBody(Type componentType, RenderFragment bodyParam) => builder =>
+        private RenderFragment WrapInLayout(Type layoutType, RenderFragment bodyParam) => builder =>
         {
-            builder.OpenComponent(0, componentType);
-            if (bodyParam != null)
-            {
-                builder.AddAttribute(1, LayoutComponentBase.BodyPropertyName, bodyParam);
-            }
-            else
+            builder.OpenComponent(0, layoutType);
+            builder.AddAttribute(1, LayoutComponentBase.BodyPropertyName, bodyParam);
+            builder.CloseComponent();
+        };
+
+        private void RenderPageWithParameters(RenderTreeBuilder builder)
+        {
+            builder.OpenComponent(0, Page);
+
+            if (PageParameters != null)
             {
-                if (PageParameters != null)
+                foreach (var kvp in PageParameters)
                 {
-                    foreach (var kvp in PageParameters)
-                    {
-                        builder.AddAttribute(1, kvp.Key, kvp.Value);
-                    }
+                    builder.AddAttribute(1, kvp.Key, kvp.Value);
                 }
             }
+
             builder.CloseComponent();
-        };
+        }
+
+        private RenderFragment WrapInAuthorizeViewCore(RenderFragment pageFragment)
+        {
+            var authorizeData = AttributeAuthorizeDataCache.GetAuthorizeDataForType(Page);
+            if (authorizeData == null)
+            {
+                // No authorization, so no need to wrap the fragment
+                return pageFragment;
+            }
 
-        private Type GetLayoutType(Type type)
+            // Some authorization data exists, so we do need to wrap the fragment
+            RenderFragment<AuthenticationState> authorizedContent = context => pageFragment;
+            return builder =>
+            {
+                builder.OpenComponent<AuthorizeViewWithSuppliedData>(0);
+                builder.AddAttribute(1, nameof(AuthorizeViewWithSuppliedData.AuthorizeDataParam), authorizeData);
+                builder.AddAttribute(2, nameof(AuthorizeViewWithSuppliedData.Authorized), authorizedContent);
+                builder.AddAttribute(3, nameof(AuthorizeViewWithSuppliedData.NotAuthorized), NotAuthorizedContent ?? DefaultNotAuthorizedContent);
+                builder.AddAttribute(4, nameof(AuthorizeViewWithSuppliedData.Authorizing), AuthorizingContent);
+                builder.CloseComponent();
+            };
+        }
+
+        private static Type GetLayoutType(Type type)
             => type.GetCustomAttribute<LayoutAttribute>()?.LayoutType;
+
+        private class AuthorizeViewWithSuppliedData : AuthorizeViewCore
+        {
+            [Parameter] public IAuthorizeData[] AuthorizeDataParam { get; private set; }
+
+            protected override IAuthorizeData[] AuthorizeData => AuthorizeDataParam;
+        }
+
+        // There has to be some default content. If we render blank by default, developers
+        // will find it hard to guess why their UI isn't appearing.
+        private static RenderFragment DefaultNotAuthorizedContent(AuthenticationState authenticationState)
+            => builder => builder.AddContent(0, "Not authorized");
     }
 }

src/Components/Components/src/Routing/Router.cs

@@ -40,6 +40,16 @@ public class Router : IComponent, IHandleAfterRender, IDisposable
         /// </summary>
         [Parameter] public RenderFragment NotFoundContent { get; private set; }
 
+        /// <summary>
+        /// The content that will be displayed if the user is not authorized.
+        /// </summary>
+        [Parameter] public RenderFragment<AuthenticationState> NotAuthorizedContent { get; private set; }
+
+        /// <summary>
+        /// The content that will be displayed while asynchronous authorization is in progress.
+        /// </summary>
+        [Parameter] public RenderFragment AuthorizingContent { get; private set; }
+
         private RouteTable Routes { get; set; }
 
         /// <inheritdoc />
@@ -79,8 +89,10 @@ private string StringUntilAny(string str, char[] chars)
         protected virtual void Render(RenderTreeBuilder builder, Type handler, IDictionary<string, object> parameters)
         {
             builder.OpenComponent(0, typeof(PageDisplay));
-            builder.AddAttribute(1, PageDisplay.NameOfPage, handler);
-            builder.AddAttribute(2, PageDisplay.NameOfPageParameters, parameters);
+            builder.AddAttribute(1, nameof(PageDisplay.Page), handler);
+            builder.AddAttribute(2, nameof(PageDisplay.PageParameters), parameters);
+            builder.AddAttribute(3, nameof(PageDisplay.NotAuthorizedContent), NotAuthorizedContent);
+            builder.AddAttribute(4, nameof(PageDisplay.AuthorizingContent), AuthorizingContent);
             builder.CloseComponent();
         }