< Summary - Kestrun — Combined Coverage

Information

Class:	Kestrun.Authentication.IAuthHandler
Assembly:	Kestrun
File(s):	/home/runner/work/Kestrun/Kestrun/src/CSharp/Kestrun/Authentication/IAuthHandler.cs
Tag:	Kestrun/Kestrun@ca54e35c77799b76774b3805b6f075cdbc0c5fbe

Line coverage

87%

Covered lines:	210
Uncovered lines:	29
Coverable lines:	239
Total lines:	576
Line coverage:	87.8%

Branch coverage

74%

Covered branches:	76
Total branches:	102
Branch coverage:	74.5%

Method coverage

Feature is only available for sponsors

Upgrade to PRO version

Coverage history

Metrics

Method	Branch coverage	Crap Score	Cyclomatic complexity	Line coverage
GetAuthenticationTicketAsync()	100%	1	1	100%
GetIssuedClaimsAsync()	25%	8	4	37.5%
EnsureNameClaim(...)	83.33%	6	6	85.71%
CreateAuthenticationTicket(...)	100%	1	1	100%
ValidatePowerShellAsync()	100%	2	2	100%
ValidatePowerShellInputs(...)	100%	8	8	100%
GetPowerShellForValidation(...)	50%	4	4	100%
ExecutePowerShellScriptAsync()	0%	3	2	50%
ValidatePowerShellResult(...)	87.5%	8	8	100%
BuildCsValidator(...)	100%	4	4	100%
BuildVBNetValidator(...)	66.66%	6	6	94.28%
BuildPsIssueClaims(...)	100%	1	1	100%
IssueClaimsPowerShellAsync()	45%	44	20	60.71%
GetPowerShell(...)	100%	6	6	100%
TryToClaim(...)	91.66%	24	24	100%
BuildCsIssueClaims(...)	75%	4	4	96%
BuildVBNetIssueClaims(...)	75%	4	4	96.42%

File(s)

/home/runner/work/Kestrun/Kestrun/src/CSharp/Kestrun/Authentication/IAuthHandler.cs

#	Line	Line coverage
	`1`
	`2`
	`3`
	`4`	`using System.Collections;`
	`5`	`using System.Management.Automation;`
	`6`	`using System.Security.Claims;`
	`7`	`using Kestrun.Hosting;`
	`8`	`using Kestrun.Languages;`
	`9`	`using Kestrun.Logging;`
	`10`	`using Kestrun.Models;`
	`11`	`using Kestrun.Utilities;`
	`12`	`using Microsoft.AspNetCore.Authentication;`
	`13`
	`14`	`namespace Kestrun.Authentication;`
	`15`
	`16`	`/// <summary>`
	`17`	`/// Defines common options for authentication, including code validation, claim issuance, and claim policy configuration`
	`18`	`/// </summary>`
	`19`	`public interface IAuthHandler`
	`20`	`{`
	`21`	`/// <summary>`
	`22`	`/// Generates an <see cref="AuthenticationTicket"/> for the specified user and authentication scheme, issuing additi`
	`23`	`/// </summary>`
	`24`	`/// <param name="Context">The current HTTP context.</param>`
	`25`	`/// <param name="user">The user name for whom the ticket is being generated.</param>`
	`26`	`/// <param name="Options">Authentication options including claim issuance delegates.</param>`
	`27`	`/// <param name="Scheme">The authentication scheme to use.</param>`
	`28`	`/// <param name="alias">An optional alias for the user.</param>`
	`29`	`/// <returns>An <see cref="AuthenticationTicket"/> representing the authenticated user.</returns>`
	`30`	`static async Task<AuthenticationTicket> GetAuthenticationTicketAsync(`
	`31`	`HttpContext Context, string user,`
	`32`	`IAuthenticationCommonOptions Options, AuthenticationScheme Scheme, string? alias = null)`
	`33`	`{`
8	`34`	`var claims = new List<Claim>();`
	`35`
	`36`	`// 1) Issue extra claims if configured`
8	`37`	`claims.AddRange(await GetIssuedClaimsAsync(Context, user, Options).ConfigureAwait(false));`
	`38`
	`39`	`// 2) Ensure a Name claim exists`
8	`40`	`EnsureNameClaim(claims, user, alias, Options.Logger);`
	`41`
	`42`	`// 3) Create and return the ticket`
8	`43`	`return CreateAuthenticationTicket(claims, Scheme);`
8	`44`	`}`
	`45`
	`46`	`/// <summary>`
	`47`	`/// Issues claims for the specified user based on the provided context and options.`
	`48`	`/// </summary>`
	`49`	`/// <param name="context">The HTTP context.</param>`
	`50`	`/// <param name="user">The user name for whom claims are being issued.</param>`
	`51`	`/// <param name="options">Authentication options including claim issuance delegates.</param>`
	`52`	`/// <returns>A collection of issued claims.</returns>`
	`53`	`private static async Task<IEnumerable<Claim>> GetIssuedClaimsAsync(HttpContext context, string user, IAuthentication`
	`54`	`{`
8	`55`	`if (options.IssueClaims is null)`
	`56`	`{`
8	`57`	`return [];`
	`58`	`}`
	`59`
0	`60`	`var extra = await options.IssueClaims(context, user).ConfigureAwait(false);`
0	`61`	`if (extra is null)`
	`62`	`{`
0	`63`	`return [];`
	`64`	`}`
	`65`
	`66`	`// Filter out nulls and empty values`
0	`67`	`return [.. extra`
0	`68`	`.Where(c => c is not null)`
0	`69`	`.OfType<Claim>()`
0	`70`	`.Where(c => !string.IsNullOrEmpty(c.Value))];`
8	`71`	`}`
	`72`
	`73`	`/// <summary>`
	`74`	`/// Ensures that a Name claim is present in the list of claims.`
	`75`	`/// </summary>`
	`76`	`/// <param name="claims">The list of claims to check.</param>`
	`77`	`/// <param name="user">The user name to use if a Name claim is added.</param>`
	`78`	`/// <param name="alias">An optional alias for the user.</param>`
	`79`	`/// <param name="logger">The logger instance.</param>`
	`80`	`private static void EnsureNameClaim(List<Claim> claims, string user, string? alias, Serilog.ILogger logger)`
	`81`	`{`
8	`82`	`if (claims.Any(c => c.Type == ClaimTypes.Name))`
	`83`	`{`
0	`84`	`return;`
	`85`	`}`
	`86`
8	`87`	`if (logger.IsEnabled(Serilog.Events.LogEventLevel.Debug))`
	`88`	`{`
2	`89`	`logger.Debug("No Name claim found, adding default Name claim");`
	`90`	`}`
	`91`
8	`92`	`var name = string.IsNullOrEmpty(alias) ? user : alias;`
8	`93`	`claims.Add(new Claim(ClaimTypes.Name, name));`
8	`94`	`}`
	`95`
	`96`	`/// <summary>`
	`97`	`/// Creates an authentication ticket from the specified claims and authentication scheme.`
	`98`	`/// </summary>`
	`99`	`/// <param name="claims">The claims to include in the ticket.</param>`
	`100`	`/// <param name="scheme">The authentication scheme to use.</param>`
	`101`	`/// <returns>An authentication ticket containing the specified claims.</returns>`
	`102`	`private static AuthenticationTicket CreateAuthenticationTicket(IEnumerable<Claim> claims, AuthenticationScheme schem`
	`103`	`{`
8	`104`	`var claimsIdentity = new ClaimsIdentity(claims, scheme.Name);`
8	`105`	`var principal = new ClaimsPrincipal(claimsIdentity);`
8	`106`	`return new AuthenticationTicket(principal, scheme.Name);`
	`107`	`}`
	`108`
	`109`	`/// <summary>`
	`110`	`/// Authenticates the user using PowerShell script.`
	`111`	`/// This method is used to validate the username and password against a PowerShell script.`
	`112`	`/// </summary>`
	`113`	`/// <param name="code">The PowerShell script code used for authentication.</param>`
	`114`	`/// <param name="context">The HTTP context.</param>`
	`115`	`/// <param name="credentials">A dictionary containing the credentials to validate (e.g., username and password).</pa`
	`116`	`/// <param name="logger">The logger instance.</param>`
	`117`	`/// <returns>A task representing the asynchronous operation.</returns>`
	`118`	`/// <exception cref="InvalidOperationException"></exception>`
	`119`	`static async ValueTask<bool> ValidatePowerShellAsync(string? code, HttpContext context, Dictionary<string, string> c`
	`120`	`{`
	`121`	`try`
	`122`	`{`
9	`123`	`ValidatePowerShellInputs(code, context, credentials, logger);`
6	`124`	`var ps = GetPowerShellForValidation(context);`
	`125`
6	`126`	`_ = ps.AddScript(code, useLocalScope: true);`
36	`127`	`foreach (var kvp in credentials)`
	`128`	`{`
12	`129`	`_ = ps.AddParameter(kvp.Key, kvp.Value);`
	`130`	`}`
	`131`
6	`132`	`var psResults = await ExecutePowerShellScriptAsync(ps, context, logger).ConfigureAwait(false);`
	`133`
6	`134`	`return ValidatePowerShellResult(psResults, logger);`
	`135`	`}`
3	`136`	`catch (Exception ex)`
	`137`	`{`
3	`138`	`logger.Error(ex, "Error during validating PowerShell authentication.");`
3	`139`	`return false;`
	`140`	`}`
9	`141`	`}`
	`142`
	`143`	`/// <summary>`
	`144`	`/// Validates that all required inputs for PowerShell authentication are present and valid.`
	`145`	`/// </summary>`
	`146`	`/// <param name="code">The PowerShell script code to validate.</param>`
	`147`	`/// <param name="context">The HTTP context containing the PowerShell runspace.</param>`
	`148`	`/// <param name="credentials">The credentials dictionary to validate.</param>`
	`149`	`/// <param name="logger">The logger instance for logging warnings.</param>`
	`150`	`/// <exception cref="InvalidOperationException">Thrown when required inputs are missing or invalid.</exception>`
	`151`	`private static void ValidatePowerShellInputs(string? code, HttpContext context, Dictionary<string, string>? credenti`
	`152`	`{`
9	`153`	`if (!context.Items.ContainsKey("PS_INSTANCE"))`
	`154`	`{`
1	`155`	`throw new InvalidOperationException("PowerShell runspace not found in context items. Ensure PowerShellRunspa`
	`156`	`}`
	`157`
8	`158`	`if (credentials == null \|\| credentials.Count == 0)`
	`159`	`{`
1	`160`	`logger.Warning("Credentials are null or empty.");`
1	`161`	`throw new InvalidOperationException("Credentials are null or empty.");`
	`162`	`}`
	`163`
7	`164`	`if (string.IsNullOrEmpty(code))`
	`165`	`{`
1	`166`	`throw new InvalidOperationException("PowerShell authentication code is null or empty.");`
	`167`	`}`
6	`168`	`}`
	`169`
	`170`	`/// <summary>`
	`171`	`/// Retrieves and validates the PowerShell instance from the HTTP context.`
	`172`	`/// </summary>`
	`173`	`/// <param name="context">The HTTP context containing the PowerShell instance.</param>`
	`174`	`/// <returns>The validated PowerShell instance.</returns>`
	`175`	`/// <exception cref="InvalidOperationException">Thrown when the PowerShell instance or runspace is not found or inva`
	`176`	`private static PowerShell GetPowerShellForValidation(HttpContext context)`
	`177`	`{`
6	`178`	`var ps = context.Items["PS_INSTANCE"] as PowerShell`
6	`179`	`?? throw new InvalidOperationException("PowerShell instance not found in context items.");`
	`180`
6	`181`	`return ps.Runspace == null`
6	`182`	`? throw new InvalidOperationException("PowerShell runspace is not set. Ensure PowerShellRunspaceMiddleware i`
6	`183`	`: ps;`
	`184`	`}`
	`185`
	`186`	`/// <summary>`
	`187`	`/// Executes the PowerShell script with support for request cancellation.`
	`188`	`/// </summary>`
	`189`	`/// <param name="ps">The PowerShell instance to execute.</param>`
	`190`	`/// <param name="context">The HTTP context containing cancellation token and request information.</param>`
	`191`	`/// <param name="logger">The logger instance for logging debug information.</param>`
	`192`	`/// <returns>A collection of PowerShell objects returned from script execution.</returns>`
	`193`	`/// <exception cref="OperationCanceledException">Thrown when the request is cancelled.</exception>`
	`194`	`private static async ValueTask<PSDataCollection<PSObject>> ExecutePowerShellScriptAsync(PowerShell ps, HttpContext c`
	`195`	`{`
	`196`	`try`
	`197`	`{`
6	`198`	`return await ps.InvokeWithRequestAbortAsync(`
6	`199`	`context.RequestAborted,`
0	`200`	`onAbortLog: () => logger.DebugSanitized("Request aborted; stopping PowerShell pipeline for {Path}", cont`
6	`201`	`).ConfigureAwait(false);`
	`202`	`}`
0	`203`	`catch (OperationCanceledException) when (context.RequestAborted.IsCancellationRequested)`
	`204`	`{`
0	`205`	`if (logger.IsEnabled(Serilog.Events.LogEventLevel.Debug))`
	`206`	`{`
0	`207`	`logger.DebugSanitized("PowerShell pipeline cancelled due to request abortion for {Path}", context.Reques`
	`208`	`}`
0	`209`	`throw;`
	`210`	`}`
6	`211`	`}`
	`212`
	`213`	`/// <summary>`
	`214`	`/// Validates and extracts the boolean result from PowerShell script execution.`
	`215`	`/// </summary>`
	`216`	`/// <param name="psResults">The collection of PowerShell objects returned from script execution.</param>`
	`217`	`/// <param name="logger">The logger instance for logging errors.</param>`
	`218`	`/// <returns>The boolean result from the PowerShell script, or false if the result is invalid.</returns>`
	`219`	`private static bool ValidatePowerShellResult(PSDataCollection<PSObject>? psResults, Serilog.ILogger logger)`
	`220`	`{`
6	`221`	`if (psResults == null \|\| psResults.Count == 0)`
	`222`	`{`
1	`223`	`logger.Error("PowerShell script did not return a valid boolean result.");`
1	`224`	`return false;`
	`225`	`}`
	`226`
5	`227`	`if (psResults[0]?.BaseObject is not bool isValid)`
	`228`	`{`
1	`229`	`logger.Error("PowerShell script did not return a valid boolean result.");`
1	`230`	`return false;`
	`231`	`}`
	`232`
4	`233`	`return isValid;`
	`234`	`}`
	`235`
	`236`	`/// <summary>`
	`237`	`/// Builds a C# validator function for the specified authentication settings.`
	`238`	`/// </summary>`
	`239`	`/// <param name="host">The Kestrun host instance.</param>`
	`240`	`/// <param name="settings">The authentication code settings.</param>`
	`241`	`/// <param name="globals">Global variables to include in the validation context.</param>`
	`242`	`/// <returns>A function that validates the authentication context.</returns>`
	`243`	`internal static Func<HttpContext, IDictionary<string, object?>, Task<bool>> BuildCsValidator(`
	`244`	`KestrunHost host,`
	`245`	`AuthenticationCodeSettings settings,`
	`246`	`params (string Name, object? Prototype)[] globals)`
	`247`	`{`
2	`248`	`var log = host.Logger;`
2	`249`	`if (log.IsEnabled(Serilog.Events.LogEventLevel.Debug))`
	`250`	`{`
2	`251`	`log.Debug("Building C# authentication script with globals: {Globals}", globals);`
	`252`	`}`
	`253`
	`254`	`// Place-holders so Roslyn knows the globals that will exist`
10	`255`	`var stencil = globals.ToDictionary(n => n.Name, n => n.Prototype,`
2	`256`	`StringComparer.OrdinalIgnoreCase);`
2	`257`	`if (log.IsEnabled(Serilog.Events.LogEventLevel.Debug))`
	`258`	`{`
2	`259`	`log.Debug("Compiling C# authentication script with variables: {Variables}", stencil);`
	`260`	`}`
	`261`
2	`262`	`var script = CSharpDelegateBuilder.Compile(`
2	`263`	`host: host,`
2	`264`	`code: settings.Code, // already scoped by caller`
2	`265`	`extraImports: settings.ExtraImports,`
2	`266`	`extraRefs: settings.ExtraRefs,`
2	`267`	`locals: stencil,`
2	`268`	`languageVersion: settings.CSharpVersion);`
	`269`
	`270`	`// Return the runtime delegate`
2	`271`	`return async (ctx, vars) =>`
2	`272`	`{`
4	`273`	`if (log.IsEnabled(Serilog.Events.LogEventLevel.Debug))`
2	`274`	`{`
4	`275`	`log.Debug("Running C# authentication script with variables: {Variables}", vars);`
2	`276`	`}`
2	`277`	`// Create Kestrun context`
4	`278`	`var kCtx = new KestrunContext(host, ctx);`
2	`279`	`// ---------------------------------------------------------------------`
4	`280`	`var globalsDict = new Dictionary<string, object?>(`
4	`281`	`vars, StringComparer.OrdinalIgnoreCase);`
2	`282`	`// Merge shared state + user variables`
4	`283`	`var globals = new CsGlobals(`
4	`284`	`host.SharedState.Snapshot(),`
4	`285`	`kCtx,`
4	`286`	`globalsDict);`
2	`287`
4	`288`	`var result = await script.RunAsync(globals).ConfigureAwait(false);`
4	`289`	`return result.ReturnValue is true;`
6	`290`	`};`
	`291`	`}`
	`292`
	`293`	`internal static Func<HttpContext, IDictionary<string, object?>, Task<bool>> BuildVBNetValidator(`
	`294`	`KestrunHost host,`
	`295`	`AuthenticationCodeSettings settings,`
	`296`	`params (string Name, object? Prototype)[] globals)`
	`297`	`{`
3	`298`	`if (host is null)`
	`299`	`{`
0	`300`	`throw new ArgumentNullException(nameof(host), "KestrunHost cannot be null");`
	`301`	`}`
3	`302`	`if (settings is null)`
	`303`	`{`
0	`304`	`throw new ArgumentNullException(nameof(settings), "AuthenticationCodeSettings cannot be null");`
	`305`	`}`
3	`306`	`var log = host.Logger;`
	`307`	`// Place-holders so Roslyn knows the globals that will exist`
15	`308`	`var stencil = globals.ToDictionary(n => n.Name, n => n.Prototype,`
3	`309`	`StringComparer.OrdinalIgnoreCase);`
	`310`
3	`311`	`if (log.IsEnabled(Serilog.Events.LogEventLevel.Debug))`
	`312`	`{`
2	`313`	`log.Debug("Compiling VB.NET authentication script with variables: {Variables}", stencil);`
	`314`	`}`
	`315`
	`316`	`// Compile the VB.NET script with the provided settings`
3	`317`	`var script = VBNetDelegateBuilder.Compile<bool>(`
3	`318`	`host: host,`
3	`319`	`code: settings.Code,`
3	`320`	`extraImports: settings.ExtraImports,`
3	`321`	`extraRefs: settings.ExtraRefs,`
3	`322`	`locals: stencil,`
3	`323`	`languageVersion: settings.VisualBasicVersion);`
	`324`
	`325`	`// Return the runtime delegate`
3	`326`	`return async (ctx, vars) =>`
3	`327`	`{`
4	`328`	`if (log.IsEnabled(Serilog.Events.LogEventLevel.Debug))`
3	`329`	`{`
4	`330`	`log.Debug("Running VB.NET authentication script with variables: {Variables}", vars);`
3	`331`	`}`
3	`332`
4	`333`	`var kCtx = new KestrunContext(host, ctx);`
3	`334`
3	`335`	`// Merge shared state + user variables`
4	`336`	`var globals = new CsGlobals(`
4	`337`	`host.SharedState.Snapshot(),`
4	`338`	`kCtx,`
4	`339`	`new Dictionary<string, object?>(vars, StringComparer.OrdinalIgnoreCase));`
3	`340`
4	`341`	`var result = await script(globals).ConfigureAwait(false);`
3	`342`
4	`343`	`return result is bool isValid && isValid;`
7	`344`	`};`
	`345`	`}`
	`346`
	`347`	`/// <summary>`
	`348`	`/// Builds a PowerShell-based function for issuing claims for a user.`
	`349`	`/// </summary>`
	`350`	`/// <param name="host">The Kestrun host instance.</param>`
	`351`	`/// <param name="settings">The authentication code settings containing the PowerShell script.</param>`
	`352`	`/// <returns>A function that issues claims using the provided PowerShell script.</returns>`
	`353`	`static Func<HttpContext, string, Task<IEnumerable<Claim>>> BuildPsIssueClaims(`
	`354`	`KestrunHost host,`
	`355`	`AuthenticationCodeSettings settings) =>`
2	`356`	`async (ctx, identity) =>`
2	`357`	`{`
2	`358`	`return await IssueClaimsPowerShellAsync(settings.Code, ctx, identity, host.Logger);`
4	`359`	`};`
	`360`
	`361`	`/// <summary>`
	`362`	`/// Issues claims for a user by executing a PowerShell script.`
	`363`	`/// </summary>`
	`364`	`/// <param name="code">The PowerShell script code used to issue claims.</param>`
	`365`	`/// <param name="context">The HTTP context containing the PowerShell runspace.</param>`
	`366`	`/// <param name="identity">The username for which to issue claims.</param>`
	`367`	`/// <param name="logger">The logger instance for logging.</param>`
	`368`	`/// <returns>A task representing the asynchronous operation, with a collection of issued claims.</returns>`
	`369`	`static async Task<IEnumerable<Claim>> IssueClaimsPowerShellAsync(string? code, HttpContext context, string identity,`
	`370`	`{`
3	`371`	`if (string.IsNullOrWhiteSpace(identity))`
	`372`	`{`
1	`373`	`logger.Warning("Identity is null or empty.");`
1	`374`	`return [];`
	`375`	`}`
2	`376`	`if (string.IsNullOrEmpty(code))`
	`377`	`{`
0	`378`	`throw new InvalidOperationException("PowerShell authentication code is null or empty.");`
	`379`	`}`
	`380`
	`381`	`try`
	`382`	`{`
2	`383`	`var ps = GetPowerShell(context);`
2	`384`	`_ = ps.AddScript(code, useLocalScope: true).AddParameter("identity", identity);`
	`385`
	`386`	`// var psResults = await ps.InvokeAsync().ConfigureAwait(false);`
	`387`	`PSDataCollection<PSObject> psResults;`
	`388`	`try`
	`389`	`{`
2	`390`	`psResults = await ps.InvokeWithRequestAbortAsync(`
2	`391`	`context.RequestAborted,`
0	`392`	`onAbortLog: () => logger.DebugSanitized("Request aborted; stopping PowerShell pipeline for {Path}",`
2	`393`	`).ConfigureAwait(false);`
2	`394`	`}`
0	`395`	`catch (OperationCanceledException) when (context.RequestAborted.IsCancellationRequested)`
	`396`	`{`
0	`397`	`if (logger.IsEnabled(Serilog.Events.LogEventLevel.Debug))`
	`398`	`{`
0	`399`	`logger.DebugSanitized("PowerShell pipeline cancelled due to request abortion for {Path}", context.Re`
	`400`	`}`
	`401`	`// Treat as cancellation, not an error.`
0	`402`	`return [];`
	`403`	`}`
2	`404`	`if (psResults is null \|\| psResults.Count == 0)`
	`405`	`{`
0	`406`	`return [];`
	`407`	`}`
	`408`
2	`409`	`var claims = new List<Claim>(psResults.Count);`
8	`410`	`foreach (var r in psResults)`
	`411`	`{`
2	`412`	`if (TryToClaim(r?.BaseObject, out var claim))`
	`413`	`{`
2	`414`	`claims.Add(claim);`
	`415`	`}`
	`416`	`else`
	`417`	`{`
0	`418`	`logger.Warning("PowerShell script returned an unsupported type: {Type}", r?.BaseObject?.GetType());`
0	`419`	`throw new InvalidOperationException("PowerShell script returned an unsupported type.");`
	`420`	`}`
	`421`	`}`
	`422`
2	`423`	`return claims;`
	`424`	`}`
0	`425`	`catch (Exception ex)`
	`426`	`{`
0	`427`	`logger.Error(ex, "Error during Issue Claims for {Identity}", identity);`
0	`428`	`return [];`
	`429`	`}`
3	`430`	`}`
	`431`
	`432`	`/// <summary>`
	`433`	`/// Retrieves the PowerShell instance from the HTTP context.`
	`434`	`/// </summary>`
	`435`	`/// <param name="ctx">The HTTP context containing the PowerShell runspace.</param>`
	`436`	`/// <returns>The PowerShell instance associated with the context.</returns>`
	`437`	`/// <exception cref="InvalidOperationException">Thrown when the PowerShell runspace is not found.</exception>`
	`438`	`private static PowerShell GetPowerShell(HttpContext ctx)`
	`439`	`{`
4	`440`	`return !ctx.Items.TryGetValue("PS_INSTANCE", out var psObj) \|\| psObj is not PowerShell ps \|\| ps.Runspace == null`
4	`441`	`? throw new InvalidOperationException("PowerShell runspace not found or not set in context items. Ensure Pow`
4	`442`	`: ps;`
	`443`	`}`
	`444`
	`445`	`/// <summary>`
	`446`	`/// Tries to create a Claim from the provided object.`
	`447`	`/// </summary>`
	`448`	`/// <param name="obj">The object to create a Claim from.</param>`
	`449`	`/// <param name="claim">The created Claim, if successful.</param>`
	`450`	`/// <returns>True if the Claim was created successfully; otherwise, false.</returns>`
	`451`	`private static bool TryToClaim(object? obj, out Claim claim)`
	`452`	`{`
6	`453`	`switch (obj)`
	`454`	`{`
	`455`	`case Claim c:`
1	`456`	`claim = c;`
1	`457`	`return true;`
	`458`
3	`459`	`case IDictionary dict when dict.Contains("Type") && dict.Contains("Value"):`
3	`460`	`var typeStr = dict["Type"]?.ToString();`
3	`461`	`var valueStr = dict["Value"]?.ToString();`
3	`462`	`if (!string.IsNullOrEmpty(typeStr) && !string.IsNullOrEmpty(valueStr))`
	`463`	`{`
3	`464`	`claim = new Claim(typeStr, valueStr);`
3	`465`	`return true;`
	`466`	`}`
	`467`	`break;`
	`468`
1	`469`	`case string s when s.Contains(':'):`
1	`470`	`var idx = s.IndexOf(':');`
1	`471`	`if (idx >= 0 && idx < s.Length - 1)`
	`472`	`{`
1	`473`	`claim = new Claim(s[..idx], s[(idx + 1)..]);`
1	`474`	`return true;`
	`475`	`}`
	`476`	`break;`
	`477`	`default:`
	`478`	`// Unsupported type`
	`479`	`break;`
	`480`	`}`
	`481`
1	`482`	`claim = default!;`
1	`483`	`return false;`
	`484`	`}`
	`485`
	`486`	`/// <summary>`
	`487`	`/// Builds a C#-based function for issuing claims for a user.`
	`488`	`/// </summary>`
	`489`	`/// <param name="host">The Kestrun host instance.</param>`
	`490`	`/// <param name="settings">The authentication code settings containing the C# script.</param>`
	`491`	`/// <returns>A function that issues claims using the provided C# script.</returns>`
	`492`	`static Func<HttpContext, string, Task<IEnumerable<Claim>>> BuildCsIssueClaims(`
	`493`	`KestrunHost host,`
	`494`	`AuthenticationCodeSettings settings)`
	`495`	`{`
3	`496`	`if (host is null)`
	`497`	`{`
0	`498`	`throw new ArgumentNullException(nameof(host), "KestrunHost cannot be null");`
	`499`	`}`
3	`500`	`var logger = host.Logger;`
3	`501`	`if (logger.IsEnabled(Serilog.Events.LogEventLevel.Debug))`
	`502`	`{`
3	`503`	`logger.Debug("Compiling C# script for issuing claims.");`
	`504`	`}`
	`505`
	`506`	`// Compile the C# script with the provided settings`
3	`507`	`var script = CSharpDelegateBuilder.Compile(host: host,`
3	`508`	`code: settings.Code,`
3	`509`	`extraImports: settings.ExtraImports,`
3	`510`	`extraRefs: settings.ExtraRefs,`
3	`511`	`locals: new Dictionary<string, object?>`
3	`512`	`{`
3	`513`	`{ "identity", "" }`
3	`514`	`}, languageVersion: settings.CSharpVersion);`
	`515`
3	`516`	`return async (ctx, identity) =>`
3	`517`	`{`
2	`518`	`var context = new KestrunContext(host, ctx);`
2	`519`	`var globals = new CsGlobals(host.SharedState.Snapshot(), context, new Dictionary<string, object?>`
2	`520`	`{`
2	`521`	`{ "identity", identity }`
2	`522`	`});`
2	`523`	`var result = await script.RunAsync(globals).ConfigureAwait(false);`
2	`524`	`return result.ReturnValue is IEnumerable<Claim> claims`
2	`525`	`? claims`
2	`526`	`: [];`
5	`527`	`};`
	`528`	`}`
	`529`
	`530`	`/// <summary>`
	`531`	`/// Builds a VB.NET-based function for issuing claims for a user.`
	`532`	`/// </summary>`
	`533`	`/// <param name="host">The Kestrun host instance.</param>`
	`534`	`/// <param name="settings">The authentication code settings containing the VB.NET script.</param>`
	`535`	`/// <returns>A function that issues claims using the provided VB.NET script.</returns>`
	`536`	`static Func<HttpContext, string, Task<IEnumerable<Claim>>> BuildVBNetIssueClaims(`
	`537`	`KestrunHost host,`
	`538`	`AuthenticationCodeSettings settings)`
	`539`	`{`
3	`540`	`if (host is null)`
	`541`	`{`
0	`542`	`throw new ArgumentNullException(nameof(host), "KestrunHost cannot be null");`
	`543`	`}`
3	`544`	`var logger = host.Logger;`
3	`545`	`if (logger.IsEnabled(Serilog.Events.LogEventLevel.Debug))`
	`546`	`{`
2	`547`	`logger.Debug("Compiling VB.NET script for issuing claims.");`
	`548`	`}`
	`549`
	`550`	`// Compile the VB.NET script with the provided settings`
3	`551`	`var script = VBNetDelegateBuilder.Compile<IEnumerable<Claim>>(`
3	`552`	`host: host,`
3	`553`	`code: settings.Code,`
3	`554`	`extraImports: settings.ExtraImports,`
3	`555`	`extraRefs: settings.ExtraRefs,`
3	`556`	`locals: new Dictionary<string, object?>`
3	`557`	`{`
3	`558`	`{ "identity", "" }`
3	`559`	`}, languageVersion: settings.VisualBasicVersion);`
	`560`
3	`561`	`return async (ctx, identity) =>`
3	`562`	`{`
2	`563`	`var context = new KestrunContext(host, ctx);`
2	`564`	`var glob = new CsGlobals(host.SharedState.Snapshot(), context, new Dictionary<string, object?>`
2	`565`	`{`
2	`566`	`{ "identity", identity }`
2	`567`	`});`
3	`568`	`// Run the VB.NET script and get the result`
3	`569`	`// Note: The script should return a boolean indicating success or failure`
2	`570`	`var result = await script(glob).ConfigureAwait(false);`
2	`571`	`return result is IEnumerable<Claim> claims`
2	`572`	`? claims`
2	`573`	`: [];`
5	`574`	`};`
	`575`	`}`
	`576`	`}`

< Summary - Kestrun — Combined Coverage

Coverage history

Metrics

File(s)

/home/runner/work/Kestrun/Kestrun/src/CSharp/Kestrun/Authentication/IAuthHandler.cs

Methods/Properties