public void LtsaServiceCollection_Success()
{
// Arrange
var helper = new TestHelper();
var user = PrincipalHelper.CreateForPermission();
helper.AddSingleton(user);
var builder = new ConfigurationBuilder();
var options = new LtsaOptions()
{
IntegratorUsername = "******",
IntegratorPassword = "******",
MyLtsaUsername = "******",
MyLtsaUserPassword = "******",
};
var ltsaJson = JsonSerializer.Serialize(new { Ltsa = options });
IConfigurationRoot ltsaConfig;
using (var io = new MemoryStream(Encoding.UTF8.GetBytes(ltsaJson)))
{
builder.AddJsonStream(io);
ltsaConfig = builder.Build();
}
var mockClientFactory = new Mock <IHttpClientFactory>();
var mockIOptionsMonitor = new Mock <IOptionsMonitor <JsonSerializerOptions> >();
var mockIlogger = new Mock <ILogger <HttpRequestClient> >();
var mockILtsaService = new Mock <ILogger <ILtsaService> >();
helper.AddSingleton(mockClientFactory.Object);
helper.AddSingleton(mockIOptionsMonitor.Object);
helper.AddSingleton(mockIlogger.Object);
helper.AddSingleton(mockILtsaService.Object);
// Act
_ = helper.Services.AddLtsaService(section: ltsaConfig.GetSection("Ltsa"));
var ltsaOptions = helper.GetService <IOptions <LtsaOptions> >();
var ltsaService = helper.GetService <ILtsaService>();
var httpRequestClient = helper.GetService <IHttpRequestClient>();
var jwtSecurityTokenHandler = helper.GetService <JwtSecurityTokenHandler>();
// Assert
Assert.NotNull(ltsaService);
Assert.NotNull(httpRequestClient);
Assert.NotNull(jwtSecurityTokenHandler);
Assert.NotNull(ltsaOptions);
ltsaOptions.Value.AuthUrl.Should().Be(options.AuthUrl);
ltsaOptions.Value.HostUri.Should().Be(options.HostUri);
ltsaOptions.Value.IntegratorPassword.Should().Be(options.IntegratorPassword);
ltsaOptions.Value.IntegratorUsername.Should().Be(options.IntegratorUsername);
ltsaOptions.Value.MyLtsaUsername.Should().Be(options.MyLtsaUsername);
ltsaOptions.Value.OrdersEndpoint.Should().Be(options.OrdersEndpoint);
ltsaOptions.Value.RefreshEndpoint.Should().Be(options.RefreshEndpoint);
}
public void ChesServiceCollection_Success()
{
// Arrange
var helper = new TestHelper();
var user = PrincipalHelper.CreateForPermission();
helper.AddSingleton(user);
var builder = new ConfigurationBuilder();
var options = new ChesOptions()
{
AuthUrl = "a mocked value",
EmailEnabled = true,
EmailAuthorized = true
};
var chesJson = JsonSerializer.Serialize(new { Ches = options });
IConfigurationRoot chesConfig;
using (var io = new MemoryStream(Encoding.UTF8.GetBytes(chesJson)))
{
builder.AddJsonStream(io);
chesConfig = builder.Build();
}
var mockClientFactory = new Mock <IHttpClientFactory>();
var mockIOptionsMonitor = new Mock <IOptionsMonitor <JsonSerializerOptions> >();
var mockIlogger = new Mock <ILogger <HttpRequestClient> >();
var mockIChesService = new Mock <ILogger <IChesService> >();
helper.AddSingleton(mockClientFactory.Object);
helper.AddSingleton(mockIOptionsMonitor.Object);
helper.AddSingleton(mockIlogger.Object);
helper.AddSingleton(mockIChesService.Object);
// Act
_ = helper.Services.AddChesService(section: chesConfig.GetSection("Ches"));
var chesOptions = helper.GetService <IOptions <ChesOptions> >();
var chesService = helper.GetService <IChesService>();
var httpRequestClient = helper.GetService <IHttpRequestClient>();
var jwtSecurityTokenHandler = helper.GetService <JwtSecurityTokenHandler>();
// Assert
Assert.NotNull(chesService);
Assert.NotNull(httpRequestClient);
Assert.NotNull(jwtSecurityTokenHandler);
Assert.NotNull(chesOptions);
chesOptions.Value.AuthUrl.Should().Be(options.AuthUrl);
chesOptions.Value.EmailEnabled.Should().Be(options.EmailEnabled);
chesOptions.Value.EmailAuthorized.Should().Be(options.EmailAuthorized);
}
public async void DeleteCompositeRolesAsync_ByName_Failed()
{
// Arrange
var helper = new TestHelper();
var user = PrincipalHelper.CreateForPermission();
var roles = new[]
{
new RoleModel()
{
Id = Guid.NewGuid()
}
};
var options = helper.CreateDefaultKeycloakOptions();
var openIdConnect = new Mock <IOpenIdConnectRequestClient>();
openIdConnect.Setup(m => m.AuthClientOptions).Returns(new Pims.Core.Http.Configuration.AuthClientOptions());
openIdConnect.Setup(m => m.DeleteAsync(It.IsAny <string>(), It.IsAny <StringContent>())).ReturnsAsync(new HttpResponseMessage(HttpStatusCode.BadRequest)
{
RequestMessage = new HttpRequestMessage(HttpMethod.Get, "http://keycloak")
});
helper.AddSingleton(openIdConnect.Object);
var service = helper.Create <KeycloakService>();
var parentName = "name";
// Act
await Assert.ThrowsAsync <HttpClientRequestException>(async() => await service.DeleteCompositeRolesAsync(parentName, roles));
// Assert
openIdConnect.Verify(m => m.DeleteAsync($"{options.Value.Admin.Authority}/roles/{parentName}/composites", It.IsAny <HttpContent>()), Times.Once());
}
public async void DeleteCompositeRolesAsync_ByName_Success()
{
// Arrange
var helper = new TestHelper();
var user = PrincipalHelper.CreateForPermission();
var roles = new[]
{
new RoleModel()
{
Id = Guid.NewGuid()
}
};
var options = helper.CreateDefaultKeycloakOptions();
var openIdConnect = new Mock <IOpenIdConnectRequestClient>();
openIdConnect.Setup(m => m.AuthClientOptions).Returns(new Pims.Core.Http.Configuration.AuthClientOptions());
openIdConnect.Setup(m => m.DeleteAsync(It.IsAny <string>(), It.IsAny <HttpContent>())).ReturnsAsync(new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(System.Text.Json.JsonSerializer.Serialize(roles))
});
helper.AddSingleton(openIdConnect.Object);
var service = helper.Create <KeycloakService>();
var parentName = "name";
// Act
var result = await service.DeleteCompositeRolesAsync(parentName, roles);
// Assert
openIdConnect.Verify(m => m.DeleteAsync($"{options.Value.Admin.Authority}/roles/{parentName}/composites", It.IsAny <HttpContent>()), Times.Once());
}
public async void UpdateRoleAsync_ById_Success()
{
// Arrange
var helper = new TestHelper();
var user = PrincipalHelper.CreateForPermission();
var role = new RoleModel()
{
Id = Guid.NewGuid()
};
var options = helper.CreateDefaultKeycloakOptions();
var openIdConnect = new Mock <IOpenIdConnectRequestClient>();
openIdConnect.Setup(m => m.AuthClientOptions).Returns(new Pims.Core.Http.Configuration.AuthClientOptions());
openIdConnect.Setup(m => m.PutAsync(It.IsAny <string>(), It.IsAny <StringContent>())).ReturnsAsync(new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(System.Text.Json.JsonSerializer.Serialize(role))
});
helper.AddSingleton(openIdConnect.Object);
var service = helper.Create <KeycloakService>();
// Act
var result = await service.UpdateRoleAsync(role);
// Assert
openIdConnect.Verify(m => m.PutAsync($"{options.Value.Admin.Authority}/roles-by-id/{role.Id}", It.IsAny <StringContent>()), Times.Once());
result.Id.Should().Be(role.Id);
}
public async void DeleteAttackDetectionAsync_Failed()
{
// Arrange
var helper = new TestHelper();
var user = PrincipalHelper.CreateForPermission();
var options = helper.CreateDefaultKeycloakOptions();
var openIdConnect = new Mock <IOpenIdConnectRequestClient>();
openIdConnect.Setup(m => m.AuthClientOptions).Returns(new Pims.Core.Http.Configuration.AuthClientOptions());
openIdConnect.Setup(m => m.DeleteAsync(It.IsAny <string>(), It.IsAny <HttpContent>())).ReturnsAsync(new HttpResponseMessage(HttpStatusCode.BadRequest)
{
RequestMessage = new HttpRequestMessage(HttpMethod.Delete, "http://keycloak")
});
helper.AddSingleton(openIdConnect.Object);
var service = helper.Create <KeycloakService>();
// Act
var result = await Assert.ThrowsAsync <HttpClientRequestException>(async() => await service.DeleteAttackDetectionAsync());
// Assert
openIdConnect.Verify(m => m.DeleteAsync($"{options.Value.Admin.Authority}/attack-detection/brute-force/users", null), Times.Once());
result.StatusCode.Should().Be(HttpStatusCode.BadRequest);
}
public async void GetRoleMembersAsync_Success()
{
// Arrange
var helper = new TestHelper();
var user = PrincipalHelper.CreateForPermission();
var roles = new[]
{
new RoleModel()
{
Id = Guid.NewGuid()
}
};
var options = helper.CreateDefaultKeycloakOptions();
var openIdConnect = new Mock <IOpenIdConnectRequestClient>();
openIdConnect.Setup(m => m.AuthClientOptions).Returns(new Pims.Core.Http.Configuration.AuthClientOptions());
openIdConnect.Setup(m => m.GetAsync(It.IsAny <string>())).ReturnsAsync(new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(System.Text.Json.JsonSerializer.Serialize(roles))
});
helper.AddSingleton(openIdConnect.Object);
var service = helper.Create <KeycloakService>();
var name = "name";
var first = 1;
var max = 10;
// Act
var result = await service.GetRoleMembersAsync(name, first, max);
// Assert
openIdConnect.Verify(m => m.GetAsync($"{options.Value.Admin.Authority}/roles/{name}/users?first={first}&max={max}"), Times.Once());
}
public async void GetGroupMembersAsync_Failed()
{
// Arrange
var helper = new TestHelper();
var user = PrincipalHelper.CreateForPermission();
var options = helper.CreateDefaultKeycloakOptions();
var openIdConnect = new Mock <IOpenIdConnectRequestClient>();
openIdConnect.Setup(m => m.AuthClientOptions).Returns(new Pims.Core.Http.Configuration.AuthClientOptions());
openIdConnect.Setup(m => m.GetAsync(It.IsAny <string>())).ReturnsAsync(new HttpResponseMessage(HttpStatusCode.BadRequest)
{
RequestMessage = new HttpRequestMessage(HttpMethod.Get, "http://keycloak")
});
helper.AddSingleton(openIdConnect.Object);
var service = helper.Create <KeycloakService>();
var id = Guid.NewGuid();
var first = 1;
var max = 10;
// Act
await Assert.ThrowsAsync <HttpClientRequestException>(async() => await service.GetGroupMembersAsync(id, first, max));
// Assert
openIdConnect.Verify(m => m.GetAsync($"{options.Value.Admin.Authority}/groups/{id}/members?first={first}&max={max}"), Times.Once());
}
public async void GetGroupCountAsync_Success()
{
// Arrange
var helper = new TestHelper();
var user = PrincipalHelper.CreateForPermission();
var options = helper.CreateDefaultKeycloakOptions();
var openIdConnect = new Mock <IOpenIdConnectRequestClient>();
openIdConnect.Setup(m => m.AuthClientOptions).Returns(new Pims.Core.Http.Configuration.AuthClientOptions());
openIdConnect.Setup(m => m.GetAsync(It.IsAny <string>())).ReturnsAsync(new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent("{\"Count\":1}")
});
helper.AddSingleton(openIdConnect.Object);
var service = helper.Create <KeycloakService>();
// Act
var result = await service.GetGroupCountAsync();
// Assert
openIdConnect.Verify(m => m.GetAsync($"{options.Value.Admin.Authority}/groups/count"), Times.Once());
result.Should().Be(1);
}
public async void UpdateGroupAsync_Failed()
{
// Arrange
var helper = new TestHelper();
var user = PrincipalHelper.CreateForPermission();
var options = helper.CreateDefaultKeycloakOptions();
var openIdConnect = new Mock <IOpenIdConnectRequestClient>();
openIdConnect.Setup(m => m.AuthClientOptions).Returns(new Pims.Core.Http.Configuration.AuthClientOptions());
openIdConnect.Setup(m => m.PutAsync(It.IsAny <string>(), It.IsAny <HttpContent>())).ReturnsAsync(new HttpResponseMessage(HttpStatusCode.BadRequest)
{
RequestMessage = new HttpRequestMessage(HttpMethod.Get, "http://keycloak")
});
helper.AddSingleton(openIdConnect.Object);
var service = helper.Create <KeycloakService>();
var group = new GroupModel()
{
Id = Guid.NewGuid()
};
// Act
await Assert.ThrowsAsync <HttpClientRequestException>(async() => await service.UpdateGroupAsync(group));
// Assert
openIdConnect.Verify(m => m.PutAsync($"{options.Value.Admin.Authority}/groups/{group.Id}", It.IsAny <HttpContent>()), Times.Once());
}
public void CreateKeycloakService_NoAdminAuthority()
{
// Arrange
var helper = new TestHelper();
var user = PrincipalHelper.CreateForPermission();
var options = Options.Create(new KeycloakOptions()
{
Authority = "https://keycloak",
Audience = "pims",
Client = "pims",
Admin = new KeycloakAdminOptions()
});
var openIdConnect = new Mock <IOpenIdConnectRequestClient>();
openIdConnect.Setup(m => m.AuthClientOptions).Returns(new Pims.Core.Http.Configuration.AuthClientOptions());
openIdConnect.Setup(m => m.DeleteAsync(It.IsAny <string>(), It.IsAny <HttpContent>())).ReturnsAsync(new HttpResponseMessage(HttpStatusCode.OK));
helper.AddSingleton(openIdConnect.Object);
// Act
// Assert
var result = Assert.Throws <ConfigurationException>(() => helper.Create <KeycloakService>(options, user));
result.Message.Should().Be("The configuration for Keycloak:Admin:Authority is invalid or missing.");
}
public async void GetRoleAsync_ByName_Success()
{
// Arrange
var helper = new TestHelper();
var user = PrincipalHelper.CreateForPermission();
var role = new RoleModel()
{
Id = Guid.NewGuid(),
Name = "name",
Description = "description",
Composite = false,
ContainerId = "container"
};
var options = helper.CreateDefaultKeycloakOptions();
var openIdConnect = new Mock <IOpenIdConnectRequestClient>();
openIdConnect.Setup(m => m.AuthClientOptions).Returns(new Pims.Core.Http.Configuration.AuthClientOptions());
openIdConnect.Setup(m => m.GetAsync(It.IsAny <string>())).ReturnsAsync(new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(System.Text.Json.JsonSerializer.Serialize(role))
});
helper.AddSingleton(openIdConnect.Object);
var service = helper.Create <KeycloakService>();
// Act
var result = await service.GetRoleAsync(role.Name);
// Assert
openIdConnect.Verify(m => m.GetAsync($"{options.Value.Admin.Authority}/roles/{role.Name}"), Times.Once());
}
public async void GetGroupMembersAsync_Success()
{
// Arrange
var helper = new TestHelper();
var user = PrincipalHelper.CreateForPermission();
var users = new[] {
new UserModel()
{
Id = Guid.NewGuid(),
Email = "email",
EmailVerified = false,
Enabled = true,
FirstName = "first",
LastName = "last",
Username = "******",
Attributes = new System.Collections.Generic.Dictionary <string, string[]>()
{
{ "attr1", new [] { "attribute" } }
},
RealmRoles = new[] { "role" },
Groups = new[] { "group" },
}
};
var options = helper.CreateDefaultKeycloakOptions();
var openIdConnect = new Mock <IOpenIdConnectRequestClient>();
openIdConnect.Setup(m => m.AuthClientOptions).Returns(new Pims.Core.Http.Configuration.AuthClientOptions());
openIdConnect.Setup(m => m.GetAsync(It.IsAny <string>())).ReturnsAsync(new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(System.Text.Json.JsonSerializer.Serialize(users))
});
helper.AddSingleton(openIdConnect.Object);
var service = helper.Create <KeycloakService>();
var id = Guid.NewGuid();
var first = 1;
var max = 10;
// Act
var result = await service.GetGroupMembersAsync(id, first, max);
// Assert
openIdConnect.Verify(m => m.GetAsync($"{options.Value.Admin.Authority}/groups/{id}/members?first={first}&max={max}"), Times.Once());
result.Should().HaveCount(1);
result.First().Id.Should().Be(users.First().Id);
result.First().Email.Should().Be(users.First().Email);
result.First().EmailVerified.Should().Be(users.First().EmailVerified);
result.First().Enabled.Should().Be(users.First().Enabled);
result.First().FirstName.Should().Be(users.First().FirstName);
result.First().LastName.Should().Be(users.First().LastName);
result.First().Username.Should().Be(users.First().Username);
}
public async void GetGroupsAsync_Success()
{
// Arrange
var helper = new TestHelper();
var user = PrincipalHelper.CreateForPermission();
var groups = new[] {
new GroupModel()
{
Id = Guid.NewGuid(),
Name = "name",
Path = "path",
Attributes = new System.Collections.Generic.Dictionary <string, string[]>()
{
{ "attr1", new [] { "attribute" } }
},
ClientRoles = new System.Collections.Generic.Dictionary <string, string[]>()
{
{ "attr1", new [] { "clientRole" } }
},
RealmRoles = new[] { "role" }
}
};
var options = helper.CreateDefaultKeycloakOptions();
var openIdConnect = new Mock <IOpenIdConnectRequestClient>();
openIdConnect.Setup(m => m.AuthClientOptions).Returns(new Pims.Core.Http.Configuration.AuthClientOptions());
openIdConnect.Setup(m => m.GetAsync(It.IsAny <string>())).ReturnsAsync(new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(System.Text.Json.JsonSerializer.Serialize(groups))
});
helper.AddSingleton(openIdConnect.Object);
var service = helper.Create <KeycloakService>();
var first = 1;
var max = 10;
var search = "search";
// Act
var result = await service.GetGroupsAsync(first, max, search);
// Assert
openIdConnect.Verify(m => m.GetAsync($"{options.Value.Admin.Authority}/groups?first={first}&max={max}&search={search}"), Times.Once());
result.Should().HaveCount(1);
result.First().Id.Should().Be(groups.First().Id);
result.First().Name.Should().Be(groups.First().Name);
result.First().Path.Should().Be(groups.First().Path);
}
public void CreateKeycloakService_ServiceAccount()
{
// Arrange
var helper = new TestHelper();
var user = PrincipalHelper.CreateForPermission();
var options = Options.Create(new KeycloakOptions()
{
Authority = "https://keycloak",
Audience = "pims",
Client = "pims",
Admin = new KeycloakAdminOptions()
{
Authority = "https://keycloak/admin",
Users = "/users"
},
OpenIdConnect = new Pims.Core.Http.Configuration.OpenIdConnectOptions()
{
Token = "/protocol/openid-connect/token",
UserInfo = "/protocol/openid-connect/userinfo"
},
ServiceAccount = new KeycloakServiceAccountOptions()
{
Authority = "https://serviceaccount",
Audience = "serviceaccount",
Client = "pims-service-account",
Secret = "[USE SECRETS]",
}
});
var openIdConnect = new Mock <IOpenIdConnectRequestClient>();
openIdConnect.Setup(m => m.AuthClientOptions).Returns(new Pims.Core.Http.Configuration.AuthClientOptions());
openIdConnect.Setup(m => m.DeleteAsync(It.IsAny <string>(), It.IsAny <HttpContent>())).ReturnsAsync(new HttpResponseMessage(HttpStatusCode.OK));
helper.AddSingleton(openIdConnect.Object);
// Act
var service = helper.Create <KeycloakService>(options, user);
// Assert
openIdConnect.Object.AuthClientOptions.Audience.Should().Be(options.Value.ServiceAccount.Audience);
openIdConnect.Object.AuthClientOptions.Authority.Should().Be(options.Value.ServiceAccount.Authority);
openIdConnect.Object.AuthClientOptions.Client.Should().Be(options.Value.ServiceAccount.Client);
openIdConnect.Object.AuthClientOptions.Secret.Should().Be(options.Value.ServiceAccount.Secret);
}
public async void CreateSubGroupAsync_Success()
{
// Arrange
var helper = new TestHelper();
var user = PrincipalHelper.CreateForPermission();
var group = new GroupModel()
{
Id = Guid.NewGuid(),
Name = "name",
Path = "path",
Attributes = new System.Collections.Generic.Dictionary <string, string[]>()
{
{ "attr1", new [] { "attribute" } }
},
ClientRoles = new System.Collections.Generic.Dictionary <string, string[]>()
{
{ "attr1", new [] { "clientRole" } }
},
RealmRoles = new[] { "role" }
};
var options = helper.CreateDefaultKeycloakOptions();
var openIdConnect = new Mock <IOpenIdConnectRequestClient>();
openIdConnect.Setup(m => m.AuthClientOptions).Returns(new Pims.Core.Http.Configuration.AuthClientOptions());
openIdConnect.Setup(m => m.PostAsync(It.IsAny <string>(), It.IsAny <HttpContent>())).ReturnsAsync(new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(System.Text.Json.JsonSerializer.Serialize(group))
});
helper.AddSingleton(openIdConnect.Object);
var service = helper.Create <KeycloakService>();
var parentId = Guid.NewGuid();
// Act
var result = await service.CreateSubGroupAsync(parentId, group);
// Assert
openIdConnect.Verify(m => m.PostAsync($"{options.Value.Admin.Authority}/groups/{parentId}/children", It.IsAny <HttpContent>()), Times.Once());
result.Id.Should().Be(group.Id);
result.Name.Should().Be(group.Name);
result.Path.Should().Be(group.Path);
}
public async void DeleteAttackDetectionAsync_Success()
{
// Arrange
var helper = new TestHelper();
var user = PrincipalHelper.CreateForPermission();
var options = helper.CreateDefaultKeycloakOptions();
var openIdConnect = new Mock <IOpenIdConnectRequestClient>();
openIdConnect.Setup(m => m.AuthClientOptions).Returns(new Pims.Core.Http.Configuration.AuthClientOptions());
openIdConnect.Setup(m => m.DeleteAsync(It.IsAny <string>(), It.IsAny <HttpContent>())).ReturnsAsync(new HttpResponseMessage(HttpStatusCode.OK));
helper.AddSingleton(openIdConnect.Object);
var service = helper.Create <KeycloakService>();
// Act
await service.DeleteAttackDetectionAsync();
// Assert
openIdConnect.Verify(m => m.DeleteAsync($"{options.Value.Admin.Authority}/attack-detection/brute-force/users", null), Times.Once());
}
public async void DeleteGroupAsync_Success()
{
// Arrange
var helper = new TestHelper();
var user = PrincipalHelper.CreateForPermission();
var options = helper.CreateDefaultKeycloakOptions();
var openIdConnect = new Mock <IOpenIdConnectRequestClient>();
openIdConnect.Setup(m => m.AuthClientOptions).Returns(new Pims.Core.Http.Configuration.AuthClientOptions());
openIdConnect.Setup(m => m.DeleteAsync(It.IsAny <string>(), It.IsAny <HttpContent>())).ReturnsAsync(new HttpResponseMessage(HttpStatusCode.OK));
helper.AddSingleton(openIdConnect.Object);
var service = helper.Create <KeycloakService>();
var id = Guid.NewGuid();
// Act
var result = await service.DeleteGroupAsync(id);
// Assert
openIdConnect.Verify(m => m.DeleteAsync($"{options.Value.Admin.Authority}/groups/{id}", null), Times.Once());
result.Should().Be(id);
}