public WebTestContext()
{
databaseProvider = new SqlServerTestDatabaseProvider();
var connectionString = databaseProvider.GetConnectionString();
Server = new WebHostFactory <Startup>(connectionString);
}
public static void Main(string[] args)
{
var startupConfig = new AppStartupConfig(args);
var host = WebHostFactory.Create <Startup>("http://*:5060/", startupConfig);
host.Run();
}
public async Task Authenticated_request_from_upstream_should_trigger_authenticated_request_to_proper_downstream_when_multiple_clients_registered()
{
var tokenEndpointA = TokenEndpointHandler.ValidBearerToken("downstream-token-a", TimeSpan.MaxValue);
var downstreamApiA = new DownstreamApiHandler();
var tokenEndpointB = TokenEndpointHandler.ValidBearerToken("downstream-token-b", TimeSpan.MaxValue);
var downstreamApiB = new DownstreamApiHandler();
var client = WebHostFactory.CreateClient(
services =>
{
services.AddHttpClient("api-a-authority").AddHttpMessageHandler(() => tokenEndpointA);
services.AddHttpClient("api-b-authority").AddHttpMessageHandler(() => tokenEndpointB);
},
false,
new DownstreamApi("downstream-a", downstreamApiA, b => b.AddOidcTokenDelegation(o =>
{
_options(o);
o.Scope = "downstream-api-a";
o.AuthorityHttpClientName = "api-a-authority";
})),
new DownstreamApi("downstream-b", downstreamApiB, b => b.AddOidcTokenDelegation(o =>
{
_options(o);
o.Scope = "downstream-api-b";
o.AuthorityHttpClientName = "api-b-authority";
})));
client.SetBearerToken("upstream-token");
await client.GetAsync("https://downstream-b");
Check.That(downstreamApiA.LastRequestToken).IsNull();
Check.That(downstreamApiB.LastRequestToken).IsEqualTo("downstream-token-b");
}
public void With_TokenRetriever_should_not_throw()
{
Task Act() => WebHostFactory
.CreateClient(b => b.AddAccessTokenPassThrough())
.GetAsync("https://default");
Check.ThatAsyncCode(Act).Not.ThrowsAny();
}
public async Task Unauthenticated_request_from_upstream_should_not_be_passed_through()
{
var downstreamApi = new DownstreamApiHandler();
var client = WebHostFactory.CreateClient(
b => b.AddAccessTokenPassThrough(),
downstreamApi: downstreamApi);
await client.GetAsync("https://default");
Check.That(downstreamApi.LastRequestToken).IsNull();
}
public async Task Unauthenticated_request_from_upstream_should_not_trigger_delegation()
{
var downstreamApi = new DownstreamApiHandler();
var client = WebHostFactory.CreateClient(
b => b.AddOidcTokenDelegation(_options),
downstreamApi: downstreamApi);
await client.GetAsync("https://default");
Check.That(downstreamApi.LastRequestToken).IsNull();
}
public TestServer CreateTestServer <TStartup>() where TStartup : class
{
WebHostFactory factory = new WebHostFactory();
var webHostBuilder = factory.CreateWebHostBuilder <TStartup>(options =>
{
options.Port = 5000;
options.IsDebug = true;
});
TestServer testServer = new TestServer(webHostBuilder);
return(testServer);
}
public void No_ClientId_should_throw()
{
Task Act() => WebHostFactory
.CreateClient(b => b.AddOidcTokenDelegation(o => { o.Authority = "https://authority"; }))
.GetAsync("https://default");
Check.ThatAsyncCode(Act)
.Throws <InvalidOperationException>()
.WithMessage(GetExpectedValidationErrorMessage(
"You must set ClientId.",
"You must set ClientSecret.",
"You must set Scope."));
}
public void No_Authority_but_TokenEndpoint_should_not_throw()
{
Task Act() => WebHostFactory
.CreateClient(b => b.AddOidcTokenDelegation(o =>
{
o.TokenEndpoint = "https://authority/connect/token";
o.ClientId = "test-client";
o.ClientSecret = "test-client secret key";
o.Scope = "downstream-api";
}))
.GetAsync("https://default");
Check.ThatAsyncCode(Act).Not.ThrowsAny();
}
public async Task Token_delegation_error_should_trigger_unauthenticated_request_to_downstream()
{
var downstreamApi = new DownstreamApiHandler();
var client = WebHostFactory.CreateClient(
b => b.AddOidcTokenDelegation(_options),
TokenEndpointHandler.OidcProtocolError("invalid_grant"),
downstreamApi: downstreamApi);
client.SetBearerToken("1234");
await client.GetAsync("https://default");
Check.That(downstreamApi.LastRequestToken).IsNull();
}
public void No_TokenRetriever_should_throw()
{
Task Act() => WebHostFactory
.CreateClient(b => b.AddAccessTokenPassThrough(o =>
{
o.TokenRetriever = null;
}))
.GetAsync("https://default");
Check.ThatAsyncCode(Act)
.Throws <InvalidOperationException>()
.WithMessage(GetExpectedValidationErrorMessage(
"You must set TokenRetriever."));
}
public async Task Authenticated_request_from_upstream_should_be_passed_through()
{
const string accessToken = "1234";
var downstreamApi = new DownstreamApiHandler();
var client = WebHostFactory.CreateClient(
b => b.AddAccessTokenPassThrough(),
downstreamApi: downstreamApi);
client.SetBearerToken(accessToken);
await client.GetAsync("https://default");
Check.That(downstreamApi.LastRequestToken).IsEqualTo(accessToken);
}
public async Task Authenticated_request_from_upstream_should_trigger_authenticated_request_to_downstream()
{
var tokenEndpoint = TokenEndpointHandler.ValidBearerToken("downstream-token", TimeSpan.MaxValue);
var downstreamApi = new DownstreamApiHandler();
var client = WebHostFactory.CreateClient(
b => b.AddOidcTokenDelegation(_options),
tokenEndpoint,
downstreamApi: downstreamApi);
client.SetBearerToken("upstream-token");
await client.GetAsync("https://default");
Check.That(tokenEndpoint.LastRequestToken).IsEqualTo("upstream-token");
Check.That(downstreamApi.LastRequestToken).IsEqualTo("downstream-token");
}
public void EnableCaching_but_no_caching_service_should_throw()
{
Task Act() => WebHostFactory
.CreateClient(b => b.AddOidcTokenDelegation(o =>
{
o.Authority = "https://authority";
o.ClientId = "test-client";
o.ClientSecret = "test-client secret key";
o.Scope = "downstream-api";
o.EnableCaching = true;
}), addCaching: false)
.GetAsync("https://default");
Check.ThatAsyncCode(Act)
.Throws <InvalidOperationException>()
.WithMessage("Caching is enabled, but no IDistributedCache is found in the services collection.");
}
public void No_TokenRetriever_should_throw()
{
Task Act() => WebHostFactory
.CreateClient(b => b.AddOidcTokenDelegation(o =>
{
o.Authority = "https://authority";
o.ClientId = "test-client";
o.ClientSecret = "test-client secret key";
o.Scope = "downstream-api";
o.TokenRetriever = null;
}))
.GetAsync("https://default");
Check.ThatAsyncCode(Act)
.Throws <InvalidOperationException>()
.WithMessage(GetExpectedValidationErrorMessage(
"You must set TokenRetriever."));
}
public async Task Successful_token_request_should_trigger_TokenAcquired_event()
{
var eventsMock = new TokenEventsMock();
var client = WebHostFactory.CreateClient(
b => b.AddOidcTokenDelegation(o =>
{
_options(o);
o.Events = eventsMock.CreateEvents();
}),
TokenEndpointHandler.ValidBearerToken("access-token", TimeSpan.MaxValue),
downstreamApi: new DownstreamApiHandler());
client.SetBearerToken("upstream-token");
await client.GetAsync("https://default");
Check.That(eventsMock.LatestTokenAcquired).IsNotNull();
Check.That(eventsMock.LatestTokenAcquired.AccessToken).IsEqualTo("access-token");
}
protected override async Task ExecuteAsync(CancellationToken stoppingToken)
{
try
{
_webHost = WebHostFactory.BuildKestrelWebHost <DefaultWebStartup>(_webAppBuilderDelegate, _iocDelegate, _listenerInfo);
await _webHost.StartAsync(stoppingToken);
while (!stoppingToken.IsCancellationRequested)
{
await _workerProcess(stoppingToken);
}
await _webHost.StopAsync(stoppingToken);
}
finally
{
_webHost?.Dispose();
}
}
public async Task Token_request_error_should_trigger_TokenRequestFailed_event()
{
var eventsMock = new TokenEventsMock();
var client = WebHostFactory.CreateClient(
b => b.AddOidcTokenDelegation(o =>
{
_options(o);
o.Events = eventsMock.CreateEvents();
}),
TokenEndpointHandler.OidcProtocolError("invalid_grant"),
downstreamApi: new DownstreamApiHandler());
client.SetBearerToken("1234");
await client.GetAsync("https://default");
Check.That(eventsMock.LatestTokenRequestFailed).IsNotNull();
Check.That(eventsMock.LatestTokenRequestFailed.ErrorType).IsEqualTo(ResponseErrorType.Protocol);
Check.That(eventsMock.LatestTokenRequestFailed.Error).IsEqualTo("invalid_grant");
}
public int Execute()
{
LogStart();
CreateConfig();
var host = new WebHostFactory(Options).CreateHost();
try
{
host.Start();
}
catch (Exception e)
{
Logger.LogCritical(e, "Unable to start application.");
return(1);
}
Logger.LogInformation(ServerStartMessage);
host.WaitForShutdown();
Logger.LogInformation("Teminated.");
return(0);
}
private void InitializeWebHost()
{
// run without awaiting to avoid service startup delays
Task.Run(async() => {
// parse the requested IP from the config
var ipAddress = IPAddress.Any;
var ipString = _config.IP;
if (!string.IsNullOrEmpty(ipString) && ipString != "*")
{
IPAddress.TryParse(_config.IP, out ipAddress);
}
WebHost = WebHostFactory.CreateHttps(ipAddress, _config.Port);
await WebHost.RunAsync();
}).ContinueWith(t => {
if (t.Exception != null)
{
// Logger.LogError(t.Exception, $"{_hostSettings.ServiceName} had an error starting up!");
Stop(null);
}
}, TaskContinuationOptions.OnlyOnFaulted);
}
public WebTestContext()
{
Server = new WebHostFactory <Startup>();
}
public async Task StartAsync(CancellationToken cancellationToken)
{
_webHost = WebHostFactory.BuildKestrelWebHost <DefaultWebStartup>(_webAppBuilderDelegate, _iocDelegate, _listenerInfo);
await _webHost.StartAsync(cancellationToken);
}
private Task StartWebHostAsync(AppSettings settings)
{
_webHost = WebHostFactory.CreateWebHost(settings, Port);
return(_webHost.StartAsync());
}