private static ClientAuthorizationSettings GetAuthSettingsVersion2(ILeverConfiguration configuration, string client)
{
var clientConfiguration = ClientConfigurationHelper.GetConfigurationForClient(configuration, client);
if (clientConfiguration == null)
{
return(null);
}
if (string.IsNullOrWhiteSpace(clientConfiguration.Authentication))
{
return(new ClientAuthorizationSettings
{
AuthorizationType = ClientAuthorizationSettings.AuthorizationTypeEnum.None
});
}
var authentications = GetAuthentications(configuration);
if (authentications == null || !authentications.TryGetValue(clientConfiguration.Authentication, out var authentication))
{
throw new FulcrumResourceException($"Client '{client}' refers to authentication '{clientConfiguration.Authentication}', which does not exist");
}
return(authentication);
}
public static ClientConfiguration GetConfigurationForClient(ILeverConfiguration configuration, string client)
{
var clientConfigurations = GetClientsConfigurations(configuration);
if (clientConfigurations == null)
{
return(null);
}
if (!clientConfigurations.TryGetValue(client, out var clientConfiguration))
{
return(null);
}
// Check that we don't get multiple Authorization headers
if (clientConfiguration.RequestHeaders == null)
{
return(clientConfiguration);
}
if (!string.IsNullOrWhiteSpace(clientConfiguration.Authentication))
{
if (clientConfiguration.RequestHeaders.Any(x => x.Key.Equals("Authorization")))
{
throw new FulcrumBusinessRuleException($"[{FulcrumApplication.Setup.Name}] Client configuration error ({client}). You cannot both have a refernece to an 'Authentication' configuration and an 'Authorization' custom header.");
}
}
return(clientConfiguration);
}
protected async Task <ILeverConfiguration> FetchConfigurationWithRetriesOnFailAsync(CancellationToken cancellationToken = default)
{
ILeverConfiguration configuration = null;
var maxRetryTimeSecondsString = new ConfigurationManagerAppSettings().GetAppSetting("MaxStartupRetryTimeInSeconds") ?? "100";
var failCount = 0;
var watch = Stopwatch.StartNew();
while (watch.Elapsed < TimeSpan.FromSeconds(double.Parse(maxRetryTimeSecondsString)))
{
try
{
configuration = await FetchConfigurationAsync(cancellationToken);
if (configuration != null)
{
break;
}
}
catch (Exception e)
{
failCount++;
LogHelper.FallbackSafeLog(LogSeverityLevel.Warning,
$"(InstanceId: {Environment.GetEnvironmentVariable("WEBSITE_INSTANCE_ID")}) " +
$"Failed to fetch configuration for service tenant {ServiceTenant}." +
$" This was try number {failCount} after {watch.Elapsed.TotalSeconds} s.", e);
await Task.Delay(TimeSpan.FromSeconds(1), cancellationToken);
}
}
return(configuration);
}
private void CreateLeverConfiguration()
{
LeverConfiguration = new MockLeverConfiguration(JObject.FromObject(new
{
Clients = _clientConfigurations
}));
}
private void SetupConfigMock(ClientAuthorizationSettings settings)
{
var conf = new JObject {
{ $"{ClientName}-authentication", JObject.FromObject(settings) }
};
LeverConfiguration = new MockLeverConfiguration(conf);
}
public async Task ExpectArray()
{
const string conf = "{\"shared-client-authentications\": {}}";
var jObject = JObject.Parse(conf);
LeverConfiguration = new MockLeverConfiguration(jObject);
await _authenticationHelper.GetAuthorizationForClientAsync(Tenant, LeverConfiguration, "advantage");
Assert.Fail("Expected an exception");
}
public async Task TestSharedSettings()
{
var shared = new[]
{
new ClientAuthorizationSettings
{
AuthorizationType = ClientAuthorizationSettings.AuthorizationTypeEnum.Basic,
Username = "******", Password = "******",
UseForClients = new [] { "another-client", "yet-another-client" }
},
new ClientAuthorizationSettings
{
AuthorizationType = ClientAuthorizationSettings.AuthorizationTypeEnum.BearerToken,
Token = "token",
UseForClients = new [] { "client-2", "client-3" }
}
};
var conf = new JObject
{
{ "shared-client-authentications", JArray.FromObject(shared) },
{ $"{ClientName}-authentication", JObject.FromObject(new ClientAuthorizationSettings {
AuthorizationType = ClientAuthorizationSettings.AuthorizationTypeEnum.Basic, Username = "******", Password = "******"
}) }
};
LeverConfiguration = new MockLeverConfiguration(conf);
var result = await _authenticationHelper.GetAuthorizationForClientAsync(Tenant, LeverConfiguration, ClientName);
Assert.AreEqual("basic", result.Type.ToLowerInvariant());
Assert.AreEqual("foo:bar", Base64Decode(result.Token));
result = await _authenticationHelper.GetAuthorizationForClientAsync(Tenant, LeverConfiguration, "another-client");
Assert.AreEqual("basic", result.Type.ToLowerInvariant());
Assert.AreEqual("x:y", Base64Decode(result.Token));
result = await _authenticationHelper.GetAuthorizationForClientAsync(Tenant, LeverConfiguration, "yet-another-client");
Assert.AreEqual("basic", result.Type.ToLowerInvariant());
Assert.AreEqual("x:y", Base64Decode(result.Token));
result = await _authenticationHelper.GetAuthorizationForClientAsync(Tenant, LeverConfiguration, "client-2");
Assert.AreEqual("bearer", result.Type.ToLowerInvariant());
Assert.AreEqual("token", result.Token);
result = await _authenticationHelper.GetAuthorizationForClientAsync(Tenant, LeverConfiguration, "client-3");
Assert.AreEqual("bearer", result.Type.ToLowerInvariant());
Assert.AreEqual("token", result.Token);
result = await _authenticationHelper.GetAuthorizationForClientAsync(Tenant, LeverConfiguration, "unknown-client");
Assert.IsNull(result);
}
private static ClientAuthorizationSettings GetAuthorizationSettings(ILeverConfiguration configuration, string client)
{
// Do we have version 2 of the configuration syntax?
var authSettings = GetAuthSettingsVersion2(configuration, client);
if (authSettings != null)
{
return(authSettings);
}
// Default to version 1
authSettings = GetAuthSettingsVersion1(configuration, client);
return(authSettings);
}
public async Task ConfigurationFromJsonFile()
{
// https://docs.nexus.link/docs/client-authentication-methods
#if NETCOREAPP
var configAsJson = await File.ReadAllTextAsync($"{AppDomain.CurrentDomain.BaseDirectory}\\ServiceAuthentication\\auth-config.json");
#else
var configAsJson = File.ReadAllText($"{AppDomain.CurrentDomain.BaseDirectory}\\ServiceAuthentication\\auth-config.json");
#endif
LeverConfiguration = new MockLeverConfiguration(JObject.Parse(configAsJson));
var result = await _authenticationHelper.GetAuthorizationForClientAsync(Tenant, LeverConfiguration, "client-a");
Assert.AreEqual("basic", result.Type.ToLowerInvariant());
Assert.AreEqual("foo:bar", Base64Decode(result.Token));
result = await _authenticationHelper.GetAuthorizationForClientAsync(Tenant, LeverConfiguration, "client-no-auth");
Assert.IsNull(result, "There is no authentication. We test that we don't get an exception.");
}
public void ConfigurationFromJsonFile()
{
// https://docs.nexus.link/docs/client-authentication-methods
LeverConfiguration = new MockLeverConfiguration(JObject.Parse(File.ReadAllText($"{AppDomain.CurrentDomain.BaseDirectory}\\Clients\\client-config.json")));
var config = ClientConfigurationHelper.GetConfigurationForClient(LeverConfiguration, "client-a");
Assert.IsNotNull(config?.RequestHeaders);
Assert.AreEqual(2, config.RequestHeaders.Count);
Assert.IsTrue(config.RequestHeaders.ContainsKey("header-a"));
Assert.IsTrue(config.RequestHeaders.ContainsValue("value-a"));
Assert.IsTrue(config.RequestHeaders.ContainsKey("header-b"));
Assert.IsTrue(config.RequestHeaders.ContainsValue("value-b"));
Assert.AreEqual("auth", config.Authentication);
config = ClientConfigurationHelper.GetConfigurationForClient(LeverConfiguration, "client-no-auth");
Assert.IsNotNull(config);
Assert.IsNull(config.Authentication);
}
private static ClientAuthorizationSettings GetAuthSettingsVersion1(ILeverConfiguration configuration, string client)
{
// Note: We can't just use configuration.Value<ClientAuthorizationSettings>($"{client}-authentication")
// because we get exception "Cannot cast Newtonsoft.Json.Linq.JObject to Newtonsoft.Json.Linq.JToken".
// See ServiceAuthenticationHelperTest.ShowWhyWeHaveToMakeWorkaroundInServiceAuthenticationHelper
var tenantClientSetting = configuration?.Value <JObject>($"{client}-authentication");
if (tenantClientSetting == null)
{
var shared = configuration?.Value <JToken>("shared-client-authentications");
if (shared != null)
{
if (shared.Type != JTokenType.Array)
{
const string message = "Configuration error. The value for 'shared-client-authentications' must be an array.";
Log.LogCritical(message);
throw new FulcrumAssertionFailedException(message);
}
var sharedSettings = JsonConvert.DeserializeObject <List <ClientAuthorizationSettings> >(shared.ToString());
var setting = sharedSettings?.FirstOrDefault(x => x.UseForClients.Contains(client));
if (setting != null)
{
tenantClientSetting = JObject.FromObject(setting);
}
}
}
if (tenantClientSetting == null)
{
tenantClientSetting = JObject.FromObject(new ClientAuthorizationSettings {
AuthorizationType = ClientAuthorizationSettings.AuthorizationTypeEnum.None
});
}
var authSettings = JsonConvert.DeserializeObject <ClientAuthorizationSettings>(tenantClientSetting.ToString());
FulcrumAssert.IsNotNull(authSettings, null, "Expected non-null auth settings");
FulcrumAssert.IsNotNull(authSettings.AuthorizationType, null, "Expected AuthorizationType");
return(authSettings);
}
/// <inheritdoc />
public async Task <AuthorizationToken> GetAuthorizationForClientAsync(Tenant tenant, ILeverConfiguration configuration, string client, CancellationToken cancellationToken = default)
{
var authSettings = GetAuthorizationSettings(configuration, client);
return(await GetAuthorizationForClientAsync(tenant, authSettings, client, cancellationToken));
}
private static Dictionary <string, ClientAuthorizationSettings> GetAuthentications(ILeverConfiguration configuration)
{
var authenticationsAsJToken = configuration?.Value <JToken>("Authentications");
if (authenticationsAsJToken == null)
{
return(null);
}
var authentications = JsonConvert.DeserializeObject <List <ClientAuthorizationSettings> >(authenticationsAsJToken.ToString());
return(authentications.ToDictionary(x => x.Id, x => x));
}
/// <summary> /// Operations to do after fetching Nexus configuration /// </summary> protected abstract Task ApplicationStartAfterFetchingNexusConfigurationAsync(ILeverConfiguration configuration, CancellationToken cancellationToken = default);
public static Dictionary <string, ClientConfiguration> GetClientsConfigurations(ILeverConfiguration configuration)
{
var tenantClientSettingJToken = configuration?.Value <JToken>("Clients");
if (tenantClientSettingJToken == null)
{
return(null);
}
var clientConfigurations = JsonConvert.DeserializeObject <List <ClientConfiguration> >(tenantClientSettingJToken.ToString());
return(clientConfigurations.ToDictionary(x => x.Name, x => x));
}