public async Task TestJwtMiddleware()
{
HttpContext context = new DefaultHttpContext();
JwtMiddleware middleware = new JwtMiddleware(httpContext => Task.CompletedTask);
await middleware.Invoke(context);
Assert.IsTrue(!context.User.Claims.Any(), "Are there any claims when there's no authentication header?");
Assert.IsNull(context.User.Identity.AuthenticationType, "Is the authenticationtype null when there's no auth header?");
// Create a test user instance
User testUser = new User
{
confirmed = true,
date_of_birth = DateTime.Now,
email = "*****@*****.**",
ID = 0,
password = "******",
plan = Plans.Basic,
registration_timestamp = DateTime.Now,
role = Roles.User,
username = "******"
};
ClaimsPrincipal userPrincipal = testUser.ClaimsPrincipal(TokenScope.UserLogin);
context.Request.Headers.Add("Authorization", "Bearer " + Jwt.Sign((ClaimsIdentity)userPrincipal.Identity));
await middleware.Invoke(context);
Assert.IsTrue(context.User.Claims.Any(), "Are there any claims when the authentication header is present?");
Assert.IsNotNull(context.User.Identity.AuthenticationType, "Is the authenticationtype no null when the authentication header is present?");
Assert.AreEqual(context.User.Identity.AuthenticationType, TokenScope.UserLogin,
"Is the AuthenticationType the same as the one used to sign the Jwt token?");
}
public dynamic ConsultarProgramasToken()
{
var data = JwtMiddleware.returnId();
var id = _dataModelRepository.ObtenerID(data);
return(_dataModelRepository.ConsultarTokenProgramas(id));
}
public new void OnAuthorization(AuthorizationFilterContext context)
{
var token = context.HttpContext.Request.Headers.ContainsKey("Authorization");
if (token)
{
var tokenHandler = new JwtSecurityTokenHandler();
var tokenHeader = context.HttpContext.Request.Headers["Authorization"].FirstOrDefault()?.Split(" ").Last();
if (!JwtMiddleware.Validate(tokenHeader) || !JwtMiddleware.ValidateIsAdmin(tokenHeader))
{
context.Result = new JsonResult(new { message = "Unauthorized" })
{
StatusCode = StatusCodes.Status401Unauthorized
};
}
}
else
{
// not logged in
context.Result = new JsonResult(new { message = "Unauthorized" })
{
StatusCode = StatusCodes.Status401Unauthorized
};
}
}
public void OnAuthorization(AuthorizationFilterContext context)
{
var token = context.HttpContext.Request.Headers.ContainsKey("Authorization");
if (token)
{
var tokenHandler = new JwtSecurityTokenHandler();
var tokenHeader = context.HttpContext.Request.Headers["Authorization"].FirstOrDefault()?.Split(" ").Last();
var key = Encoding.ASCII.GetBytes("clave-secreta-supersecreta-tiene queser grande");
if (!JwtMiddleware.Validate(tokenHeader))
{
context.Result = new JsonResult(new { message = "Unauthorized" })
{
StatusCode = StatusCodes.Status401Unauthorized
};
}
}
else
{
// not logged in
context.Result = new JsonResult(new { message = "Unauthorized" })
{
StatusCode = StatusCodes.Status401Unauthorized
};
}
}
public IActionResult GenerateToken()
{
return(Ok(new
{
access_Token = JwtMiddleware.GenerateToken(),
Token_Type = "bearer"
}));
}
public IActionResult IsValidToken()
{
var token = HttpContext.Request.Headers["Authorization"].FirstOrDefault()?.Split(" ").Last();
return(Ok(new
{
Valid_To = JwtMiddleware.IsValidToken(token),
}));
}
public JwtMiddlewareTests()
{
_testingSettings = new AppSettings();
_testingSettings.Secret = "THIS IS MY VERY LONG TESTING SECRET THAT NO ONE SHOULD KNOW";
// Arrange testing service for all the testing class
_appOptions = Options.Create(_testingSettings);
var mapperConfig = new MapperConfiguration(cfg => {
cfg.AddProfile <UsersProfile>();
cfg.AddProfile <AuthenticateProfile>();
});
_mockMapper = mapperConfig.CreateMapper();
_authenticateExample = new AuthenticateResponse {
Id = 2,
FirstName = "User",
LastName = "User",
Username = "******",
Token = "My Token"
};
var user = new User
{
Id = 2,
FirstName = "User",
LastName = "User",
Username = "******",
Password = "******",
PizzaLove = 3
};
_mockUserService = new Mock <IUserService>();
_mockUserService
.Setup(x => x.AuthenticateAsync(It.Is <AuthenticateRequest>(i => i.Username == "user")))
.ReturnsAsync(_authenticateExample);
_mockUserService.Setup(x => x.GetByIdAsync(It.IsAny <int>()))
.ReturnsAsync(user);
_userController = new UsersController(_appOptions, _mockUserService.Object, _mockMapper);
_mockContext = new DefaultHttpContext();
_next = async(HttpContext hc) => await Task.CompletedTask;
_authenticationMiddleware = new JwtMiddleware(_mockUserService.Object, _appOptions);
}
public async Task <LoginResultDTO> Refresh()
{
var user = await UserManager.GetUserAsync(User);
if (user is null)
{
return(new LoginResultDTO {
Success = false
});
}
await SignInManager.RefreshSignInAsync(user);
var token = JwtMiddleware.GenerateJwtToken(user, Logger);
Logger.LogDebug($"refreshed token for {user.UserName}");
return(new LoginResultDTO {
Success = true, Token = token, UserName = user.UserName
});
}
public async Task JwtMiddleware_ValidUser()
{
username = "******";
_mockUserRepository.Setup(repo => repo.GetByUserName(username)).
Returns(_testuser.Username == username ? _testuser : null);
defaultContext = new DefaultHttpContext();
defaultContext.Request.Path = "/";
defaultContext.Request.Headers.Add("Ocp-Apim-Subscription-Key", "test");
var middlewareInstance = new JwtMiddleware(next:
(innerHttpContext) => {
return(Task.CompletedTask);
},
_mockappsetting
);
await middlewareInstance.Invoke(defaultContext, _mockUserRepository.Object);
Assert.True(defaultContext.Request.Headers["Auth-User"].FirstOrDefault()?.Split(" ").Last() != null);
}
public async Task <LoginResultDTO> LogIn(
[FromBody] LoginDTO details
)
{
Logger.LogCritical($"user: {JsonSerializer.Serialize(details)}");
var result = await SignInManager.PasswordSignInAsync(details.Username, details.Password, true, false);
if (!result.Succeeded)
{
return(new LoginResultDTO {
Success = false, Token = result.ToString()
});
}
var user = await CurrentUserAccessor.FindByUsername(details.Username);
var token = JwtMiddleware.GenerateJwtToken(user, Logger);
Logger.LogDebug($"Logged in {details.Username} with token {token}");
return(new LoginResultDTO {
Success = true, Token = token, UserName = user.UserName
});
}
public async Task JwtMiddleware_InValidUser()
{
username = "******";
_mockUserRepository.Setup(repo => repo.GetByUserName(username)).Returns(_testuser.Username == username ? _testuser : null);
defaultContext = new DefaultHttpContext();
defaultContext.Request.Path = "/";
var middlewareInstance = new JwtMiddleware(next:
(innerHttpContext) => {
return(Task.CompletedTask);
},
_mockappsetting
);
await middlewareInstance.Invoke(defaultContext, _mockUserRepository.Object);
var test = defaultContext.Request.Headers["Auth-User"].Count;
Assert.True(defaultContext.Request.Headers["Auth-User"].Count == 0);
}
public JwtMiddlewareTests()
{
_headers = new HeaderDictionary();
var mockHttpRequest = new Mock <HttpRequest>();
mockHttpRequest.SetupGet(request => request.Headers).Returns(_headers);
_mockHttpContext = new Mock <HttpContext>();
_mockHttpContext.SetupGet(context => context.Request).Returns(mockHttpRequest.Object);
_mockExecutionContext = new Mock <IExecutionContext>();
_mockExecutionContextHelper = new Mock <IExecutionContextHelper>();
var logger = new Mock <ILogger <JwtMiddleware> >();
_nextWasCalled = false;
_middleware = new JwtMiddleware(context =>
{
_nextWasCalled = true;
return(Task.FromResult(0));
}, logger.Object);
}
public JwtMiddlewareTests()
{
_testingSettings = new AppSettings();
_testingSettings.Secret = "THIS IS MY VERY LONG TESTING SECRET THAT NO ONE SHOULD KNOW";
// Arrange testing service for all the testing class
_testingOptions = Options.Create(_testingSettings);
var mapperConfig = new MapperConfiguration(cfg => cfg.AddProfile(new UsersProfile()));
_mockMapper = mapperConfig.CreateMapper();
_context = new PizzaProblemContext(
new DbContextOptionsBuilder <PizzaProblemContext>()
.UseInMemoryDatabase(databaseName: "MiddlewareTests")
.Options);
_context.Database.EnsureCreated();
_testingService = new UserService(_testingOptions, _mockMapper, _context);
_mockContext = new DefaultHttpContext();
_next = async(HttpContext hc) => await Task.CompletedTask;
_authenticationMiddleware = new JwtMiddleware(_testingService, _testingOptions);
}
public DatafeedAuthController(JwtMiddleware jwtMiddleware, IOptions <AppSettings> appSettings)
{
_jwtMiddleware = jwtMiddleware;
_appSettings = appSettings.Value;
}
public async Task Invoke_returns_200_with_token_if_match([Frozen] IUserAuthenticator authenticator, [Frozen] IUserExtractor extractor, JwtMiddleware sut, [Frozen] IServiceProvider serviceProvider, HttpContext context, JwtOptions options, IActionResultExecutor <ObjectResult> executor, User user, ClaimsIdentity identity)
{
Mock.Get(extractor).Setup(p => p.TryExtractUser(It.IsAny <HttpContext>(), out user)).Returns(true);
Mock.Get(authenticator).Setup(p => p.TryAuthenticateUserAsync(It.IsAny <User>(), out identity)).ReturnsAsync(true);
Mock.Get(serviceProvider).Setup(p => p.GetService(typeof(IActionResultExecutor <ObjectResult>))).Returns(executor);
await sut.Invoke(context, options);
Mock.Get(executor).Verify(p => p.ExecuteAsync(It.IsAny <ActionContext>(), It.Is <ObjectResult>(or => or.StatusCode == 200 && or.Value is TokenModel)));
}
public async Task Invoke_returns_401_if_no_match([Frozen] IUserExtractor extractor, JwtMiddleware sut, [Frozen] IServiceProvider serviceProvider, HttpContext context, JwtOptions options, IActionResultExecutor <ObjectResult> executor)
{
User user = null;
Mock.Get(extractor).Setup(p => p.TryExtractUser(It.IsAny <HttpContext>(), out user)).Returns(false);
Mock.Get(serviceProvider).Setup(p => p.GetService(typeof(IActionResultExecutor <ObjectResult>))).Returns(executor);
await sut.Invoke(context, options);
Mock.Get(executor).Verify(p => p.ExecuteAsync(It.IsAny <ActionContext>(), It.Is <ObjectResult>(or => or.StatusCode == 401)));
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseMiddleware <CustomExceptionHandlerMiddleware>();
app.UseCors("AllowAll");
app.UseFileServer();
// Bug fix
app.Use(async(context, next) => {
context.Request.Headers.Remove("If-Modified-Since");
await next();
});
// Deal with X-StoreId header
app.Use(async(context, next) =>
{
var request = context.Request;
var x = request.Path.Value;
var query = request.Query;
if (x.StartsWith("/mktchat") || x.StartsWith("/mktpush"))
{
if (query.TryGetValue("storeId", out var storeId))
{
request.Headers.Add("storeId", storeId);
}
if (query.TryGetValue("authorization", out var authorization))
{
request.Headers.Add("Authorization", $"Bearer {authorization}");
}
if (query.TryGetValue("access_token", out var access_token))
{
request.Headers.Add("Authorization", $"Bearer {access_token}");
}
}
await next();
});
app.Use(async(context, next) =>
{
await JwtMiddleware.UseJwtMiddleware(context, next);
});
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Livechat}/{action=Register}/{id?}");
});
app.UseSignalR(routes =>
{
routes.MapHub <MktChatHub>("/mktchat");
});
}
