Ejemplo n.º 1
0
        public async Task ReturnsUnauthorizedResultIfUserIsNotInRole()
        {
            // Arrange
            var request = new DefaultHttpContext().Request;

            var logMoq = new Mock <ILogger>();

            string userName = "******";

            logMoq.Setup(log => log.Log(It.IsAny <LogLevel>(), It.IsAny <EventId>(), It.IsAny <It.IsAnyType>(), It.IsAny <Exception>(), It.IsAny <Func <It.IsAnyType, Exception, string> >()))
            .Callback((LogLevel l, EventId i, object s, Exception ex, object o) =>
            {
                // Ensuring the correct type of exception was raised internally
                Assert.IsInstanceOfType(ex, typeof(UnauthorizedAccessException));
                Assert.AreEqual($"User {userName} doesn't have any of roles mentioned in {EnvVariableNames.DFM_ALLOWED_APP_ROLES} config setting. Call is rejected", ex.Message);
            });

            Environment.SetEnvironmentVariable(EnvVariableNames.DFM_HUB_NAME, string.Empty);
            Environment.SetEnvironmentVariable(EnvVariableNames.DFM_ALLOWED_USER_NAMES, "");
            Environment.SetEnvironmentVariable(EnvVariableNames.DFM_ALLOWED_APP_ROLES, "role1,role2");

            // Need to reset DfmEndpoint.Settings
            DfmEndpoint.Setup();

            request.HttpContext.User = new ClaimsPrincipal(new ClaimsIdentity[] { new ClaimsIdentity(new Claim[] {
                    new Claim("preferred_username", userName)
                }) });

            // Act
            var result = await About.DfmAboutFunction(request, "TestHub", logMoq.Object);

            // Assert
            Assert.IsInstanceOfType(result, typeof(UnauthorizedResult));
        }
Ejemplo n.º 2
0
        public async Task ValidatesTokenWithoutEasyAuthsHelp()
        {
            // Arrange
            var request = new DefaultHttpContext().Request;

            var logMoq = new Mock <ILogger>();

            string userName = "******";
            string roleName = "my-app-role";
            string audience = "my-audience";
            string issuer   = "my-issuer";
            string token    = "blah-blah";

            var principal = new ClaimsPrincipal(new ClaimsIdentity[] { new ClaimsIdentity(new Claim[] {
                    new Claim("preferred_username", userName),
                    new Claim("roles", roleName)
                }) });

            ICollection <SecurityKey> securityKeys = new SecurityKey[0];

            ValidateTokenDelegate validateTokenDelegate = (string t, TokenValidationParameters p, out SecurityToken st) =>
            {
                st = null;

                Assert.AreEqual(token, t);
                Assert.AreEqual(audience, p.ValidAudiences.Single());
                Assert.AreEqual(issuer, p.ValidIssuers.Single());
                Assert.AreEqual(securityKeys, p.IssuerSigningKeys);
            };

            SecurityToken st            = null;
            var           jwtHandlerMoq = new Mock <JwtSecurityTokenHandler>();

            jwtHandlerMoq.Setup(h => h.ValidateToken(It.IsAny <string>(), It.IsAny <TokenValidationParameters>(), out st))
            .Callback(validateTokenDelegate)
            .Returns(principal);

            Auth.MockedJwtSecurityTokenHandler = jwtHandlerMoq.Object;
            Auth.GetSigningKeysTask            = Task.FromResult(securityKeys);

            Environment.SetEnvironmentVariable(EnvVariableNames.DFM_HUB_NAME, string.Empty);
            Environment.SetEnvironmentVariable(EnvVariableNames.WEBSITE_AUTH_CLIENT_ID, audience);
            Environment.SetEnvironmentVariable(EnvVariableNames.WEBSITE_AUTH_OPENID_ISSUER, issuer);

            Environment.SetEnvironmentVariable(EnvVariableNames.DFM_ALLOWED_USER_NAMES, "[email protected],[email protected]," + userName);
            Environment.SetEnvironmentVariable(EnvVariableNames.DFM_ALLOWED_APP_ROLES, roleName);
            Environment.SetEnvironmentVariable(EnvVariableNames.AzureWebJobsStorage, token);

            // Need to reset DfmEndpoint.Settings
            DfmEndpoint.Setup();

            request.Headers.Add("Authorization", "Bearer " + token);

            // Act
            var result = await About.DfmAboutFunction(request, "TestHub", logMoq.Object);

            // Assert
            Assert.IsInstanceOfType(result, typeof(ContentResult));
        }
        public async Task ReturnsUnauthorizedResultIfUserNotWhitelisted()
        {
            // Arrange
            var request = new DefaultHttpContext().Request;

            string xsrfToken = $"xsrf-token-{DateTime.Now.Ticks}";

            request.Headers.Add("Cookie", new CookieHeaderValue(Globals.XsrfTokenCookieAndHeaderName, xsrfToken).ToString());
            request.Headers.Add(Globals.XsrfTokenCookieAndHeaderName, xsrfToken);

            var logMoq = new Mock <ILogger>();

            string userName = "******";

            logMoq.Setup(log => log.Log(It.IsAny <LogLevel>(), It.IsAny <EventId>(), It.IsAny <It.IsAnyType>(), It.IsAny <Exception>(), It.IsAny <Func <It.IsAnyType, Exception, string> >()))
            .Callback((LogLevel l, EventId i, object s, Exception ex, object o) =>
            {
                // Ensuring the correct type of exception was raised internally
                Assert.IsInstanceOfType(ex, typeof(UnauthorizedAccessException));
                Assert.AreEqual($"User {userName} is not mentioned in {EnvVariableNames.DFM_ALLOWED_USER_NAMES} config setting. Call is rejected", ex.Message);
            });

            Environment.SetEnvironmentVariable(EnvVariableNames.DFM_HUB_NAME, string.Empty);
            Environment.SetEnvironmentVariable(EnvVariableNames.DFM_ALLOWED_USER_NAMES, "[email protected],[email protected]");

            // Need to reset DfmEndpoint.Settings
            DfmEndpoint.Setup();

            request.HttpContext.User = new ClaimsPrincipal(new ClaimsIdentity[] { new ClaimsIdentity(new Claim[] {
                    new Claim("preferred_username", userName)
                }) });

            // Act
            var result = await About.DfmAboutFunction(request, "-", "TestHub", logMoq.Object);

            // Assert
            Assert.IsInstanceOfType(result, typeof(UnauthorizedResult));
        }
Ejemplo n.º 4
0
 public void Configure(IWebJobsBuilder builder)
 {
     DfmEndpoint.Setup();
 }
Ejemplo n.º 5
0
 public void Configure(IWebJobsBuilder builder)
 {
     DfmEndpoint.Setup(null, new DfmExtensionPoints {
         GetInstanceHistoryRoutine = GetInstanceHistory
     });
 }