Add metadata for CORS policy

JamesNK · JamesNK · commit 73d4704bca61 · 2018-12-14T08:51:56.000+13:00
diff --git a/src/Middleware/CORS/src/CorsPolicyMetadata.cs b/src/Middleware/CORS/src/CorsPolicyMetadata.cs
@@ -0,0 +1,24 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNetCore.Cors.Infrastructure;
+
+namespace Microsoft.AspNetCore.Cors
+{
+    public class CorsPolicyMetadata : ICorsPolicyMetadata
+    {
+        public CorsPolicyMetadata(CorsPolicy policy)
+        {
+            Policy = policy;
+        }
+
+        public CorsPolicyMetadata(string policyName)
+        {
+            PolicyName = policyName;
+        }
+
+        public CorsPolicy Policy { get; }
+
+        public string PolicyName { get; }
+    }
+}
diff --git a/src/Middleware/CORS/src/Infrastructure/CorsEndpointConventionBuilderExtensions.cs b/src/Middleware/CORS/src/Infrastructure/CorsEndpointConventionBuilderExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNetCore.Cors;
+using Microsoft.AspNetCore.Cors.Infrastructure;
 using Microsoft.AspNetCore.Routing;
 
 namespace Microsoft.AspNetCore.Builder
@@ -27,7 +28,36 @@ public static IEndpointConventionBuilder WithCorsPolicy(this IEndpointConvention
 
             builder.Apply(endpointBuilder =>
             {
-                endpointBuilder.Metadata.Add(new EnableCorsAttribute(policyName));
+                endpointBuilder.Metadata.Add(new CorsPolicyMetadata(policyName));
+            });
+            return builder;
+        }
+
+        /// <summary>
+        /// Adds the specified CORS policy to the endpoint(s).
+        /// </summary>
+        /// <param name="builder">The endpoint convention builder.</param>
+        /// <param name="configurePolicy">A delegate which can use a policy builder to build a policy.</param>
+        /// <returns>The original convention builder parameter.</returns>
+        public static IEndpointConventionBuilder WithCorsPolicy(this IEndpointConventionBuilder builder, Action<CorsPolicyBuilder> configurePolicy)
+        {
+            if (builder == null)
+            {
+                throw new ArgumentNullException(nameof(builder));
+            }
+
+            if (configurePolicy == null)
+            {
+                throw new ArgumentNullException(nameof(configurePolicy));
+            }
+
+            var policyBuilder = new CorsPolicyBuilder();
+            configurePolicy(policyBuilder);
+            var policy = policyBuilder.Build();
+
+            builder.Apply(endpointBuilder =>
+            {
+                endpointBuilder.Metadata.Add(new CorsPolicyMetadata(policy));
             });
             return builder;
         }
diff --git a/src/Middleware/CORS/src/Infrastructure/CorsMiddleware.cs b/src/Middleware/CORS/src/Infrastructure/CorsMiddleware.cs
@@ -131,9 +131,10 @@ private async Task InvokeCore(HttpContext context, ICorsPolicyProvider corsPolic
             // CORS policy resolution rules:
             //
             // 1. If there is an endpoint with IDisableCorsAttribute then CORS is not run
-            // 2. If there is an endpoint with IEnableCorsAttribute that has a policy name then
+            // 2. If there is an endpoint with ICorsPolicyMetadata then use its policy and name
+            // 3. If there is an endpoint with IEnableCorsAttribute that has a policy name then
             //    fetch policy by name, prioritizing it above policy on middleware
-            // 3. If there is no policy on middleware then use name on middleware
+            // 4. If there is no policy on middleware then use name on middleware
 
             // Flag to indicate to other systems, e.g. MVC, that CORS middleware was run for this request
             context.Items[CorsMiddlewareInvokedKey] = true;
@@ -142,7 +143,7 @@ private async Task InvokeCore(HttpContext context, ICorsPolicyProvider corsPolic
 
             // Get the most significant CORS metadata for the endpoint
             // For backwards compatibility reasons this is then downcast to Enable/Disable metadata
-            var corsMetadata = endpoint?.Metadata.GetMetadata<ICorsAttribute>();
+            var corsMetadata = endpoint?.Metadata.GetMetadata<ICorsMetadata>();
             if (corsMetadata is IDisableCorsAttribute)
             {
                 await _next(context);
@@ -151,7 +152,12 @@ private async Task InvokeCore(HttpContext context, ICorsPolicyProvider corsPolic
 
             var corsPolicy = _policy;
             var policyName = _corsPolicyName;
-            if (corsMetadata is IEnableCorsAttribute enableCorsAttribute &&
+            if (corsMetadata is ICorsPolicyMetadata corsPolicyMetadata)
+            {
+                policyName = corsPolicyMetadata.PolicyName;
+                corsPolicy = corsPolicyMetadata.Policy;
+            }
+            else if (corsMetadata is IEnableCorsAttribute enableCorsAttribute &&
                 enableCorsAttribute.PolicyName != null)
             {
                 // If a policy name has been provided on the endpoint metadata then prioritizing it above the static middleware policy
diff --git a/src/Middleware/CORS/src/Infrastructure/ICorsMetadata.cs b/src/Middleware/CORS/src/Infrastructure/ICorsMetadata.cs
@@ -6,7 +6,7 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
     /// <summary>
     /// A marker interface which can be used to identify CORS metdata.
     /// </summary>
-    public interface ICorsAttribute
+    public interface ICorsMetadata
     {
     }
 }
diff --git a/src/Middleware/CORS/src/Infrastructure/ICorsPolicyMetadata.cs b/src/Middleware/CORS/src/Infrastructure/ICorsPolicyMetadata.cs
@@ -0,0 +1,21 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNetCore.Cors.Infrastructure
+{
+    /// <summary>
+    /// An interface which can be used to identify a type which provides metadata needed for enabling CORS support.
+    /// </summary>
+    public interface ICorsPolicyMetadata : ICorsMetadata
+    {
+        /// <summary>
+        /// The policy which needs to be applied.
+        /// </summary>
+        CorsPolicy Policy { get; }
+
+        /// <summary>
+        /// The name of the policy which needs to be applied.
+        /// </summary>
+        string PolicyName { get; }
+    }
+}
diff --git a/src/Middleware/CORS/src/Infrastructure/IDisableCorsAttribute.cs b/src/Middleware/CORS/src/Infrastructure/IDisableCorsAttribute.cs
@@ -6,7 +6,7 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
     /// <summary>
     /// An interface which can be used to identify a type which provides metdata to disable cors for a resource.
     /// </summary>
-    public interface IDisableCorsAttribute : ICorsAttribute
+    public interface IDisableCorsAttribute : ICorsMetadata
     {
     }
 }
diff --git a/src/Middleware/CORS/src/Infrastructure/IEnableCorsAttribute.cs b/src/Middleware/CORS/src/Infrastructure/IEnableCorsAttribute.cs
@@ -6,7 +6,7 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
     /// <summary>
     /// An interface which can be used to identify a type which provides metadata needed for enabling CORS support.
     /// </summary>
-    public interface IEnableCorsAttribute : ICorsAttribute
+    public interface IEnableCorsAttribute : ICorsMetadata
     {
         /// <summary>
         /// The name of the policy which needs to be applied.
diff --git a/src/Middleware/CORS/test/UnitTests/CorsEndpointConventionBuilderExtensionsTests.cs b/src/Middleware/CORS/test/UnitTests/CorsEndpointConventionBuilderExtensionsTests.cs
@@ -13,7 +13,7 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
     public class CorsEndpointConventionBuilderExtensionsTests
     {
         [Fact]
-        public void WithCorsPolicy_MetadataAdded()
+        public void WithCorsPolicy_Name_MetadataAdded()
         {
             // Arrange
             var testConventionBuilder = new TestEndpointConventionBuilder();
@@ -28,11 +28,33 @@ public void WithCorsPolicy_MetadataAdded()
             addCorsPolicy(endpointModel);
             var endpoint = endpointModel.Build();
 
-            var metadata = endpoint.Metadata.GetMetadata<IEnableCorsAttribute>();
+            var metadata = endpoint.Metadata.GetMetadata<ICorsPolicyMetadata>();
             Assert.NotNull(metadata);
             Assert.Equal("TestPolicyName", metadata.PolicyName);
         }
 
+        [Fact]
+        public void WithCorsPolicy_Policy_MetadataAdded()
+        {
+            // Arrange
+            var testConventionBuilder = new TestEndpointConventionBuilder();
+
+            // Act
+            testConventionBuilder.WithCorsPolicy(builder => builder.AllowAnyOrigin());
+
+            // Assert
+            var addCorsPolicy = Assert.Single(testConventionBuilder.Conventions);
+
+            var endpointModel = new TestEndpointModel();
+            addCorsPolicy(endpointModel);
+            var endpoint = endpointModel.Build();
+
+            var metadata = endpoint.Metadata.GetMetadata<ICorsPolicyMetadata>();
+            Assert.NotNull(metadata);
+            Assert.NotNull(metadata.Policy);
+            Assert.True(metadata.Policy.AllowAnyOrigin);
+        }
+
         private class TestEndpointModel : EndpointModel
         {
             public override Endpoint Build()
diff --git a/src/Middleware/CORS/test/UnitTests/CorsMiddlewareTests.cs b/src/Middleware/CORS/test/UnitTests/CorsMiddlewareTests.cs
@@ -657,6 +657,44 @@ public async Task Invoke_HasEndpointWithEnableMetadata_MiddlewareHasPolicy_RunsC
                 Times.Once);
         }
 
+        [Fact]
+        public async Task Invoke_HasEndpointWithCorsPolicyMetadata_MiddlewareHasPolicy_RunsCorsWithPolicyName()
+        {
+            // Arrange
+            var defaultPolicy = new CorsPolicyBuilder().Build();
+            var metadataPolicy = new CorsPolicyBuilder().Build();
+            var mockCorsService = new Mock<ICorsService>();
+            var mockProvider = new Mock<ICorsPolicyProvider>();
+            var loggerFactory = NullLoggerFactory.Instance;
+            mockProvider.Setup(o => o.GetPolicyAsync(It.IsAny<HttpContext>(), It.IsAny<string>()))
+                .Returns(Task.FromResult<CorsPolicy>(null))
+                .Verifiable();
+            mockCorsService.Setup(o => o.EvaluatePolicy(It.IsAny<HttpContext>(), It.IsAny<CorsPolicy>()))
+                .Returns(new CorsResult())
+                .Verifiable();
+
+            var middleware = new CorsMiddleware(
+                Mock.Of<RequestDelegate>(),
+                mockCorsService.Object,
+                defaultPolicy,
+                loggerFactory);
+
+            var httpContext = new DefaultHttpContext();
+            httpContext.SetEndpoint(new Endpoint(c => Task.CompletedTask, new EndpointMetadataCollection(new CorsPolicyMetadata(metadataPolicy)), "Test endpoint"));
+            httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { "http://example.com" });
+
+            // Act
+            await middleware.Invoke(httpContext, mockProvider.Object);
+
+            // Assert
+            mockProvider.Verify(
+                o => o.GetPolicyAsync(It.IsAny<HttpContext>(), It.IsAny<string>()),
+                Times.Never);
+            mockCorsService.Verify(
+                o => o.EvaluatePolicy(It.IsAny<HttpContext>(), metadataPolicy),
+                Times.Once);
+        }
+
         [Fact]
         public async Task Invoke_HasEndpointWithEnableMetadataWithNoName_RunsCorsWithStaticPolicy()
         {

Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure`
`6`	`6`	`/// <summary>`
`7`	`7`	`/// A marker interface which can be used to identify CORS metdata.`
`8`	`8`	`/// </summary>`
`9`		`- public interface ICorsAttribute`
	`9`	`+ public interface ICorsMetadata`
`10`	`10`	`{`
`11`	`11`	`}`
`12`	`12`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure`
`6`	`6`	`/// <summary>`
`7`	`7`	`/// An interface which can be used to identify a type which provides metdata to disable cors for a resource.`
`8`	`8`	`/// </summary>`
`9`		`- public interface IDisableCorsAttribute : ICorsAttribute`
	`9`	`+ public interface IDisableCorsAttribute : ICorsMetadata`
`10`	`10`	`{`
`11`	`11`	`}`
`12`	`12`	`}`