public async Task Exception_result_not_null()
{
using var server = TestServerBuilder.BuildTestServer(options =>
{
options.Realm = TestServerBuilder.Realm;
options.Events.OnValidateCredentials = context =>
{
Assert.Null(context.Result);
return(Task.CompletedTask);
};
options.Events.OnAuthenticationFailed = context =>
{
Assert.Null(context.Result);
Assert.NotNull(context.Exception);
Assert.IsType <InvalidOperationException>(context.Exception);
Assert.Equal(ExpectedExceptionMessage, context.Exception.Message);
context.NoResult();
Assert.NotNull(context.Result);
return(Task.CompletedTask);
};
});
using var client = server.CreateClient();
using var request = new HttpRequestMessage(HttpMethod.Get, TestServerBuilder.BaseUrl);
request.Headers.Authorization = FakeUsers.FakeUser.ToAuthenticationHeaderValue();
using var response = await client.SendAsync(request);
Assert.False(response.IsSuccessStatusCode);
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
}
public BasicHandlerTests()
{
_server = TestServerBuilder.BuildTestServer();
_client = _server.CreateClient();
_serverWithService = TestServerBuilder.BuildTestServerWithService();
_clientWithService = _serverWithService.CreateClient();
}
private HttpClient BuildClient(Func <BasicValidateCredentialsContext, Task> onValidateCredentials)
{
var server = TestServerBuilder.BuildTestServer(options =>
{
options.Realm = TestServerBuilder.Realm;
options.Events.OnValidateCredentials = onValidateCredentials;
});
_serversToDispose.Add(server);
return(server.CreateClient());
}
public void BasicUserValidationServiceType_verify_null()
{
using var server = TestServerBuilder.BuildTestServer();
var services = server.Host.Services;
var apiKeyOptionsSnapshot = services.GetService <IOptionsSnapshot <BasicOptions> >();
var apiKeyOptions = apiKeyOptionsSnapshot.Get(BasicDefaults.AuthenticationScheme);
Assert.NotNull(apiKeyOptions);
Assert.Null(apiKeyOptions.BasicUserValidationServiceType);
var apiKeyProvider = services.GetService <IBasicUserValidationService>();
Assert.Null(apiKeyProvider);
}
public async Task HandleAuthenticate_OnValidateCredentials_result_null_without_provider_and_OnAuthenticationFailed_throws()
{
var expectedExceptionMessage = $"Either {nameof(BasicEvents.OnValidateCredentials)} delegate on configure options {nameof(BasicOptions.Events)} should be set or use an extention method with type parameter of type {nameof(IBasicUserValidationService)}.";
using var server = TestServerBuilder.BuildTestServer(options =>
{
options.Realm = TestServerBuilder.Realm;
options.Events.OnValidateCredentials = context =>
{
Assert.Null(context.Result);
return(Task.CompletedTask);
};
options.Events.OnAuthenticationFailed = context =>
{
Assert.NotNull(context.Exception);
Assert.IsType <InvalidOperationException>(context.Exception);
Assert.Equal(expectedExceptionMessage, context.Exception.Message);
return(Task.CompletedTask);
};
});
using var client = server.CreateClient();
using var request = new HttpRequestMessage(HttpMethod.Get, TestServerBuilder.BaseUrl);
request.Headers.Authorization = FakeUsers.FakeUser.ToAuthenticationHeaderValue();
var exception = await Assert.ThrowsAsync <InvalidOperationException>(async() =>
{
using var response = await client.SendAsync(request);
Assert.False(response.IsSuccessStatusCode);
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
});
Assert.Equal(expectedExceptionMessage, exception.Message);
}
public async Task MultiScheme()
{
var keyName1 = "Key1";
var keyName2 = "Key2";
var keyName3 = "Key3";
var keyName4 = "Key4";
var claimProvider1 = new ClaimDto {
Type = "Provider", Value = "1"
};
var claimProvider2 = new ClaimDto {
Type = "Provider", Value = "2"
};
var claimRole = new ClaimDto(FakeApiKeys.FakeRoleClaim);
var schemes = new List <string> {
"InHeader", "InHeaderWithProvider", "InAuthorizationHeader", "InQueryParams"
};
using var server = TestServerBuilder.BuildTestServer(services =>
{
services.AddAuthentication("InHeader")
.AddApiKeyInHeader("InHeader", options =>
{
options.Realm = TestServerBuilder.Realm;
options.KeyName = keyName1;
options.Events.OnValidateKey = context =>
{
context.Response.Headers.Add("X-Custom", "InHeader Scheme");
context.ValidationSucceeded();
return(Task.CompletedTask);
};
})
.AddApiKeyInHeader <FakeApiKeyProviderLocal_1>("InHeaderWithProvider", options =>
{
options.Realm = TestServerBuilder.Realm;
options.KeyName = keyName2;
})
.AddApiKeyInAuthorizationHeader <FakeApiKeyProviderLocal_2>("InAuthorizationHeader", options =>
{
options.Realm = TestServerBuilder.Realm;
options.KeyName = keyName3;
})
.AddApiKeyInQueryParams <FakeApiKeyProvider>("InQueryParams", options =>
{
options.Realm = TestServerBuilder.Realm;
options.KeyName = keyName4;
});
#if !(NET461 || NETSTANDARD2_0 || NETCOREAPP2_1)
services.Configure <AuthorizationOptions>(options => options.FallbackPolicy = new AuthorizationPolicyBuilder(schemes.ToArray()).RequireAuthenticatedUser().Build());
#endif
});
using var client = server.CreateClient();
using var request1 = new HttpRequestMessage(HttpMethod.Get, TestServerBuilder.ClaimsPrincipalUrl + "?scheme=" + schemes[0]);
request1.Headers.Add(keyName1, FakeApiKeys.FakeKey);
using var response1 = await client.SendAsync(request1);
Assert.True(response1.IsSuccessStatusCode);
Assert.Equal(HttpStatusCode.OK, response1.StatusCode);
var response1Principal = await DeserializeClaimsPrincipalAsync(response1);
Assert.Contains(response1.Headers, r => r.Key == "X-Custom" && r.Value.Any(v => v == "InHeader Scheme"));
Assert.DoesNotContain(response1Principal.Claims, c => c.Type == claimProvider1.Type && c.Value == claimProvider1.Value);
Assert.DoesNotContain(response1Principal.Claims, c => c.Type == claimProvider2.Type && c.Value == claimProvider2.Value);
Assert.DoesNotContain(response1Principal.Claims, c => c.Type == claimRole.Type && c.Value == claimRole.Value);
using var request2 = new HttpRequestMessage(HttpMethod.Get, TestServerBuilder.ClaimsPrincipalUrl + "?scheme=" + schemes[1]);
request2.Headers.Add(keyName2, FakeApiKeys.FakeKey);
using var response2 = await client.SendAsync(request2);
Assert.True(response2.IsSuccessStatusCode);
Assert.Equal(HttpStatusCode.OK, response2.StatusCode);
var response2Principal = await DeserializeClaimsPrincipalAsync(response2);
Assert.DoesNotContain(response2.Headers, r => r.Key == "X-Custom" && r.Value.Any(v => v == "InHeader Scheme"));
Assert.Contains(response2Principal.Claims, c => c.Type == claimProvider1.Type && c.Value == claimProvider1.Value);
Assert.DoesNotContain(response2Principal.Claims, c => c.Type == claimProvider2.Type && c.Value == claimProvider2.Value);
Assert.DoesNotContain(response2Principal.Claims, c => c.Type == claimRole.Type && c.Value == claimRole.Value);
using var request3 = new HttpRequestMessage(HttpMethod.Get, TestServerBuilder.ClaimsPrincipalUrl + "?scheme=" + schemes[2]);
request3.Headers.Authorization = new AuthenticationHeaderValue(keyName3, FakeApiKeys.FakeKey);
using var response3 = await client.SendAsync(request3);
Assert.True(response3.IsSuccessStatusCode);
Assert.Equal(HttpStatusCode.OK, response3.StatusCode);
var response3Principal = await DeserializeClaimsPrincipalAsync(response3);
Assert.DoesNotContain(response3.Headers, r => r.Key == "X-Custom" && r.Value.Any(v => v == "InHeader Scheme"));
Assert.DoesNotContain(response3Principal.Claims, c => c.Type == claimProvider1.Type && c.Value == claimProvider1.Value);
Assert.Contains(response3Principal.Claims, c => c.Type == claimProvider2.Type && c.Value == claimProvider2.Value);
Assert.DoesNotContain(response3Principal.Claims, c => c.Type == claimRole.Type && c.Value == claimRole.Value);
using var request4 = new HttpRequestMessage(HttpMethod.Get, $"{TestServerBuilder.ClaimsPrincipalUrl}?scheme={schemes[3]}&{keyName4}={FakeApiKeys.FakeKey}");
using var response4 = await client.SendAsync(request4);
Assert.True(response4.IsSuccessStatusCode);
Assert.Equal(HttpStatusCode.OK, response3.StatusCode);
var response4Principal = await DeserializeClaimsPrincipalAsync(response4);
Assert.DoesNotContain(response4.Headers, r => r.Key == "X-Custom" && r.Value.Any(v => v == "InHeader Scheme"));
Assert.DoesNotContain(response4Principal.Claims, c => c.Type == claimProvider1.Type && c.Value == claimProvider1.Value);
Assert.DoesNotContain(response4Principal.Claims, c => c.Type == claimProvider2.Type && c.Value == claimProvider2.Value);
Assert.Contains(response4Principal.Claims, c => c.Type == claimRole.Type && c.Value == claimRole.Value);
}
public async Task MultiScheme()
{
var claimRole = new ClaimDto(FakeUsers.FakeRoleClaim);
var schemes = new List <string> {
"Scheme1", "Scheme2",
};
using var server = TestServerBuilder.BuildTestServer(services =>
{
services.AddAuthentication("Scheme1")
.AddBasic("Scheme1", options =>
{
options.Realm = TestServerBuilder.Realm;
options.Events.OnValidateCredentials = context =>
{
var user = FakeUsers.Users.FirstOrDefault(u => u.Username.Equals(context.Username, StringComparison.OrdinalIgnoreCase) && u.Password.Equals(context.Password, StringComparison.OrdinalIgnoreCase));
if (user != null)
{
context.Response.Headers.Add("X-Custom", "Scheme1");
context.ValidationSucceeded(new List <Claim> {
FakeUsers.FakeRoleClaim
});
}
else
{
context.ValidationFailed();
}
return(Task.CompletedTask);
};
})
.AddBasic <FakeBasicUserValidationServiceLocal_1>("Scheme2", options =>
{
options.Realm = TestServerBuilder.Realm;
});
#if !(NET461 || NETSTANDARD2_0 || NETCOREAPP2_1)
services.Configure <AuthorizationOptions>(options => options.FallbackPolicy = new AuthorizationPolicyBuilder(schemes.ToArray()).RequireAuthenticatedUser().Build());
#endif
});
using var client = server.CreateClient();
using var request1 = new HttpRequestMessage(HttpMethod.Get, TestServerBuilder.ClaimsPrincipalUrl + "?scheme=" + schemes[0]);
request1.Headers.Authorization = FakeUsers.FakeUser.ToAuthenticationHeaderValue();
using var response1 = await client.SendAsync(request1);
Assert.True(response1.IsSuccessStatusCode);
Assert.Equal(HttpStatusCode.OK, response1.StatusCode);
var response1Principal = await DeserializeClaimsPrincipalAsync(response1);
Assert.Contains(response1.Headers, r => r.Key == "X-Custom" && r.Value.Any(v => v == "Scheme1"));
Assert.Contains(response1Principal.Claims, c => c.Type == claimRole.Type && c.Value == claimRole.Value);
using var request2 = new HttpRequestMessage(HttpMethod.Get, TestServerBuilder.ClaimsPrincipalUrl + "?scheme=" + schemes[1]);
request2.Headers.Authorization = new User("test", "test").ToAuthenticationHeaderValue();
using var response2 = await client.SendAsync(request2);
Assert.True(response2.IsSuccessStatusCode);
Assert.Equal(HttpStatusCode.OK, response2.StatusCode);
var response2Principal = await DeserializeClaimsPrincipalAsync(response2);
Assert.DoesNotContain(response2.Headers, r => r.Key == "X-Custom" && r.Value.Any(v => v == "Scheme1"));
Assert.DoesNotContain(response2Principal.Claims, c => c.Type == claimRole.Type && c.Value == claimRole.Value);
}
private async Task RunAuthInitAsync(Action <BasicOptions> configureOptions)
{
var server = TestServerBuilder.BuildTestServer(configureOptions);
await server.CreateClient().GetAsync(TestServerBuilder.BaseUrl);
}