Merge pull request #35 from bornlogic/fix/user-role-scope-bypass-validation

VictorFZ · web-flow · commit 854b76e44b21 · 2025-02-06T12:01:30.000-03:00
fix
diff --git a/Bornlogic.IdentityServer/Validation/Default/DefaultResourceValidator.cs b/Bornlogic.IdentityServer/Validation/Default/DefaultResourceValidator.cs
@@ -85,15 +85,15 @@ await _clientUserRoleService.UserHasLoginByPassRoleInClient(
 
             foreach (var scope in parsedScopesResult.ParsedScopes)
             {
-                await ValidateScopeAsync(request.Client, resourcesFromStore, scope, result, request.RequiredRequestScopes.Any(a => a == scope.ParsedName));
+                await ValidateScopeAsync(request.Client, resourcesFromStore, scope, result, request.RequiredRequestScopes.Any(a => a == scope.ParsedName), userHasLoginByPassRoleInClient);
             }
 
             var requiredRequestScopeNames = parsedRequiredRequestScopesResult.ParsedScopes.Select(x => x.ParsedName).Distinct().ToArray();
             var requiredRequestResourcesFromStore = await _store.FindEnabledResourcesByScopeAsync(requiredRequestScopeNames);
 
             foreach (var scope in parsedRequiredRequestScopesResult.ParsedScopes)
             {
-                await ValidateRequestRequiredScopeAsync(request.Client, requiredRequestResourcesFromStore, scope, result);
+                await ValidateRequestRequiredScopeAsync(request.Client, requiredRequestResourcesFromStore, scope, result, userHasLoginByPassRoleInClient);
             }
 
             if (result.InvalidScopes.Count > 0)

Original file line number	Diff line number	Diff line change
`@@ -85,15 +85,15 @@ await _clientUserRoleService.UserHasLoginByPassRoleInClient(`
`85`	`85`
`86`	`86`	`foreach (var scope in parsedScopesResult.ParsedScopes)`
`87`	`87`	`{`
`88`		`- await ValidateScopeAsync(request.Client, resourcesFromStore, scope, result, request.RequiredRequestScopes.Any(a => a == scope.ParsedName));`
	`88`	`+ await ValidateScopeAsync(request.Client, resourcesFromStore, scope, result, request.RequiredRequestScopes.Any(a => a == scope.ParsedName), userHasLoginByPassRoleInClient);`
`89`	`89`	`}`
`90`	`90`
`91`	`91`	`var requiredRequestScopeNames = parsedRequiredRequestScopesResult.ParsedScopes.Select(x => x.ParsedName).Distinct().ToArray();`
`92`	`92`	`var requiredRequestResourcesFromStore = await _store.FindEnabledResourcesByScopeAsync(requiredRequestScopeNames);`
`93`	`93`
`94`	`94`	`foreach (var scope in parsedRequiredRequestScopesResult.ParsedScopes)`
`95`	`95`	`{`
`96`		`- await ValidateRequestRequiredScopeAsync(request.Client, requiredRequestResourcesFromStore, scope, result);`
	`96`	`+ await ValidateRequestRequiredScopeAsync(request.Client, requiredRequestResourcesFromStore, scope, result, userHasLoginByPassRoleInClient);`
`97`	`97`	`}`
`98`	`98`
`99`	`99`	`if (result.InvalidScopes.Count > 0)`