public async Task OnAuthorizationAsync_WillCallPolicyProvider()
{
// Arrange
var policy = new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build();
var policyProvider = new Mock <IAuthorizationPolicyProvider>();
var getPolicyCount = 0;
var getFallbackPolicyCount = 0;
policyProvider.Setup(p => p.GetPolicyAsync(It.IsAny <string>())).ReturnsAsync(policy)
.Callback(() => getPolicyCount++);
policyProvider.Setup(p => p.GetFallbackPolicyAsync()).ReturnsAsync(policy)
.Callback(() => getFallbackPolicyCount++);
var next = new TestRequestDelegate();
var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
var context = GetHttpContext(anonymous: true, endpoint: CreateEndpoint(new AuthorizeAttribute("whatever")));
// Act & Assert
await middleware.Invoke(context);
Assert.Equal(1, getPolicyCount);
Assert.Equal(0, getFallbackPolicyCount);
Assert.Equal(1, next.CalledCount);
await middleware.Invoke(context);
Assert.Equal(2, getPolicyCount);
Assert.Equal(0, getFallbackPolicyCount);
Assert.Equal(2, next.CalledCount);
await middleware.Invoke(context);
Assert.Equal(3, getPolicyCount);
Assert.Equal(0, getFallbackPolicyCount);
Assert.Equal(3, next.CalledCount);
}
public async Task IAuthenticateResultFeature_NullResultWhenUserSetAfter()
{
// Arrange
var policy = new AuthorizationPolicyBuilder().RequireClaim("Permission", "CanViewPage").Build();
var policyProvider = new Mock <IAuthorizationPolicyProvider>();
policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy);
var next = new TestRequestDelegate();
var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
var context = GetHttpContext(endpoint: CreateEndpoint(new AuthorizeAttribute()));
// Act
await middleware.Invoke(context);
// Assert
Assert.True(next.Called);
var authenticateResultFeature = context.Features.Get <IAuthenticateResultFeature>();
Assert.NotNull(authenticateResultFeature);
Assert.NotNull(authenticateResultFeature.AuthenticateResult);
Assert.Same(context.User, authenticateResultFeature.AuthenticateResult.Principal);
context.User = new ClaimsPrincipal();
Assert.Null(authenticateResultFeature.AuthenticateResult);
}
public async Task AuthZResourceCanBeHttpContextAndHaveEndpoint()
{
// Arrange
HttpContext resource = null;
var policy = new AuthorizationPolicyBuilder().RequireAssertion(c =>
{
resource = c.Resource as HttpContext;
return(true);
}).Build();
var policyProvider = new Mock <IAuthorizationPolicyProvider>();
policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy);
var next = new TestRequestDelegate();
var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
var endpoint = CreateEndpoint(new AuthorizeAttribute());
var context = GetHttpContext(endpoint: endpoint);
// Act
await middleware.Invoke(context);
// Assert
Assert.NotNull(resource);
Assert.Equal(context, resource);
Assert.Equal(endpoint, resource.GetEndpoint());
}
public async Task AuthZResourceShouldBeEndpointByDefaultWithCompatSwitch()
{
AppContext.SetSwitch("Microsoft.AspNetCore.Authorization.SuppressUseHttpContextAsAuthorizationResource", isEnabled: true);
// Arrange
object resource = null;
var policy = new AuthorizationPolicyBuilder().RequireAssertion(c =>
{
resource = c.Resource;
return(true);
}).Build();
var policyProvider = new Mock <IAuthorizationPolicyProvider>();
policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy);
var next = new TestRequestDelegate();
var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
var endpoint = CreateEndpoint(new AuthorizeAttribute());
var context = GetHttpContext(endpoint: endpoint);
// Act
await middleware.Invoke(context);
// Assert
Assert.Equal(endpoint, resource);
}
public async Task IAuthenticateResultFeature_UsesExistingFeatureAndResult_WithoutScheme()
{
// Arrange
var policy = new AuthorizationPolicyBuilder().RequireClaim("Permission", "CanViewPage").Build();
var policyProvider = new Mock <IAuthorizationPolicyProvider>();
policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy);
var next = new TestRequestDelegate();
var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
var context = GetHttpContext(endpoint: CreateEndpoint(new AuthorizeAttribute()));
var testAuthenticateResultFeature = new TestAuthResultFeature();
var authenticateResult = AuthenticateResult.Success(new AuthenticationTicket(new ClaimsPrincipal(), ""));
testAuthenticateResultFeature.AuthenticateResult = authenticateResult;
context.Features.Set <IAuthenticateResultFeature>(testAuthenticateResultFeature);
// Act
await middleware.Invoke(context);
// Assert
var authenticateResultFeature = context.Features.Get <IAuthenticateResultFeature>();
Assert.NotNull(authenticateResultFeature);
Assert.NotNull(authenticateResultFeature.AuthenticateResult);
Assert.Same(testAuthenticateResultFeature, authenticateResultFeature);
Assert.Same(authenticateResult, authenticateResultFeature.AuthenticateResult);
}
public async Task OnAuthorizationAsync_WillCallDerviedDefaultPolicyProviderCanCache(bool canCache)
{
// Arrange
var policy = new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build();
var policyProvider = new TestDefaultPolicyProvider(Options.Create(new AuthorizationOptions()), canCache);
var next = new TestRequestDelegate();
var endpoint = CreateEndpoint(new AuthorizeAttribute("whatever"));
var services = new ServiceCollection()
.AddAuthorization()
.AddSingleton(CreateDataSource(endpoint)).BuildServiceProvider();
var middleware = CreateMiddleware(next.Invoke, policyProvider, services);
var context = GetHttpContext(anonymous: true, endpoint: endpoint);
// Act & Assert
await middleware.Invoke(context);
Assert.Equal(1, policyProvider.GetPolicyCount);
Assert.Equal(0, policyProvider.GetFallbackPolicyCount);
Assert.Equal(1, next.CalledCount);
await middleware.Invoke(context);
Assert.Equal(canCache ? 1: 2, policyProvider.GetPolicyCount);
Assert.Equal(0, policyProvider.GetFallbackPolicyCount);
Assert.Equal(2, next.CalledCount);
await middleware.Invoke(context);
Assert.Equal(canCache ? 1 : 3, policyProvider.GetPolicyCount);
Assert.Equal(0, policyProvider.GetFallbackPolicyCount);
Assert.Equal(3, next.CalledCount);
}
public async Task RespectDownstreamHttpVersionRouteSetting()
{
// Arrange
const string version = "v1";
const string key = "projects";
HttpContext httpContext = GetHttpContext(requestPath: $"/{version}/{key}");
var next = new TestRequestDelegate();
// What is being tested
var swaggerForOcelotOptions = new SwaggerForOcelotUIOptions();
TestSwaggerEndpointOptions swaggerEndpointOptions = CreateSwaggerEndpointOptions(key, version);
var routeOptions = new TestRouteOptions(new List <RouteOptions>
{
new RouteOptions
{
SwaggerKey = "projects",
UpstreamPathTemplate = "/api/projects/Projects",
DownstreamPathTemplate = "/api/Projects",
DownstreamHttpVersion = "2.0",
}
});
// downstreamSwagger is returned when client.GetStringAsync is called by the middleware.
string downstreamSwagger = await GetBaseOpenApi("OpenApiWithVersionPlaceholderBase");
HttpClient httClientMock = GetHttpClient(downstreamSwagger);
var httpClientFactory = new TestHttpClientFactory(httClientMock);
var swaggerJsonTransformerMock = new Mock <ISwaggerJsonTransformer>();
swaggerJsonTransformerMock
.Setup(x => x.Transform(
It.IsAny <string>(),
It.IsAny <IEnumerable <RouteOptions> >(),
It.IsAny <string>()))
.Returns((
string swaggerJson,
IEnumerable <RouteOptions> routeOptions,
string serverOverride) => new SwaggerJsonTransformer()
.Transform(swaggerJson, routeOptions, serverOverride));
var swaggerForOcelotMiddleware = new SwaggerForOcelotMiddleware(
next.Invoke,
swaggerForOcelotOptions,
routeOptions,
swaggerJsonTransformerMock.Object);
// Act
await swaggerForOcelotMiddleware.Invoke(
httpContext,
new SwaggerEndPointProvider(swaggerEndpointOptions, OcelotSwaggerGenOptions.Default),
new DownstreamSwaggerDocsRepository(Microsoft.Extensions.Options.Options.Create(swaggerForOcelotOptions),
httpClientFactory, DummySwaggerServiceDiscoveryProvider.Default));
httpContext.Response.Body.Seek(0, SeekOrigin.Begin);
// Assert
httClientMock.DefaultRequestVersion.Should().BeEquivalentTo(new Version(2, 0));
}
public async Task AllowUserDefinedUpstreamTransformer()
{
// Arrange
const string version = "v1";
const string key = "projects";
HttpContext httpContext = GetHttpContext(requestPath: $"/{version}/{key}");
var next = new TestRequestDelegate();
// What is being tested
var swaggerForOcelotOptions = new SwaggerForOcelotUIOptions()
{
ReConfigureUpstreamSwaggerJson = ExampleUserDefinedUpstreamTransformer
};
TestSwaggerEndpointOptions testSwaggerEndpointOptions = CreateSwaggerEndpointOptions(key, version);
var routeOptions = new TestRouteOptions();
// downstreamSwagger is returned when client.GetStringAsync is called by the middleware.
string downstreamSwagger = await GetBaseOpenApi("OpenApiBase");
HttpClient httClientMock = GetHttpClient(downstreamSwagger);
var httpClientFactory = new TestHttpClientFactory(httClientMock);
// upstreamSwagger is returned after swaggerJsonTransformer transforms the downstreamSwagger
string upstreamSwagger = await GetBaseOpenApi("OpenApiBaseTransformed");
var swaggerJsonTransformer = new TestSwaggerJsonTransformer(upstreamSwagger);
var swaggerForOcelotMiddleware = new SwaggerForOcelotMiddleware(
next.Invoke,
swaggerForOcelotOptions,
routeOptions,
swaggerJsonTransformer,
Substitute.For <ISwaggerProvider>());
// Act
await swaggerForOcelotMiddleware.Invoke(
httpContext,
new SwaggerEndPointProvider(testSwaggerEndpointOptions, OcelotSwaggerGenOptions.Default),
new DownstreamSwaggerDocsRepository(Microsoft.Extensions.Options.Options.Create(swaggerForOcelotOptions),
httpClientFactory, DummySwaggerServiceDiscoveryProvider.Default));
httpContext.Response.Body.Seek(0, SeekOrigin.Begin);
string transformedUpstreamSwagger = await new StreamReader(httpContext.Response.Body).ReadToEndAsync();
// Assert
AreEqual(transformedUpstreamSwagger, upstreamSwagger);
}
public async Task AllowUserDefinedUpstreamTransformer()
{
// Arrange
const string version = "v1";
const string key = "projects";
HttpContext httpContext = GetHttpContext(requestPath: $"/{version}/{key}");
var next = new TestRequestDelegate();
// What is being tested
var swaggerForOcelotOptions = new SwaggerForOcelotUIOptions()
{
ReConfigureUpstreamSwaggerJson = ExampleUserDefinedUpstreamTransformer
};
TestSwaggerEndpointOptions testSwaggerEndpointOptions = CreateSwaggerEndpointOptions(key, version);
var rerouteOptions = new TestReRouteOptions();
// downstreamSwagger is returned when client.GetStringAsync is called by the middleware.
string downstreamSwagger = await GetBaseOpenApi("OpenApiBase");
HttpClient httClientMock = GetHttpClient(downstreamSwagger);
var httpClientFactory = new TestHttpClientFactory(httClientMock);
// upstreamSwagger is returned after swaggerJsonTransformer transforms the downstreamSwagger
string upstreamSwagger = await GetBaseOpenApi("OpenApiBaseTransformed");
var swaggerJsonTransformer = new TestSwaggerJsonTransformer(upstreamSwagger);
var swaggerForOcelotMiddleware = new SwaggerForOcelotMiddleware(
next.Invoke,
swaggerForOcelotOptions,
rerouteOptions,
testSwaggerEndpointOptions,
httpClientFactory,
swaggerJsonTransformer);
// Act
await swaggerForOcelotMiddleware.Invoke(httpContext);
httpContext.Response.Body.Seek(0, SeekOrigin.Begin);
string transformedUpstreamSwagger = await new StreamReader(httpContext.Response.Body).ReadToEndAsync();
// Assert
AreEqual(transformedUpstreamSwagger, upstreamSwagger);
}
public async Task Invoke_SingleValidClaimShouldSucceed()
{
// Arrange
var policy = new AuthorizationPolicyBuilder().RequireClaim("Permission", "CanViewComment", "CanViewPage").Build();
var policyProvider = new Mock <IAuthorizationPolicyProvider>();
policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy);
var next = new TestRequestDelegate();
var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
var context = GetHttpContext(endpoint: CreateEndpoint(new AuthorizeAttribute()));
// Act
await middleware.Invoke(context);
// Assert
Assert.True(next.Called);
}
public async Task NoEndpointWithFallback_AnonymousUser_Challenges()
{
// Arrange
var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
var policyProvider = new Mock <IAuthorizationPolicyProvider>();
policyProvider.Setup(p => p.GetFallbackPolicyAsync()).ReturnsAsync(policy);
var next = new TestRequestDelegate();
var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
var context = GetHttpContext(anonymous: true);
// Act
await middleware.Invoke(context);
// Assert
Assert.False(next.Called);
}
public async Task HasEndpointWithoutAuth_AnonymousUser_Allows()
{
// Arrange
var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
var policyProvider = new Mock <IAuthorizationPolicyProvider>();
policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy);
var next = new TestRequestDelegate();
var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
var context = GetHttpContext(anonymous: true, endpoint: CreateEndpoint());
// Act
await middleware.Invoke(context);
// Assert
Assert.True(next.Called);
}
public async Task Verify_Filter_SuccessReturns200()
{
// Arrange
var body = "happy birthday";
var secret = "secret1";
var next = new TestRequestDelegate();
using var context = new TestHttpContext(body);
context.AddHeader("header", "sha1=c842eb4acaa566b634f845417d8a4593928e9ec4");
var middleware = new TestVerifySignatureMiddleware(next.Invoke, "header", secret, x => x.Substring(5));
// Act
await middleware.Invoke(context.Instance);
// Assert
Assert.Equal(200, context.Instance.Response.StatusCode);
Assert.True(next.Called);
}
public async Task IAuthenticateResultFeature_ContainsLowestExpiration()
{
// Arrange
var policy = new AuthorizationPolicyBuilder().RequireRole("Wut").AddAuthenticationSchemes("Basic", "Bearer").Build();
var policyProvider = new Mock <IAuthorizationPolicyProvider>();
policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy);
var next = new TestRequestDelegate();
var firstExpiration = new DateTimeOffset(2021, 5, 12, 2, 3, 4, TimeSpan.Zero);
var secondExpiration = new DateTimeOffset(2021, 5, 11, 2, 3, 4, TimeSpan.Zero);
var authenticationService = new Mock <IAuthenticationService>();
authenticationService.Setup(s => s.AuthenticateAsync(It.IsAny <HttpContext>(), "Basic"))
.ReturnsAsync((HttpContext c, string scheme) =>
{
var res = AuthenticateResult.Success(new AuthenticationTicket(new ClaimsPrincipal(c.User.Identities.FirstOrDefault(i => i.AuthenticationType == scheme)), scheme));
res.Properties.ExpiresUtc = firstExpiration;
return(res);
});
authenticationService.Setup(s => s.AuthenticateAsync(It.IsAny <HttpContext>(), "Bearer"))
.ReturnsAsync((HttpContext c, string scheme) =>
{
var res = AuthenticateResult.Success(new AuthenticationTicket(new ClaimsPrincipal(c.User.Identities.FirstOrDefault(i => i.AuthenticationType == scheme)), scheme));
res.Properties.ExpiresUtc = secondExpiration;
return(res);
});
var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
var context = GetHttpContext(endpoint: CreateEndpoint(new AuthorizeAttribute()), authenticationService: authenticationService.Object);
// Act
await middleware.Invoke(context);
// Assert
var authenticateResultFeature = context.Features.Get <IAuthenticateResultFeature>();
Assert.NotNull(authenticateResultFeature);
Assert.NotNull(authenticateResultFeature.AuthenticateResult);
Assert.Same(context.User, authenticateResultFeature.AuthenticateResult.Principal);
Assert.Equal(secondExpiration, authenticateResultFeature.AuthenticateResult?.Properties?.ExpiresUtc);
}
public async Task Invoke_RequireUnknownRole_ForbidPerScheme()
{
// Arrange
var policy = new AuthorizationPolicyBuilder().RequireRole("Wut").AddAuthenticationSchemes("Basic", "Bearer").Build();
var policyProvider = new Mock <IAuthorizationPolicyProvider>();
policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy);
var next = new TestRequestDelegate();
var authenticationService = new TestAuthenticationService();
var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
var context = GetHttpContext(endpoint: CreateEndpoint(new AuthorizeAttribute()), authenticationService: authenticationService);
// Act
await middleware.Invoke(context);
// Assert
Assert.False(next.Called);
Assert.Equal(2, authenticationService.ForbidCount);
}
public async Task HasEndpointWithAuth_AuthenticatedUser_Allows()
{
// Arrange
var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
var policyProvider = new Mock <IAuthorizationPolicyProvider>();
policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy);
var next = new TestRequestDelegate();
var authenticationService = new TestAuthenticationService();
var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
var context = GetHttpContext(endpoint: CreateEndpoint(new AuthorizeAttribute()), authenticationService: authenticationService);
// Act
await middleware.Invoke(context);
// Assert
Assert.True(next.Called);
Assert.False(authenticationService.ChallengeCalled);
}
public async Task HasEndpointWithAuth_AnonymousUser_ChallengePerScheme()
{
// Arrange
var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().AddAuthenticationSchemes("schema1", "schema2").Build();
var policyProvider = new Mock <IAuthorizationPolicyProvider>();
policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy);
var next = new TestRequestDelegate();
var authenticationService = new TestAuthenticationService();
var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
var context = GetHttpContext(anonymous: true, endpoint: CreateEndpoint(new AuthorizeAttribute()), authenticationService: authenticationService);
// Act
await middleware.Invoke(context);
// Assert
Assert.False(next.Called);
Assert.Equal(2, authenticationService.ChallengeCount);
}
public async Task CanApplyPolicyDirectlyToEndpoint()
{
// Arrange
var calledPolicy = false;
var policy = new AuthorizationPolicyBuilder().RequireAssertion(_ =>
{
calledPolicy = true;
return(true);
}).Build();
var policyProvider = new Mock <IAuthorizationPolicyProvider>();
policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build());
var next = new TestRequestDelegate();
var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
var context = GetHttpContext(anonymous: false, endpoint: CreateEndpoint(new AuthorizeAttribute(), policy));
// Act & Assert
await middleware.Invoke(context);
Assert.True(calledPolicy);
}
public async Task Invoke_AuthSchemesFailShouldSetEmptyPrincipalOnContext()
{
// Arrange
var policy = new AuthorizationPolicyBuilder("Fails").RequireAuthenticatedUser().Build();
var policyProvider = new Mock <IAuthorizationPolicyProvider>();
policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy);
var next = new TestRequestDelegate();
var authenticationService = new TestAuthenticationService();
var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
var context = GetHttpContext(endpoint: CreateEndpoint(new AuthorizeAttribute()), authenticationService: authenticationService);
// Act
await middleware.Invoke(context);
// Assert
Assert.False(next.Called);
Assert.NotNull(context.User?.Identity);
Assert.True(authenticationService.AuthenticateCalled);
Assert.True(authenticationService.ChallengeCalled);
}
public async Task Invoke_InvalidClaimShouldForbid()
{
// Arrange
var policy = new AuthorizationPolicyBuilder()
.RequireClaim("Permission", "CanViewComment")
.Build();
var policyProvider = new Mock <IAuthorizationPolicyProvider>();
policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy);
var next = new TestRequestDelegate();
var authenticationService = new TestAuthenticationService();
var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
var context = GetHttpContext(endpoint: CreateEndpoint(new AuthorizeAttribute()), authenticationService: authenticationService);
// Act
await middleware.Invoke(context);
// Assert
Assert.False(next.Called);
Assert.False(authenticationService.ChallengeCalled);
Assert.True(authenticationService.ForbidCalled);
}
public async Task IAuthenticateResultFeature_NotSetOnUnsuccessfulAuthorize()
{
// Arrange
var policy = new AuthorizationPolicyBuilder().RequireRole("Wut").AddAuthenticationSchemes("NotImplemented").Build();
var policyProvider = new Mock <IAuthorizationPolicyProvider>();
policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy);
var next = new TestRequestDelegate();
var authenticationService = new TestAuthenticationService();
var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
var context = GetHttpContext(endpoint: CreateEndpoint(new AuthorizeAttribute(), new AllowAnonymousAttribute()), authenticationService: authenticationService);
// Act
await middleware.Invoke(context);
// Assert
Assert.True(next.Called);
var authenticateResultFeature = context.Features.Get <IAuthenticateResultFeature>();
Assert.Null(authenticateResultFeature);
Assert.True(authenticationService.AuthenticateCalled);
}
public async Task IAuthenticateResultFeature_UsesExistingFeature_WithScheme()
{
// Arrange
var policy = new AuthorizationPolicyBuilder().RequireClaim("Permission", "CanViewPage").AddAuthenticationSchemes("Bearer").Build();
var policyProvider = new Mock <IAuthorizationPolicyProvider>();
policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy);
var next = new TestRequestDelegate();
var authenticationService = new Mock <IAuthenticationService>();
authenticationService.Setup(s => s.AuthenticateAsync(It.IsAny <HttpContext>(), "Bearer"))
.ReturnsAsync((HttpContext c, string scheme) =>
{
var res = AuthenticateResult.Success(new AuthenticationTicket(new ClaimsPrincipal(c.User.Identities.FirstOrDefault(i => i.AuthenticationType == scheme)), scheme));
return(res);
});
var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
var context = GetHttpContext(endpoint: CreateEndpoint(new AuthorizeAttribute()), authenticationService: authenticationService.Object);
var testAuthenticateResultFeature = new TestAuthResultFeature();
var authenticateResult = AuthenticateResult.Success(new AuthenticationTicket(new ClaimsPrincipal(), ""));
testAuthenticateResultFeature.AuthenticateResult = authenticateResult;
context.Features.Set <IAuthenticateResultFeature>(testAuthenticateResultFeature);
// Act
await middleware.Invoke(context);
// Assert
var authenticateResultFeature = context.Features.Get <IAuthenticateResultFeature>();
Assert.NotNull(authenticateResultFeature);
Assert.NotNull(authenticateResultFeature.AuthenticateResult);
Assert.Same(testAuthenticateResultFeature, authenticateResultFeature);
Assert.NotSame(authenticateResult, authenticateResultFeature.AuthenticateResult);
}
public async Task AllowUserDefinedUpstreamTransformer()
{
// Arrange
const string version = "v1";
const string key = "test";
var httpContext = GetHttpContext(requestPath: $"/{version}/{key}");
var next = new TestRequestDelegate();
// What is being tested
var swaggerForOcelotOptions = new SwaggerForOcelotUIOptions()
{
ReConfigureUpstreamSwaggerJson = ExampleUserDefinedUpstreamTransformer
};
var rerouteOptions = new TestReRouteOptions();
var swaggerEndpointOptions = new TestSwaggerEndpointOptions(
new List <SwaggerEndPointOptions>()
{
new SwaggerEndPointOptions()
{
Key = key,
Config = new List <SwaggerEndPointConfig>()
{
new SwaggerEndPointConfig()
{
Name = "Test Service",
Version = version,
Url = $"http://test.com/{version}/{key}/swagger.json"
}
}
}
});
// downstreamSwagger is returned when client.GetStringAsync is called by the middleware.
var downstreamSwagger = await GetBaseOpenApi("OpenApiBase");
var httClientMock = GetHttpClient(downstreamSwagger);
var httpClientFactory = new TestHttpClientFactory(httClientMock);
// upstreamSwagger is returned after swaggerJsonTransformer transforms the downstreamSwagger
var upstreamSwagger = await GetBaseOpenApi("OpenApiBaseTransformed");
var swaggerJsonTransformer = new TestSwaggerJsonTransformer(upstreamSwagger);
var swaggerForOcelotMiddleware = new SwaggerForOcelotMiddleware(
next.Invoke,
swaggerForOcelotOptions,
rerouteOptions,
swaggerEndpointOptions,
httpClientFactory,
swaggerJsonTransformer);
// Act
await swaggerForOcelotMiddleware.Invoke(httpContext);
httpContext.Response.Body.Seek(0, SeekOrigin.Begin);
var transformedUpstreamSwagger = await new StreamReader(httpContext.Response.Body).ReadToEndAsync();
// Assert
await AreEqual(transformedUpstreamSwagger, "OpenApiBaseTransformedReconfigured");
}
public async Task AllowVersionPlaceholder()
{
// Arrange
const string version = "v1";
const string key = "projects";
HttpContext httpContext = GetHttpContext(requestPath: $"/{version}/{key}");
var next = new TestRequestDelegate();
// What is being tested
var swaggerForOcelotOptions = new SwaggerForOcelotUIOptions();
TestSwaggerEndpointOptions swaggerEndpointOptions = CreateSwaggerEndpointOptions(key, version);
var rerouteOptions = new TestReRouteOptions(new List <ReRouteOptions>
{
new ReRouteOptions
{
SwaggerKey = "projects",
UpstreamPathTemplate = "/api/{version}/projects/Values/{everything}",
DownstreamPathTemplate = "/api/{version}/Values/{everything}",
},
new ReRouteOptions
{
SwaggerKey = "projects",
UpstreamPathTemplate = "/api/projects/Projects",
DownstreamPathTemplate = "/api/Projects",
},
new ReRouteOptions
{
SwaggerKey = "projects",
UpstreamPathTemplate = "/api/projects/Projects/{everything}",
DownstreamPathTemplate = "/api/Projects/{everything}",
}
});
// downstreamSwagger is returned when client.GetStringAsync is called by the middleware.
string downstreamSwagger = await GetBaseOpenApi("OpenApiWithVersionPlaceholderBase");
HttpClient httClientMock = GetHttpClient(downstreamSwagger);
var httpClientFactory = new TestHttpClientFactory(httClientMock);
// upstreamSwagger is returned after swaggerJsonTransformer transforms the downstreamSwagger
string expectedSwagger = await GetBaseOpenApi("OpenApiWithVersionPlaceholderBaseTransformed");
var swaggerJsonTransformerMock = new Mock <ISwaggerJsonTransformer>();
swaggerJsonTransformerMock
.Setup(x => x.Transform(
It.IsAny <string>(),
It.IsAny <IEnumerable <ReRouteOptions> >(),
It.IsAny <string>()))
.Returns((
string swaggerJson,
IEnumerable <ReRouteOptions> reRouteOptions,
string serverOverride) => new SwaggerJsonTransformer()
.Transform(swaggerJson, reRouteOptions, serverOverride));
var swaggerForOcelotMiddleware = new SwaggerForOcelotMiddleware(
next.Invoke,
swaggerForOcelotOptions,
rerouteOptions,
swaggerEndpointOptions,
httpClientFactory,
swaggerJsonTransformerMock.Object);
// Act
await swaggerForOcelotMiddleware.Invoke(httpContext, DummySwaggerServiceDiscoveryProvider.Default);
httpContext.Response.Body.Seek(0, SeekOrigin.Begin);
// Assert
using (var streamReader = new StreamReader(httpContext.Response.Body))
{
string transformedUpstreamSwagger = await streamReader.ReadToEndAsync();
AreEqual(transformedUpstreamSwagger, expectedSwagger);
}
swaggerJsonTransformerMock.Verify(x => x.Transform(
It.IsAny <string>(),
It.IsAny <IEnumerable <ReRouteOptions> >(),
It.IsAny <string>()), Times.Once);
}
public async Task InvokeAsyncTest()
{
IServiceProvider serviceProvider = CreateServices();
//未指定权限时且为指定FallbackPolicy时 匿名用户可访问
using (IServiceScope serviceScope = serviceProvider.CreateScope())
{
IServiceProvider scopeServiceProvider = serviceScope.ServiceProvider;
var next = new TestRequestDelegate();
var middleware = CreateMiddleware(next.Invoke, scopeServiceProvider.GetRequiredService <IPolicyCombiner>());
var context = GetHttpContext(scopeServiceProvider);
IPolicyEvaluator policyEvaluator = scopeServiceProvider.GetRequiredService <IPolicyEvaluator>();
await middleware.InvokeAsync(context, MockAuthorizeDataManager(null), policyEvaluator);
next.Called.ShouldBeTrue();
}
//未指定权限但是指定FallbackPolicy时
serviceProvider = CreateServices(services =>
{
services.AddScoped <IAuthorizationPolicyProvider>(sp =>
{
var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
var policyProvider = new Mock <IAuthorizationPolicyProvider>();
policyProvider.Setup(p => p.GetFallbackPolicyAsync()).ReturnsAsync(policy);
return(policyProvider.Object);
});
});
using (IServiceScope serviceScope = serviceProvider.CreateScope())
{
IServiceProvider scopeServiceProvider = serviceScope.ServiceProvider;
var next = new TestRequestDelegate();
var middleware = CreateMiddleware(next.Invoke, scopeServiceProvider.GetRequiredService <IPolicyCombiner>());
var context = GetHttpContext(scopeServiceProvider);
IPolicyEvaluator policyEvaluator = scopeServiceProvider.GetRequiredService <IPolicyEvaluator>();
await middleware.InvokeAsync(context, MockAuthorizeDataManager(null), policyEvaluator);
next.Called.ShouldBeFalse();
}
serviceProvider = CreateServices();
using (IServiceScope serviceScope = serviceProvider.CreateScope())
{
IServiceProvider scopeServiceProvider = serviceScope.ServiceProvider;
var next = new TestRequestDelegate();
var middleware = CreateMiddleware(next.Invoke, scopeServiceProvider.GetRequiredService <IPolicyCombiner>());
IPolicyEvaluator policyEvaluator = scopeServiceProvider.GetRequiredService <IPolicyEvaluator>();
//允许匿名访问
var context = GetHttpContext(scopeServiceProvider);
await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData()
{
AllowedAnonymous = true
}), policyEvaluator);
next.Called.ShouldBeTrue();
//拒绝所有
next.Reset();
await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData()
{
DeniedAll = true
}), policyEvaluator);
next.Called.ShouldBeFalse();
//允许所有登录者 访问
next.Reset();
await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData()
{
AllowedAllRoles = true
}), policyEvaluator);
next.Called.ShouldBeFalse();
next.Reset();
ClaimsPrincipal principal = new ClaimsPrincipal();
ClaimsIdentity basicIdentity = new ClaimsIdentity(new Claim[] {
new Claim("Permission", "CanViewPage"),
new Claim(ClaimTypes.Role, "Administrator"),
new Claim(ClaimTypes.Role, "User"),
new Claim(ClaimTypes.NameIdentifier, "John")
}, "Basic", ClaimTypes.NameIdentifier, ClaimTypes.Role);
principal.AddIdentity(basicIdentity);
context = GetHttpContext(scopeServiceProvider, principal);
await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData()
{
AllowedAllRoles = true
}), policyEvaluator);
next.Called.ShouldBeTrue();
// 角色验证
next.Reset();
await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData()
{
AllowedRoles = new string[] { "User" }
}), policyEvaluator);
next.Called.ShouldBeTrue();
next.Reset();
await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData()
{
AllowedRoles = new string[] { "userRole" }
}), policyEvaluator);
next.Called.ShouldBeFalse();
//用户Id
next.Reset();
await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData()
{
AllowedUsers = new string[] { "user0" }
}), policyEvaluator);
next.Called.ShouldBeFalse();
next.Reset();
await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData()
{
AllowedUsers = new string[] { "John" }
}), policyEvaluator);
next.Called.ShouldBeTrue();
next.Reset();
await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData()
{
AllowedRoles = new string[] { "role0", "role1" }, AllowedUsers = new string[] { "user0" }
}), policyEvaluator);
next.Called.ShouldBeFalse();
next.Reset();
await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData()
{
AllowedRoles = new string[] { "role0", "role1" }, AllowedUsers = new string[] { "John" }
}), policyEvaluator);
next.Called.ShouldBeTrue();
next.Reset();
await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData()
{
AllowedRoles = new string[] { "Administrator", "role1" }, AllowedUsers = new string[] { "John00" }
}), policyEvaluator);
next.Called.ShouldBeTrue();
next.Reset();
await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData()
{
AllowedRoles = new string[] { "Administrator", "role1" }, AllowedUsers = new string[] { "John" }
}), policyEvaluator);
next.Called.ShouldBeTrue();
}
}
