public async Task IsOriginAllowedAsync_should_check_SanetizedCorsUri()
{
using var store = new RavenDbTestDriverWrapper().GetDocumentStore();
using var s1 = store.OpenAsyncSession();
await s1.StoreAsync(new Entity.ClientUri
{
Id = "allowed",
Kind = Entity.UriKinds.Cors | Entity.UriKinds.Redirect,
SanetizedCorsUri = "HTTP://ALLOWED:5000"
}, $"{nameof(Entity.ClientUri)}/allowed");
await s1.StoreAsync(new Entity.ClientUri
{
Id = "notallowed",
Kind = Entity.UriKinds.Redirect,
SanetizedCorsUri = "HTTP://NOTALLOWED:5000"
}, $"{nameof(Entity.ClientUri)}/notallowed");
await s1.SaveChangesAsync();
var sut = new CorsPolicyService(new ScopedAsynDocumentcSession(store.OpenAsyncSession()));
Assert.True(await sut.IsOriginAllowedAsync("http://allowed:5000"));
Assert.False(await sut.IsOriginAllowedAsync("http://notallowed:5000"));
}
public void IsOriginAllowedAsync_WhenOriginIsNotAllowed_ExpectFalse(DbContextOptions <ConfigurationDbContext> options)
{
using (var context = new ConfigurationDbContext(options, StoreOptions))
{
context.Clients.Add(new Client
{
ClientId = Guid.NewGuid().ToString(),
ClientName = Guid.NewGuid().ToString(),
AllowedCorsOrigins = new List <string> {
"https://www.identityserver.com"
}
}.ToEntity());
context.SaveChanges();
}
bool result;
using (var context = new ConfigurationDbContext(options, StoreOptions))
{
var svcs = new ServiceCollection();
svcs.AddSingleton <IConfigurationDbContext>(context);
var provider = svcs.BuildServiceProvider();
var service = new CorsPolicyService(provider, FakeLogger <CorsPolicyService> .Create());
result = service.IsOriginAllowedAsync("InvalidOrigin").Result;
}
Assert.False(result);
}
public async Task IsOriginAllowedAsync_WhenOriginIsNotAllowed_ExpectFalse(ISessionFactory sessionFactory)
{
using (var provider = new ConfigurationSessionProvider(sessionFactory.OpenSession))
{
await provider.Session.SaveAsync(_mapper.Map <Entities.Client>(new Client
{
ClientId = Guid.NewGuid().ToString(),
ClientName = Guid.NewGuid().ToString(),
AllowedCorsOrigins = new List <string> {
"https://www.identityserver.com"
}
}));
}
bool result;
using (var provider = new ConfigurationSessionProvider(sessionFactory.OpenSession))
{
var ctx = new DefaultHttpContext();
var svcs = new ServiceCollection();
svcs.AddSingleton(provider);
ctx.RequestServices = svcs.BuildServiceProvider();
var ctxAccessor = new HttpContextAccessor
{
HttpContext = ctx
};
var service = new CorsPolicyService(ctxAccessor);
result = service.IsOriginAllowedAsync("InvalidOrigin").Result;
}
Assert.False(result);
}
public async Task IsOriginAllowedAsync_WhenOriginIsNotAllowed_ExpectFalse()
{
var storeHolder = GetConfigurationDocumentStoreHolder();
using (var session = storeHolder.OpenAsyncSession())
{
await session.StoreAsync(new Client
{
ClientId = Guid.NewGuid().ToString(),
ClientName = Guid.NewGuid().ToString(),
AllowedCorsOrigins = new List <string> {
"https://www.identityserver.com"
}
}.ToEntity());
await session.SaveChangesAsync();
}
WaitForIndexing(storeHolder.IntegrationTest_GetDocumentStore());
var service = new CorsPolicyService(storeHolder, FakeLogger <CorsPolicyService> .Create());
var result = await service.IsOriginAllowedAsync("InvalidOrigin");
Assert.False(result);
}
public async Task Should_Check_For_Not_Allowed_Origin(TestDatabase testDb)
{
using (var session = testDb.OpenSession())
{
await session.SaveAsync(
new Client()
{
ClientId = Guid.NewGuid().ToString(),
ClientName = "test_client",
AllowedCorsOrigins = new[] { "https://allowed.site.it" }
}.ToEntity()
);
await session.FlushAsync();
}
var ctx = CreateHttpContextAccessor(testDb);
var loggerMock = new Mock <ILogger <CorsPolicyService> >();
var service = new CorsPolicyService(ctx, loggerMock.Object);
var result = await service.IsOriginAllowedAsync("https://not.allowed.site.it");
result.Should().BeFalse();
await CleanupTestDataAsync(testDb);
}
public void IsOriginAllowedAsync_WhenOriginIsAllowed_ExpectTrue(DbContextOptions <ConfigurationDbContext> options)
{
const string testCorsOrigin = "https://identityserver.io/";
using (var context = new ConfigurationDbContext(options, StoreOptions))
{
context.Clients.Add(new Client
{
ClientId = Guid.NewGuid().ToString(),
ClientName = Guid.NewGuid().ToString(),
AllowedCorsOrigins = new List <string> {
"https://www.identityserver.com"
}
}.ToEntity());
context.Clients.Add(new Client
{
ClientId = "2",
ClientName = "2",
AllowedCorsOrigins = new List <string> {
"https://www.identityserver.com", testCorsOrigin
}
}.ToEntity());
context.SaveChanges();
}
bool result;
using (var context = new ConfigurationDbContext(options, StoreOptions))
{
var service = new CorsPolicyService(context, NullLogger <CorsPolicyService> .Create());
result = service.IsOriginAllowedAsync(testCorsOrigin).Result;
}
Assert.True(result);
}
public async Task IsOriginAllowedAsync_WhenOriginIsNotAllowed_ExpectFalse()
{
using var store = GetDocumentStore();
await new ClientIndex().ExecuteAsync(store);
using (var session = store.OpenAsyncSession())
{
await session.StoreAsync(new Client
{
ClientId = Guid.NewGuid().ToString(),
ClientName = Guid.NewGuid().ToString(),
AllowedCorsOrigins = new List <string> {
"https://www.identityserver.com"
}
}.ToEntity());
await session.SaveChangesAsync();
}
WaitForIndexing(store);
bool result;
using (var session = store.OpenAsyncSession())
{
var service = new CorsPolicyService(session, FakeLogger <CorsPolicyService> .Create());
result = await service.IsOriginAllowedAsync("InvalidOrigin");
}
Assert.False(result);
}
public async Task IsOriginAllowedAsync_WhenOriginIsNotAllowed_ExpectFalse(DbContextOptions <ConfigurationDbContext> options)
{
using (var context = new ConfigurationDbContext(options, StoreOptions))
{
context.Clients.Add(new Client
{
ClientId = Guid.NewGuid().ToString(),
ClientName = Guid.NewGuid().ToString(),
AllowedCorsOrigins = new List <string> {
"https://www.identityserver.com"
}
}.ToEntity());
await context.SaveChangesAsync();
}
bool result;
using (var context = new ConfigurationDbContext(options, StoreOptions))
{
var ctx = new DefaultHttpContext();
var svcs = new ServiceCollection();
svcs.AddSingleton <IConfigurationDbContext>(context);
ctx.RequestServices = svcs.BuildServiceProvider();
var ctxAccessor = new HttpContextAccessor();
ctxAccessor.HttpContext = ctx;
var service = new CorsPolicyService(ctxAccessor, FakeLogger <CorsPolicyService> .Create());
result = await service.IsOriginAllowedAsync("InvalidOrigin");
}
Assert.False(result);
}
public void IsOriginAllowedAsync_WhenOriginIsAllowed_ExpectTrue(
DbContextOptions <ConfigurationDbContext> options)
{
const string testCorsOrigin = "https://identityserver.io/";
using (var context =
new ConfigurationDbContext(options, StoreOptions))
{
context.Clients.Add(new Client
{
ClientId = Guid.NewGuid().ToString(),
ClientName = Guid.NewGuid().ToString(),
AllowedCorsOrigins = new List <string> {
"https://www.identityserver.com"
}
}.ToEntity());
context.Clients.Add(new Client
{
ClientId = "2",
ClientName = "2",
AllowedCorsOrigins = new List <string> {
"https://www.identityserver.com",
testCorsOrigin
}
}.ToEntity());
context.SaveChanges();
}
bool result;
using (var context =
new ConfigurationDbContext(options, StoreOptions))
{
var ctx = new DefaultHttpContext();
var svcs = new ServiceCollection();
svcs.AddSingleton <IConfigurationDbContext>(context);
ctx.RequestServices = svcs.BuildServiceProvider();
var ctxAccessor = new HttpContextAccessor();
ctxAccessor.HttpContext = ctx;
var service = new CorsPolicyService(
ctxAccessor,
NullLogger <CorsPolicyService> .Create()
);
result = service.IsOriginAllowedAsync(testCorsOrigin).Result;
}
Assert.True(result);
}
public async Task IsOriginAllowedAsync_should_call_store_GetAsync()
{
var storeMock = new Mock <IAdminStore <ClientUri> >();
var sut = new CorsPolicyService(storeMock.Object);
storeMock.Setup(m => m.GetAsync(It.IsAny <PageRequest>(), default))
.ReturnsAsync(new PageResponse <ClientUri>
{
Items = new List <ClientUri>(0)
})
.Verifiable();
await sut.IsOriginAllowedAsync("http://test");
storeMock.Verify(m => m.GetAsync(It.Is <PageRequest>(p => p.Filter == $"{nameof(ClientUri.SanetizedCorsUri)} eq 'HTTP://TEST:80'"), default));
}
public async Task IsOriginAllowedAsync_WhenOriginIsAllowed_ExpectTrue()
{
const string testCorsOrigin = "https://identityserver.io/";
using var store = GetDocumentStore();
await new ClientIndex().ExecuteAsync(store);
using (var session = store.OpenAsyncSession())
{
await session.StoreAsync(new Client
{
ClientId = Guid.NewGuid().ToString(),
ClientName = Guid.NewGuid().ToString(),
AllowedCorsOrigins = new List <string> {
"https://www.identityserver.com"
}
}.ToEntity());
await session.StoreAsync(new Client
{
ClientId = "2",
ClientName = "2",
AllowedCorsOrigins = new List <string> {
"https://www.identityserver.com", testCorsOrigin
}
}.ToEntity());
await session.SaveChangesAsync();
}
WaitForIndexing(store);
bool result;
using (var session = store.OpenAsyncSession())
{
var service = new CorsPolicyService(session, FakeLogger <CorsPolicyService> .Create());
result = await service.IsOriginAllowedAsync(testCorsOrigin.ToUpperInvariant());
}
Assert.True(result);
}
public async Task IsOriginAllowedAsync_WhenOriginIsAllowed_ExpectTrueAsync()
{
const string testCorsOrigin = "https://identityserver.io/";
var client = new Client
{
ClientId = Guid.NewGuid().ToString(),
ClientName = Guid.NewGuid().ToString(),
AllowedCorsOrigins = new List <string> {
"https://www.identityserver.com"
}
};
await context.Clients.Document(client.ClientId).SetAsync(client.ToEntity());
client = new Client
{
ClientId = "2",
ClientName = "2",
AllowedCorsOrigins = new List <string> {
"https://www.identityserver.com", testCorsOrigin
}
};
await context.Clients.Document(client.ClientId).SetAsync(client.ToEntity());
bool result;
var ctx = new DefaultHttpContext();
var svcs = new ServiceCollection();
svcs.AddSingleton <IConfigurationContext>(context);
ctx.RequestServices = svcs.BuildServiceProvider();
var ctxAccessor = new HttpContextAccessor();
ctxAccessor.HttpContext = ctx;
var service = new CorsPolicyService(ctxAccessor, FakeLogger <CorsPolicyService> .Create());
result = await service.IsOriginAllowedAsync(testCorsOrigin);
Assert.True(result);
}
public void IsOriginAllowedAsync_WhenOriginIsAllowed_ExpectTrue(DbContextOptions <ConfigurationDbContext> options)
{
const string testCorsOrigin = "https://identityserver.io/";
using (var context = new ConfigurationDbContext(options))
{
context.Clients.Add(new Client
{
ClientId = Guid.NewGuid().ToString(),
ClientName = Guid.NewGuid().ToString(),
AllowedCorsOrigins = new List <string> {
"https://www.identityserver.com"
}
}.ToEntity());
context.Clients.Add(new Client
{
ClientId = "2",
ClientName = "2",
AllowedCorsOrigins = new List <string> {
"https://www.identityserver.com", testCorsOrigin
}
}.ToEntity());
context.SaveChanges();
}
bool result;
using (var context = new ConfigurationDbContext(options))
{
var svcs = new ServiceCollection();
svcs.AddSingleton <IConfigurationDbContext>(context);
var provider = svcs.BuildServiceProvider();
var service = new CorsPolicyService(provider, FakeLogger <CorsPolicyService> .Create(), new NoneCancellationTokenProvider());
result = service.IsOriginAllowedAsync(testCorsOrigin).Result;
}
Assert.True(result);
}
public async Task Should_Check_For_Allowed_Origin(TestDatabase testDb)
{
const string testCorsOrigin = "https://www.site1.it/";
using (var session = testDb.SessionFactory.OpenSession())
{
await session.SaveAsync(
new Client()
{
ClientId = Guid.NewGuid().ToString(),
ClientName = "1st_client",
AllowedCorsOrigins = new[] { "https://www.site2.com" }
}.ToEntity()
);
await session.SaveAsync(
new Client
{
ClientId = Guid.NewGuid().ToString(),
ClientName = "2nd_client",
AllowedCorsOrigins = new[] { "https://www.site2.com", testCorsOrigin }
}.ToEntity()
);
await session.FlushAsync();
}
var ctx = CreateHttpContextAccessor(testDb);
var loggerMock = new Mock <ILogger <CorsPolicyService> >();
var service = new CorsPolicyService(ctx, loggerMock.Object);
var result = await service.IsOriginAllowedAsync(testCorsOrigin);
result.Should().BeTrue();
await CleanupTestDataAsync(testDb);
}
public static void Tests(string name, string connectionString) => Describe($"{nameof(CorsPolicyService)} using {name}", () =>
{
var dataLayer = XpoDefault.GetDataLayer(connectionString, DevExpress.Xpo.DB.AutoCreateOption.DatabaseAndSchema);
using var unitOfWork = new UnitOfWork(dataLayer);
unitOfWork.UpdateSchema();
(CorsPolicyService, ServiceProvider)CreateService()
{
var ctx = new DefaultHttpContext();
var svcs = new ServiceCollection();
svcs.AddTransient(_ => new UnitOfWork(dataLayer));
var serviceProvider = svcs.BuildServiceProvider();
ctx.RequestServices = serviceProvider;
var ctxAccessor = new HttpContextAccessor();
ctxAccessor.HttpContext = ctx;
var service = new CorsPolicyService(ctxAccessor, FakeLogger <CorsPolicyService> .Create());
return(service, serviceProvider);
}
It("IsOriginAllowedAsync when origin is allowed", async() =>
{
const string testCorsOrigin = "https://identityserver.io/";
using (var uow = new UnitOfWork(dataLayer))
{
await uow.SaveAsync(new Client
{
ClientId = Guid.NewGuid().ToString(),
ClientName = Guid.NewGuid().ToString(),
AllowedCorsOrigins = new List <string> {
"https://www.identityserver.com"
}
}.ToEntity(uow));
await uow.SaveAsync(new Client
{
ClientId = "2",
ClientName = "2",
AllowedCorsOrigins = new List <string> {
"https://www.identityserver.com", testCorsOrigin
}
}.ToEntity(uow));
await uow.CommitChangesAsync();
}
var(service, disposable) = CreateService();
using (disposable)
{
return(await service.IsOriginAllowedAsync(testCorsOrigin));
}
});
It("IsOriginAllowedAsync when origin is not allowed", async() =>
{
using (var uow = new UnitOfWork(dataLayer))
{
await uow.SaveAsync(new Client
{
ClientId = Guid.NewGuid().ToString(),
ClientName = Guid.NewGuid().ToString(),
AllowedCorsOrigins = new List <string> {
"https://www.identityserver.com"
}
}.ToEntity(uow));
await uow.CommitChangesAsync();
}
var(service, disposable) = CreateService();
using (disposable)
{
var result = await service.IsOriginAllowedAsync("InvalidOrigin");
return(!result);
}
});
});
