PM-20532 - (1) Policies - Add new Policies.cs static class to avoid magic strings for policy use (2) API Startup.cs - Add send authorization policy.

2025-05-25 21:34:52 -05:00 · 2025-05-15 22:51:18 -04:00 · 2025-05-15 22:51:18 -04:00 · a7275a5e6b
commit a7275a5e6b
parent ad5ea39e4b
2 changed files with 16 additions and 0 deletions
--- a/src/Api/Startup.cs
+++ b/src/Api/Startup.cs
@ -145,6 +145,14 @@ public class Startup
                    (c.Value.Contains(ApiScopes.Api) || c.Value.Contains(ApiScopes.ApiSecrets))
                ));
            });
+
+            config.AddPolicy(Policies.Send, configurePolicy: policy =>
+            {
+                policy.RequireAuthenticatedUser();
+                policy.RequireClaim(JwtClaimTypes.Scope, ApiScopes.Send);
+                // TODO: talk with Tools about potentially
+                // policy.AddRequirements(new SameSendIdRequirement());
+            });
        });

        services.AddScoped<AuthenticatorTokenProvider>();
--- a/src/Core/IdentityServer/Policies.cs
+++ b/src/Core/IdentityServer/Policies.cs
@ -0,0 +1,8 @@
+namespace Bit.Core.IdentityServer;
+
+public static class Policies
+{
+    // TODO: migrate other existing policies to use this class
+    public const string Send = "Send";  // [Authorize(Policy = Policies.Send)]
+
+}