Пример #1
0
    public void PostConfigure_AddIdentityResourcesScopesToClients()
    {
        // Arrange
        var configureClientScopes = new ConfigureClientScopes(new TestLogger <ConfigureClientScopes>());
        var options = new ApiAuthorizationOptions();

        options.Clients.AddRange(
            ClientBuilder
            .IdentityServerSPA("TestSPA")
            .FromConfiguration()
            .Build(),
            ClientBuilder
            .NativeApp("NativeApp")
            .FromConfiguration()
            .Build());

        options.ApiResources.AddRange(
            ApiResourceBuilder.ApiResource("ResourceAPI")
            .FromConfiguration()
            .AllowAllClients()
            .Build());

        // Act
        configureClientScopes.PostConfigure(Options.DefaultName, options);

        // Assert
        var spaClient = Assert.Single(options.Clients, c => c.ClientId == "TestSPA");

        Assert.Equal(new[] { "openid", "profile", "ResourceAPI" }.OrderBy(id => id).ToArray(), spaClient.AllowedScopes.OrderBy(id => id).ToArray());

        var nativeApp = Assert.Single(options.Clients, c => c.ClientId == "NativeApp");

        Assert.Equal(new[] { "offline_access", "openid", "profile", "ResourceAPI" }.OrderBy(id => id).ToArray(), nativeApp.AllowedScopes.OrderBy(id => id).ToArray());
    }
Пример #2
0
        public void Configure_AddsClientsToExistingClientsList()
        {
            // Arrange
            var config = new ConfigurationBuilder().AddInMemoryCollection(new Dictionary <string, string>
            {
                ["MyClient:Profile"] = "IdentityServerSPA"
            }).Build();

            var resources      = Array.Empty <ApiResource>();
            var expectedScopes = new[]
            {
                IdentityServerConstants.StandardScopes.OpenId,
                IdentityServerConstants.StandardScopes.Profile
            };

            var clientLoader = new ConfigureClients(config, new TestLogger <ConfigureClients>());

            var options = new ApiAuthorizationOptions();

            // Act
            clientLoader.Configure(options);

            // Assert
            var client = Assert.Single(options.Clients);

            Assert.Equal("MyClient", client.ClientId);
            Assert.Equal("MyClient", client.ClientName);
            Assert.True(client.AllowAccessTokensViaBrowser);
            Assert.Equal(new[] { "/authentication/login-callback" }, client.RedirectUris.ToArray());
            Assert.Equal(new[] { "/authentication/logout-callback" }, client.PostLogoutRedirectUris.ToArray());
            Assert.Empty(client.AllowedCorsOrigins);
            Assert.False(client.RequireConsent);
            Assert.Empty(client.ClientSecrets);
            Assert.Equal(GrantTypes.Code.ToArray(), client.AllowedGrantTypes.ToArray());
        }
Пример #3
0
    public void PostConfigure_AddResourcesScopesToClients()
    {
        // Arrange
        var configureClientScopes = new ConfigureClientScopes(new TestLogger <ConfigureClientScopes>());
        var options = new ApiAuthorizationOptions();

        options.Clients.AddRange(
            ClientBuilder
            .IdentityServerSPA("TestSPA")
            .FromConfiguration()
            .Build(),
            ClientBuilder
            .NativeApp("NativeApp")
            .FromConfiguration()
            .Build());

        options.ApiResources.AddRange(
            ApiResourceBuilder.ApiResource("ResourceApi")
            .FromConfiguration()
            .AllowAllClients()
            .Build());

        // Act
        configureClientScopes.PostConfigure(Options.DefaultName, options);

        // Assert
        foreach (var client in options.Clients)
        {
            Assert.Contains("ResourceApi", client.AllowedScopes);
        }
    }
Пример #4
0
    public void Configure_NoOpsWhenConfigurationIsEmpty()
    {
        var expectedKeyPath = Path.Combine(Directory.GetCurrentDirectory(), "./testkey.json");

        try
        {
            // Arrange
            var configuration = new ConfigurationBuilder()
                                .AddInMemoryCollection(new Dictionary <string, string>()
            {
            }).Build();

            var configureSigningCredentials = new ConfigureSigningCredentials(
                configuration,
                new TestLogger <ConfigureSigningCredentials>());

            var options = new ApiAuthorizationOptions();

            // Act
            configureSigningCredentials.Configure(options);

            // Assert
            Assert.NotNull(options);
            Assert.False(File.Exists(expectedKeyPath));
            Assert.Null(options.SigningCredential);
        }
        finally
        {
            if (File.Exists(expectedKeyPath))
            {
                File.Delete(expectedKeyPath);
            }
        }
    }
Пример #5
0
    public void Configure_LoadsPfxCertificateCredentialFromConfiguration()
    {
        // Arrange
        var configuration = new ConfigurationBuilder()
                            .AddInMemoryCollection(new Dictionary <string, string>()
        {
            ["Type"]     = "File",
            ["FilePath"] = "test.pfx",
            ["Password"] = "******"
        }).Build();

        var configureSigningCredentials = new ConfigureSigningCredentials(
            configuration,
            new TestLogger <ConfigureSigningCredentials>());

        var options = new ApiAuthorizationOptions();

        // Act
        configureSigningCredentials.Configure(options);

        // Assert
        Assert.NotNull(options);
        Assert.NotNull(options.SigningCredential);
        var key = Assert.IsType <X509SecurityKey>(options.SigningCredential.Key);

        Assert.NotNull(key.Certificate);
        Assert.Equal("AC8FDF4BD4C10841BD24DC88D983225D10B43BB2", key.Certificate.Thumbprint);
    }
Пример #6
0
    public void Configure_AddsResourcesToExistingResourceList()
    {
        // Arrange
        var configuration = new ConfigurationBuilder().AddInMemoryCollection(new Dictionary <string, string>
        {
            ["MyAPI:Profile"] = "API"
        }).Build();
        var localApiDescriptor  = new TestLocalApiDescriptor();
        var configurationLoader = new ConfigureApiResources(
            configuration,
            localApiDescriptor,
            new TestLogger <ConfigureApiResources>());

        var options = new ApiAuthorizationOptions();

        // Act
        configurationLoader.Configure(options);

        // Assert
        var resource = Assert.Single(options.ApiResources);
        var scope    = Assert.Single(resource.Scopes);

        Assert.Equal("MyAPI", resource.Name);
        Assert.Equal("MyAPI", scope);
    }
Пример #7
0
 public static void AddRoleAndPermissionClaim(this ApiAuthorizationOptions options)
 {
     options.IdentityResources["openid"].UserClaims.Add("role");
     options.ApiResources.Single().UserClaims.Add("role");
     options.IdentityResources["openid"].UserClaims.Add("permission");
     options.ApiResources.Single().UserClaims.Add("permission");
 }
Пример #8
0
 public void Configure(string name, ApiAuthorizationOptions options)
 {
     // The default Orchard API authentication handler uses "Bearer" as the forwarded
     // authentication scheme, that corresponds to the default value used by the JWT
     // bearer handler from Microsoft. Yet, the OpenIddict validation handler uses
     // a different authentication scheme, so the API scheme must be manually replaced.
     options.ApiAuthenticationScheme = OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme;
 }
Пример #9
0
    public void Configure_AddsDevelopmentKeyFromConfiguration()
    {
        var expectedKeyPath = Path.Combine(Directory.GetCurrentDirectory(), "./testkey.json");

        try
        {
            // Arrange
            var configuration = new ConfigurationBuilder()
                                .AddInMemoryCollection(new Dictionary <string, string>()
            {
                ["Type"]     = "Development",
                ["FilePath"] = "testkey.json"
            }).Build();

            var configureSigningCredentials = new ConfigureSigningCredentials(
                configuration,
                new TestLogger <ConfigureSigningCredentials>());

            var options = new ApiAuthorizationOptions();

            // Act
            configureSigningCredentials.Configure(options);

            // Assert
            Assert.NotNull(options);
            Assert.True(File.Exists(expectedKeyPath));
            Assert.NotNull(options.SigningCredential);
            Assert.Equal("Development", options.SigningCredential.Kid);
            Assert.IsType <RsaSecurityKey>(options.SigningCredential.Key);
        }
        finally
        {
            if (File.Exists(expectedKeyPath))
            {
                File.Delete(expectedKeyPath);
            }
        }
    }
Пример #10
0
    public void Configure_LoadsCertificateStoreCertificateCredentialFromConfiguration()
    {
        try
        {
            // Arrange
            var x509Certificate = new X509Certificate2("test.pfx", "aspnetcore", DefaultFlags);
            SetupTestCertificate(x509Certificate);

            var configuration = new ConfigurationBuilder()
                                .AddInMemoryCollection(new Dictionary <string, string>()
            {
                ["Type"]          = "Store",
                ["StoreLocation"] = "CurrentUser",
                ["StoreName"]     = "My",
                ["Name"]          = "CN=Test"
            }).Build();

            var configureSigningCredentials = new ConfigureSigningCredentials(
                configuration,
                new TestLogger <ConfigureSigningCredentials>());

            var options = new ApiAuthorizationOptions();

            // Act
            configureSigningCredentials.Configure(options);

            // Assert
            Assert.NotNull(options);
            Assert.NotNull(options.SigningCredential);
            var key = Assert.IsType <X509SecurityKey>(options.SigningCredential.Key);
            Assert.NotNull(key.Certificate);
            Assert.Equal("AC8FDF4BD4C10841BD24DC88D983225D10B43BB2", key.Certificate.Thumbprint);
        }
        finally
        {
            CleanupTestCertificate();
        }
    }
Пример #11
0
 public void Configure(ApiAuthorizationOptions options)
 => Debug.Fail("This infrastructure method shouldn't be called.");
Пример #12
0
 public ApiResourcesClaimsService(ApiAuthorizationOptions options)
 {
     this.options = options;
 }
Пример #13
0
        private static void ConfigureApiAuthorization(ApiAuthorizationOptions options, IConfiguration configuration)
        {
            ConfigureClients(options.Clients, configuration);

            ConfigureApiResources(options.ApiResources);
        }
Пример #14
0
 public SwaggerGenOptionsConfigure(IOptions<OAuth2Options> oauth2Options, IOptions<ApiAuthorizationOptions> apiAuthorizationOptions)
 {
     this.oauth2Options = oauth2Options.Value;
     this.apiAuthorizationOptions = apiAuthorizationOptions.Value;
 }