aspnetcore
aspnetcore copied to clipboard
dotnet
Improvements to null state analysis on AuthorizationResult
Summary
Static analysis should mark the the property "Failure" as not null when the property "Succeeded" is false
Motivation and goals
Reduce the number of unnecessary warnings
Risks / unknowns
A user may ignore all warnings and call AuthorizationResult.Failed(null) resulting in an AuthorizationResult with Failure = null and Succeeded = false, handling this could result in breaking changes
A user may ignore all warnings and call AuthorizationResult.Failed(null) resulting in an AuthorizationResult with Failure = null and Succeeded = false, handling this could result in breaking changes
Triage: We had a conversation around whether or not this assumption is correct. At the moment, we feel that it is probably a guarantee that when Succeeded is false then there will be an AuthorizationFailure set.
@Kairarara Would you be interested in submitting a PR for this? You can do so by adding a Nullable attribute here:
https://github.com/dotnet/aspnetcore/blob/97e26bd40c52d82afca150f65f1ee948336a18d3/src/Security/Authorization/Core/src/AuthorizationResult.cs#L27
Thanks for contacting us.
We're moving this issue to the .NET 8 Planning milestone for future evaluation / consideration. We would like to keep this around to collect more feedback, which can help us with prioritizing this work. We will re-evaluate this issue, during our next planning meeting(s).
If we later determine, that the issue has no community involvement, or it's very rare and low-impact issue, we will close it - so that the team can focus on more important and high impact issues.
To learn more about what to expect next and how this issue will be handled you can read more about our triage process here.
Is this being work on, otherwise I would like to pick it up.
No one is working on this. We've applied the help wanted label so you're welcome to open a PR if interested. Thanks in advance!