public async void ExchangeCodeAsync_SendsTokenRequest_ReturnsValidTokenInfo()
{
TestMessageHandler handler = new TestMessageHandler();
var response = new HttpResponseMessage(System.Net.HttpStatusCode.OK);
response.Content = new StringContent(TestHelpers.GetValidTokenRequestResponse());
handler.Response = response;
HttpClient client = new HttpClient(handler);
MyTestCloudFoundryHandler testHandler = new MyTestCloudFoundryHandler(client);
var opts = new CloudFoundryOptions();
var context = new DefaultHttpContext();
context.Features.Set <IHttpResponseFeature>(new TestResponse());
var logger = new LoggerFactory().CreateLogger("ExchangeCodeAsync_SendsTokenRequest");
await testHandler.InitializeAsync(opts, context, logger, UrlEncoder.Default);
var resp = await testHandler.TestExchangeCodeAsync("code", "redirectUri");
Assert.NotNull(handler.LastRequest);
Assert.Equal(HttpMethod.Post, handler.LastRequest.Method);
Assert.Equal(opts.TokenEndpoint.ToLowerInvariant(), handler.LastRequest.RequestUri.ToString().ToLowerInvariant());
Assert.NotNull(resp);
Assert.NotNull(resp.Response);
Assert.Equal("bearer", resp.TokenType);
Assert.NotNull(resp.AccessToken);
Assert.NotNull(resp.RefreshToken);
}
public void ValidateToken_FailsOnLifetime()
{
string token = "eyJhbGciOiJSUzI1NiIsImtpZCI6ImxlZ2FjeS10b2tlbi1rZXkiLCJ0eXAiOiJKV1QifQ.eyJqdGkiOiI0YjM2NmY4MDdlMjU0MzlmYmRkOTEwZDc4ZjcwYzlhMSIsInN1YiI6ImZlNmExYmUyLWM5MTEtNDM3OC05Y2MxLTVhY2Y1NjA1Y2ZjMiIsInNjb3BlIjpbImNsb3VkX2NvbnRyb2xsZXIucmVhZCIsImNsb3VkX2NvbnRyb2xsZXJfc2VydmljZV9wZXJtaXNzaW9ucy5yZWFkIiwidGVzdGdyb3VwIiwib3BlbmlkIl0sImNsaWVudF9pZCI6Im15VGVzdEFwcCIsImNpZCI6Im15VGVzdEFwcCIsImF6cCI6Im15VGVzdEFwcCIsImdyYW50X3R5cGUiOiJhdXRob3JpemF0aW9uX2NvZGUiLCJ1c2VyX2lkIjoiZmU2YTFiZTItYzkxMS00Mzc4LTljYzEtNWFjZjU2MDVjZmMyIiwib3JpZ2luIjoidWFhIiwidXNlcl9uYW1lIjoiZGF2ZSIsImVtYWlsIjoiZGF2ZSIsImF1dGhfdGltZSI6MTQ3MzYxNTU0MSwicmV2X3NpZyI6IjEwZDM1NzEyIiwiaWF0IjoxNDczNjI0MjU1LCJleHAiOjE0NzM2Njc0NTUsImlzcyI6Imh0dHBzOi8vdWFhLnN5c3RlbS50ZXN0Y2xvdWQuY29tL29hdXRoL3Rva2VuIiwiemlkIjoidWFhIiwiYXVkIjpbImNsb3VkX2NvbnRyb2xsZXIiLCJteVRlc3RBcHAiLCJvcGVuaWQiLCJjbG91ZF9jb250cm9sbGVyX3NlcnZpY2VfcGVybWlzc2lvbnMiXX0.Hth_SXpMAyiTf--U75r40qODlSUr60U730IW28K2VidEltW3lN3_CE7HkSjolRGr-DYuWHRvy3i_EwBfj1WTkBaXL373UzPVvNBnat9Gi-vjz07LwmBohk3baG1mmlL8IoGbQwtsmfUPhmO5C6_M4s9wKmTf9XIZPVo_w7zPJadrXfHLfx6iQob7CYpTTix2VBWya29iL7kmD1J1UDT5YRg2J9XT30iFuL6BvPQTkuGnX3ivDuUOSdxM8Z451i0VJmc0LYFBCLJ-Tz6bJ2d0wrtfsbCfuNtxjmGJevcL2jKQbEoiliYj60qNtZdT-ijGUdZjE9caxQ2nOkDkowacpw";
string keyset = "{ 'keys':[{'kid':'legacy-token-key','alg':'SHA256withRSA','value':'-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+7xH35bYBppsn54cBW+\nFlrveTe+3L4xl7ix13XK8eBcCmNOyBhNzhks6toDiRjrgw5QW76cFirVRFIVQkiZ\nsUwDyGOax3q8NOJyBFXiplIUScrx8aI0jkY/Yd6ixAc5yBSBfXThy4EF9T0xCyt4\nxWLYNXMRwe88Y+i+MEoLNXWRbhjJm76LN7rsdIxALbS0vJNWUDALWjtE6FeYX6uU\nL9msAzlCQkdnSvwMmr8Ij2O3IVMxHDJXOZinFqt9zVfXwO11o7ZmiskZnRz1/V0f\nvbUQAadkcDEUt1gk9cbrAhiipg8VWDMsC7VUXuekJZjme5f8oWTwpsgP6cTUzwSS\n6wIDAQAB\n-----END PUBLIC KEY-----','kty':'RSA','use':'sig','n':'AJPu8R9+W2AaabJ+eHAVvhZa73k3vty+MZe4sdd1yvHgXApjTsgYTc4ZLOraA4kY64MOUFu+nBYq1URSFUJImbFMA8hjmsd6vDTicgRV4qZSFEnK8fGiNI5GP2HeosQHOcgUgX104cuBBfU9MQsreMVi2DVzEcHvPGPovjBKCzV1kW4YyZu+ize67HSMQC20tLyTVlAwC1o7ROhXmF+rlC/ZrAM5QkJHZ0r8DJq/CI9jtyFTMRwyVzmYpxarfc1X18DtdaO2ZorJGZ0c9f1dH721EAGnZHAxFLdYJPXG6wIYoqYPFVgzLAu1VF7npCWY5nuX/KFk8KbID+nE1M8Ekus=','e':'AQAB'}]}";
var keys = JsonWebKeySet.Create(keyset);
var webKey = keys.Keys[0];
var parameters = new TokenValidationParameters();
CloudFoundryOptions options = new CloudFoundryOptions();
options.TokenKeyResolver = new CloudFoundryTokenKeyResolver(options);
options.TokenValidator = new CloudFoundryTokenValidator(options);
options.TokenValidationParameters = parameters;
options.TokenKeyResolver.FixupKey(webKey);
options.TokenKeyResolver.Resolved["legacy-token-key"] = webKey;
parameters.ValidateAudience = false;
parameters.ValidateIssuer = false;
parameters.ValidateLifetime = true;
parameters.IssuerSigningKeyResolver = options.TokenKeyResolver.ResolveSigningKey;
var result = options.TokenValidator.ValidateToken(token);
Assert.False(result);
}
public void Contstructor_BindsConfigurationCorrectly()
{
var appsettings = new Dictionary <string, string>()
{
["management:endpoints:enabled"] = "false",
["management:endpoints:sensitive"] = "false",
["management:endpoints:path"] = "/cloudfoundryapplication",
["management:endpoints:loggers:enabled"] = "false",
["management:endpoints:loggers:sensitive"] = "true",
["management:endpoints:heapdump:enabled"] = "true",
["management:endpoints:heapdump:sensitive"] = "true",
["management:endpoints:cloudfoundry:validatecertificates"] = "true",
["management:endpoints:cloudfoundry:enabled"] = "true"
};
ConfigurationBuilder configurationBuilder = new ConfigurationBuilder();
configurationBuilder.AddInMemoryCollection(appsettings);
var config = configurationBuilder.Build();
var opts = new HeapDumpOptions(config);
CloudFoundryOptions cloudOpts = new CloudFoundryOptions(config);
Assert.True(cloudOpts.Enabled);
Assert.False(cloudOpts.Sensitive);
Assert.Equal(string.Empty, cloudOpts.Id);
Assert.Equal("/cloudfoundryapplication", cloudOpts.Path);
Assert.True(cloudOpts.ValidateCertificates);
Assert.True(opts.Enabled);
Assert.True(opts.Sensitive);
Assert.Equal("heapdump", opts.Id);
Assert.Equal("/cloudfoundryapplication/heapdump", opts.Path);
}
public void OAuthServiceOptionsConstructor_SetsupOptionsAsExpected()
{
OAuthServiceOptions oauthOpts = new OAuthServiceOptions()
{
ClientId = "ClientId",
ClientSecret = "ClientSecret",
UserAuthorizationUrl = "UserAuthorizationUrl",
AccessTokenUrl = "AccessTokenUrl",
UserInfoUrl = "UserInfoUrl",
TokenInfoUrl = "TokenInfoUrl",
JwtKeyUrl = "JwtKeyUrl",
Scope = { "foo", "bar" }
};
CloudFoundryOptions opts = new CloudFoundryOptions(oauthOpts);
Assert.Equal(CloudFoundryOptions.AUTHENTICATION_SCHEME, opts.ClaimsIssuer);
Assert.Equal("ClientId", opts.ClientId);
Assert.Equal("ClientSecret", opts.ClientSecret);
Assert.Equal(CloudFoundryOptions.OAUTH_AUTHENTICATION_SCHEME, opts.AuthenticationScheme);
Assert.Equal(CloudFoundryOptions.AUTHENTICATION_SCHEME, opts.DisplayName);
Assert.Equal(new PathString("/signin-cloudfoundry"), opts.CallbackPath);
Assert.Equal("UserAuthorizationUrl", opts.AuthorizationEndpoint);
Assert.Equal("AccessTokenUrl", opts.TokenEndpoint);
Assert.Equal("UserInfoUrl", opts.UserInformationEndpoint);
Assert.Equal("TokenInfoUrl", opts.TokenInfoUrl);
Assert.Equal("JwtKeyUrl", opts.JwtKeyUrl);
Assert.True(opts.Scope.Contains("foo"));
Assert.True(opts.Scope.Contains("bar"));
Assert.True(opts.ValidateCertificates);
}
public void MessageInspector_AttachesUserToken()
{
// arrange
var options = new CloudFoundryOptions()
{
AuthorizationUrl = "http://localhost", ForwardUserCredentials = true
};
var inspector = new JwtHeaderMessageInspector(options, "someToken");
var properties = new MessageProperties {
{ HttpRequestMessageProperty.Name, new HttpRequestMessageProperty() }
};
var message = new Mock <Message>();
message.Setup(p => p.Properties).Returns(() => properties);
var mo = message.Object;
// act
inspector.BeforeSendRequest(ref mo, null);
HttpRequestMessageProperty httpRequestMessage;
mo.Properties.TryGetValue(HttpRequestMessageProperty.Name, out object httpRequestMessageObject);
httpRequestMessage = httpRequestMessageObject as HttpRequestMessageProperty;
// assert
Assert.True(httpRequestMessage.Headers.AllKeys.Any());
Assert.Equal("Bearer someToken", httpRequestMessage.Headers["Authorization"]);
}
public void MessageInspector_GetsAndAttachesOwnToken()
{
// arrange
var options = new CloudFoundryOptions()
{
AccessTokenEndpoint = "/tokenUrl", AuthorizationUrl = "http://localhost", ClientId = "validId", ClientSecret = "validSecret"
};
var inspector = new JwtHeaderMessageInspector(options, null, GetMockHttpClient());
var properties = new MessageProperties {
{ HttpRequestMessageProperty.Name, new HttpRequestMessageProperty() }
};
var message = new Mock <Message>();
message.Setup(p => p.Properties).Returns(() => properties);
var mo = message.Object;
// act
inspector.BeforeSendRequest(ref mo, null);
HttpRequestMessageProperty httpRequestMessage;
mo.Properties.TryGetValue(HttpRequestMessageProperty.Name, out object httpRequestMessageObject);
httpRequestMessage = httpRequestMessageObject as HttpRequestMessageProperty;
// assert
Assert.True(httpRequestMessage.Headers.AllKeys.Any());
Assert.Equal("Bearer someClientCredentialsToken", httpRequestMessage.Headers["Authorization"]);
}
public async void ExchangeCodeAsync_SendsTokenRequest_ReturnsErrorResponse()
{
TestMessageHandler handler = new TestMessageHandler();
var response = new HttpResponseMessage(System.Net.HttpStatusCode.BadRequest);
response.Content = new StringContent("");
handler.Response = response;
HttpClient client = new HttpClient(handler);
MyTestCloudFoundryHandler testHandler = new MyTestCloudFoundryHandler(client);
var opts = new CloudFoundryOptions();
var context = new DefaultHttpContext();
context.Features.Set <IHttpResponseFeature>(new TestResponse());
var logger = new LoggerFactory().CreateLogger("ExchangeCodeAsync_SendsTokenRequest");
await testHandler.InitializeAsync(opts, context, logger, UrlEncoder.Default);
var resp = await testHandler.TestExchangeCodeAsync("code", "redirectUri");
Assert.NotNull(handler.LastRequest);
Assert.Equal(HttpMethod.Post, handler.LastRequest.Method);
Assert.Equal(opts.TokenEndpoint.ToLowerInvariant(), handler.LastRequest.RequestUri.ToString().ToLowerInvariant());
Assert.NotNull(resp);
Assert.NotNull(resp.Error);
Assert.True(resp.Error.Message.Contains("OAuth token endpoint failure"));
}
public CloudFoundryCorsHandler(CloudFoundryOptions options, IEnumerable <ISecurityService> securityServices, ILogger <CloudFoundryCorsHandler> logger = null)
: base(securityServices, new List <HttpMethod> {
HttpMethod.Options
}, false, logger)
{
_options = options;
}
public void Constructor_InitializesWithDefaults()
{
var opts = new CloudFoundryOptions();
Assert.True(opts.Enabled);
Assert.False(opts.Sensitive);
Assert.True(opts.ValidateCertificates);
Assert.Equal(string.Empty, opts.Id);
}
public void ValidateIssuer_ValidatesCorrectly()
{
CloudFoundryOptions options = new CloudFoundryOptions();
var validator = new CloudFoundryTokenValidator(options);
Assert.NotNull(validator.ValidateIssuer("https://uaa.system.testcloud.com/", null, null));
Assert.Null(validator.ValidateIssuer("https://foobar.system.testcloud.com/", null, null));
}
public void CloudFoundryEndpointMiddleware_PathAndVerbMatching_ReturnsExpected()
{
var opts = new CloudFoundryOptions();
var ep = new CloudFoundryEndpoint(opts);
var middle = new CloudFoundryEndpointOwinMiddleware(null, ep);
Assert.True(middle.RequestVerbAndPathMatch("GET", "/"));
Assert.False(middle.RequestVerbAndPathMatch("PUT", "/"));
Assert.False(middle.RequestVerbAndPathMatch("GET", "/badpath"));
}
public void Constructor_ThrowsIfOptionsNull()
{
// Arrange
CloudFoundryOptions options = null;
// Act and Assert
var ex = Assert.Throws <ArgumentNullException>(() => new CloudFoundryTokenKeyResolver(options));
Assert.Contains(nameof(options), ex.Message);
}
public void Contstructor_BindsConfigurationCorrectly()
{
var appsettings = new Dictionary <string, string>()
{
["management:endpoints:enabled"] = "false",
["management:endpoints:sensitive"] = "false",
["management:endpoints:path"] = "/cloudfoundryapplication",
["management:endpoints:loggers:enabled"] = "false",
["management:endpoints:loggers:sensitive"] = "true",
["management:endpoints:trace:enabled"] = "true",
["management:endpoints:trace:sensitive"] = "true",
["management:endpoints:trace:capacity"] = "1000",
["management:endpoints:trace:addTimeTaken"] = "false",
["management:endpoints:trace:addRequestHeaders"] = "false",
["management:endpoints:trace:addResponseHeaders"] = "false",
["management:endpoints:trace:addPathInfo"] = "true",
["management:endpoints:trace:addUserPrincipal"] = "true",
["management:endpoints:trace:addParameters"] = "true",
["management:endpoints:trace:addQueryString"] = "true",
["management:endpoints:trace:addAuthType"] = "true",
["management:endpoints:trace:addRemoteAddress"] = "true",
["management:endpoints:trace:addSessionId"] = "true",
["management:endpoints:cloudfoundry:validatecertificates"] = "true",
["management:endpoints:cloudfoundry:enabled"] = "true"
};
ConfigurationBuilder configurationBuilder = new ConfigurationBuilder();
configurationBuilder.AddInMemoryCollection(appsettings);
var config = configurationBuilder.Build();
var opts = new TraceOptions(config);
CloudFoundryOptions cloudOpts = new CloudFoundryOptions(config);
Assert.True(cloudOpts.Enabled);
Assert.False(cloudOpts.Sensitive);
Assert.Equal(string.Empty, cloudOpts.Id);
Assert.Equal("/cloudfoundryapplication", cloudOpts.Path);
Assert.True(cloudOpts.ValidateCertificates);
Assert.True(opts.Enabled);
Assert.True(opts.Sensitive);
Assert.Equal("trace", opts.Id);
Assert.Equal("/cloudfoundryapplication/trace", opts.Path);
Assert.Equal(1000, opts.Capacity);
Assert.False(opts.AddTimeTaken);
Assert.False(opts.AddRequestHeaders);
Assert.False(opts.AddResponseHeaders);
Assert.True(opts.AddPathInfo);
Assert.True(opts.AddUserPrincipal);
Assert.True(opts.AddParameters);
Assert.True(opts.AddQueryString);
Assert.True(opts.AddAuthType);
Assert.True(opts.AddRemoteAddress);
Assert.True(opts.AddSessionId);
}
public static void UseCloudFoundryActuator(IConfiguration configuration, ILoggerFactory loggerFactory = null)
{
var options = new CloudFoundryOptions(configuration);
var ep = new CloudFoundryEndpoint(options, CreateLogger <CloudFoundryEndpoint>(loggerFactory));
var handler = new CloudFoundryHandler(ep, SecurityService, CreateLogger <CloudFoundryHandler>(loggerFactory));
ConfiguredHandlers.Add(handler);
var handler2 = new CloudFoundryCorsHandler(options, SecurityService, CreateLogger <CloudFoundryCorsHandler>(loggerFactory));
ConfiguredHandlers.Add(handler2);
}
public async void GetPermissions_ReturnsExpected()
{
var opts = new CloudFoundryOptions();
var middle = new CloudFoundrySecurityMiddleware(null, opts, null);
var context = CreateRequest("GET", "/");
var result = await middle.GetPermissions(context);
Assert.NotNull(result);
Assert.Equal(Security.Permissions.NONE, result.Permissions);
Assert.Equal(HttpStatusCode.Unauthorized, result.Code);
}
public void UseCloudFoundryAuthentication_ThowsCloudFoundryOptionsNull()
{
// Arrange
IApplicationBuilder builder = new ApplicationBuilder(null);
CloudFoundryOptions options = null;
// Act and Assert
var ex = Assert.Throws <ArgumentNullException>(() => CloudFoundryAppBuilderExtensions.UseCloudFoundryAuthentication(builder, options));
Assert.Contains(nameof(options), ex.Message);
}
public void GetAccessToken_FindsToken()
{
string token = "eyJhbGciOiJSUzI1NiIsImtpZCI6ImxlZ2FjeS10b2tlbi1rZXkiLCJ0eXAiOiJKV1QifQ.eyJqdGkiOiI0YjM2NmY4MDdlMjU0MzlmYmRkOTEwZDc4ZjcwYzlhMSIsInN1YiI6ImZlNmExYmUyLWM5MTEtNDM3OC05Y2MxLTVhY2Y1NjA1Y2ZjMiIsInNjb3BlIjpbImNsb3VkX2NvbnRyb2xsZXIucmVhZCIsImNsb3VkX2NvbnRyb2xsZXJfc2VydmljZV9wZXJtaXNzaW9ucy5yZWFkIiwidGVzdGdyb3VwIiwib3BlbmlkIl0sImNsaWVudF9pZCI6Im15VGVzdEFwcCIsImNpZCI6Im15VGVzdEFwcCIsImF6cCI6Im15VGVzdEFwcCIsImdyYW50X3R5cGUiOiJhdXRob3JpemF0aW9uX2NvZGUiLCJ1c2VyX2lkIjoiZmU2YTFiZTItYzkxMS00Mzc4LTljYzEtNWFjZjU2MDVjZmMyIiwib3JpZ2luIjoidWFhIiwidXNlcl9uYW1lIjoiZGF2ZSIsImVtYWlsIjoiZGF2ZSIsImF1dGhfdGltZSI6MTQ3MzYxNTU0MSwicmV2X3NpZyI6IjEwZDM1NzEyIiwiaWF0IjoxNDczNjI0MjU1LCJleHAiOjE0NzM2Njc0NTUsImlzcyI6Imh0dHBzOi8vdWFhLnN5c3RlbS50ZXN0Y2xvdWQuY29tL29hdXRoL3Rva2VuIiwiemlkIjoidWFhIiwiYXVkIjpbImNsb3VkX2NvbnRyb2xsZXIiLCJteVRlc3RBcHAiLCJvcGVuaWQiLCJjbG91ZF9jb250cm9sbGVyX3NlcnZpY2VfcGVybWlzc2lvbnMiXX0.Hth_SXpMAyiTf--U75r40qODlSUr60U730IW28K2VidEltW3lN3_CE7HkSjolRGr-DYuWHRvy3i_EwBfj1WTkBaXL373UzPVvNBnat9Gi-vjz07LwmBohk3baG1mmlL8IoGbQwtsmfUPhmO5C6_M4s9wKmTf9XIZPVo_w7zPJadrXfHLfx6iQob7CYpTTix2VBWya29iL7kmD1J1UDT5YRg2J9XT30iFuL6BvPQTkuGnX3ivDuUOSdxM8Z451i0VJmc0LYFBCLJ-Tz6bJ2d0wrtfsbCfuNtxjmGJevcL2jKQbEoiliYj60qNtZdT-ijGUdZjE9caxQ2nOkDkowacpw";
Dictionary <string, string> items = new Dictionary <string, string>()
{
{ CloudFoundryTokenValidator.ACCESS_TOKEN_KEY, token }
};
CloudFoundryOptions options = new CloudFoundryOptions();
var validator = new CloudFoundryTokenValidator(options);
var result = validator.GetAccessToken(items);
Assert.NotNull(result);
}
public void Invoke_OnlyCloudFoundryEndpoint_ReturnsExpectedLinks()
{
var cloudOpts = new CloudFoundryOptions();
var ep = new CloudFoundryEndpoint(cloudOpts);
var info = ep.Invoke("http://localhost:5000/foobar");
Assert.NotNull(info);
Assert.NotNull(info._links);
Assert.True(info._links.ContainsKey("self"));
Assert.Equal("http://localhost:5000/foobar", info._links["self"].href);
Assert.Equal(1, info._links.Count);
}
public void GetHttpClient_AddsHandler()
{
TestMessageHandler handler = new TestMessageHandler();
CloudFoundryOptions options = new CloudFoundryOptions()
{
BackchannelHttpHandler = handler
};
var resolver = new CloudFoundryTokenKeyResolver(options);
var client = resolver.GetHttpClient();
client.GetAsync("http://localhost/");
Assert.NotNull(handler.LastRequest);
}
public async void HandleCloudFoundryRequestAsync_ReturnsExpected()
{
var opts = new CloudFoundryOptions();
var ep = new TestCloudFoundryEndpoint(opts);
var middle = new CloudFoundryEndpointMiddleware(null, ep);
var context = CreateRequest("GET", "/");
await middle.HandleCloudFoundryRequestAsync(context);
context.Response.Body.Seek(0, SeekOrigin.Begin);
StreamReader rdr = new StreamReader(context.Response.Body);
string json = await rdr.ReadToEndAsync();
Assert.Equal("{\"type\":\"steeltoe\",\"_links\":{}}", json);
}
public async void ClientTokenResolver_Throws_OnRemoteFail()
{
// arrange
var options = new CloudFoundryOptions()
{
AccessTokenEndpoint = "/tokenUrl", AuthorizationUrl = "http://localhost", ClientId = "badId", ClientSecret = "clientSecret"
};
var resolver = new CloudFoundryClientTokenResolver(options, GetMockHttpClient());
// act
var tokenError = await Assert.ThrowsAsync <Exception>(() => resolver.GetAccessToken());
// assert
Assert.Contains("OAuth token endpoint failure: ", tokenError.Message);
}
public void GetBackChannelHandler_ReturnsCorrectly()
{
CloudFoundryOptions opts = new CloudFoundryOptions();
Assert.Null(opts.GetBackChannelHandler());
opts = new CloudFoundryOptions()
{
ValidateCertificates = false
};
#if NET452
Assert.Null(opts.GetBackChannelHandler());
#else
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
Assert.NotNull(opts.GetBackChannelHandler());
}
#endif
OAuthServiceOptions oauthOpts = new OAuthServiceOptions()
{
ClientId = "ClientId",
ClientSecret = "ClientSecret",
UserAuthorizationUrl = "UserAuthorizationUrl",
AccessTokenUrl = "AccessTokenUrl",
UserInfoUrl = "UserInfoUrl",
TokenInfoUrl = "TokenInfoUrl",
JwtKeyUrl = "JwtKeyUrl",
Scope = { "foo", "bar" }
};
opts = new CloudFoundryOptions(oauthOpts);
Assert.Null(opts.GetBackChannelHandler());
opts = new CloudFoundryOptions(oauthOpts)
{
ValidateCertificates = false
};
#if NET452
Assert.Null(opts.GetBackChannelHandler());
#else
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
Assert.NotNull(opts.GetBackChannelHandler());
}
#endif
}
public async void ClientTokenResolver_ReturnsAccessToken_OnSuccess()
{
// arrange
var options = new CloudFoundryOptions()
{
AccessTokenEndpoint = "/tokenUrl", AuthorizationUrl = "http://localhost", ClientId = "validId", ClientSecret = "clientSecret"
};
var resolver = new CloudFoundryClientTokenResolver(options, GetMockHttpClient());
var expectedToken = "eyJhbGciOiJSUzI1NiIsImtpZCI6ImtleS0xIiwidHlwIjoiSldUIn0.eyJqdGkiOiI3YTMzYzVhNjhjY2I0YjRiYmQ5N2I4MTRlZWExMTc3MiIsInN1YiI6Ijk1YmJiMzQ2LWI2OGMtNGYxNS1iMzQxLTcwZDYwZjlmNDZiYSIsInNjb3BlIjpbInRlc3Rncm91cCIsIm9wZW5pZCJdLCJjbGllbnRfaWQiOiJjOTIwYjRmNS00ODdjLTRkZDAtYTYzZC00ZDQwYzEzMzE5ODYiLCJjaWQiOiJjOTIwYjRmNS00ODdjLTRkZDAtYTYzZC00ZDQwYzEzMzE5ODYiLCJhenAiOiJjOTIwYjRmNS00ODdjLTRkZDAtYTYzZC00ZDQwYzEzMzE5ODYiLCJncmFudF90eXBlIjoiYXV0aG9yaXphdGlvbl9jb2RlIiwidXNlcl9pZCI6Ijk1YmJiMzQ2LWI2OGMtNGYxNS1iMzQxLTcwZDYwZjlmNDZiYSIsIm9yaWdpbiI6InVhYSIsInVzZXJfbmFtZSI6ImRhdmUiLCJlbWFpbCI6ImRhdmVAdGVzdGNsb3VkLmNvbSIsImF1dGhfdGltZSI6MTU0NjY0MjkzMywicmV2X3NpZyI6ImE1ZWY2ODg5IiwiaWF0IjoxNTQ2NjQyOTM1LCJleHAiOjE1NDY2ODYxMzUsImlzcyI6Imh0dHBzOi8vc3RlZWx0b2UudWFhLmNmLmJlZXQuc3ByaW5nYXBwcy5pby9vYXV0aC90b2tlbiIsInppZCI6IjNhM2VhZGFkLTViMmYtNDUzMC1hZjk1LWE2OWJjMGFmZDE1YiIsImF1ZCI6WyJvcGVuaWQiLCJjOTIwYjRmNS00ODdjLTRkZDAtYTYzZC00ZDQwYzEzMzE5ODYiXX0.tGTXZzuuUSObTwdPHSx-zvnld20DH5hlOZlYp5DhjwkMIsZB0uIvVwbVDkPp7H_AmmeJoo6vqa5hbbgfgnYpTrKlCGOypnHoa3yRIKrwcDmLLujaMz6ApZeaJ7sJN-0N1UnPZ9iGcqvt9hNb_198zRnMXGH72oI0e2iGUBV1olCFVdZTnMGT7sUieDFKy7n0ghZYq_gUI8rfvTwiC3lfxv0nDXz4oE9Z-UKhK6q1zkAtQrz61FQ_CHONejz1JnuxQFKMMvm8JLcRkn6OL-EcSi1hkmFw0efO1OqccQacxphlafyHloVPQ3IOtzLjCf8sJ5NgTdCTC3iddT_sYovdrg";
// act
var token = await resolver.GetAccessToken();
// assert
Assert.Equal(expectedToken, token);
}
public void Configure_WithServiceInfo_ReturnsExpected()
{
// arrange
string authURL = "http://domain";
var opts = new CloudFoundryOptions();
SsoServiceInfo info = new SsoServiceInfo("foobar", "clientId", "secret", "http://domain");
// act
CloudFoundryOptionsConfigurer.Configure(info, opts);
// assert
Assert.Equal("clientId", opts.ClientId);
Assert.Equal("secret", opts.ClientSecret);
Assert.Equal(authURL + CloudFoundryDefaults.CheckTokenUri, opts.TokenInfoUrl);
Assert.True(opts.ValidateCertificates);
}
public void GetAccessToken_ReturnsExpected()
{
var opts = new CloudFoundryOptions();
var middle = new CloudFoundrySecurityMiddleware(null, opts, null);
var context = CreateRequest("GET", "/");
var token = middle.GetAccessToken(context.Request);
Assert.Null(token);
var context2 = CreateRequest("GET", "/");
context2.Request.Headers.Add("Authorization", new StringValues("Bearer foobar"));
var token2 = middle.GetAccessToken(context2.Request);
Assert.Equal("foobar", token2);
}
public void Invoke_CloudFoundryDisable_ReturnsExpectedLinks()
{
var infoOpts = new InfoOptions();
infoOpts.Enabled = true;
var cloudOpts = new CloudFoundryOptions();
cloudOpts.Enabled = false;
var ep = new CloudFoundryEndpoint(cloudOpts);
var info = ep.Invoke("http://localhost:5000/foobar");
Assert.NotNull(info);
Assert.NotNull(info._links);
Assert.Equal(0, info._links.Count);
}
public void IsCloudFoundryRequest_ReturnsExpected()
{
var opts = new CloudFoundryOptions();
var middle = new CloudFoundrySecurityMiddleware(null, opts, null);
var context = CreateRequest("GET", "/");
Assert.True(middle.IsCloudFoundryRequest(context));
var context2 = CreateRequest("PUT", "/");
Assert.True(middle.IsCloudFoundryRequest(context2));
var context3 = CreateRequest("GET", "/badpath");
Assert.True(middle.IsCloudFoundryRequest(context3));
}
public async void UseCloudFoundryJwtAuthentication_AddsMiddlewareIntoPipeline()
{
IHostingEnvironment envir = new HostingEnvironment();
CloudFoundryOptions opts = new CloudFoundryOptions();
TestServerStartup.CloudFoundryOptions = opts;
TestServerStartup.ServiceOptions = null;
var builder = new WebHostBuilder().UseStartup <TestServerJwtStartup>().UseEnvironment("development");
using (var server = new TestServer(builder))
{
var client = server.CreateClient();
var result = await client.GetAsync("http://localhost/");
Assert.Equal(HttpStatusCode.Unauthorized, result.StatusCode);
}
}
public void Constructor_BindsConfigurationCorrectly()
{
var appsettings = @"
{
'management': {
'endpoints': {
'enabled': false,
'sensitive': false,
'path': '/cloudfoundryapplication',
'health' : {
'enabled': true,
'requiredPermissions' : 'NONE'
},
'cloudfoundry': {
'validatecertificates' : true,
'enabled': true
}
}
}
}";
var path = TestHelpers.CreateTempFile(appsettings);
string directory = Path.GetDirectoryName(path);
string fileName = Path.GetFileName(path);
ConfigurationBuilder configurationBuilder = new ConfigurationBuilder();
configurationBuilder.SetBasePath(directory);
configurationBuilder.AddJsonFile(fileName);
var config = configurationBuilder.Build();
var opts = new HealthOptions(config);
CloudFoundryOptions cloudOpts = new CloudFoundryOptions(config);
Assert.True(cloudOpts.Enabled);
Assert.False(cloudOpts.Sensitive);
Assert.Equal(string.Empty, cloudOpts.Id);
Assert.Equal("/cloudfoundryapplication", cloudOpts.Path);
Assert.True(cloudOpts.ValidateCertificates);
Assert.True(opts.Enabled);
Assert.False(opts.Sensitive);
Assert.Equal("health", opts.Id);
Assert.Equal("/cloudfoundryapplication/health", opts.Path);
Assert.Equal(Permissions.NONE, opts.RequiredPermissions);
}
public void GetTokenRequestMessage_ReturnsCorrectly()
{
HttpClient client = new HttpClient(new TestMessageHandler());
MyTestCloudFoundryHandler testHandler = new MyTestCloudFoundryHandler(client);
var opts = new CloudFoundryOptions();
testHandler.InitializeAsync(opts, new DefaultHttpContext(), new ConsoleLogger("test", null, false), UrlEncoder.Default);
var message = testHandler.GetTokenRequestMessage("code", "redirectUri");
Assert.NotNull(message);
var content = message.Content as FormUrlEncodedContent;
Assert.NotNull(content);
Assert.Equal(HttpMethod.Post, message.Method);
message.Headers.Accept.Contains(new MediaTypeWithQualityHeaderValue("application/json"));
}
