Elsa integration with authorization #3161 | Support

fareed created 2 years ago

ABP Framework version: v5.2.2
UI type: MVC
DB provider: EF Core
Tiered (MVC) or Identity Server Separated (Angular): no
Exception message and stack trace:
Steps to reproduce the issue:

I'm having trouble implementing authorization e.g. oauth2 for elsa workflow endpoints when elsa is integrated with abp framework.

app.UseConfiguredEndpoints(endpoints => { // Elsa API Endpoints are implemented as regular ASP.NET Core API controllers. endpoints.MapControllers().RequireAuthorization(); });

https://github.com/elsa-workflows/elsa-core/issues/2681

This configuration as shown above doesn't seem to wrap the workflow endpoints with any kind of authorization. Elsa version is 2.5. Any ideas?

2 Answer(s)

0

liangshiwei created 2 years ago
Support Team Fullstack Developer

Hi,

we will check it out.

liangshiwei created 2 years ago

Support Team Fullstack Developer

Hi,

I have checked.

It works for me:

But, it's not a good solution, because RequireAuthorization protects all controllers, including Elsa's API controllers. It's like adding [AuthorizeAttribute] to all controllers.

It breaks the default behavior of all controllers, even though it doesn't require authorization.

You can check this: https://community.abp.io/posts/using-elsa-workflow-with-the-abp-framework-773siqi9 . It explains protecting elsa dashboard pages based on permissions

For API endpoints, you can try this:

public class ElsaActionFilter: IAsyncActionFilter, ITransientDependency
{
    private readonly ICurrentUser _currentUser;
    private readonly IPermissionChecker _permissionChecker;

    public ElsaActionFilter(IPermissionChecker permissionChecker, ICurrentUser currentUser)
    {
        _permissionChecker = permissionChecker;
        _currentUser = currentUser;
    }

    public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
    {
        if (context.Controller.GetType().FullName.StartsWith("Elsa.Server.Api.Endpoints"))
        {
            //elsa api endpoint
            if (!_currentUser.IsAuthenticated)
            {
                context.Result = new UnauthorizedResult();
                return;
            }
            
            if (!await _permissionChecker.IsGrantedAsync("PermissionName..."))
            {
                context.Result = new UnauthorizedResult();
                return;
            }
            
            await next();
        }
        else
        {
            await next();
        }
    }
}

Have an answer to this question? Log in and write your answer.