Fixed more auth issues

Author: michaelstaib

src/All.slnx

@@ -110,6 +110,7 @@
   <Folder Name="/HotChocolate/Core/test/">
     <Project Path="HotChocolate/Core/test/Abstractions.Tests/HotChocolate.Abstractions.Tests.csproj" />
     <Project Path="HotChocolate/Core/test/Authorization.Tests/HotChocolate.Authorization.Tests.csproj" />
+    <Project Path="HotChocolate/Core/test/Execution.Abstractions.Tests/HotChocolate.Execution.Abstractions.Tests.csproj" />
     <Project Path="HotChocolate/Core/test/Execution.Tests/HotChocolate.Execution.Tests.csproj" />
     <Project Path="HotChocolate/Core/test/Features.Tests/HotChocolate.Features.Tests.csproj" />
     <Project Path="HotChocolate/Core/test/Fetching.Tests/HotChocolate.Fetching.Tests.csproj" />
@@ -135,9 +136,6 @@
     <Project Path="HotChocolate/Core/test/Utilities/HotChocolate.Tests.Utilities.csproj" />
     <Project Path="HotChocolate/Core/test/Validation.Tests/HotChocolate.Validation.Tests.csproj" />
   </Folder>
-  <Folder Name="/HotChocolate/Core/test/Execution.Abstractions.Tests/">
-    <Project Path="HotChocolate/Core/test/Execution.Abstractions.Tests/HotChocolate.Execution.Abstractions.Tests.csproj" />
-  </Folder>
   <Folder Name="/HotChocolate/CostAnalysis/" />
   <Folder Name="/HotChocolate/CostAnalysis/src/">
     <Project Path="HotChocolate/CostAnalysis/src/CostAnalysis/HotChocolate.CostAnalysis.csproj" />

src/HotChocolate/AspNetCore/src/AspNetCore.Authorization/DefaultAuthorizationHandler.cs

@@ -1,5 +1,6 @@
 using System.Security.Claims;
 using HotChocolate.Authorization;
+using HotChocolate.Features;
 using HotChocolate.Resolvers;
 using Microsoft.AspNetCore.Authorization;
 using IAuthorizationHandler = HotChocolate.Authorization.IAuthorizationHandler;
@@ -48,7 +49,7 @@ public DefaultAuthorizationHandler(
     }
 
     /// <summary>
-    /// Authorize current directive using Microsoft.AspNetCore.Authorization.
+    /// Authorize the current directive using Microsoft.AspNetCore.Authorization.
     /// </summary>
     /// <param name="context">The current middleware context.</param>
     /// <param name="directive">The authorization directive.</param>
@@ -62,7 +63,7 @@ public async ValueTask<AuthorizeResult> AuthorizeAsync(
         AuthorizeDirective directive,
         CancellationToken ct)
     {
-        var userState = GetUserState(context.ContextData);
+        var userState = GetUserState(context);
         var user = userState.User;
         bool authenticated;
 
@@ -72,10 +73,10 @@ public async ValueTask<AuthorizeResult> AuthorizeAsync(
         }
         else
         {
-            // if the authenticated state is not yet set we will determine it and update the state.
+            // if the authenticated state is not yet set, we will determine it and update the state.
             authenticated = user.Identities.Any(t => t.IsAuthenticated);
             userState = userState.SetIsAuthenticated(authenticated);
-            SetUserState(context.ContextData, userState);
+            SetUserState(context, userState);
         }
 
         return await AuthorizeAsync(
@@ -91,7 +92,7 @@ public async ValueTask<AuthorizeResult> AuthorizeAsync(
         IReadOnlyList<AuthorizeDirective> directives,
         CancellationToken ct)
     {
-        var userState = GetUserState(context.ContextData);
+        var userState = GetUserState(context);
         var user = userState.User;
         bool authenticated;
 
@@ -101,10 +102,10 @@ public async ValueTask<AuthorizeResult> AuthorizeAsync(
         }
         else
         {
-            // if the authenticated state is not yet set we will determine it and update the state.
+            // if the authenticated state is not yet set, we will determine it and update the state.
             authenticated = user.Identities.Any(t => t.IsAuthenticated);
             userState = userState.SetIsAuthenticated(authenticated);
-            SetUserState(context.ContextData, userState);
+            SetUserState(context, userState);
         }
 
         foreach (var directive in directives)
@@ -196,20 +197,19 @@ private async Task<AuthorizationPolicy> BuildAuthorizationPolicy(
         return policyBuilder.Build();
     }
 
-    private static UserState GetUserState(IDictionary<string, object?> contextData)
+    private static UserState GetUserState(IFeatureProvider featureProvider)
     {
-        if (contextData.TryGetValue(WellKnownContextData.UserState, out var value) &&
-            value is UserState p)
+        if (featureProvider.Features.TryGet<UserState>(out var state))
         {
-            return p;
+            return state;
         }
 
         throw new MissingStateException(
             "Authorization",
-            WellKnownContextData.UserState,
+            "HotChocolate.Authorization.UserState",
             StateKind.Global);
     }
 
-    private static void SetUserState(IDictionary<string, object?> contextData, UserState state)
-        => contextData[WellKnownContextData.UserState] = state;
+    private static void SetUserState(IFeatureProvider featureProvider, UserState state)
+        => featureProvider.Features.Set(state);
 }

src/HotChocolate/AspNetCore/src/AspNetCore/DefaultHttpRequestInterceptor.cs

@@ -18,19 +18,21 @@ public virtual ValueTask OnCreateAsync(
     {
         var userState = new UserState(context.User);
 
+        requestBuilder.Features.Set(userState);
+        requestBuilder.Features.Set(context);
+        requestBuilder.Features.Set(context.User);
+
         requestBuilder.TrySetServices(context.RequestServices);
         requestBuilder.TryAddGlobalState(nameof(HttpContext), context);
         requestBuilder.TryAddGlobalState(nameof(CancellationToken), context.RequestAborted);
         requestBuilder.TryAddGlobalState(nameof(ClaimsPrincipal), userState.User);
-        requestBuilder.TryAddGlobalState(WellKnownContextData.UserState, userState);
 
         if (context.IncludeQueryPlan())
         {
             requestBuilder.TryAddGlobalState(WellKnownContextData.IncludeQueryPlan, true);
         }
 
-        var costSwitch = context.TryGetCostSwitch();
-        if (costSwitch is not null)
+        if (context.TryGetCostSwitch() is { } costSwitch)
         {
             requestBuilder.TryAddGlobalState(costSwitch, true);
         }

src/HotChocolate/AspNetCore/src/AspNetCore/DefaultSocketSessionInterceptor.cs

@@ -25,14 +25,16 @@ public virtual ValueTask OnRequestAsync(
         var userState = new UserState(context.User);
         var serviceScopeFactory = session.Connection.RequestServices.GetService<IServiceScopeFactory>();
 
+        requestBuilder.Features.Set(userState);
+        requestBuilder.Features.Set(context);
+        requestBuilder.Features.Set(context.User);
+
         requestBuilder.TryAddGlobalState(nameof(IServiceScopeFactory), serviceScopeFactory);
         requestBuilder.TryAddGlobalState(nameof(CancellationToken), session.Connection.RequestAborted);
         requestBuilder.TryAddGlobalState(nameof(HttpContext), context);
         requestBuilder.TryAddGlobalState(nameof(ISocketSession), session);
         requestBuilder.TryAddGlobalState(OperationSessionId, operationSessionId);
-
         requestBuilder.TryAddGlobalState(nameof(ClaimsPrincipal), userState.User);
-        requestBuilder.TryAddGlobalState(WellKnownContextData.UserState, userState);
 
         if (context.IncludeQueryPlan())
         {

src/HotChocolate/AspNetCore/src/AspNetCore/Extensions/HttpContextExtensions.cs

@@ -30,6 +30,7 @@ public static bool IncludeQueryPlan(this HttpContext context)
     public static string? TryGetCostSwitch(this HttpContext context)
     {
         var headers = context.Request.Headers;
+
         if (headers.TryGetValue(HttpHeaderKeys.Cost, out var values))
         {
             var value = values.FirstOrDefault();

src/HotChocolate/Core/src/Abstractions/MissingStateException.cs

@@ -3,7 +3,7 @@
 namespace HotChocolate;
 
 /// <summary>
-/// This exception can be thrown if a feature that is dependant on a well-known state
+/// This exception can be thrown if a feature that is dependent on a well-known state
 /// cannot retrieve it.
 /// </summary>
 public sealed class MissingStateException : Exception
@@ -39,7 +39,7 @@ public MissingStateException(string feature, string key, StateKind kind)
     public string Key { get; }
 
     /// <summary>
-    /// Gets the state store that is missing the state.
+    /// Gets the state store missing the state.
     /// </summary>
     public StateKind Kind { get; }
 }

src/HotChocolate/Core/src/Abstractions/UserState.cs

@@ -3,8 +3,8 @@
 namespace HotChocolate;
 
 /// <summary>
-/// The Hot Chocolate user state can be provided by GraphQL server implementations
-/// and authorization implementations are depending on this state being added to
+/// The Hot Chocolate user state can be provided by GraphQL server implementations,
+/// and authorization implementations depend on this state being added to
 /// the global state.
 /// </summary>
 public sealed class UserState : IEquatable<UserState>
@@ -13,10 +13,10 @@ public sealed class UserState : IEquatable<UserState>
     /// Initializes a new instance of <see cref="UserState"/>.
     /// </summary>
     /// <param name="user">
-    /// The currently signed in user.
+    /// The current signed-in user.
     /// </param>
     /// <param name="isAuthenticated">
-    /// Specifies if the currently signed in user is authenticated.
+    /// Specifies if the currently signed-in user is authenticated.
     /// </param>
     public UserState(ClaimsPrincipal user, bool? isAuthenticated = null)
     {
@@ -25,13 +25,13 @@ public UserState(ClaimsPrincipal user, bool? isAuthenticated = null)
     }
 
     /// <summary>
-    /// The currently signed in user.
+    /// The current signed-in user.
     /// </summary>
     public ClaimsPrincipal User { get; }
 
     /// <summary>
-    /// Specifies if the currently signed in user is authenticated.
-    /// If this property is null it means that this state has not yet been determined.
+    /// Specifies if the currently signed-in user is authenticated.
+    /// If this property is null, it means that this state has not yet been determined.
     /// </summary>
     public bool? IsAuthenticated { get; }
 
@@ -55,7 +55,7 @@ public UserState SetIsAuthenticated(bool isAuthenticated)
     /// <param name="other">A user state to compare with this user state.</param>
     /// <returns>
     /// <c>true</c> if the current user state is equal to the
-    /// <paramref name="other">other user state</paramref> user state parameter;
+    /// <paramref name="other">other user state</paramref> parameter;
     /// otherwise, <c>false</c>.
     /// </returns>
     public bool Equals(UserState? other)

src/HotChocolate/Core/src/Abstractions/WellKnownContextData.cs

@@ -143,11 +143,6 @@ public static class WellKnownContextData
     /// </summary>
     public const string CacheControlConstraints = "HotChocolate.Caching.CacheControlConstraints";
 
-    /// <summary>
-    /// The key to access the user state on the global context.
-    /// </summary>
-    public const string UserState = "HotChocolate.Authorization.UserState";
-
     /// <summary>
     /// Type key to access the paging arguments in the local resolver state.
     /// </summary>

src/HotChocolate/Core/src/Authorization/AllowAnonymousDirectiveType.cs

@@ -30,11 +30,11 @@ public void ApplyConfiguration(
         ITypeSystemConfiguration definition,
         Stack<ITypeSystemConfiguration> path)
     {
-        ((IDirectiveConfigurationProvider)definition).Directives.Add(new(directiveNode));
+        ((IDirectiveConfigurationProvider)definition).Directives.Add(new DirectiveConfiguration(directiveNode));
 
         if (definition is ObjectFieldConfiguration fieldDef)
         {
-            fieldDef.AllowAnonymous();
+            fieldDef.ModifyAuthorizationFieldOptions(o => o with { AllowAnonymous = true });
         }
     }
 

src/HotChocolate/Core/src/Authorization/AuthorizationContext.cs

@@ -1,31 +1,35 @@
 using HotChocolate.Execution;
+using HotChocolate.Features;
 using HotChocolate.Language;
 
 namespace HotChocolate.Authorization;
 
 /// <summary>
-/// Represents the state that is used to execute authorization policies.
+/// Represents the state used to execute authorization policies.
 /// </summary>
-public sealed class AuthorizationContext
+public sealed class AuthorizationContext : IFeatureProvider
 {
     /// <summary>
     /// Initializes a new <see cref="AuthorizationContext"/>.
     /// </summary>
     /// <param name="schema">The GraphQL schema.</param>
     /// <param name="services">The application services.</param>
     /// <param name="contextData">The request context data.</param>
+    /// <param name="features">The request feature collection.</param>
     /// <param name="document">The GraphQL request document.</param>
     /// <param name="documentId">A unique string identifying the GraphQL document</param>
     public AuthorizationContext(
         Schema schema,
         IServiceProvider services,
         IDictionary<string, object?> contextData,
+        IFeatureCollection features,
         DocumentNode document,
         OperationDocumentId documentId)
     {
         Schema = schema;
         Services = services;
         ContextData = contextData;
+        Features = features;
         Document = document;
         DocumentId = documentId;
     }
@@ -45,6 +49,11 @@ public AuthorizationContext(
     /// </summary>
     public IDictionary<string, object?> ContextData { get; }
 
+    /// <summary>
+    /// Gets the feature collection.
+    /// </summary>
+    public IFeatureCollection Features { get; }
+
     /// <summary>
     /// Gets the GraphQL request document.
     /// </summary>

src/HotChocolate/Core/src/Authorization/AuthorizationFieldOptions.cs

@@ -0,0 +1,8 @@
+namespace HotChocolate.Authorization;
+
+internal sealed record AuthorizationFieldOptions
+{
+    public bool AuthorizeAtRequestLevel { get; init; }
+
+    public bool AllowAnonymous { get; init; }
+}

src/HotChocolate/Core/src/Authorization/AuthorizationRequestInfo.cs renamed to src/HotChocolate/Core/src/Authorization/AuthorizationRequestContext.cs

@@ -2,7 +2,7 @@
 
 namespace HotChocolate.Authorization;
 
-public class AuthorizationRequestData
+internal class AuthorizationRequestContext
 {
     public IAuthorizationHandler? Handler { get; set; }