public async Task ReturnsUnauthorizedResultIfUserIsNotInRole()
{
// Arrange
var request = new DefaultHttpContext().Request;
var logMoq = new Mock <ILogger>();
string userName = "******";
logMoq.Setup(log => log.Log(It.IsAny <LogLevel>(), It.IsAny <EventId>(), It.IsAny <It.IsAnyType>(), It.IsAny <Exception>(), It.IsAny <Func <It.IsAnyType, Exception, string> >()))
.Callback((LogLevel l, EventId i, object s, Exception ex, object o) =>
{
// Ensuring the correct type of exception was raised internally
Assert.IsInstanceOfType(ex, typeof(UnauthorizedAccessException));
Assert.AreEqual($"User {userName} doesn't have any of roles mentioned in {EnvVariableNames.DFM_ALLOWED_APP_ROLES} config setting. Call is rejected", ex.Message);
});
Environment.SetEnvironmentVariable(EnvVariableNames.DFM_HUB_NAME, string.Empty);
Environment.SetEnvironmentVariable(EnvVariableNames.DFM_ALLOWED_USER_NAMES, "");
Environment.SetEnvironmentVariable(EnvVariableNames.DFM_ALLOWED_APP_ROLES, "role1,role2");
// Need to reset DfmEndpoint.Settings
DfmEndpoint.Setup();
request.HttpContext.User = new ClaimsPrincipal(new ClaimsIdentity[] { new ClaimsIdentity(new Claim[] {
new Claim("preferred_username", userName)
}) });
// Act
var result = await About.DfmAboutFunction(request, "TestHub", logMoq.Object);
// Assert
Assert.IsInstanceOfType(result, typeof(UnauthorizedResult));
}
public async Task ValidatesTokenWithoutEasyAuthsHelp()
{
// Arrange
var request = new DefaultHttpContext().Request;
var logMoq = new Mock <ILogger>();
string userName = "******";
string roleName = "my-app-role";
string audience = "my-audience";
string issuer = "my-issuer";
string token = "blah-blah";
var principal = new ClaimsPrincipal(new ClaimsIdentity[] { new ClaimsIdentity(new Claim[] {
new Claim("preferred_username", userName),
new Claim("roles", roleName)
}) });
ICollection <SecurityKey> securityKeys = new SecurityKey[0];
ValidateTokenDelegate validateTokenDelegate = (string t, TokenValidationParameters p, out SecurityToken st) =>
{
st = null;
Assert.AreEqual(token, t);
Assert.AreEqual(audience, p.ValidAudiences.Single());
Assert.AreEqual(issuer, p.ValidIssuers.Single());
Assert.AreEqual(securityKeys, p.IssuerSigningKeys);
};
SecurityToken st = null;
var jwtHandlerMoq = new Mock <JwtSecurityTokenHandler>();
jwtHandlerMoq.Setup(h => h.ValidateToken(It.IsAny <string>(), It.IsAny <TokenValidationParameters>(), out st))
.Callback(validateTokenDelegate)
.Returns(principal);
Auth.MockedJwtSecurityTokenHandler = jwtHandlerMoq.Object;
Auth.GetSigningKeysTask = Task.FromResult(securityKeys);
Environment.SetEnvironmentVariable(EnvVariableNames.DFM_HUB_NAME, string.Empty);
Environment.SetEnvironmentVariable(EnvVariableNames.WEBSITE_AUTH_CLIENT_ID, audience);
Environment.SetEnvironmentVariable(EnvVariableNames.WEBSITE_AUTH_OPENID_ISSUER, issuer);
Environment.SetEnvironmentVariable(EnvVariableNames.DFM_ALLOWED_USER_NAMES, "[email protected],[email protected]," + userName);
Environment.SetEnvironmentVariable(EnvVariableNames.DFM_ALLOWED_APP_ROLES, roleName);
Environment.SetEnvironmentVariable(EnvVariableNames.AzureWebJobsStorage, token);
// Need to reset DfmEndpoint.Settings
DfmEndpoint.Setup();
request.Headers.Add("Authorization", "Bearer " + token);
// Act
var result = await About.DfmAboutFunction(request, "TestHub", logMoq.Object);
// Assert
Assert.IsInstanceOfType(result, typeof(ContentResult));
}
public async Task ReturnsUnauthorizedResultIfUserNotWhitelisted()
{
// Arrange
var request = new DefaultHttpContext().Request;
string xsrfToken = $"xsrf-token-{DateTime.Now.Ticks}";
request.Headers.Add("Cookie", new CookieHeaderValue(Globals.XsrfTokenCookieAndHeaderName, xsrfToken).ToString());
request.Headers.Add(Globals.XsrfTokenCookieAndHeaderName, xsrfToken);
var logMoq = new Mock <ILogger>();
string userName = "******";
logMoq.Setup(log => log.Log(It.IsAny <LogLevel>(), It.IsAny <EventId>(), It.IsAny <It.IsAnyType>(), It.IsAny <Exception>(), It.IsAny <Func <It.IsAnyType, Exception, string> >()))
.Callback((LogLevel l, EventId i, object s, Exception ex, object o) =>
{
// Ensuring the correct type of exception was raised internally
Assert.IsInstanceOfType(ex, typeof(UnauthorizedAccessException));
Assert.AreEqual($"User {userName} is not mentioned in {EnvVariableNames.DFM_ALLOWED_USER_NAMES} config setting. Call is rejected", ex.Message);
});
Environment.SetEnvironmentVariable(EnvVariableNames.DFM_HUB_NAME, string.Empty);
Environment.SetEnvironmentVariable(EnvVariableNames.DFM_ALLOWED_USER_NAMES, "[email protected],[email protected]");
// Need to reset DfmEndpoint.Settings
DfmEndpoint.Setup();
request.HttpContext.User = new ClaimsPrincipal(new ClaimsIdentity[] { new ClaimsIdentity(new Claim[] {
new Claim("preferred_username", userName)
}) });
// Act
var result = await About.DfmAboutFunction(request, "-", "TestHub", logMoq.Object);
// Assert
Assert.IsInstanceOfType(result, typeof(UnauthorizedResult));
}
public void Configure(IWebJobsBuilder builder)
{
DfmEndpoint.Setup();
}
public void Configure(IWebJobsBuilder builder)
{
DfmEndpoint.Setup(null, new DfmExtensionPoints {
GetInstanceHistoryRoutine = GetInstanceHistory
});
}
