public async void ExchangeCodeAsync_SendsTokenRequest_ReturnsValidTokenInfo() { TestMessageHandler handler = new TestMessageHandler(); var response = new HttpResponseMessage(System.Net.HttpStatusCode.OK); response.Content = new StringContent(TestHelpers.GetValidTokenRequestResponse()); handler.Response = response; HttpClient client = new HttpClient(handler); MyTestCloudFoundryHandler testHandler = new MyTestCloudFoundryHandler(client); var opts = new CloudFoundryOptions(); var context = new DefaultHttpContext(); context.Features.Set <IHttpResponseFeature>(new TestResponse()); var logger = new LoggerFactory().CreateLogger("ExchangeCodeAsync_SendsTokenRequest"); await testHandler.InitializeAsync(opts, context, logger, UrlEncoder.Default); var resp = await testHandler.TestExchangeCodeAsync("code", "redirectUri"); Assert.NotNull(handler.LastRequest); Assert.Equal(HttpMethod.Post, handler.LastRequest.Method); Assert.Equal(opts.TokenEndpoint.ToLowerInvariant(), handler.LastRequest.RequestUri.ToString().ToLowerInvariant()); Assert.NotNull(resp); Assert.NotNull(resp.Response); Assert.Equal("bearer", resp.TokenType); Assert.NotNull(resp.AccessToken); Assert.NotNull(resp.RefreshToken); }
public void ValidateToken_FailsOnLifetime() { string token = "eyJhbGciOiJSUzI1NiIsImtpZCI6ImxlZ2FjeS10b2tlbi1rZXkiLCJ0eXAiOiJKV1QifQ.eyJqdGkiOiI0YjM2NmY4MDdlMjU0MzlmYmRkOTEwZDc4ZjcwYzlhMSIsInN1YiI6ImZlNmExYmUyLWM5MTEtNDM3OC05Y2MxLTVhY2Y1NjA1Y2ZjMiIsInNjb3BlIjpbImNsb3VkX2NvbnRyb2xsZXIucmVhZCIsImNsb3VkX2NvbnRyb2xsZXJfc2VydmljZV9wZXJtaXNzaW9ucy5yZWFkIiwidGVzdGdyb3VwIiwib3BlbmlkIl0sImNsaWVudF9pZCI6Im15VGVzdEFwcCIsImNpZCI6Im15VGVzdEFwcCIsImF6cCI6Im15VGVzdEFwcCIsImdyYW50X3R5cGUiOiJhdXRob3JpemF0aW9uX2NvZGUiLCJ1c2VyX2lkIjoiZmU2YTFiZTItYzkxMS00Mzc4LTljYzEtNWFjZjU2MDVjZmMyIiwib3JpZ2luIjoidWFhIiwidXNlcl9uYW1lIjoiZGF2ZSIsImVtYWlsIjoiZGF2ZSIsImF1dGhfdGltZSI6MTQ3MzYxNTU0MSwicmV2X3NpZyI6IjEwZDM1NzEyIiwiaWF0IjoxNDczNjI0MjU1LCJleHAiOjE0NzM2Njc0NTUsImlzcyI6Imh0dHBzOi8vdWFhLnN5c3RlbS50ZXN0Y2xvdWQuY29tL29hdXRoL3Rva2VuIiwiemlkIjoidWFhIiwiYXVkIjpbImNsb3VkX2NvbnRyb2xsZXIiLCJteVRlc3RBcHAiLCJvcGVuaWQiLCJjbG91ZF9jb250cm9sbGVyX3NlcnZpY2VfcGVybWlzc2lvbnMiXX0.Hth_SXpMAyiTf--U75r40qODlSUr60U730IW28K2VidEltW3lN3_CE7HkSjolRGr-DYuWHRvy3i_EwBfj1WTkBaXL373UzPVvNBnat9Gi-vjz07LwmBohk3baG1mmlL8IoGbQwtsmfUPhmO5C6_M4s9wKmTf9XIZPVo_w7zPJadrXfHLfx6iQob7CYpTTix2VBWya29iL7kmD1J1UDT5YRg2J9XT30iFuL6BvPQTkuGnX3ivDuUOSdxM8Z451i0VJmc0LYFBCLJ-Tz6bJ2d0wrtfsbCfuNtxjmGJevcL2jKQbEoiliYj60qNtZdT-ijGUdZjE9caxQ2nOkDkowacpw"; string keyset = "{ 'keys':[{'kid':'legacy-token-key','alg':'SHA256withRSA','value':'-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+7xH35bYBppsn54cBW+\nFlrveTe+3L4xl7ix13XK8eBcCmNOyBhNzhks6toDiRjrgw5QW76cFirVRFIVQkiZ\nsUwDyGOax3q8NOJyBFXiplIUScrx8aI0jkY/Yd6ixAc5yBSBfXThy4EF9T0xCyt4\nxWLYNXMRwe88Y+i+MEoLNXWRbhjJm76LN7rsdIxALbS0vJNWUDALWjtE6FeYX6uU\nL9msAzlCQkdnSvwMmr8Ij2O3IVMxHDJXOZinFqt9zVfXwO11o7ZmiskZnRz1/V0f\nvbUQAadkcDEUt1gk9cbrAhiipg8VWDMsC7VUXuekJZjme5f8oWTwpsgP6cTUzwSS\n6wIDAQAB\n-----END PUBLIC KEY-----','kty':'RSA','use':'sig','n':'AJPu8R9+W2AaabJ+eHAVvhZa73k3vty+MZe4sdd1yvHgXApjTsgYTc4ZLOraA4kY64MOUFu+nBYq1URSFUJImbFMA8hjmsd6vDTicgRV4qZSFEnK8fGiNI5GP2HeosQHOcgUgX104cuBBfU9MQsreMVi2DVzEcHvPGPovjBKCzV1kW4YyZu+ize67HSMQC20tLyTVlAwC1o7ROhXmF+rlC/ZrAM5QkJHZ0r8DJq/CI9jtyFTMRwyVzmYpxarfc1X18DtdaO2ZorJGZ0c9f1dH721EAGnZHAxFLdYJPXG6wIYoqYPFVgzLAu1VF7npCWY5nuX/KFk8KbID+nE1M8Ekus=','e':'AQAB'}]}"; var keys = JsonWebKeySet.Create(keyset); var webKey = keys.Keys[0]; var parameters = new TokenValidationParameters(); CloudFoundryOptions options = new CloudFoundryOptions(); options.TokenKeyResolver = new CloudFoundryTokenKeyResolver(options); options.TokenValidator = new CloudFoundryTokenValidator(options); options.TokenValidationParameters = parameters; options.TokenKeyResolver.FixupKey(webKey); options.TokenKeyResolver.Resolved["legacy-token-key"] = webKey; parameters.ValidateAudience = false; parameters.ValidateIssuer = false; parameters.ValidateLifetime = true; parameters.IssuerSigningKeyResolver = options.TokenKeyResolver.ResolveSigningKey; var result = options.TokenValidator.ValidateToken(token); Assert.False(result); }
public void Contstructor_BindsConfigurationCorrectly() { var appsettings = new Dictionary <string, string>() { ["management:endpoints:enabled"] = "false", ["management:endpoints:sensitive"] = "false", ["management:endpoints:path"] = "/cloudfoundryapplication", ["management:endpoints:loggers:enabled"] = "false", ["management:endpoints:loggers:sensitive"] = "true", ["management:endpoints:heapdump:enabled"] = "true", ["management:endpoints:heapdump:sensitive"] = "true", ["management:endpoints:cloudfoundry:validatecertificates"] = "true", ["management:endpoints:cloudfoundry:enabled"] = "true" }; ConfigurationBuilder configurationBuilder = new ConfigurationBuilder(); configurationBuilder.AddInMemoryCollection(appsettings); var config = configurationBuilder.Build(); var opts = new HeapDumpOptions(config); CloudFoundryOptions cloudOpts = new CloudFoundryOptions(config); Assert.True(cloudOpts.Enabled); Assert.False(cloudOpts.Sensitive); Assert.Equal(string.Empty, cloudOpts.Id); Assert.Equal("/cloudfoundryapplication", cloudOpts.Path); Assert.True(cloudOpts.ValidateCertificates); Assert.True(opts.Enabled); Assert.True(opts.Sensitive); Assert.Equal("heapdump", opts.Id); Assert.Equal("/cloudfoundryapplication/heapdump", opts.Path); }
public void OAuthServiceOptionsConstructor_SetsupOptionsAsExpected() { OAuthServiceOptions oauthOpts = new OAuthServiceOptions() { ClientId = "ClientId", ClientSecret = "ClientSecret", UserAuthorizationUrl = "UserAuthorizationUrl", AccessTokenUrl = "AccessTokenUrl", UserInfoUrl = "UserInfoUrl", TokenInfoUrl = "TokenInfoUrl", JwtKeyUrl = "JwtKeyUrl", Scope = { "foo", "bar" } }; CloudFoundryOptions opts = new CloudFoundryOptions(oauthOpts); Assert.Equal(CloudFoundryOptions.AUTHENTICATION_SCHEME, opts.ClaimsIssuer); Assert.Equal("ClientId", opts.ClientId); Assert.Equal("ClientSecret", opts.ClientSecret); Assert.Equal(CloudFoundryOptions.OAUTH_AUTHENTICATION_SCHEME, opts.AuthenticationScheme); Assert.Equal(CloudFoundryOptions.AUTHENTICATION_SCHEME, opts.DisplayName); Assert.Equal(new PathString("/signin-cloudfoundry"), opts.CallbackPath); Assert.Equal("UserAuthorizationUrl", opts.AuthorizationEndpoint); Assert.Equal("AccessTokenUrl", opts.TokenEndpoint); Assert.Equal("UserInfoUrl", opts.UserInformationEndpoint); Assert.Equal("TokenInfoUrl", opts.TokenInfoUrl); Assert.Equal("JwtKeyUrl", opts.JwtKeyUrl); Assert.True(opts.Scope.Contains("foo")); Assert.True(opts.Scope.Contains("bar")); Assert.True(opts.ValidateCertificates); }
public void MessageInspector_AttachesUserToken() { // arrange var options = new CloudFoundryOptions() { AuthorizationUrl = "http://localhost", ForwardUserCredentials = true }; var inspector = new JwtHeaderMessageInspector(options, "someToken"); var properties = new MessageProperties { { HttpRequestMessageProperty.Name, new HttpRequestMessageProperty() } }; var message = new Mock <Message>(); message.Setup(p => p.Properties).Returns(() => properties); var mo = message.Object; // act inspector.BeforeSendRequest(ref mo, null); HttpRequestMessageProperty httpRequestMessage; mo.Properties.TryGetValue(HttpRequestMessageProperty.Name, out object httpRequestMessageObject); httpRequestMessage = httpRequestMessageObject as HttpRequestMessageProperty; // assert Assert.True(httpRequestMessage.Headers.AllKeys.Any()); Assert.Equal("Bearer someToken", httpRequestMessage.Headers["Authorization"]); }
public void MessageInspector_GetsAndAttachesOwnToken() { // arrange var options = new CloudFoundryOptions() { AccessTokenEndpoint = "/tokenUrl", AuthorizationUrl = "http://localhost", ClientId = "validId", ClientSecret = "validSecret" }; var inspector = new JwtHeaderMessageInspector(options, null, GetMockHttpClient()); var properties = new MessageProperties { { HttpRequestMessageProperty.Name, new HttpRequestMessageProperty() } }; var message = new Mock <Message>(); message.Setup(p => p.Properties).Returns(() => properties); var mo = message.Object; // act inspector.BeforeSendRequest(ref mo, null); HttpRequestMessageProperty httpRequestMessage; mo.Properties.TryGetValue(HttpRequestMessageProperty.Name, out object httpRequestMessageObject); httpRequestMessage = httpRequestMessageObject as HttpRequestMessageProperty; // assert Assert.True(httpRequestMessage.Headers.AllKeys.Any()); Assert.Equal("Bearer someClientCredentialsToken", httpRequestMessage.Headers["Authorization"]); }
public async void ExchangeCodeAsync_SendsTokenRequest_ReturnsErrorResponse() { TestMessageHandler handler = new TestMessageHandler(); var response = new HttpResponseMessage(System.Net.HttpStatusCode.BadRequest); response.Content = new StringContent(""); handler.Response = response; HttpClient client = new HttpClient(handler); MyTestCloudFoundryHandler testHandler = new MyTestCloudFoundryHandler(client); var opts = new CloudFoundryOptions(); var context = new DefaultHttpContext(); context.Features.Set <IHttpResponseFeature>(new TestResponse()); var logger = new LoggerFactory().CreateLogger("ExchangeCodeAsync_SendsTokenRequest"); await testHandler.InitializeAsync(opts, context, logger, UrlEncoder.Default); var resp = await testHandler.TestExchangeCodeAsync("code", "redirectUri"); Assert.NotNull(handler.LastRequest); Assert.Equal(HttpMethod.Post, handler.LastRequest.Method); Assert.Equal(opts.TokenEndpoint.ToLowerInvariant(), handler.LastRequest.RequestUri.ToString().ToLowerInvariant()); Assert.NotNull(resp); Assert.NotNull(resp.Error); Assert.True(resp.Error.Message.Contains("OAuth token endpoint failure")); }
public CloudFoundryCorsHandler(CloudFoundryOptions options, IEnumerable <ISecurityService> securityServices, ILogger <CloudFoundryCorsHandler> logger = null) : base(securityServices, new List <HttpMethod> { HttpMethod.Options }, false, logger) { _options = options; }
public void Constructor_InitializesWithDefaults() { var opts = new CloudFoundryOptions(); Assert.True(opts.Enabled); Assert.False(opts.Sensitive); Assert.True(opts.ValidateCertificates); Assert.Equal(string.Empty, opts.Id); }
public void ValidateIssuer_ValidatesCorrectly() { CloudFoundryOptions options = new CloudFoundryOptions(); var validator = new CloudFoundryTokenValidator(options); Assert.NotNull(validator.ValidateIssuer("https://uaa.system.testcloud.com/", null, null)); Assert.Null(validator.ValidateIssuer("https://foobar.system.testcloud.com/", null, null)); }
public void CloudFoundryEndpointMiddleware_PathAndVerbMatching_ReturnsExpected() { var opts = new CloudFoundryOptions(); var ep = new CloudFoundryEndpoint(opts); var middle = new CloudFoundryEndpointOwinMiddleware(null, ep); Assert.True(middle.RequestVerbAndPathMatch("GET", "/")); Assert.False(middle.RequestVerbAndPathMatch("PUT", "/")); Assert.False(middle.RequestVerbAndPathMatch("GET", "/badpath")); }
public void Constructor_ThrowsIfOptionsNull() { // Arrange CloudFoundryOptions options = null; // Act and Assert var ex = Assert.Throws <ArgumentNullException>(() => new CloudFoundryTokenKeyResolver(options)); Assert.Contains(nameof(options), ex.Message); }
public void Contstructor_BindsConfigurationCorrectly() { var appsettings = new Dictionary <string, string>() { ["management:endpoints:enabled"] = "false", ["management:endpoints:sensitive"] = "false", ["management:endpoints:path"] = "/cloudfoundryapplication", ["management:endpoints:loggers:enabled"] = "false", ["management:endpoints:loggers:sensitive"] = "true", ["management:endpoints:trace:enabled"] = "true", ["management:endpoints:trace:sensitive"] = "true", ["management:endpoints:trace:capacity"] = "1000", ["management:endpoints:trace:addTimeTaken"] = "false", ["management:endpoints:trace:addRequestHeaders"] = "false", ["management:endpoints:trace:addResponseHeaders"] = "false", ["management:endpoints:trace:addPathInfo"] = "true", ["management:endpoints:trace:addUserPrincipal"] = "true", ["management:endpoints:trace:addParameters"] = "true", ["management:endpoints:trace:addQueryString"] = "true", ["management:endpoints:trace:addAuthType"] = "true", ["management:endpoints:trace:addRemoteAddress"] = "true", ["management:endpoints:trace:addSessionId"] = "true", ["management:endpoints:cloudfoundry:validatecertificates"] = "true", ["management:endpoints:cloudfoundry:enabled"] = "true" }; ConfigurationBuilder configurationBuilder = new ConfigurationBuilder(); configurationBuilder.AddInMemoryCollection(appsettings); var config = configurationBuilder.Build(); var opts = new TraceOptions(config); CloudFoundryOptions cloudOpts = new CloudFoundryOptions(config); Assert.True(cloudOpts.Enabled); Assert.False(cloudOpts.Sensitive); Assert.Equal(string.Empty, cloudOpts.Id); Assert.Equal("/cloudfoundryapplication", cloudOpts.Path); Assert.True(cloudOpts.ValidateCertificates); Assert.True(opts.Enabled); Assert.True(opts.Sensitive); Assert.Equal("trace", opts.Id); Assert.Equal("/cloudfoundryapplication/trace", opts.Path); Assert.Equal(1000, opts.Capacity); Assert.False(opts.AddTimeTaken); Assert.False(opts.AddRequestHeaders); Assert.False(opts.AddResponseHeaders); Assert.True(opts.AddPathInfo); Assert.True(opts.AddUserPrincipal); Assert.True(opts.AddParameters); Assert.True(opts.AddQueryString); Assert.True(opts.AddAuthType); Assert.True(opts.AddRemoteAddress); Assert.True(opts.AddSessionId); }
public static void UseCloudFoundryActuator(IConfiguration configuration, ILoggerFactory loggerFactory = null) { var options = new CloudFoundryOptions(configuration); var ep = new CloudFoundryEndpoint(options, CreateLogger <CloudFoundryEndpoint>(loggerFactory)); var handler = new CloudFoundryHandler(ep, SecurityService, CreateLogger <CloudFoundryHandler>(loggerFactory)); ConfiguredHandlers.Add(handler); var handler2 = new CloudFoundryCorsHandler(options, SecurityService, CreateLogger <CloudFoundryCorsHandler>(loggerFactory)); ConfiguredHandlers.Add(handler2); }
public async void GetPermissions_ReturnsExpected() { var opts = new CloudFoundryOptions(); var middle = new CloudFoundrySecurityMiddleware(null, opts, null); var context = CreateRequest("GET", "/"); var result = await middle.GetPermissions(context); Assert.NotNull(result); Assert.Equal(Security.Permissions.NONE, result.Permissions); Assert.Equal(HttpStatusCode.Unauthorized, result.Code); }
public void UseCloudFoundryAuthentication_ThowsCloudFoundryOptionsNull() { // Arrange IApplicationBuilder builder = new ApplicationBuilder(null); CloudFoundryOptions options = null; // Act and Assert var ex = Assert.Throws <ArgumentNullException>(() => CloudFoundryAppBuilderExtensions.UseCloudFoundryAuthentication(builder, options)); Assert.Contains(nameof(options), ex.Message); }
public void GetAccessToken_FindsToken() { string token = "eyJhbGciOiJSUzI1NiIsImtpZCI6ImxlZ2FjeS10b2tlbi1rZXkiLCJ0eXAiOiJKV1QifQ.eyJqdGkiOiI0YjM2NmY4MDdlMjU0MzlmYmRkOTEwZDc4ZjcwYzlhMSIsInN1YiI6ImZlNmExYmUyLWM5MTEtNDM3OC05Y2MxLTVhY2Y1NjA1Y2ZjMiIsInNjb3BlIjpbImNsb3VkX2NvbnRyb2xsZXIucmVhZCIsImNsb3VkX2NvbnRyb2xsZXJfc2VydmljZV9wZXJtaXNzaW9ucy5yZWFkIiwidGVzdGdyb3VwIiwib3BlbmlkIl0sImNsaWVudF9pZCI6Im15VGVzdEFwcCIsImNpZCI6Im15VGVzdEFwcCIsImF6cCI6Im15VGVzdEFwcCIsImdyYW50X3R5cGUiOiJhdXRob3JpemF0aW9uX2NvZGUiLCJ1c2VyX2lkIjoiZmU2YTFiZTItYzkxMS00Mzc4LTljYzEtNWFjZjU2MDVjZmMyIiwib3JpZ2luIjoidWFhIiwidXNlcl9uYW1lIjoiZGF2ZSIsImVtYWlsIjoiZGF2ZSIsImF1dGhfdGltZSI6MTQ3MzYxNTU0MSwicmV2X3NpZyI6IjEwZDM1NzEyIiwiaWF0IjoxNDczNjI0MjU1LCJleHAiOjE0NzM2Njc0NTUsImlzcyI6Imh0dHBzOi8vdWFhLnN5c3RlbS50ZXN0Y2xvdWQuY29tL29hdXRoL3Rva2VuIiwiemlkIjoidWFhIiwiYXVkIjpbImNsb3VkX2NvbnRyb2xsZXIiLCJteVRlc3RBcHAiLCJvcGVuaWQiLCJjbG91ZF9jb250cm9sbGVyX3NlcnZpY2VfcGVybWlzc2lvbnMiXX0.Hth_SXpMAyiTf--U75r40qODlSUr60U730IW28K2VidEltW3lN3_CE7HkSjolRGr-DYuWHRvy3i_EwBfj1WTkBaXL373UzPVvNBnat9Gi-vjz07LwmBohk3baG1mmlL8IoGbQwtsmfUPhmO5C6_M4s9wKmTf9XIZPVo_w7zPJadrXfHLfx6iQob7CYpTTix2VBWya29iL7kmD1J1UDT5YRg2J9XT30iFuL6BvPQTkuGnX3ivDuUOSdxM8Z451i0VJmc0LYFBCLJ-Tz6bJ2d0wrtfsbCfuNtxjmGJevcL2jKQbEoiliYj60qNtZdT-ijGUdZjE9caxQ2nOkDkowacpw"; Dictionary <string, string> items = new Dictionary <string, string>() { { CloudFoundryTokenValidator.ACCESS_TOKEN_KEY, token } }; CloudFoundryOptions options = new CloudFoundryOptions(); var validator = new CloudFoundryTokenValidator(options); var result = validator.GetAccessToken(items); Assert.NotNull(result); }
public void Invoke_OnlyCloudFoundryEndpoint_ReturnsExpectedLinks() { var cloudOpts = new CloudFoundryOptions(); var ep = new CloudFoundryEndpoint(cloudOpts); var info = ep.Invoke("http://localhost:5000/foobar"); Assert.NotNull(info); Assert.NotNull(info._links); Assert.True(info._links.ContainsKey("self")); Assert.Equal("http://localhost:5000/foobar", info._links["self"].href); Assert.Equal(1, info._links.Count); }
public void GetHttpClient_AddsHandler() { TestMessageHandler handler = new TestMessageHandler(); CloudFoundryOptions options = new CloudFoundryOptions() { BackchannelHttpHandler = handler }; var resolver = new CloudFoundryTokenKeyResolver(options); var client = resolver.GetHttpClient(); client.GetAsync("http://localhost/"); Assert.NotNull(handler.LastRequest); }
public async void HandleCloudFoundryRequestAsync_ReturnsExpected() { var opts = new CloudFoundryOptions(); var ep = new TestCloudFoundryEndpoint(opts); var middle = new CloudFoundryEndpointMiddleware(null, ep); var context = CreateRequest("GET", "/"); await middle.HandleCloudFoundryRequestAsync(context); context.Response.Body.Seek(0, SeekOrigin.Begin); StreamReader rdr = new StreamReader(context.Response.Body); string json = await rdr.ReadToEndAsync(); Assert.Equal("{\"type\":\"steeltoe\",\"_links\":{}}", json); }
public async void ClientTokenResolver_Throws_OnRemoteFail() { // arrange var options = new CloudFoundryOptions() { AccessTokenEndpoint = "/tokenUrl", AuthorizationUrl = "http://localhost", ClientId = "badId", ClientSecret = "clientSecret" }; var resolver = new CloudFoundryClientTokenResolver(options, GetMockHttpClient()); // act var tokenError = await Assert.ThrowsAsync <Exception>(() => resolver.GetAccessToken()); // assert Assert.Contains("OAuth token endpoint failure: ", tokenError.Message); }
public void GetBackChannelHandler_ReturnsCorrectly() { CloudFoundryOptions opts = new CloudFoundryOptions(); Assert.Null(opts.GetBackChannelHandler()); opts = new CloudFoundryOptions() { ValidateCertificates = false }; #if NET452 Assert.Null(opts.GetBackChannelHandler()); #else if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { Assert.NotNull(opts.GetBackChannelHandler()); } #endif OAuthServiceOptions oauthOpts = new OAuthServiceOptions() { ClientId = "ClientId", ClientSecret = "ClientSecret", UserAuthorizationUrl = "UserAuthorizationUrl", AccessTokenUrl = "AccessTokenUrl", UserInfoUrl = "UserInfoUrl", TokenInfoUrl = "TokenInfoUrl", JwtKeyUrl = "JwtKeyUrl", Scope = { "foo", "bar" } }; opts = new CloudFoundryOptions(oauthOpts); Assert.Null(opts.GetBackChannelHandler()); opts = new CloudFoundryOptions(oauthOpts) { ValidateCertificates = false }; #if NET452 Assert.Null(opts.GetBackChannelHandler()); #else if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { Assert.NotNull(opts.GetBackChannelHandler()); } #endif }
public async void ClientTokenResolver_ReturnsAccessToken_OnSuccess() { // arrange var options = new CloudFoundryOptions() { AccessTokenEndpoint = "/tokenUrl", AuthorizationUrl = "http://localhost", ClientId = "validId", ClientSecret = "clientSecret" }; var resolver = new CloudFoundryClientTokenResolver(options, GetMockHttpClient()); var expectedToken = "eyJhbGciOiJSUzI1NiIsImtpZCI6ImtleS0xIiwidHlwIjoiSldUIn0.eyJqdGkiOiI3YTMzYzVhNjhjY2I0YjRiYmQ5N2I4MTRlZWExMTc3MiIsInN1YiI6Ijk1YmJiMzQ2LWI2OGMtNGYxNS1iMzQxLTcwZDYwZjlmNDZiYSIsInNjb3BlIjpbInRlc3Rncm91cCIsIm9wZW5pZCJdLCJjbGllbnRfaWQiOiJjOTIwYjRmNS00ODdjLTRkZDAtYTYzZC00ZDQwYzEzMzE5ODYiLCJjaWQiOiJjOTIwYjRmNS00ODdjLTRkZDAtYTYzZC00ZDQwYzEzMzE5ODYiLCJhenAiOiJjOTIwYjRmNS00ODdjLTRkZDAtYTYzZC00ZDQwYzEzMzE5ODYiLCJncmFudF90eXBlIjoiYXV0aG9yaXphdGlvbl9jb2RlIiwidXNlcl9pZCI6Ijk1YmJiMzQ2LWI2OGMtNGYxNS1iMzQxLTcwZDYwZjlmNDZiYSIsIm9yaWdpbiI6InVhYSIsInVzZXJfbmFtZSI6ImRhdmUiLCJlbWFpbCI6ImRhdmVAdGVzdGNsb3VkLmNvbSIsImF1dGhfdGltZSI6MTU0NjY0MjkzMywicmV2X3NpZyI6ImE1ZWY2ODg5IiwiaWF0IjoxNTQ2NjQyOTM1LCJleHAiOjE1NDY2ODYxMzUsImlzcyI6Imh0dHBzOi8vc3RlZWx0b2UudWFhLmNmLmJlZXQuc3ByaW5nYXBwcy5pby9vYXV0aC90b2tlbiIsInppZCI6IjNhM2VhZGFkLTViMmYtNDUzMC1hZjk1LWE2OWJjMGFmZDE1YiIsImF1ZCI6WyJvcGVuaWQiLCJjOTIwYjRmNS00ODdjLTRkZDAtYTYzZC00ZDQwYzEzMzE5ODYiXX0.tGTXZzuuUSObTwdPHSx-zvnld20DH5hlOZlYp5DhjwkMIsZB0uIvVwbVDkPp7H_AmmeJoo6vqa5hbbgfgnYpTrKlCGOypnHoa3yRIKrwcDmLLujaMz6ApZeaJ7sJN-0N1UnPZ9iGcqvt9hNb_198zRnMXGH72oI0e2iGUBV1olCFVdZTnMGT7sUieDFKy7n0ghZYq_gUI8rfvTwiC3lfxv0nDXz4oE9Z-UKhK6q1zkAtQrz61FQ_CHONejz1JnuxQFKMMvm8JLcRkn6OL-EcSi1hkmFw0efO1OqccQacxphlafyHloVPQ3IOtzLjCf8sJ5NgTdCTC3iddT_sYovdrg"; // act var token = await resolver.GetAccessToken(); // assert Assert.Equal(expectedToken, token); }
public void Configure_WithServiceInfo_ReturnsExpected() { // arrange string authURL = "http://domain"; var opts = new CloudFoundryOptions(); SsoServiceInfo info = new SsoServiceInfo("foobar", "clientId", "secret", "http://domain"); // act CloudFoundryOptionsConfigurer.Configure(info, opts); // assert Assert.Equal("clientId", opts.ClientId); Assert.Equal("secret", opts.ClientSecret); Assert.Equal(authURL + CloudFoundryDefaults.CheckTokenUri, opts.TokenInfoUrl); Assert.True(opts.ValidateCertificates); }
public void GetAccessToken_ReturnsExpected() { var opts = new CloudFoundryOptions(); var middle = new CloudFoundrySecurityMiddleware(null, opts, null); var context = CreateRequest("GET", "/"); var token = middle.GetAccessToken(context.Request); Assert.Null(token); var context2 = CreateRequest("GET", "/"); context2.Request.Headers.Add("Authorization", new StringValues("Bearer foobar")); var token2 = middle.GetAccessToken(context2.Request); Assert.Equal("foobar", token2); }
public void Invoke_CloudFoundryDisable_ReturnsExpectedLinks() { var infoOpts = new InfoOptions(); infoOpts.Enabled = true; var cloudOpts = new CloudFoundryOptions(); cloudOpts.Enabled = false; var ep = new CloudFoundryEndpoint(cloudOpts); var info = ep.Invoke("http://localhost:5000/foobar"); Assert.NotNull(info); Assert.NotNull(info._links); Assert.Equal(0, info._links.Count); }
public void IsCloudFoundryRequest_ReturnsExpected() { var opts = new CloudFoundryOptions(); var middle = new CloudFoundrySecurityMiddleware(null, opts, null); var context = CreateRequest("GET", "/"); Assert.True(middle.IsCloudFoundryRequest(context)); var context2 = CreateRequest("PUT", "/"); Assert.True(middle.IsCloudFoundryRequest(context2)); var context3 = CreateRequest("GET", "/badpath"); Assert.True(middle.IsCloudFoundryRequest(context3)); }
public async void UseCloudFoundryJwtAuthentication_AddsMiddlewareIntoPipeline() { IHostingEnvironment envir = new HostingEnvironment(); CloudFoundryOptions opts = new CloudFoundryOptions(); TestServerStartup.CloudFoundryOptions = opts; TestServerStartup.ServiceOptions = null; var builder = new WebHostBuilder().UseStartup <TestServerJwtStartup>().UseEnvironment("development"); using (var server = new TestServer(builder)) { var client = server.CreateClient(); var result = await client.GetAsync("http://localhost/"); Assert.Equal(HttpStatusCode.Unauthorized, result.StatusCode); } }
public void Constructor_BindsConfigurationCorrectly() { var appsettings = @" { 'management': { 'endpoints': { 'enabled': false, 'sensitive': false, 'path': '/cloudfoundryapplication', 'health' : { 'enabled': true, 'requiredPermissions' : 'NONE' }, 'cloudfoundry': { 'validatecertificates' : true, 'enabled': true } } } }"; var path = TestHelpers.CreateTempFile(appsettings); string directory = Path.GetDirectoryName(path); string fileName = Path.GetFileName(path); ConfigurationBuilder configurationBuilder = new ConfigurationBuilder(); configurationBuilder.SetBasePath(directory); configurationBuilder.AddJsonFile(fileName); var config = configurationBuilder.Build(); var opts = new HealthOptions(config); CloudFoundryOptions cloudOpts = new CloudFoundryOptions(config); Assert.True(cloudOpts.Enabled); Assert.False(cloudOpts.Sensitive); Assert.Equal(string.Empty, cloudOpts.Id); Assert.Equal("/cloudfoundryapplication", cloudOpts.Path); Assert.True(cloudOpts.ValidateCertificates); Assert.True(opts.Enabled); Assert.False(opts.Sensitive); Assert.Equal("health", opts.Id); Assert.Equal("/cloudfoundryapplication/health", opts.Path); Assert.Equal(Permissions.NONE, opts.RequiredPermissions); }
public void GetTokenRequestMessage_ReturnsCorrectly() { HttpClient client = new HttpClient(new TestMessageHandler()); MyTestCloudFoundryHandler testHandler = new MyTestCloudFoundryHandler(client); var opts = new CloudFoundryOptions(); testHandler.InitializeAsync(opts, new DefaultHttpContext(), new ConsoleLogger("test", null, false), UrlEncoder.Default); var message = testHandler.GetTokenRequestMessage("code", "redirectUri"); Assert.NotNull(message); var content = message.Content as FormUrlEncodedContent; Assert.NotNull(content); Assert.Equal(HttpMethod.Post, message.Method); message.Headers.Accept.Contains(new MediaTypeWithQualityHeaderValue("application/json")); }