public async Task HandleAuthenticate_OnValidateKey_result_not_null()
{
using var server = TestServerBuilder.BuildInHeaderOrQueryParamsServerWithProvider(options =>
{
options.Realm = TestServerBuilder.Realm;
options.KeyName = FakeApiKeys.KeyName;
options.Events.OnValidateKey = context =>
{
context.ValidationSucceeded();
Assert.NotNull(context.Result);
return(Task.CompletedTask);
};
});
using var client = server.CreateClient();
using var request = new HttpRequestMessage(HttpMethod.Get, TestServerBuilder.ClaimsPrincipalUrl);
request.Headers.Add(FakeApiKeys.KeyName, FakeApiKeys.FakeKey);
using var response = await client.SendAsync(request);
var principal = await DeserializeClaimsPrincipalAsync(response);
Assert.True(response.IsSuccessStatusCode);
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.DoesNotContain(new ClaimDto(FakeApiKeys.FakeRoleClaim), principal.Claims); // provider not called
}
public async Task SuppressWWWAuthenticateHeader_verify_false()
{
var realm = TestServerBuilder.Realm;
using var server = TestServerBuilder.BuildInHeaderOrQueryParamsServerWithProvider(options =>
{
options.KeyName = FakeApiKeys.KeyName;
options.Realm = realm;
options.SuppressWWWAuthenticateHeader = false;
});
using var client = server.CreateClient();
using var response = await client.GetAsync(TestServerBuilder.BaseUrl);
Assert.False(response.IsSuccessStatusCode);
var wwwAuthenticateHeader = response.Headers.WwwAuthenticate;
Assert.NotEmpty(wwwAuthenticateHeader);
var wwwAuthenticateHeaderToMatch = Assert.Single(wwwAuthenticateHeader);
Assert.NotNull(wwwAuthenticateHeaderToMatch);
Assert.Equal(ApiKeyDefaults.AuthenticationScheme, wwwAuthenticateHeaderToMatch.Scheme);
Assert.Equal($"realm=\"{realm}\", charset=\"UTF-8\", in=\"header_or_query_params\", key_name=\"{FakeApiKeys.KeyName}\"", wwwAuthenticateHeaderToMatch.Parameter);
}
public async Task ForLegacyUseKeyNameAsSchemeNameOnWWWAuthenticateHeader_verify_true()
{
var realm = TestServerBuilder.Realm;
using var server = TestServerBuilder.BuildInHeaderOrQueryParamsServerWithProvider(options =>
{
options.KeyName = FakeApiKeys.KeyName;
options.Realm = realm;
options.ForLegacyUseKeyNameAsSchemeNameOnWWWAuthenticateHeader = true;
});
using var client = server.CreateClient();
using var request = new HttpRequestMessage(HttpMethod.Get, TestServerBuilder.BaseUrl);
using var response = await client.SendAsync(request);
Assert.False(response.IsSuccessStatusCode);
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
var wwwAuthenticateHeader = response.Headers.WwwAuthenticate;
Assert.NotEmpty(wwwAuthenticateHeader);
var wwwAuthenticateHeaderToMatch = Assert.Single(wwwAuthenticateHeader);
Assert.NotNull(wwwAuthenticateHeaderToMatch);
Assert.NotEqual(ApiKeyDefaults.AuthenticationScheme, wwwAuthenticateHeaderToMatch.Scheme);
Assert.Equal(FakeApiKeys.KeyName, wwwAuthenticateHeaderToMatch.Scheme);
Assert.Equal($"realm=\"{realm}\", charset=\"UTF-8\", in=\"header_or_query_params\", key_name=\"{FakeApiKeys.KeyName}\"", wwwAuthenticateHeaderToMatch.Parameter);
}
public ApiKeyInHeaderOrQueryParamsHandlerTests()
{
_server = TestServerBuilder.BuildInHeaderOrQueryParamsServer();
_client = _server.CreateClient();
_serverWithProvider = TestServerBuilder.BuildInHeaderOrQueryParamsServerWithProvider();
_clientWithProvider = _serverWithProvider.CreateClient();
}
public async Task HandleChallange()
{
using var server = TestServerBuilder.BuildInHeaderOrQueryParamsServerWithProvider();
using var client = server.CreateClient();
using var response = await client.GetAsync(TestServerBuilder.BaseUrl);
Assert.False(response.IsSuccessStatusCode);
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
Assert.NotEmpty(response.Headers.WwwAuthenticate);
}
public async Task HandleAuthenticate_ForLegacyIgnoreExtraValidatedApiKeyCheck()
{
using var server = TestServerBuilder.BuildInHeaderOrQueryParamsServerWithProvider();
using var client = server.CreateClient();
using var request = new HttpRequestMessage(HttpMethod.Get, TestServerBuilder.BaseUrl);
request.Headers.Add(FakeApiKeys.KeyName, FakeApiKeys.FakeKeyForLegacyIgnoreExtraValidatedApiKeyCheck);
using var response = await client.SendAsync(request);
Assert.False(response.IsSuccessStatusCode);
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
}
public async Task HandleForbidden()
{
using var server = TestServerBuilder.BuildInHeaderOrQueryParamsServerWithProvider();
using var client = server.CreateClient();
using var request = new HttpRequestMessage(HttpMethod.Get, TestServerBuilder.ForbiddenUrl);
request.Headers.Add(FakeApiKeys.KeyName, FakeApiKeys.FakeKey);
using var response = await client.SendAsync(request);
Assert.False(response.IsSuccessStatusCode);
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
Assert.False(response.Headers.Contains(HeaderFromEventsKey));
}
public async Task HandleAuthenticate_IgnoreAuthenticationIfAllowAnonymous()
{
using var server = TestServerBuilder.BuildInHeaderOrQueryParamsServerWithProvider();
using var client = server.CreateClient();
using var response = await client.GetAsync(TestServerBuilder.AnonymousUrl);
var principal = await DeserializeClaimsPrincipalAsync(response);
Assert.True(response.IsSuccessStatusCode);
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.False(principal.Identity.IsAuthenticated);
}
private HttpClient BuildClient(Func <ApiKeyHandleForbiddenContext, Task> onHandleForbidden)
{
var server = TestServerBuilder.BuildInHeaderOrQueryParamsServerWithProvider(options =>
{
options.KeyName = FakeApiKeys.KeyName;
options.Realm = TestServerBuilder.Realm;
options.Events.OnHandleForbidden = onHandleForbidden;
});
_serversToDispose.Add(server);
return(server.CreateClient());
}
private HttpClient BuildClient(Func <ApiKeyAuthenticationSucceededContext, Task> onAuthenticationSucceeded)
{
var server = TestServerBuilder.BuildInHeaderOrQueryParamsServerWithProvider(options =>
{
options.KeyName = FakeApiKeys.KeyName;
options.Realm = TestServerBuilder.Realm;
options.Events.OnAuthenticationSucceeded = onAuthenticationSucceeded;
});
_serversToDispose.Add(server);
return(server.CreateClient());
}
public async Task HandleChallange_using_SuppressWWWAuthenticateHeader()
{
using var server = TestServerBuilder.BuildInHeaderOrQueryParamsServerWithProvider(options =>
{
options.Realm = TestServerBuilder.Realm;
options.KeyName = FakeApiKeys.KeyName;
options.SuppressWWWAuthenticateHeader = true;
});
using var client = server.CreateClient();
using var response = await client.GetAsync(TestServerBuilder.BaseUrl);
Assert.False(response.IsSuccessStatusCode);
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
Assert.Empty(response.Headers.WwwAuthenticate);
}
public async Task SuppressWWWAuthenticateHeader_verify_true()
{
var realm = TestServerBuilder.Realm;
using var server = TestServerBuilder.BuildInHeaderOrQueryParamsServerWithProvider(options =>
{
options.KeyName = FakeApiKeys.KeyName;
options.Realm = realm;
options.SuppressWWWAuthenticateHeader = true;
});
using var client = server.CreateClient();
using var response = await client.GetAsync(TestServerBuilder.BaseUrl);
Assert.False(response.IsSuccessStatusCode);
Assert.Empty(response.Headers.WwwAuthenticate);
}
public void ApiKeyProviderType_verify_not_null()
{
using var server = TestServerBuilder.BuildInHeaderOrQueryParamsServerWithProvider();
var services = server.Host.Services;
var apiKeyOptionsSnapshot = services.GetService <IOptionsSnapshot <ApiKeyOptions> >();
var apiKeyOptions = apiKeyOptionsSnapshot.Get(ApiKeyDefaults.AuthenticationScheme);
Assert.NotNull(apiKeyOptions);
Assert.NotNull(apiKeyOptions.ApiKeyProviderType);
Assert.Equal(typeof(FakeApiKeyProvider), apiKeyOptions.ApiKeyProviderType);
var apiKeyProvider = services.GetService <IApiKeyProvider>();
Assert.NotNull(apiKeyProvider);
Assert.Equal(typeof(FakeApiKeyProvider), apiKeyProvider.GetType());
}
public async Task IgnoreAuthenticationIfAllowAnonymous_verify_true()
{
var realm = TestServerBuilder.Realm;
using var server = TestServerBuilder.BuildInHeaderOrQueryParamsServerWithProvider(options =>
{
options.KeyName = FakeApiKeys.KeyName;
options.Realm = realm;
options.IgnoreAuthenticationIfAllowAnonymous = true;
});
using var client = server.CreateClient();
using var request = new HttpRequestMessage(HttpMethod.Get, TestServerBuilder.AnonymousUrl);
request.Headers.Add(FakeApiKeys.KeyName, FakeApiKeys.FakeKeyIgnoreAuthenticationIfAllowAnonymous);
using var response = await client.SendAsync(request);
Assert.True(response.IsSuccessStatusCode);
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
}
public async Task IgnoreAuthenticationIfAllowAnonymous_verify_false()
{
var realm = TestServerBuilder.Realm;
using var server = TestServerBuilder.BuildInHeaderOrQueryParamsServerWithProvider(options =>
{
options.KeyName = FakeApiKeys.KeyName;
options.Realm = realm;
options.IgnoreAuthenticationIfAllowAnonymous = false;
});
using var client = server.CreateClient();
using var request = new HttpRequestMessage(HttpMethod.Get, TestServerBuilder.AnonymousUrl);
request.Headers.Add(FakeApiKeys.KeyName, FakeApiKeys.FakeKeyIgnoreAuthenticationIfAllowAnonymous);
var exception = await Assert.ThrowsAsync <InvalidOperationException>(() => client.SendAsync(request));
Assert.Equal(nameof(ApiKeyOptions.IgnoreAuthenticationIfAllowAnonymous), exception.Message);
}
public async Task ForLegacyIgnoreExtraValidatedApiKeyCheck_verify_true()
{
var realm = TestServerBuilder.Realm;
using var server = TestServerBuilder.BuildInHeaderOrQueryParamsServerWithProvider(options =>
{
options.KeyName = FakeApiKeys.KeyName;
options.Realm = realm;
options.ForLegacyIgnoreExtraValidatedApiKeyCheck = true;
});
using var client = server.CreateClient();
using var request = new HttpRequestMessage(HttpMethod.Get, TestServerBuilder.BaseUrl);
request.Headers.Add(FakeApiKeys.KeyName, FakeApiKeys.FakeKeyForLegacyIgnoreExtraValidatedApiKeyCheck);
using var response = await client.SendAsync(request);
Assert.True(response.IsSuccessStatusCode);
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
}
public async Task HandleChallange_using_OnHandleChallenge()
{
using var server = TestServerBuilder.BuildInHeaderOrQueryParamsServerWithProvider(options =>
{
options.Realm = TestServerBuilder.Realm;
options.KeyName = FakeApiKeys.KeyName;
options.Events.OnHandleChallenge = context =>
{
context.HttpContext.Response.Headers.Add(HeaderFromEventsKey, HeaderFromEventsValue);
return(Task.CompletedTask);
};
});
using var client = server.CreateClient();
using var response = await client.GetAsync(TestServerBuilder.BaseUrl);
Assert.False(response.IsSuccessStatusCode);
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
Assert.NotEmpty(response.Headers.WwwAuthenticate);
Assert.True(response.Headers.Contains(HeaderFromEventsKey));
Assert.Contains(HeaderFromEventsValue, response.Headers.GetValues(HeaderFromEventsKey));
}
public async Task HandleAuthenticate_OnAuthenticationSucceeded_result_null()
{
using var server = TestServerBuilder.BuildInHeaderOrQueryParamsServerWithProvider(options =>
{
options.Realm = TestServerBuilder.Realm;
options.KeyName = FakeApiKeys.KeyName;
options.Events.OnAuthenticationSucceeded = context =>
{
Assert.Null(context.Result);
return(Task.CompletedTask);
};
});
using var client = server.CreateClient();
using var request = new HttpRequestMessage(HttpMethod.Get, TestServerBuilder.BaseUrl);
request.Headers.Add(FakeApiKeys.KeyName, FakeApiKeys.FakeKey);
using var response = await client.SendAsync(request);
Assert.True(response.IsSuccessStatusCode);
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
}
public async Task HandleForbidden_using_OnHandleForbidden()
{
using var server = TestServerBuilder.BuildInHeaderOrQueryParamsServerWithProvider(options =>
{
options.Realm = TestServerBuilder.Realm;
options.KeyName = FakeApiKeys.KeyName;
options.Events.OnHandleForbidden = context =>
{
context.HttpContext.Response.Headers.Add(HeaderFromEventsKey, HeaderFromEventsValue);
return(Task.CompletedTask);
};
});
using var client = server.CreateClient();
using var request = new HttpRequestMessage(HttpMethod.Get, TestServerBuilder.ForbiddenUrl);
request.Headers.Add(FakeApiKeys.KeyName, FakeApiKeys.FakeKey);
using var response = await client.SendAsync(request);
Assert.False(response.IsSuccessStatusCode);
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
Assert.True(response.Headers.Contains(HeaderFromEventsKey));
Assert.Contains(HeaderFromEventsValue, response.Headers.GetValues(HeaderFromEventsKey));
}
private async Task RunAuthInitWithProviderAsync(Action <ApiKeyOptions> configureOptions)
{
var server = TestServerBuilder.BuildInHeaderOrQueryParamsServerWithProvider(configureOptions);
await server.CreateClient().GetAsync(TestServerBuilder.BaseUrl);
}