public async Task OnAuthorizationAsync_WillCallPolicyProvider() { // Arrange var policy = new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build(); var policyProvider = new Mock <IAuthorizationPolicyProvider>(); var getPolicyCount = 0; var getFallbackPolicyCount = 0; policyProvider.Setup(p => p.GetPolicyAsync(It.IsAny <string>())).ReturnsAsync(policy) .Callback(() => getPolicyCount++); policyProvider.Setup(p => p.GetFallbackPolicyAsync()).ReturnsAsync(policy) .Callback(() => getFallbackPolicyCount++); var next = new TestRequestDelegate(); var middleware = CreateMiddleware(next.Invoke, policyProvider.Object); var context = GetHttpContext(anonymous: true, endpoint: CreateEndpoint(new AuthorizeAttribute("whatever"))); // Act & Assert await middleware.Invoke(context); Assert.Equal(1, getPolicyCount); Assert.Equal(0, getFallbackPolicyCount); Assert.Equal(1, next.CalledCount); await middleware.Invoke(context); Assert.Equal(2, getPolicyCount); Assert.Equal(0, getFallbackPolicyCount); Assert.Equal(2, next.CalledCount); await middleware.Invoke(context); Assert.Equal(3, getPolicyCount); Assert.Equal(0, getFallbackPolicyCount); Assert.Equal(3, next.CalledCount); }
public async Task IAuthenticateResultFeature_NullResultWhenUserSetAfter() { // Arrange var policy = new AuthorizationPolicyBuilder().RequireClaim("Permission", "CanViewPage").Build(); var policyProvider = new Mock <IAuthorizationPolicyProvider>(); policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy); var next = new TestRequestDelegate(); var middleware = CreateMiddleware(next.Invoke, policyProvider.Object); var context = GetHttpContext(endpoint: CreateEndpoint(new AuthorizeAttribute())); // Act await middleware.Invoke(context); // Assert Assert.True(next.Called); var authenticateResultFeature = context.Features.Get <IAuthenticateResultFeature>(); Assert.NotNull(authenticateResultFeature); Assert.NotNull(authenticateResultFeature.AuthenticateResult); Assert.Same(context.User, authenticateResultFeature.AuthenticateResult.Principal); context.User = new ClaimsPrincipal(); Assert.Null(authenticateResultFeature.AuthenticateResult); }
public async Task AuthZResourceCanBeHttpContextAndHaveEndpoint() { // Arrange HttpContext resource = null; var policy = new AuthorizationPolicyBuilder().RequireAssertion(c => { resource = c.Resource as HttpContext; return(true); }).Build(); var policyProvider = new Mock <IAuthorizationPolicyProvider>(); policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy); var next = new TestRequestDelegate(); var middleware = CreateMiddleware(next.Invoke, policyProvider.Object); var endpoint = CreateEndpoint(new AuthorizeAttribute()); var context = GetHttpContext(endpoint: endpoint); // Act await middleware.Invoke(context); // Assert Assert.NotNull(resource); Assert.Equal(context, resource); Assert.Equal(endpoint, resource.GetEndpoint()); }
public async Task AuthZResourceShouldBeEndpointByDefaultWithCompatSwitch() { AppContext.SetSwitch("Microsoft.AspNetCore.Authorization.SuppressUseHttpContextAsAuthorizationResource", isEnabled: true); // Arrange object resource = null; var policy = new AuthorizationPolicyBuilder().RequireAssertion(c => { resource = c.Resource; return(true); }).Build(); var policyProvider = new Mock <IAuthorizationPolicyProvider>(); policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy); var next = new TestRequestDelegate(); var middleware = CreateMiddleware(next.Invoke, policyProvider.Object); var endpoint = CreateEndpoint(new AuthorizeAttribute()); var context = GetHttpContext(endpoint: endpoint); // Act await middleware.Invoke(context); // Assert Assert.Equal(endpoint, resource); }
public async Task IAuthenticateResultFeature_UsesExistingFeatureAndResult_WithoutScheme() { // Arrange var policy = new AuthorizationPolicyBuilder().RequireClaim("Permission", "CanViewPage").Build(); var policyProvider = new Mock <IAuthorizationPolicyProvider>(); policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy); var next = new TestRequestDelegate(); var middleware = CreateMiddleware(next.Invoke, policyProvider.Object); var context = GetHttpContext(endpoint: CreateEndpoint(new AuthorizeAttribute())); var testAuthenticateResultFeature = new TestAuthResultFeature(); var authenticateResult = AuthenticateResult.Success(new AuthenticationTicket(new ClaimsPrincipal(), "")); testAuthenticateResultFeature.AuthenticateResult = authenticateResult; context.Features.Set <IAuthenticateResultFeature>(testAuthenticateResultFeature); // Act await middleware.Invoke(context); // Assert var authenticateResultFeature = context.Features.Get <IAuthenticateResultFeature>(); Assert.NotNull(authenticateResultFeature); Assert.NotNull(authenticateResultFeature.AuthenticateResult); Assert.Same(testAuthenticateResultFeature, authenticateResultFeature); Assert.Same(authenticateResult, authenticateResultFeature.AuthenticateResult); }
public async Task OnAuthorizationAsync_WillCallDerviedDefaultPolicyProviderCanCache(bool canCache) { // Arrange var policy = new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build(); var policyProvider = new TestDefaultPolicyProvider(Options.Create(new AuthorizationOptions()), canCache); var next = new TestRequestDelegate(); var endpoint = CreateEndpoint(new AuthorizeAttribute("whatever")); var services = new ServiceCollection() .AddAuthorization() .AddSingleton(CreateDataSource(endpoint)).BuildServiceProvider(); var middleware = CreateMiddleware(next.Invoke, policyProvider, services); var context = GetHttpContext(anonymous: true, endpoint: endpoint); // Act & Assert await middleware.Invoke(context); Assert.Equal(1, policyProvider.GetPolicyCount); Assert.Equal(0, policyProvider.GetFallbackPolicyCount); Assert.Equal(1, next.CalledCount); await middleware.Invoke(context); Assert.Equal(canCache ? 1: 2, policyProvider.GetPolicyCount); Assert.Equal(0, policyProvider.GetFallbackPolicyCount); Assert.Equal(2, next.CalledCount); await middleware.Invoke(context); Assert.Equal(canCache ? 1 : 3, policyProvider.GetPolicyCount); Assert.Equal(0, policyProvider.GetFallbackPolicyCount); Assert.Equal(3, next.CalledCount); }
public async Task RespectDownstreamHttpVersionRouteSetting() { // Arrange const string version = "v1"; const string key = "projects"; HttpContext httpContext = GetHttpContext(requestPath: $"/{version}/{key}"); var next = new TestRequestDelegate(); // What is being tested var swaggerForOcelotOptions = new SwaggerForOcelotUIOptions(); TestSwaggerEndpointOptions swaggerEndpointOptions = CreateSwaggerEndpointOptions(key, version); var routeOptions = new TestRouteOptions(new List <RouteOptions> { new RouteOptions { SwaggerKey = "projects", UpstreamPathTemplate = "/api/projects/Projects", DownstreamPathTemplate = "/api/Projects", DownstreamHttpVersion = "2.0", } }); // downstreamSwagger is returned when client.GetStringAsync is called by the middleware. string downstreamSwagger = await GetBaseOpenApi("OpenApiWithVersionPlaceholderBase"); HttpClient httClientMock = GetHttpClient(downstreamSwagger); var httpClientFactory = new TestHttpClientFactory(httClientMock); var swaggerJsonTransformerMock = new Mock <ISwaggerJsonTransformer>(); swaggerJsonTransformerMock .Setup(x => x.Transform( It.IsAny <string>(), It.IsAny <IEnumerable <RouteOptions> >(), It.IsAny <string>())) .Returns(( string swaggerJson, IEnumerable <RouteOptions> routeOptions, string serverOverride) => new SwaggerJsonTransformer() .Transform(swaggerJson, routeOptions, serverOverride)); var swaggerForOcelotMiddleware = new SwaggerForOcelotMiddleware( next.Invoke, swaggerForOcelotOptions, routeOptions, swaggerJsonTransformerMock.Object); // Act await swaggerForOcelotMiddleware.Invoke( httpContext, new SwaggerEndPointProvider(swaggerEndpointOptions, OcelotSwaggerGenOptions.Default), new DownstreamSwaggerDocsRepository(Microsoft.Extensions.Options.Options.Create(swaggerForOcelotOptions), httpClientFactory, DummySwaggerServiceDiscoveryProvider.Default)); httpContext.Response.Body.Seek(0, SeekOrigin.Begin); // Assert httClientMock.DefaultRequestVersion.Should().BeEquivalentTo(new Version(2, 0)); }
public async Task AllowUserDefinedUpstreamTransformer() { // Arrange const string version = "v1"; const string key = "projects"; HttpContext httpContext = GetHttpContext(requestPath: $"/{version}/{key}"); var next = new TestRequestDelegate(); // What is being tested var swaggerForOcelotOptions = new SwaggerForOcelotUIOptions() { ReConfigureUpstreamSwaggerJson = ExampleUserDefinedUpstreamTransformer }; TestSwaggerEndpointOptions testSwaggerEndpointOptions = CreateSwaggerEndpointOptions(key, version); var routeOptions = new TestRouteOptions(); // downstreamSwagger is returned when client.GetStringAsync is called by the middleware. string downstreamSwagger = await GetBaseOpenApi("OpenApiBase"); HttpClient httClientMock = GetHttpClient(downstreamSwagger); var httpClientFactory = new TestHttpClientFactory(httClientMock); // upstreamSwagger is returned after swaggerJsonTransformer transforms the downstreamSwagger string upstreamSwagger = await GetBaseOpenApi("OpenApiBaseTransformed"); var swaggerJsonTransformer = new TestSwaggerJsonTransformer(upstreamSwagger); var swaggerForOcelotMiddleware = new SwaggerForOcelotMiddleware( next.Invoke, swaggerForOcelotOptions, routeOptions, swaggerJsonTransformer, Substitute.For <ISwaggerProvider>()); // Act await swaggerForOcelotMiddleware.Invoke( httpContext, new SwaggerEndPointProvider(testSwaggerEndpointOptions, OcelotSwaggerGenOptions.Default), new DownstreamSwaggerDocsRepository(Microsoft.Extensions.Options.Options.Create(swaggerForOcelotOptions), httpClientFactory, DummySwaggerServiceDiscoveryProvider.Default)); httpContext.Response.Body.Seek(0, SeekOrigin.Begin); string transformedUpstreamSwagger = await new StreamReader(httpContext.Response.Body).ReadToEndAsync(); // Assert AreEqual(transformedUpstreamSwagger, upstreamSwagger); }
public async Task AllowUserDefinedUpstreamTransformer() { // Arrange const string version = "v1"; const string key = "projects"; HttpContext httpContext = GetHttpContext(requestPath: $"/{version}/{key}"); var next = new TestRequestDelegate(); // What is being tested var swaggerForOcelotOptions = new SwaggerForOcelotUIOptions() { ReConfigureUpstreamSwaggerJson = ExampleUserDefinedUpstreamTransformer }; TestSwaggerEndpointOptions testSwaggerEndpointOptions = CreateSwaggerEndpointOptions(key, version); var rerouteOptions = new TestReRouteOptions(); // downstreamSwagger is returned when client.GetStringAsync is called by the middleware. string downstreamSwagger = await GetBaseOpenApi("OpenApiBase"); HttpClient httClientMock = GetHttpClient(downstreamSwagger); var httpClientFactory = new TestHttpClientFactory(httClientMock); // upstreamSwagger is returned after swaggerJsonTransformer transforms the downstreamSwagger string upstreamSwagger = await GetBaseOpenApi("OpenApiBaseTransformed"); var swaggerJsonTransformer = new TestSwaggerJsonTransformer(upstreamSwagger); var swaggerForOcelotMiddleware = new SwaggerForOcelotMiddleware( next.Invoke, swaggerForOcelotOptions, rerouteOptions, testSwaggerEndpointOptions, httpClientFactory, swaggerJsonTransformer); // Act await swaggerForOcelotMiddleware.Invoke(httpContext); httpContext.Response.Body.Seek(0, SeekOrigin.Begin); string transformedUpstreamSwagger = await new StreamReader(httpContext.Response.Body).ReadToEndAsync(); // Assert AreEqual(transformedUpstreamSwagger, upstreamSwagger); }
public async Task Invoke_SingleValidClaimShouldSucceed() { // Arrange var policy = new AuthorizationPolicyBuilder().RequireClaim("Permission", "CanViewComment", "CanViewPage").Build(); var policyProvider = new Mock <IAuthorizationPolicyProvider>(); policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy); var next = new TestRequestDelegate(); var middleware = CreateMiddleware(next.Invoke, policyProvider.Object); var context = GetHttpContext(endpoint: CreateEndpoint(new AuthorizeAttribute())); // Act await middleware.Invoke(context); // Assert Assert.True(next.Called); }
public async Task NoEndpointWithFallback_AnonymousUser_Challenges() { // Arrange var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build(); var policyProvider = new Mock <IAuthorizationPolicyProvider>(); policyProvider.Setup(p => p.GetFallbackPolicyAsync()).ReturnsAsync(policy); var next = new TestRequestDelegate(); var middleware = CreateMiddleware(next.Invoke, policyProvider.Object); var context = GetHttpContext(anonymous: true); // Act await middleware.Invoke(context); // Assert Assert.False(next.Called); }
public async Task HasEndpointWithoutAuth_AnonymousUser_Allows() { // Arrange var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build(); var policyProvider = new Mock <IAuthorizationPolicyProvider>(); policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy); var next = new TestRequestDelegate(); var middleware = CreateMiddleware(next.Invoke, policyProvider.Object); var context = GetHttpContext(anonymous: true, endpoint: CreateEndpoint()); // Act await middleware.Invoke(context); // Assert Assert.True(next.Called); }
public async Task Verify_Filter_SuccessReturns200() { // Arrange var body = "happy birthday"; var secret = "secret1"; var next = new TestRequestDelegate(); using var context = new TestHttpContext(body); context.AddHeader("header", "sha1=c842eb4acaa566b634f845417d8a4593928e9ec4"); var middleware = new TestVerifySignatureMiddleware(next.Invoke, "header", secret, x => x.Substring(5)); // Act await middleware.Invoke(context.Instance); // Assert Assert.Equal(200, context.Instance.Response.StatusCode); Assert.True(next.Called); }
public async Task IAuthenticateResultFeature_ContainsLowestExpiration() { // Arrange var policy = new AuthorizationPolicyBuilder().RequireRole("Wut").AddAuthenticationSchemes("Basic", "Bearer").Build(); var policyProvider = new Mock <IAuthorizationPolicyProvider>(); policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy); var next = new TestRequestDelegate(); var firstExpiration = new DateTimeOffset(2021, 5, 12, 2, 3, 4, TimeSpan.Zero); var secondExpiration = new DateTimeOffset(2021, 5, 11, 2, 3, 4, TimeSpan.Zero); var authenticationService = new Mock <IAuthenticationService>(); authenticationService.Setup(s => s.AuthenticateAsync(It.IsAny <HttpContext>(), "Basic")) .ReturnsAsync((HttpContext c, string scheme) => { var res = AuthenticateResult.Success(new AuthenticationTicket(new ClaimsPrincipal(c.User.Identities.FirstOrDefault(i => i.AuthenticationType == scheme)), scheme)); res.Properties.ExpiresUtc = firstExpiration; return(res); }); authenticationService.Setup(s => s.AuthenticateAsync(It.IsAny <HttpContext>(), "Bearer")) .ReturnsAsync((HttpContext c, string scheme) => { var res = AuthenticateResult.Success(new AuthenticationTicket(new ClaimsPrincipal(c.User.Identities.FirstOrDefault(i => i.AuthenticationType == scheme)), scheme)); res.Properties.ExpiresUtc = secondExpiration; return(res); }); var middleware = CreateMiddleware(next.Invoke, policyProvider.Object); var context = GetHttpContext(endpoint: CreateEndpoint(new AuthorizeAttribute()), authenticationService: authenticationService.Object); // Act await middleware.Invoke(context); // Assert var authenticateResultFeature = context.Features.Get <IAuthenticateResultFeature>(); Assert.NotNull(authenticateResultFeature); Assert.NotNull(authenticateResultFeature.AuthenticateResult); Assert.Same(context.User, authenticateResultFeature.AuthenticateResult.Principal); Assert.Equal(secondExpiration, authenticateResultFeature.AuthenticateResult?.Properties?.ExpiresUtc); }
public async Task Invoke_RequireUnknownRole_ForbidPerScheme() { // Arrange var policy = new AuthorizationPolicyBuilder().RequireRole("Wut").AddAuthenticationSchemes("Basic", "Bearer").Build(); var policyProvider = new Mock <IAuthorizationPolicyProvider>(); policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy); var next = new TestRequestDelegate(); var authenticationService = new TestAuthenticationService(); var middleware = CreateMiddleware(next.Invoke, policyProvider.Object); var context = GetHttpContext(endpoint: CreateEndpoint(new AuthorizeAttribute()), authenticationService: authenticationService); // Act await middleware.Invoke(context); // Assert Assert.False(next.Called); Assert.Equal(2, authenticationService.ForbidCount); }
public async Task HasEndpointWithAuth_AuthenticatedUser_Allows() { // Arrange var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build(); var policyProvider = new Mock <IAuthorizationPolicyProvider>(); policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy); var next = new TestRequestDelegate(); var authenticationService = new TestAuthenticationService(); var middleware = CreateMiddleware(next.Invoke, policyProvider.Object); var context = GetHttpContext(endpoint: CreateEndpoint(new AuthorizeAttribute()), authenticationService: authenticationService); // Act await middleware.Invoke(context); // Assert Assert.True(next.Called); Assert.False(authenticationService.ChallengeCalled); }
public async Task HasEndpointWithAuth_AnonymousUser_ChallengePerScheme() { // Arrange var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().AddAuthenticationSchemes("schema1", "schema2").Build(); var policyProvider = new Mock <IAuthorizationPolicyProvider>(); policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy); var next = new TestRequestDelegate(); var authenticationService = new TestAuthenticationService(); var middleware = CreateMiddleware(next.Invoke, policyProvider.Object); var context = GetHttpContext(anonymous: true, endpoint: CreateEndpoint(new AuthorizeAttribute()), authenticationService: authenticationService); // Act await middleware.Invoke(context); // Assert Assert.False(next.Called); Assert.Equal(2, authenticationService.ChallengeCount); }
public async Task CanApplyPolicyDirectlyToEndpoint() { // Arrange var calledPolicy = false; var policy = new AuthorizationPolicyBuilder().RequireAssertion(_ => { calledPolicy = true; return(true); }).Build(); var policyProvider = new Mock <IAuthorizationPolicyProvider>(); policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build()); var next = new TestRequestDelegate(); var middleware = CreateMiddleware(next.Invoke, policyProvider.Object); var context = GetHttpContext(anonymous: false, endpoint: CreateEndpoint(new AuthorizeAttribute(), policy)); // Act & Assert await middleware.Invoke(context); Assert.True(calledPolicy); }
public async Task Invoke_AuthSchemesFailShouldSetEmptyPrincipalOnContext() { // Arrange var policy = new AuthorizationPolicyBuilder("Fails").RequireAuthenticatedUser().Build(); var policyProvider = new Mock <IAuthorizationPolicyProvider>(); policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy); var next = new TestRequestDelegate(); var authenticationService = new TestAuthenticationService(); var middleware = CreateMiddleware(next.Invoke, policyProvider.Object); var context = GetHttpContext(endpoint: CreateEndpoint(new AuthorizeAttribute()), authenticationService: authenticationService); // Act await middleware.Invoke(context); // Assert Assert.False(next.Called); Assert.NotNull(context.User?.Identity); Assert.True(authenticationService.AuthenticateCalled); Assert.True(authenticationService.ChallengeCalled); }
public async Task Invoke_InvalidClaimShouldForbid() { // Arrange var policy = new AuthorizationPolicyBuilder() .RequireClaim("Permission", "CanViewComment") .Build(); var policyProvider = new Mock <IAuthorizationPolicyProvider>(); policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy); var next = new TestRequestDelegate(); var authenticationService = new TestAuthenticationService(); var middleware = CreateMiddleware(next.Invoke, policyProvider.Object); var context = GetHttpContext(endpoint: CreateEndpoint(new AuthorizeAttribute()), authenticationService: authenticationService); // Act await middleware.Invoke(context); // Assert Assert.False(next.Called); Assert.False(authenticationService.ChallengeCalled); Assert.True(authenticationService.ForbidCalled); }
public async Task IAuthenticateResultFeature_NotSetOnUnsuccessfulAuthorize() { // Arrange var policy = new AuthorizationPolicyBuilder().RequireRole("Wut").AddAuthenticationSchemes("NotImplemented").Build(); var policyProvider = new Mock <IAuthorizationPolicyProvider>(); policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy); var next = new TestRequestDelegate(); var authenticationService = new TestAuthenticationService(); var middleware = CreateMiddleware(next.Invoke, policyProvider.Object); var context = GetHttpContext(endpoint: CreateEndpoint(new AuthorizeAttribute(), new AllowAnonymousAttribute()), authenticationService: authenticationService); // Act await middleware.Invoke(context); // Assert Assert.True(next.Called); var authenticateResultFeature = context.Features.Get <IAuthenticateResultFeature>(); Assert.Null(authenticateResultFeature); Assert.True(authenticationService.AuthenticateCalled); }
public async Task IAuthenticateResultFeature_UsesExistingFeature_WithScheme() { // Arrange var policy = new AuthorizationPolicyBuilder().RequireClaim("Permission", "CanViewPage").AddAuthenticationSchemes("Bearer").Build(); var policyProvider = new Mock <IAuthorizationPolicyProvider>(); policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy); var next = new TestRequestDelegate(); var authenticationService = new Mock <IAuthenticationService>(); authenticationService.Setup(s => s.AuthenticateAsync(It.IsAny <HttpContext>(), "Bearer")) .ReturnsAsync((HttpContext c, string scheme) => { var res = AuthenticateResult.Success(new AuthenticationTicket(new ClaimsPrincipal(c.User.Identities.FirstOrDefault(i => i.AuthenticationType == scheme)), scheme)); return(res); }); var middleware = CreateMiddleware(next.Invoke, policyProvider.Object); var context = GetHttpContext(endpoint: CreateEndpoint(new AuthorizeAttribute()), authenticationService: authenticationService.Object); var testAuthenticateResultFeature = new TestAuthResultFeature(); var authenticateResult = AuthenticateResult.Success(new AuthenticationTicket(new ClaimsPrincipal(), "")); testAuthenticateResultFeature.AuthenticateResult = authenticateResult; context.Features.Set <IAuthenticateResultFeature>(testAuthenticateResultFeature); // Act await middleware.Invoke(context); // Assert var authenticateResultFeature = context.Features.Get <IAuthenticateResultFeature>(); Assert.NotNull(authenticateResultFeature); Assert.NotNull(authenticateResultFeature.AuthenticateResult); Assert.Same(testAuthenticateResultFeature, authenticateResultFeature); Assert.NotSame(authenticateResult, authenticateResultFeature.AuthenticateResult); }
public async Task AllowUserDefinedUpstreamTransformer() { // Arrange const string version = "v1"; const string key = "test"; var httpContext = GetHttpContext(requestPath: $"/{version}/{key}"); var next = new TestRequestDelegate(); // What is being tested var swaggerForOcelotOptions = new SwaggerForOcelotUIOptions() { ReConfigureUpstreamSwaggerJson = ExampleUserDefinedUpstreamTransformer }; var rerouteOptions = new TestReRouteOptions(); var swaggerEndpointOptions = new TestSwaggerEndpointOptions( new List <SwaggerEndPointOptions>() { new SwaggerEndPointOptions() { Key = key, Config = new List <SwaggerEndPointConfig>() { new SwaggerEndPointConfig() { Name = "Test Service", Version = version, Url = $"http://test.com/{version}/{key}/swagger.json" } } } }); // downstreamSwagger is returned when client.GetStringAsync is called by the middleware. var downstreamSwagger = await GetBaseOpenApi("OpenApiBase"); var httClientMock = GetHttpClient(downstreamSwagger); var httpClientFactory = new TestHttpClientFactory(httClientMock); // upstreamSwagger is returned after swaggerJsonTransformer transforms the downstreamSwagger var upstreamSwagger = await GetBaseOpenApi("OpenApiBaseTransformed"); var swaggerJsonTransformer = new TestSwaggerJsonTransformer(upstreamSwagger); var swaggerForOcelotMiddleware = new SwaggerForOcelotMiddleware( next.Invoke, swaggerForOcelotOptions, rerouteOptions, swaggerEndpointOptions, httpClientFactory, swaggerJsonTransformer); // Act await swaggerForOcelotMiddleware.Invoke(httpContext); httpContext.Response.Body.Seek(0, SeekOrigin.Begin); var transformedUpstreamSwagger = await new StreamReader(httpContext.Response.Body).ReadToEndAsync(); // Assert await AreEqual(transformedUpstreamSwagger, "OpenApiBaseTransformedReconfigured"); }
public async Task AllowVersionPlaceholder() { // Arrange const string version = "v1"; const string key = "projects"; HttpContext httpContext = GetHttpContext(requestPath: $"/{version}/{key}"); var next = new TestRequestDelegate(); // What is being tested var swaggerForOcelotOptions = new SwaggerForOcelotUIOptions(); TestSwaggerEndpointOptions swaggerEndpointOptions = CreateSwaggerEndpointOptions(key, version); var rerouteOptions = new TestReRouteOptions(new List <ReRouteOptions> { new ReRouteOptions { SwaggerKey = "projects", UpstreamPathTemplate = "/api/{version}/projects/Values/{everything}", DownstreamPathTemplate = "/api/{version}/Values/{everything}", }, new ReRouteOptions { SwaggerKey = "projects", UpstreamPathTemplate = "/api/projects/Projects", DownstreamPathTemplate = "/api/Projects", }, new ReRouteOptions { SwaggerKey = "projects", UpstreamPathTemplate = "/api/projects/Projects/{everything}", DownstreamPathTemplate = "/api/Projects/{everything}", } }); // downstreamSwagger is returned when client.GetStringAsync is called by the middleware. string downstreamSwagger = await GetBaseOpenApi("OpenApiWithVersionPlaceholderBase"); HttpClient httClientMock = GetHttpClient(downstreamSwagger); var httpClientFactory = new TestHttpClientFactory(httClientMock); // upstreamSwagger is returned after swaggerJsonTransformer transforms the downstreamSwagger string expectedSwagger = await GetBaseOpenApi("OpenApiWithVersionPlaceholderBaseTransformed"); var swaggerJsonTransformerMock = new Mock <ISwaggerJsonTransformer>(); swaggerJsonTransformerMock .Setup(x => x.Transform( It.IsAny <string>(), It.IsAny <IEnumerable <ReRouteOptions> >(), It.IsAny <string>())) .Returns(( string swaggerJson, IEnumerable <ReRouteOptions> reRouteOptions, string serverOverride) => new SwaggerJsonTransformer() .Transform(swaggerJson, reRouteOptions, serverOverride)); var swaggerForOcelotMiddleware = new SwaggerForOcelotMiddleware( next.Invoke, swaggerForOcelotOptions, rerouteOptions, swaggerEndpointOptions, httpClientFactory, swaggerJsonTransformerMock.Object); // Act await swaggerForOcelotMiddleware.Invoke(httpContext, DummySwaggerServiceDiscoveryProvider.Default); httpContext.Response.Body.Seek(0, SeekOrigin.Begin); // Assert using (var streamReader = new StreamReader(httpContext.Response.Body)) { string transformedUpstreamSwagger = await streamReader.ReadToEndAsync(); AreEqual(transformedUpstreamSwagger, expectedSwagger); } swaggerJsonTransformerMock.Verify(x => x.Transform( It.IsAny <string>(), It.IsAny <IEnumerable <ReRouteOptions> >(), It.IsAny <string>()), Times.Once); }
public async Task InvokeAsyncTest() { IServiceProvider serviceProvider = CreateServices(); //未指定权限时且为指定FallbackPolicy时 匿名用户可访问 using (IServiceScope serviceScope = serviceProvider.CreateScope()) { IServiceProvider scopeServiceProvider = serviceScope.ServiceProvider; var next = new TestRequestDelegate(); var middleware = CreateMiddleware(next.Invoke, scopeServiceProvider.GetRequiredService <IPolicyCombiner>()); var context = GetHttpContext(scopeServiceProvider); IPolicyEvaluator policyEvaluator = scopeServiceProvider.GetRequiredService <IPolicyEvaluator>(); await middleware.InvokeAsync(context, MockAuthorizeDataManager(null), policyEvaluator); next.Called.ShouldBeTrue(); } //未指定权限但是指定FallbackPolicy时 serviceProvider = CreateServices(services => { services.AddScoped <IAuthorizationPolicyProvider>(sp => { var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build(); var policyProvider = new Mock <IAuthorizationPolicyProvider>(); policyProvider.Setup(p => p.GetFallbackPolicyAsync()).ReturnsAsync(policy); return(policyProvider.Object); }); }); using (IServiceScope serviceScope = serviceProvider.CreateScope()) { IServiceProvider scopeServiceProvider = serviceScope.ServiceProvider; var next = new TestRequestDelegate(); var middleware = CreateMiddleware(next.Invoke, scopeServiceProvider.GetRequiredService <IPolicyCombiner>()); var context = GetHttpContext(scopeServiceProvider); IPolicyEvaluator policyEvaluator = scopeServiceProvider.GetRequiredService <IPolicyEvaluator>(); await middleware.InvokeAsync(context, MockAuthorizeDataManager(null), policyEvaluator); next.Called.ShouldBeFalse(); } serviceProvider = CreateServices(); using (IServiceScope serviceScope = serviceProvider.CreateScope()) { IServiceProvider scopeServiceProvider = serviceScope.ServiceProvider; var next = new TestRequestDelegate(); var middleware = CreateMiddleware(next.Invoke, scopeServiceProvider.GetRequiredService <IPolicyCombiner>()); IPolicyEvaluator policyEvaluator = scopeServiceProvider.GetRequiredService <IPolicyEvaluator>(); //允许匿名访问 var context = GetHttpContext(scopeServiceProvider); await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData() { AllowedAnonymous = true }), policyEvaluator); next.Called.ShouldBeTrue(); //拒绝所有 next.Reset(); await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData() { DeniedAll = true }), policyEvaluator); next.Called.ShouldBeFalse(); //允许所有登录者 访问 next.Reset(); await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData() { AllowedAllRoles = true }), policyEvaluator); next.Called.ShouldBeFalse(); next.Reset(); ClaimsPrincipal principal = new ClaimsPrincipal(); ClaimsIdentity basicIdentity = new ClaimsIdentity(new Claim[] { new Claim("Permission", "CanViewPage"), new Claim(ClaimTypes.Role, "Administrator"), new Claim(ClaimTypes.Role, "User"), new Claim(ClaimTypes.NameIdentifier, "John") }, "Basic", ClaimTypes.NameIdentifier, ClaimTypes.Role); principal.AddIdentity(basicIdentity); context = GetHttpContext(scopeServiceProvider, principal); await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData() { AllowedAllRoles = true }), policyEvaluator); next.Called.ShouldBeTrue(); // 角色验证 next.Reset(); await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData() { AllowedRoles = new string[] { "User" } }), policyEvaluator); next.Called.ShouldBeTrue(); next.Reset(); await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData() { AllowedRoles = new string[] { "userRole" } }), policyEvaluator); next.Called.ShouldBeFalse(); //用户Id next.Reset(); await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData() { AllowedUsers = new string[] { "user0" } }), policyEvaluator); next.Called.ShouldBeFalse(); next.Reset(); await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData() { AllowedUsers = new string[] { "John" } }), policyEvaluator); next.Called.ShouldBeTrue(); next.Reset(); await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData() { AllowedRoles = new string[] { "role0", "role1" }, AllowedUsers = new string[] { "user0" } }), policyEvaluator); next.Called.ShouldBeFalse(); next.Reset(); await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData() { AllowedRoles = new string[] { "role0", "role1" }, AllowedUsers = new string[] { "John" } }), policyEvaluator); next.Called.ShouldBeTrue(); next.Reset(); await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData() { AllowedRoles = new string[] { "Administrator", "role1" }, AllowedUsers = new string[] { "John00" } }), policyEvaluator); next.Called.ShouldBeTrue(); next.Reset(); await middleware.InvokeAsync(context, MockAuthorizeDataManager(new AuthorizeData() { AllowedRoles = new string[] { "Administrator", "role1" }, AllowedUsers = new string[] { "John" } }), policyEvaluator); next.Called.ShouldBeTrue(); } }