fix for basic auth

neildsouth · neildsouth · commit 682dcecb93b1 · 2022-12-14T14:33:19.000Z
Signed-off-by: Neil South &lt;neil.south@answerdigital.com&gt;
diff --git a/src/Authentication/Middleware/BasicAuthorizationMiddleware.cs b/src/Authentication/Middleware/BasicAuthorizationMiddleware.cs
@@ -49,7 +49,8 @@ public BasicAuthorizationMiddleware(
         public async Task InvokeAsync(HttpContext httpContext)
         {
 
-            if (_options.Value.BasicAuthEnabled(_logger) is false)
+            if ((_options.Value.BypassAuthentication.HasValue && _options.Value.BypassAuthentication.Value is true)
+                || _options.Value.BasicAuthEnabled(_logger) is false)
             {
                 await _next(httpContext).ConfigureAwait(false);
                 return;
@@ -70,6 +71,7 @@ public async Task InvokeAsync(HttpContext httpContext)
                         var identity = new ClaimsIdentity(claims, "Basic");
                         var claimsPrincipal = new ClaimsPrincipal(identity);
                         httpContext.User = claimsPrincipal;
+                        await _next(httpContext).ConfigureAwait(false);
                         return;
                     }
                 }
diff --git a/src/Authentication/Tests/EndpointAuthorizationMiddlewareTest.cs b/src/Authentication/Tests/EndpointAuthorizationMiddlewareTest.cs
@@ -165,6 +165,7 @@ public async Task GivenConfigurationFileWithBasicConfigured_WhenUserIsAuthentica
 
             Assert.Equal(HttpStatusCode.OK, responseMessage.StatusCode);
         }
+
         [Fact]
         public async Task GivenConfigurationFileWithBasicConfigured_WhenHeaderIsInvalid_ExpectToDenyRequest()
         {

Original file line number	Diff line number	Diff line change
`@@ -49,7 +49,8 @@ public BasicAuthorizationMiddleware(`
`49`	`49`	`public async Task InvokeAsync(HttpContext httpContext)`
`50`	`50`	`{`
`51`	`51`
`52`		`- if (_options.Value.BasicAuthEnabled(_logger) is false)`
	`52`	`+ if ((_options.Value.BypassAuthentication.HasValue && _options.Value.BypassAuthentication.Value is true)`
	`53`	`+ \|\| _options.Value.BasicAuthEnabled(_logger) is false)`
`53`	`54`	`{`
`54`	`55`	`await _next(httpContext).ConfigureAwait(false);`
`55`	`56`	`return;`
`@@ -70,6 +71,7 @@ public async Task InvokeAsync(HttpContext httpContext)`
`70`	`71`	`var identity = new ClaimsIdentity(claims, "Basic");`
`71`	`72`	`var claimsPrincipal = new ClaimsPrincipal(identity);`
`72`	`73`	`httpContext.User = claimsPrincipal;`
	`74`	`+ await _next(httpContext).ConfigureAwait(false);`
`73`	`75`	`return;`
`74`	`76`	`}`
`75`	`77`	`}`
Original file line number	Diff line number	Diff line change
`@@ -165,6 +165,7 @@ public async Task GivenConfigurationFileWithBasicConfigured_WhenUserIsAuthentica`
`165`	`165`
`166`	`166`	`Assert.Equal(HttpStatusCode.OK, responseMessage.StatusCode);`
`167`	`167`	`}`
	`168`	`+`
`168`	`169`	`[Fact]`
`169`	`170`	`public async Task GivenConfigurationFileWithBasicConfigured_WhenHeaderIsInvalid_ExpectToDenyRequest()`
`170`	`171`	`{`