public async Task ReturnsUnauthorizedResultIfUserIsNotInRole() { // Arrange var request = new DefaultHttpContext().Request; var logMoq = new Mock <ILogger>(); string userName = "******"; logMoq.Setup(log => log.Log(It.IsAny <LogLevel>(), It.IsAny <EventId>(), It.IsAny <It.IsAnyType>(), It.IsAny <Exception>(), It.IsAny <Func <It.IsAnyType, Exception, string> >())) .Callback((LogLevel l, EventId i, object s, Exception ex, object o) => { // Ensuring the correct type of exception was raised internally Assert.IsInstanceOfType(ex, typeof(UnauthorizedAccessException)); Assert.AreEqual($"User {userName} doesn't have any of roles mentioned in {EnvVariableNames.DFM_ALLOWED_APP_ROLES} config setting. Call is rejected", ex.Message); }); Environment.SetEnvironmentVariable(EnvVariableNames.DFM_HUB_NAME, string.Empty); Environment.SetEnvironmentVariable(EnvVariableNames.DFM_ALLOWED_USER_NAMES, ""); Environment.SetEnvironmentVariable(EnvVariableNames.DFM_ALLOWED_APP_ROLES, "role1,role2"); // Need to reset DfmEndpoint.Settings DfmEndpoint.Setup(); request.HttpContext.User = new ClaimsPrincipal(new ClaimsIdentity[] { new ClaimsIdentity(new Claim[] { new Claim("preferred_username", userName) }) }); // Act var result = await About.DfmAboutFunction(request, "TestHub", logMoq.Object); // Assert Assert.IsInstanceOfType(result, typeof(UnauthorizedResult)); }
public async Task ValidatesTokenWithoutEasyAuthsHelp() { // Arrange var request = new DefaultHttpContext().Request; var logMoq = new Mock <ILogger>(); string userName = "******"; string roleName = "my-app-role"; string audience = "my-audience"; string issuer = "my-issuer"; string token = "blah-blah"; var principal = new ClaimsPrincipal(new ClaimsIdentity[] { new ClaimsIdentity(new Claim[] { new Claim("preferred_username", userName), new Claim("roles", roleName) }) }); ICollection <SecurityKey> securityKeys = new SecurityKey[0]; ValidateTokenDelegate validateTokenDelegate = (string t, TokenValidationParameters p, out SecurityToken st) => { st = null; Assert.AreEqual(token, t); Assert.AreEqual(audience, p.ValidAudiences.Single()); Assert.AreEqual(issuer, p.ValidIssuers.Single()); Assert.AreEqual(securityKeys, p.IssuerSigningKeys); }; SecurityToken st = null; var jwtHandlerMoq = new Mock <JwtSecurityTokenHandler>(); jwtHandlerMoq.Setup(h => h.ValidateToken(It.IsAny <string>(), It.IsAny <TokenValidationParameters>(), out st)) .Callback(validateTokenDelegate) .Returns(principal); Auth.MockedJwtSecurityTokenHandler = jwtHandlerMoq.Object; Auth.GetSigningKeysTask = Task.FromResult(securityKeys); Environment.SetEnvironmentVariable(EnvVariableNames.DFM_HUB_NAME, string.Empty); Environment.SetEnvironmentVariable(EnvVariableNames.WEBSITE_AUTH_CLIENT_ID, audience); Environment.SetEnvironmentVariable(EnvVariableNames.WEBSITE_AUTH_OPENID_ISSUER, issuer); Environment.SetEnvironmentVariable(EnvVariableNames.DFM_ALLOWED_USER_NAMES, "[email protected],[email protected]," + userName); Environment.SetEnvironmentVariable(EnvVariableNames.DFM_ALLOWED_APP_ROLES, roleName); Environment.SetEnvironmentVariable(EnvVariableNames.AzureWebJobsStorage, token); // Need to reset DfmEndpoint.Settings DfmEndpoint.Setup(); request.Headers.Add("Authorization", "Bearer " + token); // Act var result = await About.DfmAboutFunction(request, "TestHub", logMoq.Object); // Assert Assert.IsInstanceOfType(result, typeof(ContentResult)); }
public async Task ReturnsUnauthorizedResultIfUserNotWhitelisted() { // Arrange var request = new DefaultHttpContext().Request; string xsrfToken = $"xsrf-token-{DateTime.Now.Ticks}"; request.Headers.Add("Cookie", new CookieHeaderValue(Globals.XsrfTokenCookieAndHeaderName, xsrfToken).ToString()); request.Headers.Add(Globals.XsrfTokenCookieAndHeaderName, xsrfToken); var logMoq = new Mock <ILogger>(); string userName = "******"; logMoq.Setup(log => log.Log(It.IsAny <LogLevel>(), It.IsAny <EventId>(), It.IsAny <It.IsAnyType>(), It.IsAny <Exception>(), It.IsAny <Func <It.IsAnyType, Exception, string> >())) .Callback((LogLevel l, EventId i, object s, Exception ex, object o) => { // Ensuring the correct type of exception was raised internally Assert.IsInstanceOfType(ex, typeof(UnauthorizedAccessException)); Assert.AreEqual($"User {userName} is not mentioned in {EnvVariableNames.DFM_ALLOWED_USER_NAMES} config setting. Call is rejected", ex.Message); }); Environment.SetEnvironmentVariable(EnvVariableNames.DFM_HUB_NAME, string.Empty); Environment.SetEnvironmentVariable(EnvVariableNames.DFM_ALLOWED_USER_NAMES, "[email protected],[email protected]"); // Need to reset DfmEndpoint.Settings DfmEndpoint.Setup(); request.HttpContext.User = new ClaimsPrincipal(new ClaimsIdentity[] { new ClaimsIdentity(new Claim[] { new Claim("preferred_username", userName) }) }); // Act var result = await About.DfmAboutFunction(request, "-", "TestHub", logMoq.Object); // Assert Assert.IsInstanceOfType(result, typeof(UnauthorizedResult)); }
public void Configure(IWebJobsBuilder builder) { DfmEndpoint.Setup(); }
public void Configure(IWebJobsBuilder builder) { DfmEndpoint.Setup(null, new DfmExtensionPoints { GetInstanceHistoryRoutine = GetInstanceHistory }); }