public async Task IsOriginAllowedAsync_should_check_SanetizedCorsUri()
        {
            using var store = new RavenDbTestDriverWrapper().GetDocumentStore();
            using var s1    = store.OpenAsyncSession();

            await s1.StoreAsync(new Entity.ClientUri
            {
                Id               = "allowed",
                Kind             = Entity.UriKinds.Cors | Entity.UriKinds.Redirect,
                SanetizedCorsUri = "HTTP://ALLOWED:5000"
            }, $"{nameof(Entity.ClientUri)}/allowed");

            await s1.StoreAsync(new Entity.ClientUri
            {
                Id               = "notallowed",
                Kind             = Entity.UriKinds.Redirect,
                SanetizedCorsUri = "HTTP://NOTALLOWED:5000"
            }, $"{nameof(Entity.ClientUri)}/notallowed");

            await s1.SaveChangesAsync();

            var sut = new CorsPolicyService(new ScopedAsynDocumentcSession(store.OpenAsyncSession()));

            Assert.True(await sut.IsOriginAllowedAsync("http://allowed:5000"));
            Assert.False(await sut.IsOriginAllowedAsync("http://notallowed:5000"));
        }
        public void IsOriginAllowedAsync_WhenOriginIsNotAllowed_ExpectFalse(DbContextOptions <ConfigurationDbContext> options)
        {
            using (var context = new ConfigurationDbContext(options, StoreOptions))
            {
                context.Clients.Add(new Client
                {
                    ClientId           = Guid.NewGuid().ToString(),
                    ClientName         = Guid.NewGuid().ToString(),
                    AllowedCorsOrigins = new List <string> {
                        "https://www.identityserver.com"
                    }
                }.ToEntity());
                context.SaveChanges();
            }

            bool result;

            using (var context = new ConfigurationDbContext(options, StoreOptions))
            {
                var svcs = new ServiceCollection();
                svcs.AddSingleton <IConfigurationDbContext>(context);
                var provider = svcs.BuildServiceProvider();

                var service = new CorsPolicyService(provider, FakeLogger <CorsPolicyService> .Create());
                result = service.IsOriginAllowedAsync("InvalidOrigin").Result;
            }

            Assert.False(result);
        }
        public async Task IsOriginAllowedAsync_WhenOriginIsNotAllowed_ExpectFalse(ISessionFactory sessionFactory)
        {
            using (var provider = new ConfigurationSessionProvider(sessionFactory.OpenSession))
            {
                await provider.Session.SaveAsync(_mapper.Map <Entities.Client>(new Client
                {
                    ClientId           = Guid.NewGuid().ToString(),
                    ClientName         = Guid.NewGuid().ToString(),
                    AllowedCorsOrigins = new List <string> {
                        "https://www.identityserver.com"
                    }
                }));
            }

            bool result;

            using (var provider = new ConfigurationSessionProvider(sessionFactory.OpenSession))
            {
                var ctx  = new DefaultHttpContext();
                var svcs = new ServiceCollection();
                svcs.AddSingleton(provider);
                ctx.RequestServices = svcs.BuildServiceProvider();
                var ctxAccessor = new HttpContextAccessor
                {
                    HttpContext = ctx
                };

                var service = new CorsPolicyService(ctxAccessor);
                result = service.IsOriginAllowedAsync("InvalidOrigin").Result;
            }

            Assert.False(result);
        }
        public async Task IsOriginAllowedAsync_WhenOriginIsNotAllowed_ExpectFalse()
        {
            var storeHolder = GetConfigurationDocumentStoreHolder();

            using (var session = storeHolder.OpenAsyncSession())
            {
                await session.StoreAsync(new Client
                {
                    ClientId           = Guid.NewGuid().ToString(),
                    ClientName         = Guid.NewGuid().ToString(),
                    AllowedCorsOrigins = new List <string> {
                        "https://www.identityserver.com"
                    }
                }.ToEntity());

                await session.SaveChangesAsync();
            }

            WaitForIndexing(storeHolder.IntegrationTest_GetDocumentStore());

            var service = new CorsPolicyService(storeHolder, FakeLogger <CorsPolicyService> .Create());
            var result  = await service.IsOriginAllowedAsync("InvalidOrigin");

            Assert.False(result);
        }
Ejemplo n.º 5
0
        public async Task Should_Check_For_Not_Allowed_Origin(TestDatabase testDb)
        {
            using (var session = testDb.OpenSession())
            {
                await session.SaveAsync(
                    new Client()
                {
                    ClientId           = Guid.NewGuid().ToString(),
                    ClientName         = "test_client",
                    AllowedCorsOrigins = new[] { "https://allowed.site.it" }
                }.ToEntity()
                    );

                await session.FlushAsync();
            }

            var ctx = CreateHttpContextAccessor(testDb);

            var loggerMock = new Mock <ILogger <CorsPolicyService> >();
            var service    = new CorsPolicyService(ctx, loggerMock.Object);
            var result     = await service.IsOriginAllowedAsync("https://not.allowed.site.it");

            result.Should().BeFalse();

            await CleanupTestDataAsync(testDb);
        }
Ejemplo n.º 6
0
        public void IsOriginAllowedAsync_WhenOriginIsAllowed_ExpectTrue(DbContextOptions <ConfigurationDbContext> options)
        {
            const string testCorsOrigin = "https://identityserver.io/";

            using (var context = new ConfigurationDbContext(options, StoreOptions))
            {
                context.Clients.Add(new Client
                {
                    ClientId           = Guid.NewGuid().ToString(),
                    ClientName         = Guid.NewGuid().ToString(),
                    AllowedCorsOrigins = new List <string> {
                        "https://www.identityserver.com"
                    }
                }.ToEntity());
                context.Clients.Add(new Client
                {
                    ClientId           = "2",
                    ClientName         = "2",
                    AllowedCorsOrigins = new List <string> {
                        "https://www.identityserver.com", testCorsOrigin
                    }
                }.ToEntity());
                context.SaveChanges();
            }

            bool result;

            using (var context = new ConfigurationDbContext(options, StoreOptions))
            {
                var service = new CorsPolicyService(context, NullLogger <CorsPolicyService> .Create());
                result = service.IsOriginAllowedAsync(testCorsOrigin).Result;
            }

            Assert.True(result);
        }
        public async Task IsOriginAllowedAsync_WhenOriginIsNotAllowed_ExpectFalse()
        {
            using var store = GetDocumentStore();
            await new ClientIndex().ExecuteAsync(store);

            using (var session = store.OpenAsyncSession())
            {
                await session.StoreAsync(new Client
                {
                    ClientId           = Guid.NewGuid().ToString(),
                    ClientName         = Guid.NewGuid().ToString(),
                    AllowedCorsOrigins = new List <string> {
                        "https://www.identityserver.com"
                    }
                }.ToEntity());

                await session.SaveChangesAsync();
            }

            WaitForIndexing(store);

            bool result;

            using (var session = store.OpenAsyncSession())
            {
                var service = new CorsPolicyService(session, FakeLogger <CorsPolicyService> .Create());
                result = await service.IsOriginAllowedAsync("InvalidOrigin");
            }

            Assert.False(result);
        }
        public async Task IsOriginAllowedAsync_WhenOriginIsNotAllowed_ExpectFalse(DbContextOptions <ConfigurationDbContext> options)
        {
            using (var context = new ConfigurationDbContext(options, StoreOptions))
            {
                context.Clients.Add(new Client
                {
                    ClientId           = Guid.NewGuid().ToString(),
                    ClientName         = Guid.NewGuid().ToString(),
                    AllowedCorsOrigins = new List <string> {
                        "https://www.identityserver.com"
                    }
                }.ToEntity());
                await context.SaveChangesAsync();
            }

            bool result;

            using (var context = new ConfigurationDbContext(options, StoreOptions))
            {
                var ctx  = new DefaultHttpContext();
                var svcs = new ServiceCollection();
                svcs.AddSingleton <IConfigurationDbContext>(context);
                ctx.RequestServices = svcs.BuildServiceProvider();
                var ctxAccessor = new HttpContextAccessor();
                ctxAccessor.HttpContext = ctx;

                var service = new CorsPolicyService(ctxAccessor, FakeLogger <CorsPolicyService> .Create());
                result = await service.IsOriginAllowedAsync("InvalidOrigin");
            }

            Assert.False(result);
        }
        public void IsOriginAllowedAsync_WhenOriginIsAllowed_ExpectTrue(
            DbContextOptions <ConfigurationDbContext> options)
        {
            const string testCorsOrigin = "https://identityserver.io/";

            using (var context =
                       new ConfigurationDbContext(options, StoreOptions))
            {
                context.Clients.Add(new Client
                {
                    ClientId           = Guid.NewGuid().ToString(),
                    ClientName         = Guid.NewGuid().ToString(),
                    AllowedCorsOrigins = new List <string> {
                        "https://www.identityserver.com"
                    }
                }.ToEntity());
                context.Clients.Add(new Client
                {
                    ClientId           = "2",
                    ClientName         = "2",
                    AllowedCorsOrigins = new List <string> {
                        "https://www.identityserver.com",
                        testCorsOrigin
                    }
                }.ToEntity());
                context.SaveChanges();
            }

            bool result;

            using (var context =
                       new ConfigurationDbContext(options, StoreOptions))
            {
                var ctx  = new DefaultHttpContext();
                var svcs = new ServiceCollection();
                svcs.AddSingleton <IConfigurationDbContext>(context);
                ctx.RequestServices = svcs.BuildServiceProvider();
                var ctxAccessor = new HttpContextAccessor();
                ctxAccessor.HttpContext = ctx;

                var service = new CorsPolicyService(
                    ctxAccessor,
                    NullLogger <CorsPolicyService> .Create()
                    );

                result = service.IsOriginAllowedAsync(testCorsOrigin).Result;
            }

            Assert.True(result);
        }
Ejemplo n.º 10
0
        public async Task IsOriginAllowedAsync_should_call_store_GetAsync()
        {
            var storeMock = new Mock <IAdminStore <ClientUri> >();
            var sut       = new CorsPolicyService(storeMock.Object);

            storeMock.Setup(m => m.GetAsync(It.IsAny <PageRequest>(), default))
            .ReturnsAsync(new PageResponse <ClientUri>
            {
                Items = new List <ClientUri>(0)
            })
            .Verifiable();

            await sut.IsOriginAllowedAsync("http://test");

            storeMock.Verify(m => m.GetAsync(It.Is <PageRequest>(p => p.Filter == $"{nameof(ClientUri.SanetizedCorsUri)} eq 'HTTP://TEST:80'"), default));
        }
        public async Task IsOriginAllowedAsync_WhenOriginIsAllowed_ExpectTrue()
        {
            const string testCorsOrigin = "https://identityserver.io/";

            using var store = GetDocumentStore();
            await new ClientIndex().ExecuteAsync(store);

            using (var session = store.OpenAsyncSession())
            {
                await session.StoreAsync(new Client
                {
                    ClientId           = Guid.NewGuid().ToString(),
                    ClientName         = Guid.NewGuid().ToString(),
                    AllowedCorsOrigins = new List <string> {
                        "https://www.identityserver.com"
                    }
                }.ToEntity());

                await session.StoreAsync(new Client
                {
                    ClientId           = "2",
                    ClientName         = "2",
                    AllowedCorsOrigins = new List <string> {
                        "https://www.identityserver.com", testCorsOrigin
                    }
                }.ToEntity());

                await session.SaveChangesAsync();
            }

            WaitForIndexing(store);

            bool result;

            using (var session = store.OpenAsyncSession())
            {
                var service = new CorsPolicyService(session, FakeLogger <CorsPolicyService> .Create());
                result = await service.IsOriginAllowedAsync(testCorsOrigin.ToUpperInvariant());
            }

            Assert.True(result);
        }
        public async Task IsOriginAllowedAsync_WhenOriginIsAllowed_ExpectTrueAsync()
        {
            const string testCorsOrigin = "https://identityserver.io/";

            var client = new Client
            {
                ClientId           = Guid.NewGuid().ToString(),
                ClientName         = Guid.NewGuid().ToString(),
                AllowedCorsOrigins = new List <string> {
                    "https://www.identityserver.com"
                }
            };
            await context.Clients.Document(client.ClientId).SetAsync(client.ToEntity());

            client = new Client
            {
                ClientId           = "2",
                ClientName         = "2",
                AllowedCorsOrigins = new List <string> {
                    "https://www.identityserver.com", testCorsOrigin
                }
            };
            await context.Clients.Document(client.ClientId).SetAsync(client.ToEntity());

            bool result;
            var  ctx  = new DefaultHttpContext();
            var  svcs = new ServiceCollection();

            svcs.AddSingleton <IConfigurationContext>(context);
            ctx.RequestServices = svcs.BuildServiceProvider();
            var ctxAccessor = new HttpContextAccessor();

            ctxAccessor.HttpContext = ctx;

            var service = new CorsPolicyService(ctxAccessor, FakeLogger <CorsPolicyService> .Create());

            result = await service.IsOriginAllowedAsync(testCorsOrigin);

            Assert.True(result);
        }
    public void IsOriginAllowedAsync_WhenOriginIsAllowed_ExpectTrue(DbContextOptions <ConfigurationDbContext> options)
    {
        const string testCorsOrigin = "https://identityserver.io/";

        using (var context = new ConfigurationDbContext(options))
        {
            context.Clients.Add(new Client
            {
                ClientId           = Guid.NewGuid().ToString(),
                ClientName         = Guid.NewGuid().ToString(),
                AllowedCorsOrigins = new List <string> {
                    "https://www.identityserver.com"
                }
            }.ToEntity());
            context.Clients.Add(new Client
            {
                ClientId           = "2",
                ClientName         = "2",
                AllowedCorsOrigins = new List <string> {
                    "https://www.identityserver.com", testCorsOrigin
                }
            }.ToEntity());
            context.SaveChanges();
        }

        bool result;

        using (var context = new ConfigurationDbContext(options))
        {
            var svcs = new ServiceCollection();
            svcs.AddSingleton <IConfigurationDbContext>(context);
            var provider = svcs.BuildServiceProvider();

            var service = new CorsPolicyService(provider, FakeLogger <CorsPolicyService> .Create(), new NoneCancellationTokenProvider());
            result = service.IsOriginAllowedAsync(testCorsOrigin).Result;
        }

        Assert.True(result);
    }
Ejemplo n.º 14
0
        public async Task Should_Check_For_Allowed_Origin(TestDatabase testDb)
        {
            const string testCorsOrigin = "https://www.site1.it/";

            using (var session = testDb.SessionFactory.OpenSession())
            {
                await session.SaveAsync(
                    new Client()
                {
                    ClientId           = Guid.NewGuid().ToString(),
                    ClientName         = "1st_client",
                    AllowedCorsOrigins = new[] { "https://www.site2.com" }
                }.ToEntity()
                    );

                await session.SaveAsync(
                    new Client
                {
                    ClientId           = Guid.NewGuid().ToString(),
                    ClientName         = "2nd_client",
                    AllowedCorsOrigins = new[] { "https://www.site2.com", testCorsOrigin }
                }.ToEntity()
                    );

                await session.FlushAsync();
            }

            var ctx = CreateHttpContextAccessor(testDb);

            var loggerMock = new Mock <ILogger <CorsPolicyService> >();
            var service    = new CorsPolicyService(ctx, loggerMock.Object);
            var result     = await service.IsOriginAllowedAsync(testCorsOrigin);

            result.Should().BeTrue();

            await CleanupTestDataAsync(testDb);
        }
        public static void Tests(string name, string connectionString) => Describe($"{nameof(CorsPolicyService)} using {name}", () =>
        {
            var dataLayer = XpoDefault.GetDataLayer(connectionString, DevExpress.Xpo.DB.AutoCreateOption.DatabaseAndSchema);

            using var unitOfWork = new UnitOfWork(dataLayer);
            unitOfWork.UpdateSchema();

            (CorsPolicyService, ServiceProvider)CreateService()
            {
                var ctx  = new DefaultHttpContext();
                var svcs = new ServiceCollection();
                svcs.AddTransient(_ => new UnitOfWork(dataLayer));
                var serviceProvider     = svcs.BuildServiceProvider();
                ctx.RequestServices     = serviceProvider;
                var ctxAccessor         = new HttpContextAccessor();
                ctxAccessor.HttpContext = ctx;

                var service = new CorsPolicyService(ctxAccessor, FakeLogger <CorsPolicyService> .Create());
                return(service, serviceProvider);
            }

            It("IsOriginAllowedAsync when origin is allowed", async() =>
            {
                const string testCorsOrigin = "https://identityserver.io/";

                using (var uow = new UnitOfWork(dataLayer))
                {
                    await uow.SaveAsync(new Client
                    {
                        ClientId           = Guid.NewGuid().ToString(),
                        ClientName         = Guid.NewGuid().ToString(),
                        AllowedCorsOrigins = new List <string> {
                            "https://www.identityserver.com"
                        }
                    }.ToEntity(uow));

                    await uow.SaveAsync(new Client
                    {
                        ClientId           = "2",
                        ClientName         = "2",
                        AllowedCorsOrigins = new List <string> {
                            "https://www.identityserver.com", testCorsOrigin
                        }
                    }.ToEntity(uow));
                    await uow.CommitChangesAsync();
                }


                var(service, disposable) = CreateService();
                using (disposable)
                {
                    return(await service.IsOriginAllowedAsync(testCorsOrigin));
                }
            });

            It("IsOriginAllowedAsync when origin is not allowed", async() =>
            {
                using (var uow = new UnitOfWork(dataLayer))
                {
                    await uow.SaveAsync(new Client
                    {
                        ClientId           = Guid.NewGuid().ToString(),
                        ClientName         = Guid.NewGuid().ToString(),
                        AllowedCorsOrigins = new List <string> {
                            "https://www.identityserver.com"
                        }
                    }.ToEntity(uow));

                    await uow.CommitChangesAsync();
                }

                var(service, disposable) = CreateService();
                using (disposable)
                {
                    var result = await service.IsOriginAllowedAsync("InvalidOrigin");
                    return(!result);
                }
            });
        });