public async Task UseEasyAuthProviderIfAuthIsDisabled()
{
// Arrange
System.Environment.SetEnvironmentVariable("APPSETTING_WEBSITE_AUTH_ENABLED", "False");
var configBuilder = new ConfigurationBuilder();
configBuilder.AddEnvironmentVariables();
var config = configBuilder.Build();
var options = new EasyAuthAuthenticationOptions();
options.AddProviderOptions(new ProviderOptions("TestProvider")
{
Enabled = false
});
var services = new ServiceCollection().AddOptions()
.AddSingleton <IOptionsFactory <EasyAuthAuthenticationOptions>, OptionsFactory <EasyAuthAuthenticationOptions> >()
.Configure <EasyAuthAuthenticationOptions>(EasyAuthAuthenticationDefaults.AuthenticationScheme, o => o.ProviderOptions = options.ProviderOptions)
.BuildServiceProvider();
var monitor = services.GetRequiredService <IOptionsMonitor <EasyAuthAuthenticationOptions> >();
var handler = new EasyAuthAuthenticationHandler(monitor, new List <IEasyAuthAuthentificationService>(), this.loggerFactory, this.urlEncoder, this.clock, config);
var schema = new AuthenticationScheme(EasyAuthAuthenticationDefaults.AuthenticationScheme, EasyAuthAuthenticationDefaults.DisplayName, typeof(EasyAuthAuthenticationHandler));
var context = new DefaultHttpContext();
// Act
await handler.InitializeAsync(schema, context);
var result = await handler.AuthenticateAsync();
// Assert
Assert.False(result.Succeeded); // The EasyAuth me service is currently hard to test, so we only can check if it's fails
Assert.NotNull(result.Failure);
Assert.Equal("An invalid request URI was provided. The request URI must either be an absolute URI or BaseAddress must be set.", result.Failure.Message);
}
public void ErrorIfTheAuthIsEnabledButAnonymousRequestsAreAllowed()
{
// Arrange
System.Environment.SetEnvironmentVariable("APPSETTING_WEBSITE_AUTH_ENABLED", "True");
System.Environment.SetEnvironmentVariable("APPSETTING_WEBSITE_AUTH_UNAUTHENTICATED_ACTION", "AllowAnonymous");
var configBuilder = new ConfigurationBuilder();
configBuilder.AddEnvironmentVariables();
var config = configBuilder.Build();
var options = new EasyAuthAuthenticationOptions();
options.AddProviderOptions(new ProviderOptions("TestProvider")
{
Enabled = false
});
var services = new ServiceCollection().AddOptions()
.AddSingleton <IOptionsFactory <EasyAuthAuthenticationOptions>, OptionsFactory <EasyAuthAuthenticationOptions> >()
.Configure <EasyAuthAuthenticationOptions>(EasyAuthAuthenticationDefaults.AuthenticationScheme, o => o.ProviderOptions = options.ProviderOptions)
.BuildServiceProvider();
var monitor = services.GetRequiredService <IOptionsMonitor <EasyAuthAuthenticationOptions> >();
Assert.Throws <ArgumentException>(() => new EasyAuthAuthenticationHandler(monitor, new List <IEasyAuthAuthentificationService>(), this.loggerFactory, this.urlEncoder, this.clock, config));
}
public async Task DontCallAProviderIfNotProviderIsRegistered()
{
// Arrange
System.Environment.SetEnvironmentVariable("APPSETTING_WEBSITE_AUTH_ENABLED", "True");
System.Environment.SetEnvironmentVariable("APPSETTING_WEBSITE_AUTH_UNAUTHENTICATED_ACTION", "RedirectToLoginPage");
var configBuilder = new ConfigurationBuilder();
configBuilder.AddEnvironmentVariables();
var config = configBuilder.Build();
var options = new EasyAuthAuthenticationOptions();
options.AddProviderOptions(new ProviderOptions("TestProvider")
{
Enabled = false
});
var services = new ServiceCollection().AddOptions()
.AddSingleton <IOptionsFactory <EasyAuthAuthenticationOptions>, OptionsFactory <EasyAuthAuthenticationOptions> >()
.Configure <EasyAuthAuthenticationOptions>(EasyAuthAuthenticationDefaults.AuthenticationScheme, o => o.ProviderOptions = options.ProviderOptions)
.BuildServiceProvider();
var monitor = services.GetRequiredService <IOptionsMonitor <EasyAuthAuthenticationOptions> >();
var handler = new EasyAuthAuthenticationHandler(monitor, new List <IEasyAuthAuthentificationService>(), this.loggerFactory, this.urlEncoder, this.clock, config);
var schema = new AuthenticationScheme(EasyAuthAuthenticationDefaults.AuthenticationScheme, EasyAuthAuthenticationDefaults.DisplayName, typeof(EasyAuthAuthenticationHandler));
var context = new DefaultHttpContext();
// Act
await handler.InitializeAsync(schema, context);
var result = await handler.AuthenticateAsync();
// Assert
Assert.False(result.Succeeded);
}
private EasyAuthWithHeaderService(
ILogger logger,
IHeaderDictionary headers,
EasyAuthAuthenticationOptions options)
{
this.Logger = logger;
this.Headers = headers;
this.Options = options;
}
private EasyAuthWithAuthMeService(
ILogger logger,
string httpSchema,
string host,
IRequestCookieCollection cookies,
IHeaderDictionary headers,
EasyAuthAuthenticationOptions options)
{
this.HttpSchema = httpSchema;
this.Host = host;
this.Cookies = cookies;
this.Headers = headers;
this.Options = options;
this.Logger = logger;
}
public async Task IfTheUserIsAlreadyAuthorizedTheAuthResultIsSuccess()
{
// Arrange
System.Environment.SetEnvironmentVariable("APPSETTING_WEBSITE_AUTH_ENABLED", "True");
System.Environment.SetEnvironmentVariable("APPSETTING_WEBSITE_AUTH_UNAUTHENTICATED_ACTION", "RedirectToLoginPage");
var configBuilder = new ConfigurationBuilder();
configBuilder.AddEnvironmentVariables();
var config = configBuilder.Build();
var options = new EasyAuthAuthenticationOptions();
options.AddProviderOptions(new ProviderOptions("TestProvider")
{
Enabled = false
});
var services = new ServiceCollection().AddOptions()
.AddSingleton <IOptionsFactory <EasyAuthAuthenticationOptions>, OptionsFactory <EasyAuthAuthenticationOptions> >()
.Configure <EasyAuthAuthenticationOptions>(EasyAuthAuthenticationDefaults.AuthenticationScheme, o => o.ProviderOptions = options.ProviderOptions)
.BuildServiceProvider();
var monitor = services.GetRequiredService <IOptionsMonitor <EasyAuthAuthenticationOptions> >();
var handler = new EasyAuthAuthenticationHandler(monitor, this.providers, this.loggerFactory, this.urlEncoder, this.clock, config);
var schema = new AuthenticationScheme(EasyAuthAuthenticationDefaults.AuthenticationScheme, EasyAuthAuthenticationDefaults.DisplayName, typeof(EasyAuthAuthenticationHandler));
var context = new DefaultHttpContext();
// If this header is set the fallback with the local authme.json isn't used.
context.Request.Headers.Add("X-MS-TOKEN-AAD-ID-TOKEN", "test");
var authResult = new TestProvider().AuthUser(context);
context.User = authResult.Principal;
// Act
await handler.InitializeAsync(schema, context);
var result = await handler.AuthenticateAsync();
// Assert
Assert.False(result.Succeeded);
Assert.True(context.User.Identity.IsAuthenticated);
}
public async Task IfAnProviderIsEnabledUseEnabledProvider()
{
// Arrange
System.Environment.SetEnvironmentVariable("APPSETTING_WEBSITE_AUTH_ENABLED", "True");
System.Environment.SetEnvironmentVariable("APPSETTING_WEBSITE_AUTH_UNAUTHENTICATED_ACTION", "RedirectToLoginPage");
var configBuilder = new ConfigurationBuilder();
configBuilder.AddEnvironmentVariables();
var config = configBuilder.Build();
var options = new EasyAuthAuthenticationOptions();
options.AddProviderOptions(new ProviderOptions("TestProvider")
{
Enabled = true
});
var services = new ServiceCollection().AddOptions()
.AddSingleton <IOptionsFactory <EasyAuthAuthenticationOptions>, OptionsFactory <EasyAuthAuthenticationOptions> >()
.Configure <EasyAuthAuthenticationOptions>(EasyAuthAuthenticationDefaults.AuthenticationScheme, o => o.ProviderOptions = options.ProviderOptions)
.BuildServiceProvider();
var monitor = services.GetRequiredService <IOptionsMonitor <EasyAuthAuthenticationOptions> >();
var handler = new EasyAuthAuthenticationHandler(monitor, this.providers, this.loggerFactory, this.urlEncoder, this.clock, config);
var schema = new AuthenticationScheme(EasyAuthAuthenticationDefaults.AuthenticationScheme, EasyAuthAuthenticationDefaults.DisplayName, typeof(EasyAuthAuthenticationHandler));
var httpContext = new DefaultHttpContext();
await handler.InitializeAsync(schema, httpContext);
// Act
var result = await handler.AuthenticateAsync();
// Assert
Assert.Equal("testName", result.Principal.Identity.Name);
Assert.True(result.Succeeded);
Assert.Equal("testType", result.Principal.Identity.AuthenticationType);
Assert.True(result.Principal.Identity.IsAuthenticated);
}
/// <summary>
/// build up identity from X-MS-TOKEN-AAD-ID-TOKEN header set by EasyAuth filters if user openId connect session cookie or oauth bearer token authenticated ...
/// </summary>
/// <param name="logger">An instance of <see cref="ILogger"/>.</param>
/// <param name="context">Http context of the request.</param>
/// <param name="options">The <c>EasyAuthAuthenticationOptions</c> to use.</param>
/// <returns>An <see cref="AuthenticateResult" />.</returns>
public static AuthenticateResult AuthUser(ILogger logger, HttpContext context, EasyAuthAuthenticationOptions options)
{
var service = new EasyAuthWithHeaderService(logger, context.Request.Headers, options);
var ticket = service.BuildIdentityFromEasyAuthRequestHeaders();
logger.LogInformation("Set identity to user context object.");
context.User = ticket.Principal;
logger.LogInformation("identity build was a success, returning ticket");
return(AuthenticateResult.Success(ticket));
}
/// <summary>
/// Use this method to authenticate a user with easy auth.
/// This will set the `context.User` of your HttpContext.
/// </summary>
/// <param name="logger">An instance of <see cref="ILogger"/>.</param>
/// <param name="context">The http context with the missing user claim.</param>
/// <param name="options">The <c>EasyAuthAuthenticationOptions</c> to use.</param>
/// <returns>An <see cref="AuthenticateResult" />.</returns>
public static async Task <AuthenticateResult> AuthUser(ILogger logger, HttpContext context, EasyAuthAuthenticationOptions options)
{
try
{
var authService = new EasyAuthWithAuthMeService(
logger,
context.Request.Scheme,
context.Request.Host.ToString(),
context.Request.Cookies,
context.Request.Headers,
options);
var ticket = await authService.CreateUserTicket();
logger.LogInformation("Set identity to user context object.");
context.User = ticket.Principal;
logger.LogInformation("identity build was a success, returning ticket");
return(AuthenticateResult.Success(ticket));
}
catch (Exception ex)
{
return(AuthenticateResult.Fail(ex.Message));
}
}
