Add support for multiple authorization behaviors

C0nquistadore · C0nquistadore · commit b364a5946857 · 2024-09-18T12:43:38.000+02:00
diff --git a/src/Dibix.Http.Server/Model/HttpActionDefinition.cs b/src/Dibix.Http.Server/Model/HttpActionDefinition.cs
@@ -27,7 +27,7 @@ public HttpControllerDefinition Controller
         public HttpRequestBody Body { get; set; }
         public HttpFileResponseDefinition FileResponse { get; set; }
         public string Description { get; set; }
-        public HttpAuthorizationDefinition Authorization { get; set; }
+        public ICollection<HttpAuthorizationDefinition> Authorization { get; } = new List<HttpAuthorizationDefinition>();
         public ICollection<string> SecuritySchemes { get; } = new Collection<string>();
         public IList<string> RequiredClaims { get; } = new Collection<string>();
         public IDictionary<int, HttpErrorResponse> StatusCodeDetectionResponses { get; }
diff --git a/src/Dibix.Http.Server/Model/HttpApiDescriptor.cs b/src/Dibix.Http.Server/Model/HttpApiDescriptor.cs
@@ -72,7 +72,7 @@ public HttpControllerDefinition Build()
         private sealed class HttpActionDefinitionBuilder : HttpActionBuilderBase, IHttpActionDefinitionBuilder, IHttpActionBuilderBase, IHttpParameterSourceSelector, IHttpActionDescriptor, IHttpActionMetadata
         {
             private readonly string _controllerName;
-            private HttpAuthorizationBuilder _authorization;
+            private readonly ICollection<HttpAuthorizationBuilder> _authorization;
             private Uri _uri;
 
             public EndpointMetadata Metadata { get; }
@@ -92,8 +92,9 @@ private sealed class HttpActionDefinitionBuilder : HttpActionBuilderBase, IHttpA
 
             public HttpActionDefinitionBuilder(EndpointMetadata endpointMetadata, string controllerName, IHttpActionTarget target)
             {
-                Metadata = endpointMetadata;
                 _controllerName = controllerName;
+                _authorization = new List<HttpAuthorizationBuilder>();
+                Metadata = endpointMetadata;
                 Target = target.Build();
                 StatusCodeDetectionResponses = new Dictionary<int, HttpErrorResponse>(HttpStatusCodeDetectionMap.Defaults);
             }
@@ -102,12 +103,12 @@ public HttpActionDefinitionBuilder(EndpointMetadata endpointMetadata, string con
             
             public void SetStatusCodeDetectionResponse(int statusCode, int errorCode, string errorMessage) => StatusCodeDetectionResponses[statusCode] = new HttpErrorResponse(statusCode, errorCode, errorMessage);
 
-            public void WithAuthorization(IHttpActionTarget target, Action<IHttpAuthorizationBuilder> setupAction)
+            public void AddAuthorizationBehavior(IHttpActionTarget target, Action<IHttpAuthorizationBuilder> setupAction)
             {
                 HttpAuthorizationBuilder builder = new HttpAuthorizationBuilder(this, target);
                 Guard.IsNotNull(setupAction, nameof(setupAction));
                 setupAction(builder);
-                _authorization = builder;
+                _authorization.Add(builder);
             }
 
             public void RegisterDelegate(Delegate @delegate) => Delegate = @delegate;
@@ -130,9 +131,9 @@ public HttpActionDefinition Build()
                     Body = BodyContract != null ? new HttpRequestBody(BodyContract, BodyBinder) : null,
                     FileResponse = FileResponse,
                     Description = Description,
-                    Authorization = _authorization?.Build(),
                     Delegate = Delegate
                 };
+                action.Authorization.AddRange(_authorization.Select(x => x.Build()));
                 action.SecuritySchemes.AddRange(SecuritySchemes);
                 action.RequiredClaims.AddRange(RequiredClaims);
                 action.StatusCodeDetectionResponses.AddRange(StatusCodeDetectionResponses);
diff --git a/src/Dibix.Http.Server/Model/IHttpActionDefinitionBuilder.cs b/src/Dibix.Http.Server/Model/IHttpActionDefinitionBuilder.cs
@@ -17,7 +17,7 @@ public interface IHttpActionDefinitionBuilder : IHttpActionBuilderBase
 
         void DisableStatusCodeDetection(int statusCode);
         void SetStatusCodeDetectionResponse(int statusCode, int errorCode, string errorMessage);
-        void WithAuthorization(IHttpActionTarget target, Action<IHttpAuthorizationBuilder> setupAction);
+        void AddAuthorizationBehavior(IHttpActionTarget target, Action<IHttpAuthorizationBuilder> setupAction);
         void RegisterDelegate(Delegate @delegate);
     }
 }
diff --git a/src/Dibix.Http.Server/Runtime/HttpActionInvoker.cs b/src/Dibix.Http.Server/Runtime/HttpActionInvoker.cs
@@ -17,12 +17,15 @@ public static async Task<object> Invoke<TRequest>(HttpActionDefinition action, T
         {
             try
             {
-                if (action.Authorization != null)
+                if (action.Authorization.Any())
                 {
                     // Clone the arguments, so they don't overwrite the endpoint arguments.
                     // For example having a 'productid' parameter in both authorization behavior and endpoint with different meanings and different types can cause collisions.
                     IDictionary<string, object> authorizationArguments = arguments.ToDictionary(x => x.Key, x => x.Value);
-                    _ = await Execute(action.Authorization, request, authorizationArguments, controllerActivator, parameterDependencyResolver, cancellationToken).ConfigureAwait(false);
+                    foreach (HttpAuthorizationDefinition authorizationDefinition in action.Authorization)
+                    {
+                        _ = await Execute(authorizationDefinition, request, authorizationArguments, controllerActivator, parameterDependencyResolver, cancellationToken).ConfigureAwait(false);
+                    }
                 }
 
                 object result = await Execute(action, request, arguments, controllerActivator, parameterDependencyResolver, cancellationToken).ConfigureAwait(false);
diff --git a/src/Dibix.Sdk.CodeGeneration/Model/ActionDefinition.cs b/src/Dibix.Sdk.CodeGeneration/Model/ActionDefinition.cs
@@ -1,4 +1,7 @@
-﻿namespace Dibix.Sdk.CodeGeneration
+﻿using System.Collections.Generic;
+using System.Collections.ObjectModel;
+
+namespace Dibix.Sdk.CodeGeneration
 {
     public sealed class ActionDefinition : ActionTargetDefinition
     {
@@ -9,7 +12,7 @@ public sealed class ActionDefinition : ActionTargetDefinition
         public Token<string> ChildRoute { get; set; }
         public ActionRequestBody RequestBody { get; set; }
         public SecuritySchemeRequirements SecuritySchemes { get; } = new SecuritySchemeRequirements(SecuritySchemeOperator.Or);
-        public AuthorizationBehavior Authorization { get; set; }
+        public ICollection<AuthorizationBehavior> Authorization { get; set; } = new Collection<AuthorizationBehavior>();
         public ActionCompatibilityLevel CompatibilityLevel { get; set; } = ActionCompatibilityLevel.Native;
     }
 }
diff --git a/src/Dibix.Sdk.CodeGeneration/Output/ApiDescriptionWriter.cs b/src/Dibix.Sdk.CodeGeneration/Output/ApiDescriptionWriter.cs
@@ -199,10 +199,10 @@ private void WriteActionConfiguration(CodeGenerationContext context, StringWrite
                 writer.WriteLine($"{variableName}.SetStatusCodeDetectionResponse({httpStatusCode}, {errorCode}, {(errorMessage != null ? $"\"{errorMessage}\"" : "errorMessage: null")});");
             }
 
-            if (action.Authorization != null)
+            foreach (AuthorizationBehavior authorizationBehavior in action.Authorization)
             {
-                writer.Write($"{variableName}.WithAuthorization(");
-                WriteActionTarget(context, writer, action.Authorization, "authorization", WriteAuthorizationBehavior);
+                writer.Write($"{variableName}.AddAuthorizationBehavior(");
+                WriteActionTarget(context, writer, authorizationBehavior, "authorization", WriteAuthorizationBehavior);
             }
 
             if (_compatibilityLevel == ActionCompatibilityLevel.Native)
diff --git a/src/Dibix.Sdk.CodeGeneration/Registration/ControllerDefinitionProvider.cs b/src/Dibix.Sdk.CodeGeneration/Registration/ControllerDefinitionProvider.cs
@@ -523,54 +523,64 @@ private void CollectAuthorization(JObject actionJson, ActionDefinition actionDef
                 return;
             }
 
-            CollectAuthorization(property, property.Value.Type, actionDefinition, pathParameters);
+            CollectAuthorization(property.Value.Type, property.Value, actionDefinition, pathParameters);
         }
-        private void CollectAuthorization(JProperty property, JTokenType type, ActionDefinition actionDefinition, IReadOnlyDictionary<string, PathParameter> pathParameters)
+        private void CollectAuthorization(JTokenType type, JToken value, ActionDefinition actionDefinition, IReadOnlyDictionary<string, PathParameter> pathParameters)
         {
             switch (type)
             {
                 case JTokenType.Object:
-                    JObject authorizationValue = (JObject)property.Value;
-                    JProperty templateProperty = authorizationValue.Property("name");
-                    CollectAuthorization(templateProperty, authorizationValue, actionDefinition, pathParameters);
+                    JObject authorizationValue = (JObject)value;
+                    JToken templateNameValue = authorizationValue.Property("name")?.Value;
+                    CollectAuthorization(templateNameValue, authorizationValue, actionDefinition, pathParameters);
                     break;
 
-                case JTokenType.String when (string)property.Value == "none":
+                case JTokenType.String when (string)value == "none":
                     break;
 
                 case JTokenType.String:
-                    CollectAuthorization(templateProperty: property, authorizationValue: new JObject(), actionDefinition, pathParameters);
+                    CollectAuthorization(templateNameValue: value, authorizationValue: new JObject(), actionDefinition, pathParameters);
+                    break;
+
+                case JTokenType.Array:
+                    JArray array = (JArray)value;
+                    foreach (JToken item in array)
+                        CollectAuthorization(item.Type, item, actionDefinition, pathParameters);
+
                     break;
 
                 default:
-                    throw new ArgumentOutOfRangeException(nameof(type), type, property.Value.Path);
+                    throw new ArgumentOutOfRangeException(nameof(type), type, value.Path);
             }
         }
-        private void CollectAuthorization(JProperty templateProperty, JObject authorizationValue, ActionDefinition actionDefinition, IReadOnlyDictionary<string, PathParameter> pathParameters)
+        private void CollectAuthorization(JToken templateNameValue, JObject authorizationValue, ActionDefinition actionDefinition, IReadOnlyDictionary<string, PathParameter> pathParameters)
         {
             JObject authorization = authorizationValue;
 
-            if (templateProperty != null
-             && (authorization = ApplyAuthorizationTemplate(templateProperty, authorizationValue)) == null) // In case of error that has been previously logged
-                return;
+            // "name" property is optional, when the endpoint defines an authorization behavior manually
+            if (templateNameValue != null)
+            {
+                authorization = ApplyAuthorizationTemplate(templateNameValue, authorizationValue);
+                if (authorization == null) // If the template is not found, it will have been logged already at this point
+                    return;
+            }
 
             IReadOnlyDictionary<string, ExplicitParameter> explicitParameters = CollectExplicitParameters(authorization, requestBody: null, pathParameters);
             ICollection<string> bodyParameters = new Collection<string>();
-            actionDefinition.Authorization = CreateActionDefinition<AuthorizationBehavior>(authorization, explicitParameters, pathParameters, bodyParameters, requestBody: null);
+            AuthorizationBehavior authorizationBehavior = CreateActionDefinition<AuthorizationBehavior>(authorization, explicitParameters, pathParameters, bodyParameters, requestBody: null);
+            actionDefinition.Authorization.Add(authorizationBehavior);
         }
 
-        private JObject ApplyAuthorizationTemplate(JProperty templateNameProperty, JObject authorizationTemplateReference)
+        private JObject ApplyAuthorizationTemplate(JToken templateNameValue, JObject authorizationTemplateReference)
         {
-            string templateName = (string)templateNameProperty.Value;
+            string templateName = (string)templateNameValue;
             if (!_templates.Authorization.TryGetTemplate(templateName, out ConfigurationAuthorizationTemplate template))
             {
-                SourceLocation templateNameLineInfo = templateNameProperty.Value.GetSourceInfo();
+                SourceLocation templateNameLineInfo = templateNameValue.GetSourceInfo();
                 Logger.LogError($"Unknown authorization template '{templateName}'", templateNameLineInfo.Source, templateNameLineInfo.Line, templateNameLineInfo.Column);
                 return null;
             }
 
-            templateNameProperty.Remove();
-
             JObject resolvedAuthorization = new JObject();
 
             if (authorizationTemplateReference.HasValues)
diff --git a/src/Dibix.Testing/TestBase.cs b/src/Dibix.Testing/TestBase.cs
@@ -108,7 +108,7 @@ protected void AssertEqual(string expected, string actual, string outputName, st
                 actualNormalized = actual.NormalizeLineEndings();
             }
 
-            if (Equals(expectedNormalized, actualNormalized)) 
+            if (Equals(expectedNormalized, actualNormalized))
                 return;
 
             TestResultComposer.AddFileComparison(expectedNormalized, actualNormalized, outputName, extension);
diff --git a/tests/Dibix.Http.Server.Tests/HttpActionInvokerTest.Base.cs b/tests/Dibix.Http.Server.Tests/HttpActionInvokerTest.Base.cs
@@ -51,7 +51,7 @@ private static async Task<object> Execute<TRequest>(HttpActionDefinition action,
             IDictionary<string, object> arguments = new Dictionary<string, object> { ["databaseAccessorFactory"] = null };
             foreach (KeyValuePair<string, object> parameter in parameters)
                 arguments.Add(parameter);
-            
+
             object result = await HttpActionInvoker.Invoke(action, request, responseFormatter, arguments, ControllerActivator.NotImplemented, parameterDependencyResolver.Object, default).ConfigureAwait(false);
             return result;
         }
@@ -99,8 +99,11 @@ public HttpApiRegistration(string testName, Action<IHttpActionDefinitionBuilder>
                     configureActions?.Invoke(builder);
 
                     string authorizationMethodName = $"{testName}_Authorization_Target";
-                    if (typeof(HttpActionInvokerTest).GetMethod(authorizationMethodName, BindingFlags.Public | BindingFlags.NonPublic | BindingFlags.Static) != null)
-                        builder.WithAuthorization(ReflectionHttpActionTarget.Create(typeof(HttpActionInvokerTest), authorizationMethodName), configureAuthorization ?? (_ => { }));
+                    foreach (MethodInfo method in typeof(HttpActionInvokerTest).GetMethods(BindingFlags.Public | BindingFlags.NonPublic | BindingFlags.Static).OrderBy(x => x.Name))
+                    {
+                        if (method.Name.StartsWith(authorizationMethodName, StringComparison.Ordinal))
+                            builder.AddAuthorizationBehavior(ReflectionHttpActionTarget.Create(typeof(HttpActionInvokerTest), method.Name), configureAuthorization ?? (_ => { }));
+                    }
                 };
             }
 
@@ -113,5 +116,10 @@ private sealed class X : StructuredType<X, int, string>
 
             public void Add(int intValue, string stringValue) => base.AddValues(intValue, stringValue);
         }
+
+        private sealed class HttpAuthorizationBehaviorContext
+        {
+            public string Result { get; set; }
+        }
     }
 }
diff --git a/tests/Dibix.Http.Server.Tests/HttpActionInvokerTest.cs b/tests/Dibix.Http.Server.Tests/HttpActionInvokerTest.cs
@@ -109,13 +109,15 @@ public async Task Invoke_DDL_WithHttpClientError_ProducedByAuthorizationBehavior
             Assert.AreEqual(1, action.RequiredClaims.Count, "action.RequiredClaims.Count");
             Assert.AreEqual(ClaimTypes.NameIdentifier, action.RequiredClaims[0], "action.RequiredClaims[0]");
 
+            HttpAuthorizationBehaviorContext httpAuthorizationBehaviorContext = new HttpAuthorizationBehaviorContext();
             try
             {
-                await Execute(action, request.Object, responseFormatter.Object).ConfigureAwait(false);
+                await Execute(action, request.Object, responseFormatter.Object, [new KeyValuePair<string, object>("context", httpAuthorizationBehaviorContext)]).ConfigureAwait(false);
                 Assert.Fail($"{nameof(HttpRequestExecutionException)} was expected but not thrown");
             }
             catch (HttpRequestExecutionException requestException)
             {
+                Assert.AreEqual("FirstAuthorizationTargetCalled", httpAuthorizationBehaviorContext.Result);
                 requestException.AppendToResponse(response.Object);
                 Assert.AreEqual(@"403 Forbidden: Sorry
 CommandType: 0
@@ -128,7 +130,8 @@ public async Task Invoke_DDL_WithHttpClientError_ProducedByAuthorizationBehavior
             }
         }
         private static void Invoke_DDL_WithHttpClientError_ProducedByAuthorizationBehavior_IsMappedToHttpStatusCode_Target(IDatabaseAccessorFactory databaseAccessorFactory) { }
-        private static void Invoke_DDL_WithHttpClientError_ProducedByAuthorizationBehavior_IsMappedToHttpStatusCode_Authorization_Target(IDatabaseAccessorFactory databaseAccessorFactory, string userid) => throw CreateException(errorInfoNumber: 403001, errorMessage: "Sorry");
+        private static void Invoke_DDL_WithHttpClientError_ProducedByAuthorizationBehavior_IsMappedToHttpStatusCode_Authorization_Target1(IDatabaseAccessorFactory databaseAccessorFactory, HttpAuthorizationBehaviorContext context) => context.Result = "FirstAuthorizationTargetCalled";
+        private static void Invoke_DDL_WithHttpClientError_ProducedByAuthorizationBehavior_IsMappedToHttpStatusCode_Authorization_Target2(IDatabaseAccessorFactory databaseAccessorFactory, string userid) => throw CreateException(errorInfoNumber: 403001, errorMessage: "Sorry");
 
         [TestMethod]
         public async Task Invoke_DDL_WithHttpClientError_AutoDetectedByDatabaseErrorCode_IsMappedToHttpStatusCode()
diff --git a/tests/Dibix.Sdk.Tests.Database/Endpoints/GenericEndpoint.json b/tests/Dibix.Sdk.Tests.Database/Endpoints/GenericEndpoint.json
@@ -187,6 +187,22 @@
         "password": null
       },
       "authorization": "AssertAuthorizedOne"
+    },
+    {
+      "method": "DELETE",
+      "childRoute": "MultipleAuthorizationBehaviors",
+      "target": "EmptyWithParams",
+      "params": {
+        "c": null,
+        "password": null
+      },
+      "authorization": [
+        "AssertAuthorizedOne",
+        {
+          "name": "AssertAuthorized",
+          "right": 1
+        }
+      ]
     }
   ]
 }
diff --git a/tests/Dibix.Sdk.Tests/Resources/CodeGeneration/Client.cs b/tests/Dibix.Sdk.Tests/Resources/CodeGeneration/Client.cs
diff --git a/tests/Dibix.Sdk.Tests/Resources/CodeGeneration/Endpoints.cs b/tests/Dibix.Sdk.Tests/Resources/CodeGeneration/Endpoints.cs
diff --git a/tests/Dibix.Sdk.Tests/Resources/CodeGeneration/Endpoints_OpenApi.yml b/tests/Dibix.Sdk.Tests/Resources/CodeGeneration/Endpoints_OpenApi.yml

Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@ public interface IHttpActionDefinitionBuilder : IHttpActionBuilderBase`
`17`	`17`
`18`	`18`	`void DisableStatusCodeDetection(int statusCode);`
`19`	`19`	`void SetStatusCodeDetectionResponse(int statusCode, int errorCode, string errorMessage);`
`20`		`- void WithAuthorization(IHttpActionTarget target, Action<IHttpAuthorizationBuilder> setupAction);`
	`20`	`+ void AddAuthorizationBehavior(IHttpActionTarget target, Action<IHttpAuthorizationBuilder> setupAction);`
`21`	`21`	`void RegisterDelegate(Delegate @delegate);`
`22`	`22`	`}`
`23`	`23`	`}`
Original file line number	Diff line number	Diff line change
`@@ -17,12 +17,15 @@ public static async Task<object> Invoke<TRequest>(HttpActionDefinition action, T`
`17`	`17`	`{`
`18`	`18`	`try`
`19`	`19`	`{`
`20`		`- if (action.Authorization != null)`
	`20`	`+ if (action.Authorization.Any())`
`21`	`21`	`{`
`22`	`22`	`// Clone the arguments, so they don't overwrite the endpoint arguments.`
`23`	`23`	`// For example having a 'productid' parameter in both authorization behavior and endpoint with different meanings and different types can cause collisions.`
`24`	`24`	`IDictionary<string, object> authorizationArguments = arguments.ToDictionary(x => x.Key, x => x.Value);`
`25`		`- _ = await Execute(action.Authorization, request, authorizationArguments, controllerActivator, parameterDependencyResolver, cancellationToken).ConfigureAwait(false);`
	`25`	`+ foreach (HttpAuthorizationDefinition authorizationDefinition in action.Authorization)`
	`26`	`+ {`
	`27`	`+ _ = await Execute(authorizationDefinition, request, authorizationArguments, controllerActivator, parameterDependencyResolver, cancellationToken).ConfigureAwait(false);`
	`28`	`+ }`
`26`	`29`	`}`
`27`	`30`
`28`	`31`	`object result = await Execute(action, request, arguments, controllerActivator, parameterDependencyResolver, cancellationToken).ConfigureAwait(false);`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,7 @@`
`1`		`-namespace Dibix.Sdk.CodeGeneration`
	`1`	`+using System.Collections.Generic;`
	`2`	`+using System.Collections.ObjectModel;`
	`3`	`+`
	`4`	`+namespace Dibix.Sdk.CodeGeneration`
`2`	`5`	`{`
`3`	`6`	`public sealed class ActionDefinition : ActionTargetDefinition`
`4`	`7`	`{`
`@@ -9,7 +12,7 @@ public sealed class ActionDefinition : ActionTargetDefinition`
`9`	`12`	`public Token<string> ChildRoute { get; set; }`
`10`	`13`	`public ActionRequestBody RequestBody { get; set; }`
`11`	`14`	`public SecuritySchemeRequirements SecuritySchemes { get; } = new SecuritySchemeRequirements(SecuritySchemeOperator.Or);`
`12`		`- public AuthorizationBehavior Authorization { get; set; }`
	`15`	`+ public ICollection<AuthorizationBehavior> Authorization { get; set; } = new Collection<AuthorizationBehavior>();`
`13`	`16`	`public ActionCompatibilityLevel CompatibilityLevel { get; set; } = ActionCompatibilityLevel.Native;`
`14`	`17`	`}`
`15`	`18`	`}`
Original file line number	Diff line number	Diff line change
`@@ -199,10 +199,10 @@ private void WriteActionConfiguration(CodeGenerationContext context, StringWrite`
`199`	`199`	`writer.WriteLine($"{variableName}.SetStatusCodeDetectionResponse({httpStatusCode}, {errorCode}, {(errorMessage != null ? $"\"{errorMessage}\"" : "errorMessage: null")});");`
`200`	`200`	`}`
`201`	`201`
`202`		`- if (action.Authorization != null)`
	`202`	`+ foreach (AuthorizationBehavior authorizationBehavior in action.Authorization)`
`203`	`203`	`{`
`204`		`- writer.Write($"{variableName}.WithAuthorization(");`
`205`		`- WriteActionTarget(context, writer, action.Authorization, "authorization", WriteAuthorizationBehavior);`
	`204`	`+ writer.Write($"{variableName}.AddAuthorizationBehavior(");`
	`205`	`+ WriteActionTarget(context, writer, authorizationBehavior, "authorization", WriteAuthorizationBehavior);`
`206`	`206`	`}`
`207`	`207`
`208`	`208`	`if (_compatibilityLevel == ActionCompatibilityLevel.Native)`
Original file line number	Diff line number	Diff line change
`@@ -108,7 +108,7 @@ protected void AssertEqual(string expected, string actual, string outputName, st`
`108`	`108`	`actualNormalized = actual.NormalizeLineEndings();`
`109`	`109`	`}`
`110`	`110`
`111`		`- if (Equals(expectedNormalized, actualNormalized))`
	`111`	`+ if (Equals(expectedNormalized, actualNormalized))`
`112`	`112`	`return;`
`113`	`113`
`114`	`114`	`TestResultComposer.AddFileComparison(expectedNormalized, actualNormalized, outputName, extension);`
Original file line number	Diff line number	Diff line change
`@@ -51,7 +51,7 @@ private static async Task<object> Execute<TRequest>(HttpActionDefinition action,`
`51`	`51`	`IDictionary<string, object> arguments = new Dictionary<string, object> { ["databaseAccessorFactory"] = null };`
`52`	`52`	`foreach (KeyValuePair<string, object> parameter in parameters)`
`53`	`53`	`arguments.Add(parameter);`
`54`		`-`
	`54`	`+`
`55`	`55`	`object result = await HttpActionInvoker.Invoke(action, request, responseFormatter, arguments, ControllerActivator.NotImplemented, parameterDependencyResolver.Object, default).ConfigureAwait(false);`
`56`	`56`	`return result;`
`57`	`57`	`}`
`@@ -99,8 +99,11 @@ public HttpApiRegistration(string testName, Action<IHttpActionDefinitionBuilder>`
`99`	`99`	`configureActions?.Invoke(builder);`
`100`	`100`
`101`	`101`	`string authorizationMethodName = $"{testName}_Authorization_Target";`
`102`		`- if (typeof(HttpActionInvokerTest).GetMethod(authorizationMethodName, BindingFlags.Public \| BindingFlags.NonPublic \| BindingFlags.Static) != null)`
`103`		`- builder.WithAuthorization(ReflectionHttpActionTarget.Create(typeof(HttpActionInvokerTest), authorizationMethodName), configureAuthorization ?? (_ => { }));`
	`102`	`+ foreach (MethodInfo method in typeof(HttpActionInvokerTest).GetMethods(BindingFlags.Public \| BindingFlags.NonPublic \| BindingFlags.Static).OrderBy(x => x.Name))`
	`103`	`+ {`
	`104`	`+ if (method.Name.StartsWith(authorizationMethodName, StringComparison.Ordinal))`
	`105`	`+ builder.AddAuthorizationBehavior(ReflectionHttpActionTarget.Create(typeof(HttpActionInvokerTest), method.Name), configureAuthorization ?? (_ => { }));`
	`106`	`+ }`
`104`	`107`	`};`
`105`	`108`	`}`
`106`	`109`
`@@ -113,5 +116,10 @@ private sealed class X : StructuredType<X, int, string>`
`113`	`116`
`114`	`117`	`public void Add(int intValue, string stringValue) => base.AddValues(intValue, stringValue);`
`115`	`118`	`}`
	`119`	`+`
	`120`	`+ private sealed class HttpAuthorizationBehaviorContext`
	`121`	`+ {`
	`122`	`+ public string Result { get; set; }`
	`123`	`+ }`
`116`	`124`	`}`
`117`	`125`	`}`
Original file line number	Diff line number	Diff line change
`@@ -109,13 +109,15 @@ public async Task Invoke_DDL_WithHttpClientError_ProducedByAuthorizationBehavior`
`109`	`109`	`Assert.AreEqual(1, action.RequiredClaims.Count, "action.RequiredClaims.Count");`
`110`	`110`	`Assert.AreEqual(ClaimTypes.NameIdentifier, action.RequiredClaims[0], "action.RequiredClaims[0]");`
`111`	`111`
	`112`	`+ HttpAuthorizationBehaviorContext httpAuthorizationBehaviorContext = new HttpAuthorizationBehaviorContext();`
`112`	`113`	`try`
`113`	`114`	`{`
`114`		`- await Execute(action, request.Object, responseFormatter.Object).ConfigureAwait(false);`
	`115`	`+ await Execute(action, request.Object, responseFormatter.Object, [new KeyValuePair<string, object>("context", httpAuthorizationBehaviorContext)]).ConfigureAwait(false);`
`115`	`116`	`Assert.Fail($"{nameof(HttpRequestExecutionException)} was expected but not thrown");`
`116`	`117`	`}`
`117`	`118`	`catch (HttpRequestExecutionException requestException)`
`118`	`119`	`{`
	`120`	`+ Assert.AreEqual("FirstAuthorizationTargetCalled", httpAuthorizationBehaviorContext.Result);`
`119`	`121`	`requestException.AppendToResponse(response.Object);`
`120`	`122`	`Assert.AreEqual(@"403 Forbidden: Sorry`
`121`	`123`	`CommandType: 0`
`@@ -128,7 +130,8 @@ public async Task Invoke_DDL_WithHttpClientError_ProducedByAuthorizationBehavior`
`128`	`130`	`}`
`129`	`131`	`}`
`130`	`132`	`private static void Invoke_DDL_WithHttpClientError_ProducedByAuthorizationBehavior_IsMappedToHttpStatusCode_Target(IDatabaseAccessorFactory databaseAccessorFactory) { }`
`131`		`- private static void Invoke_DDL_WithHttpClientError_ProducedByAuthorizationBehavior_IsMappedToHttpStatusCode_Authorization_Target(IDatabaseAccessorFactory databaseAccessorFactory, string userid) => throw CreateException(errorInfoNumber: 403001, errorMessage: "Sorry");`
	`133`	`+ private static void Invoke_DDL_WithHttpClientError_ProducedByAuthorizationBehavior_IsMappedToHttpStatusCode_Authorization_Target1(IDatabaseAccessorFactory databaseAccessorFactory, HttpAuthorizationBehaviorContext context) => context.Result = "FirstAuthorizationTargetCalled";`
	`134`	`+ private static void Invoke_DDL_WithHttpClientError_ProducedByAuthorizationBehavior_IsMappedToHttpStatusCode_Authorization_Target2(IDatabaseAccessorFactory databaseAccessorFactory, string userid) => throw CreateException(errorInfoNumber: 403001, errorMessage: "Sorry");`
`132`	`135`
`133`	`136`	`[TestMethod]`
`134`	`137`	`public async Task Invoke_DDL_WithHttpClientError_AutoDetectedByDatabaseErrorCode_IsMappedToHttpStatusCode()`