From 6209681b2c15caac8dcb01a27420c3943bdf4f07 Mon Sep 17 00:00:00 2001 From: Nick Sharp Date: Mon, 26 Jun 2017 11:50:58 +0100 Subject: [PATCH 1/6] Adding code ##BROKEN TESTS## --- .../Creator/AuthenticationHandlerCreator.cs | 12 +- .../Configuration/AuthenticationOptions.cs | 28 +- .../Builder/AuthenticationOptionsBuilder.cs | 50 +- .../Creator/AuthenticationOptionsCreator.cs | 25 +- .../File/FileAuthenticationOptions.cs | 9 +- .../AuthenticationTests.cs | 446 +++++++++--------- .../AuthorisationTests.cs | 364 +++++++------- .../ClaimsToHeadersForwardingTests.cs | 118 ++--- .../ClaimsToQueryStringForwardingTests.cs | 122 ++--- .../AuthenticationOptionsCreatorTests.cs | 74 +-- .../FileConfigurationCreatorTests.cs | 280 +++++------ 11 files changed, 792 insertions(+), 736 deletions(-) diff --git a/src/Ocelot/Authentication/Handler/Creator/AuthenticationHandlerCreator.cs b/src/Ocelot/Authentication/Handler/Creator/AuthenticationHandlerCreator.cs index 96713fb0d..ea2515f93 100644 --- a/src/Ocelot/Authentication/Handler/Creator/AuthenticationHandlerCreator.cs +++ b/src/Ocelot/Authentication/Handler/Creator/AuthenticationHandlerCreator.cs @@ -5,6 +5,8 @@ namespace Ocelot.Authentication.Handler.Creator { + using Ocelot.Configuration; + using AuthenticationOptions = Configuration.AuthenticationOptions; /// @@ -16,14 +18,16 @@ public Response Create(IApplicationBuilder app, AuthenticationO { var builder = app.New(); + var authenticationConfig = authOptions.Config as IdentityServerConfig; + builder.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions { - Authority = authOptions.ProviderRootUrl, - ApiName = authOptions.ApiName, - RequireHttpsMetadata = authOptions.RequireHttps, + Authority = authenticationConfig.ProviderRootUrl, + ApiName = authenticationConfig.ApiName, + RequireHttpsMetadata = authenticationConfig.RequireHttps, AllowedScopes = authOptions.AllowedScopes, SupportedTokens = SupportedTokens.Both, - ApiSecret = authOptions.ApiSecret + ApiSecret = authenticationConfig.ApiSecret }); var authenticationNext = builder.Build(); diff --git a/src/Ocelot/Configuration/AuthenticationOptions.cs b/src/Ocelot/Configuration/AuthenticationOptions.cs index 223491b27..cfb76fe48 100644 --- a/src/Ocelot/Configuration/AuthenticationOptions.cs +++ b/src/Ocelot/Configuration/AuthenticationOptions.cs @@ -4,22 +4,38 @@ namespace Ocelot.Configuration { public class AuthenticationOptions { - public AuthenticationOptions(string provider, string providerRootUrl, string apiName, bool requireHttps, List allowedScopes, string apiSecret) + public AuthenticationOptions(string provider, List allowedScopes, IAuthenticationConfig config) { Provider = provider; + AllowedScopes = allowedScopes; + Config = config; + } + + public string Provider { get; private set; } + + public List AllowedScopes { get; private set; } + + public IAuthenticationConfig Config { get; } + } + + + public interface IAuthenticationConfig + { + } + + public class IdentityServerConfig : IAuthenticationConfig + { + public IdentityServerConfig(string providerRootUrl, string apiName, bool requireHttps, string apiSecret) + { ProviderRootUrl = providerRootUrl; - ApiName = apiName; + ApiName = apiName; RequireHttps = requireHttps; - AllowedScopes = allowedScopes; ApiSecret = apiSecret; } - public string Provider { get; private set; } public string ProviderRootUrl { get; private set; } public string ApiName { get; private set; } public string ApiSecret { get; private set; } public bool RequireHttps { get; private set; } - public List AllowedScopes { get; private set; } - } } diff --git a/src/Ocelot/Configuration/Builder/AuthenticationOptionsBuilder.cs b/src/Ocelot/Configuration/Builder/AuthenticationOptionsBuilder.cs index 0c6484894..bd20717cd 100644 --- a/src/Ocelot/Configuration/Builder/AuthenticationOptionsBuilder.cs +++ b/src/Ocelot/Configuration/Builder/AuthenticationOptionsBuilder.cs @@ -6,51 +6,71 @@ public class AuthenticationOptionsBuilder { private string _provider; - private string _providerRootUrl; - private string _apiName; - private string _apiSecret; - private bool _requireHttps; + private List _allowedScopes; + private IAuthenticationConfig _config; + public AuthenticationOptionsBuilder WithProvider(string provider) { _provider = provider; return this; } - public AuthenticationOptionsBuilder WithProviderRootUrl(string providerRootUrl) + public AuthenticationOptionsBuilder WithAllowedScopes(List allowedScopes) + { + _allowedScopes = allowedScopes; + return this; + } + + public AuthenticationOptionsBuilder WithConfiguration(IAuthenticationConfig config) + { + _config = config; + return this; + } + + public AuthenticationOptions Build() + { + return new AuthenticationOptions(_provider, _allowedScopes, _config); + } + } + + public class IdentityServerConfigBuilder + { + private string _providerRootUrl; + private string _apiName; + private string _apiSecret; + private bool _requireHttps; + + public IdentityServerConfigBuilder WithProviderRootUrl(string providerRootUrl) { _providerRootUrl = providerRootUrl; return this; } - public AuthenticationOptionsBuilder WithApiName(string apiName) + public IdentityServerConfigBuilder WithApiName(string apiName) { _apiName = apiName; return this; } - public AuthenticationOptionsBuilder WithApiSecret(string apiSecret) + public IdentityServerConfigBuilder WithApiSecret(string apiSecret) { _apiSecret = apiSecret; return this; } - public AuthenticationOptionsBuilder WithRequireHttps(bool requireHttps) + public IdentityServerConfigBuilder WithRequireHttps(bool requireHttps) { _requireHttps = requireHttps; return this; } - public AuthenticationOptionsBuilder WithAllowedScopes(List allowedScopes) - { - _allowedScopes = allowedScopes; - return this; - } + - public AuthenticationOptions Build() + public IdentityServerConfig Build() { - return new AuthenticationOptions(_provider, _providerRootUrl, _apiName, _requireHttps, _allowedScopes, _apiSecret); + return new IdentityServerConfig(_providerRootUrl, _apiName, _requireHttps, _apiSecret); } } } \ No newline at end of file diff --git a/src/Ocelot/Configuration/Creator/AuthenticationOptionsCreator.cs b/src/Ocelot/Configuration/Creator/AuthenticationOptionsCreator.cs index 583748e14..ac185cdf9 100644 --- a/src/Ocelot/Configuration/Creator/AuthenticationOptionsCreator.cs +++ b/src/Ocelot/Configuration/Creator/AuthenticationOptionsCreator.cs @@ -7,14 +7,25 @@ public class AuthenticationOptionsCreator : IAuthenticationOptionsCreator { public AuthenticationOptions Create(FileReRoute fileReRoute) { + var authenticationConfig = new AuthenticationConfigCreator().Create(fileReRoute.AuthenticationOptions); + return new AuthenticationOptionsBuilder() - .WithProvider(fileReRoute.AuthenticationOptions?.Provider) - .WithProviderRootUrl(fileReRoute.AuthenticationOptions?.ProviderRootUrl) - .WithApiName(fileReRoute.AuthenticationOptions?.ApiName) - .WithRequireHttps(fileReRoute.AuthenticationOptions.RequireHttps) - .WithAllowedScopes(fileReRoute.AuthenticationOptions?.AllowedScopes) - .WithApiSecret(fileReRoute.AuthenticationOptions?.ApiSecret) - .Build(); + .WithProvider(fileReRoute.AuthenticationOptions?.Provider) + .WithAllowedScopes(fileReRoute.AuthenticationOptions?.AllowedScopes) + .WithConfiguration(authenticationConfig) + .Build(); + } + } + + public class AuthenticationConfigCreator + { + public IAuthenticationConfig Create(FileAuthenticationOptions authenticationOptions) + { + return new IdentityServerConfigBuilder() + .WithApiName(authenticationOptions.IdentityServerConfig?.ApiName) + .WithApiSecret(authenticationOptions.IdentityServerConfig?.ApiSecret) + .WithProviderRootUrl(authenticationOptions.IdentityServerConfig?.ProviderRootUrl) + .WithRequireHttps(authenticationOptions.IdentityServerConfig.RequireHttps).Build(); } } } \ No newline at end of file diff --git a/src/Ocelot/Configuration/File/FileAuthenticationOptions.cs b/src/Ocelot/Configuration/File/FileAuthenticationOptions.cs index 63e6347cc..9f2de9676 100644 --- a/src/Ocelot/Configuration/File/FileAuthenticationOptions.cs +++ b/src/Ocelot/Configuration/File/FileAuthenticationOptions.cs @@ -6,14 +6,19 @@ public class FileAuthenticationOptions { public FileAuthenticationOptions() { - AllowedScopes = new List(); + AllowedScopes = new List(); } public string Provider { get; set; } + public List AllowedScopes { get; set; } + public FileIdentityServerConfig IdentityServerConfig { get; set; } + } + + public class FileIdentityServerConfig + { public string ProviderRootUrl { get; set; } public string ApiName { get; set; } public bool RequireHttps { get; set; } - public List AllowedScopes { get; set; } public string ApiSecret { get; set; } } } diff --git a/test/Ocelot.AcceptanceTests/AuthenticationTests.cs b/test/Ocelot.AcceptanceTests/AuthenticationTests.cs index c0d143b91..060cb5bdd 100644 --- a/test/Ocelot.AcceptanceTests/AuthenticationTests.cs +++ b/test/Ocelot.AcceptanceTests/AuthenticationTests.cs @@ -34,241 +34,241 @@ public AuthenticationTests() _steps = new Steps(); } - [Fact] - public void should_return_401_using_identity_server_access_token() - { - var configuration = new FileConfiguration - { - ReRoutes = new List - { - new FileReRoute - { - DownstreamPathTemplate = _downstreamServicePath, - DownstreamPort = _downstreamServicePort, - DownstreamHost = _downstreamServiceHost, - DownstreamScheme = _downstreamServiceScheme, - UpstreamPathTemplate = "/", - UpstreamHttpMethod = new List { "Post" }, - AuthenticationOptions = new FileAuthenticationOptions - { - AllowedScopes = new List(), - Provider = "IdentityServer", - ProviderRootUrl = _identityServerRootUrl, - RequireHttps = false, - ApiName = "api", - ApiSecret = "secret" - } - } - } - }; + //[Fact] + //public void should_return_401_using_identity_server_access_token() + //{ + // var configuration = new FileConfiguration + // { + // ReRoutes = new List + // { + // new FileReRoute + // { + // DownstreamPathTemplate = _downstreamServicePath, + // DownstreamPort = _downstreamServicePort, + // DownstreamHost = _downstreamServiceHost, + // DownstreamScheme = _downstreamServiceScheme, + // UpstreamPathTemplate = "/", + // UpstreamHttpMethod = new List { "Post" }, + // AuthenticationOptions = new FileAuthenticationOptions + // { + // AllowedScopes = new List(), + // Provider = "IdentityServer", + // ProviderRootUrl = _identityServerRootUrl, + // RequireHttps = false, + // ApiName = "api", + // ApiSecret = "secret" + // } + // } + // } + // }; - this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Jwt)) - .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 201, string.Empty)) - .And(x => _steps.GivenThereIsAConfiguration(configuration)) - .And(x => _steps.GivenOcelotIsRunning()) - .And(x => _steps.GivenThePostHasContent("postContent")) - .When(x => _steps.WhenIPostUrlOnTheApiGateway("/")) - .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Unauthorized)) - .BDDfy(); - } + // this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Jwt)) + // .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 201, string.Empty)) + // .And(x => _steps.GivenThereIsAConfiguration(configuration)) + // .And(x => _steps.GivenOcelotIsRunning()) + // .And(x => _steps.GivenThePostHasContent("postContent")) + // .When(x => _steps.WhenIPostUrlOnTheApiGateway("/")) + // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Unauthorized)) + // .BDDfy(); + //} - [Fact] - public void should_return_401_using_identity_server_reference_token() - { - var configuration = new FileConfiguration - { - ReRoutes = new List - { - new FileReRoute - { - DownstreamPathTemplate = _downstreamServicePath, - DownstreamPort = _downstreamServicePort, - DownstreamHost = _downstreamServiceHost, - DownstreamScheme = _downstreamServiceScheme, - UpstreamPathTemplate = "/", - UpstreamHttpMethod = new List { "Post" }, - AuthenticationOptions = new FileAuthenticationOptions - { - AllowedScopes = new List(), - Provider = "IdentityServer", - ProviderRootUrl = _identityServerRootUrl, - RequireHttps = false, - ApiName = "api", - ApiSecret = "secret" - } - } - } - }; + //[Fact] + //public void should_return_401_using_identity_server_reference_token() + //{ + // var configuration = new FileConfiguration + // { + // ReRoutes = new List + // { + // new FileReRoute + // { + // DownstreamPathTemplate = _downstreamServicePath, + // DownstreamPort = _downstreamServicePort, + // DownstreamHost = _downstreamServiceHost, + // DownstreamScheme = _downstreamServiceScheme, + // UpstreamPathTemplate = "/", + // UpstreamHttpMethod = new List { "Post" }, + // AuthenticationOptions = new FileAuthenticationOptions + // { + // AllowedScopes = new List(), + // Provider = "IdentityServer", + // ProviderRootUrl = _identityServerRootUrl, + // RequireHttps = false, + // ApiName = "api", + // ApiSecret = "secret" + // } + // } + // } + // }; - this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Reference)) - .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 201, string.Empty)) - .And(x => _steps.GivenThereIsAConfiguration(configuration)) - .And(x => _steps.GivenOcelotIsRunning()) - .And(x => _steps.GivenThePostHasContent("postContent")) - .When(x => _steps.WhenIPostUrlOnTheApiGateway("/")) - .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Unauthorized)) - .BDDfy(); - } + // this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Reference)) + // .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 201, string.Empty)) + // .And(x => _steps.GivenThereIsAConfiguration(configuration)) + // .And(x => _steps.GivenOcelotIsRunning()) + // .And(x => _steps.GivenThePostHasContent("postContent")) + // .When(x => _steps.WhenIPostUrlOnTheApiGateway("/")) + // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Unauthorized)) + // .BDDfy(); + //} - [Fact] - public void should_return_response_200_using_identity_server() - { - var configuration = new FileConfiguration - { - ReRoutes = new List - { - new FileReRoute - { - DownstreamPathTemplate = _downstreamServicePath, - DownstreamPort = _downstreamServicePort, - DownstreamHost = _downstreamServiceHost, - DownstreamScheme = _downstreamServiceScheme, - UpstreamPathTemplate = "/", - UpstreamHttpMethod = new List { "Get" }, - AuthenticationOptions = new FileAuthenticationOptions - { - AllowedScopes = new List(), - Provider = "IdentityServer", - ProviderRootUrl = _identityServerRootUrl, - RequireHttps = false, - ApiName = "api", - ApiSecret = "secret" - } - } - } - }; + //[Fact] + //public void should_return_response_200_using_identity_server() + //{ + // var configuration = new FileConfiguration + // { + // ReRoutes = new List + // { + // new FileReRoute + // { + // DownstreamPathTemplate = _downstreamServicePath, + // DownstreamPort = _downstreamServicePort, + // DownstreamHost = _downstreamServiceHost, + // DownstreamScheme = _downstreamServiceScheme, + // UpstreamPathTemplate = "/", + // UpstreamHttpMethod = new List { "Get" }, + // AuthenticationOptions = new FileAuthenticationOptions + // { + // AllowedScopes = new List(), + // Provider = "IdentityServer", + // ProviderRootUrl = _identityServerRootUrl, + // RequireHttps = false, + // ApiName = "api", + // ApiSecret = "secret" + // } + // } + // } + // }; - this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Jwt)) - .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 200, "Hello from Laura")) - .And(x => _steps.GivenIHaveAToken(_identityServerRootUrl)) - .And(x => _steps.GivenThereIsAConfiguration(configuration)) - .And(x => _steps.GivenOcelotIsRunning()) - .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) - .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) - .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.OK)) - .And(x => _steps.ThenTheResponseBodyShouldBe("Hello from Laura")) - .BDDfy(); - } + // this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Jwt)) + // .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 200, "Hello from Laura")) + // .And(x => _steps.GivenIHaveAToken(_identityServerRootUrl)) + // .And(x => _steps.GivenThereIsAConfiguration(configuration)) + // .And(x => _steps.GivenOcelotIsRunning()) + // .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) + // .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) + // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.OK)) + // .And(x => _steps.ThenTheResponseBodyShouldBe("Hello from Laura")) + // .BDDfy(); + //} - [Fact] - public void should_return_response_401_using_identity_server_with_token_requested_for_other_api() - { - var configuration = new FileConfiguration - { - ReRoutes = new List - { - new FileReRoute - { - DownstreamPathTemplate = _downstreamServicePath, - DownstreamPort = _downstreamServicePort, - DownstreamHost = _downstreamServiceHost, - DownstreamScheme = _downstreamServiceScheme, - UpstreamPathTemplate = "/", - UpstreamHttpMethod = new List { "Get" }, - AuthenticationOptions = new FileAuthenticationOptions - { - AllowedScopes = new List(), - Provider = "IdentityServer", - ProviderRootUrl = _identityServerRootUrl, - RequireHttps = false, - ApiName = "api", - ApiSecret = "secret" - } - } - } - }; + //[Fact] + //public void should_return_response_401_using_identity_server_with_token_requested_for_other_api() + //{ + // var configuration = new FileConfiguration + // { + // ReRoutes = new List + // { + // new FileReRoute + // { + // DownstreamPathTemplate = _downstreamServicePath, + // DownstreamPort = _downstreamServicePort, + // DownstreamHost = _downstreamServiceHost, + // DownstreamScheme = _downstreamServiceScheme, + // UpstreamPathTemplate = "/", + // UpstreamHttpMethod = new List { "Get" }, + // AuthenticationOptions = new FileAuthenticationOptions + // { + // AllowedScopes = new List(), + // Provider = "IdentityServer", + // ProviderRootUrl = _identityServerRootUrl, + // RequireHttps = false, + // ApiName = "api", + // ApiSecret = "secret" + // } + // } + // } + // }; - this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Jwt)) - .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 200, "Hello from Laura")) - .And(x => _steps.GivenIHaveATokenForApi2(_identityServerRootUrl)) - .And(x => _steps.GivenThereIsAConfiguration(configuration)) - .And(x => _steps.GivenOcelotIsRunning()) - .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) - .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) - .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Unauthorized)) - .BDDfy(); - } + // this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Jwt)) + // .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 200, "Hello from Laura")) + // .And(x => _steps.GivenIHaveATokenForApi2(_identityServerRootUrl)) + // .And(x => _steps.GivenThereIsAConfiguration(configuration)) + // .And(x => _steps.GivenOcelotIsRunning()) + // .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) + // .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) + // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Unauthorized)) + // .BDDfy(); + //} - [Fact] - public void should_return_201_using_identity_server_access_token() - { - var configuration = new FileConfiguration - { - ReRoutes = new List - { - new FileReRoute - { - DownstreamPathTemplate = _downstreamServicePath, - DownstreamPort = _downstreamServicePort, - DownstreamHost = _downstreamServiceHost, - DownstreamScheme = _downstreamServiceScheme, - UpstreamPathTemplate = "/", - UpstreamHttpMethod = new List { "Post" }, + //[Fact] + //public void should_return_201_using_identity_server_access_token() + //{ + // var configuration = new FileConfiguration + // { + // ReRoutes = new List + // { + // new FileReRoute + // { + // DownstreamPathTemplate = _downstreamServicePath, + // DownstreamPort = _downstreamServicePort, + // DownstreamHost = _downstreamServiceHost, + // DownstreamScheme = _downstreamServiceScheme, + // UpstreamPathTemplate = "/", + // UpstreamHttpMethod = new List { "Post" }, - AuthenticationOptions = new FileAuthenticationOptions - { - AllowedScopes = new List(), - Provider = "IdentityServer", - ProviderRootUrl = _identityServerRootUrl, - RequireHttps = false, - ApiName = "api", - ApiSecret = "secret" - } - } - } - }; + // AuthenticationOptions = new FileAuthenticationOptions + // { + // AllowedScopes = new List(), + // Provider = "IdentityServer", + // ProviderRootUrl = _identityServerRootUrl, + // RequireHttps = false, + // ApiName = "api", + // ApiSecret = "secret" + // } + // } + // } + // }; - this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Jwt)) - .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 201, string.Empty)) - .And(x => _steps.GivenIHaveAToken(_identityServerRootUrl)) - .And(x => _steps.GivenThereIsAConfiguration(configuration)) - .And(x => _steps.GivenOcelotIsRunning()) - .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) - .And(x => _steps.GivenThePostHasContent("postContent")) - .When(x => _steps.WhenIPostUrlOnTheApiGateway("/")) - .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Created)) - .BDDfy(); - } + // this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Jwt)) + // .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 201, string.Empty)) + // .And(x => _steps.GivenIHaveAToken(_identityServerRootUrl)) + // .And(x => _steps.GivenThereIsAConfiguration(configuration)) + // .And(x => _steps.GivenOcelotIsRunning()) + // .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) + // .And(x => _steps.GivenThePostHasContent("postContent")) + // .When(x => _steps.WhenIPostUrlOnTheApiGateway("/")) + // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Created)) + // .BDDfy(); + //} - [Fact] - public void should_return_201_using_identity_server_reference_token() - { - var configuration = new FileConfiguration - { - ReRoutes = new List - { - new FileReRoute - { - DownstreamPathTemplate = _downstreamServicePath, - DownstreamPort = _downstreamServicePort, - DownstreamHost = _downstreamServiceHost, - DownstreamScheme = _downstreamServiceScheme, - UpstreamPathTemplate = "/", - UpstreamHttpMethod = new List { "Post" }, - AuthenticationOptions = new FileAuthenticationOptions - { - AllowedScopes = new List(), - Provider = "IdentityServer", - ProviderRootUrl = _identityServerRootUrl, - RequireHttps = false, - ApiName = "api", - ApiSecret = "secret" - } - } - } - }; + //[Fact] + //public void should_return_201_using_identity_server_reference_token() + //{ + // var configuration = new FileConfiguration + // { + // ReRoutes = new List + // { + // new FileReRoute + // { + // DownstreamPathTemplate = _downstreamServicePath, + // DownstreamPort = _downstreamServicePort, + // DownstreamHost = _downstreamServiceHost, + // DownstreamScheme = _downstreamServiceScheme, + // UpstreamPathTemplate = "/", + // UpstreamHttpMethod = new List { "Post" }, + // AuthenticationOptions = new FileAuthenticationOptions + // { + // AllowedScopes = new List(), + // Provider = "IdentityServer", + // ProviderRootUrl = _identityServerRootUrl, + // RequireHttps = false, + // ApiName = "api", + // ApiSecret = "secret" + // } + // } + // } + // }; - this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Reference)) - .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 201, string.Empty)) - .And(x => _steps.GivenIHaveAToken(_identityServerRootUrl)) - .And(x => _steps.GivenThereIsAConfiguration(configuration)) - .And(x => _steps.GivenOcelotIsRunning()) - .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) - .And(x => _steps.GivenThePostHasContent("postContent")) - .When(x => _steps.WhenIPostUrlOnTheApiGateway("/")) - .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Created)) - .BDDfy(); - } + // this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Reference)) + // .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 201, string.Empty)) + // .And(x => _steps.GivenIHaveAToken(_identityServerRootUrl)) + // .And(x => _steps.GivenThereIsAConfiguration(configuration)) + // .And(x => _steps.GivenOcelotIsRunning()) + // .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) + // .And(x => _steps.GivenThePostHasContent("postContent")) + // .When(x => _steps.WhenIPostUrlOnTheApiGateway("/")) + // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Created)) + // .BDDfy(); + //} private void GivenThereIsAServiceRunningOn(string url, int statusCode, string responseBody) { diff --git a/test/Ocelot.AcceptanceTests/AuthorisationTests.cs b/test/Ocelot.AcceptanceTests/AuthorisationTests.cs index 011bb679b..30dc636f3 100644 --- a/test/Ocelot.AcceptanceTests/AuthorisationTests.cs +++ b/test/Ocelot.AcceptanceTests/AuthorisationTests.cs @@ -28,195 +28,195 @@ public AuthorisationTests() _steps = new Steps(); } - [Fact] - public void should_return_response_200_authorising_route() - { - var configuration = new FileConfiguration - { - ReRoutes = new List - { - new FileReRoute - { - DownstreamPathTemplate = "/", - DownstreamPort = 51876, - DownstreamScheme = "http", - DownstreamHost = "localhost", - UpstreamPathTemplate = "/", - UpstreamHttpMethod = new List { "Get" }, - AuthenticationOptions = new FileAuthenticationOptions - { - AllowedScopes = new List(), - Provider = "IdentityServer", - ProviderRootUrl = "http://localhost:51888", - RequireHttps = false, - ApiName = "api", - ApiSecret = "secret" - }, - AddHeadersToRequest = - { - {"CustomerId", "Claims[CustomerId] > value"}, - {"LocationId", "Claims[LocationId] > value"}, - {"UserType", "Claims[sub] > value[0] > |"}, - {"UserId", "Claims[sub] > value[1] > |"} - }, - AddClaimsToRequest = - { - {"CustomerId", "Claims[CustomerId] > value"}, - {"UserType", "Claims[sub] > value[0] > |"}, - {"UserId", "Claims[sub] > value[1] > |"} - }, - RouteClaimsRequirement = - { - {"UserType", "registered"} - } - } - } - }; + //[Fact] + //public void should_return_response_200_authorising_route() + //{ + // var configuration = new FileConfiguration + // { + // ReRoutes = new List + // { + // new FileReRoute + // { + // DownstreamPathTemplate = "/", + // DownstreamPort = 51876, + // DownstreamScheme = "http", + // DownstreamHost = "localhost", + // UpstreamPathTemplate = "/", + // UpstreamHttpMethod = new List { "Get" }, + // AuthenticationOptions = new FileAuthenticationOptions + // { + //AllowedScopes = new List(), + // Provider = "IdentityServer", + // ProviderRootUrl = "http://localhost:51888", + // RequireHttps = false, + //ApiName = "api", + // ApiSecret = "secret" + // }, + // AddHeadersToRequest = + // { + // {"CustomerId", "Claims[CustomerId] > value"}, + // {"LocationId", "Claims[LocationId] > value"}, + // {"UserType", "Claims[sub] > value[0] > |"}, + // {"UserId", "Claims[sub] > value[1] > |"} + // }, + // AddClaimsToRequest = + // { + // {"CustomerId", "Claims[CustomerId] > value"}, + // {"UserType", "Claims[sub] > value[0] > |"}, + // {"UserId", "Claims[sub] > value[1] > |"} + // }, + // RouteClaimsRequirement = + // { + // {"UserType", "registered"} + // } + // } + // } + // }; - this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:51888", "api", AccessTokenType.Jwt)) - .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:51876", 200, "Hello from Laura")) - .And(x => _steps.GivenIHaveAToken("http://localhost:51888")) - .And(x => _steps.GivenThereIsAConfiguration(configuration)) - .And(x => _steps.GivenOcelotIsRunning()) - .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) - .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) - .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.OK)) - .And(x => _steps.ThenTheResponseBodyShouldBe("Hello from Laura")) - .BDDfy(); - } + // this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:51888", "api", AccessTokenType.Jwt)) + // .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:51876", 200, "Hello from Laura")) + // .And(x => _steps.GivenIHaveAToken("http://localhost:51888")) + // .And(x => _steps.GivenThereIsAConfiguration(configuration)) + // .And(x => _steps.GivenOcelotIsRunning()) + // .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) + // .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) + // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.OK)) + // .And(x => _steps.ThenTheResponseBodyShouldBe("Hello from Laura")) + // .BDDfy(); + //} - [Fact] - public void should_return_response_403_authorising_route() - { - var configuration = new FileConfiguration - { - ReRoutes = new List - { - new FileReRoute - { - DownstreamPathTemplate = "/", - DownstreamPort = 51876, - DownstreamScheme = "http", - DownstreamHost = "localhost", - UpstreamPathTemplate = "/", - UpstreamHttpMethod = new List { "Get" }, - AuthenticationOptions = new FileAuthenticationOptions - { - AllowedScopes = new List(), - Provider = "IdentityServer", - ProviderRootUrl = "http://localhost:51888", - RequireHttps = false, - ApiName = "api", - ApiSecret = "secret" - }, - AddHeadersToRequest = - { - {"CustomerId", "Claims[CustomerId] > value"}, - {"LocationId", "Claims[LocationId] > value"}, - {"UserType", "Claims[sub] > value[0] > |"}, - {"UserId", "Claims[sub] > value[1] > |"} - }, - AddClaimsToRequest = - { - {"CustomerId", "Claims[CustomerId] > value"}, - {"UserId", "Claims[sub] > value[1] > |"} - }, - RouteClaimsRequirement = - { - {"UserType", "registered"} - } - } - } - }; + //[Fact] + //public void should_return_response_403_authorising_route() + //{ + // var configuration = new FileConfiguration + // { + // ReRoutes = new List + // { + // new FileReRoute + // { + // DownstreamPathTemplate = "/", + // DownstreamPort = 51876, + // DownstreamScheme = "http", + // DownstreamHost = "localhost", + // UpstreamPathTemplate = "/", + // UpstreamHttpMethod = new List { "Get" }, + // AuthenticationOptions = new FileAuthenticationOptions + // { + //AllowedScopes = new List(), + // Provider = "IdentityServer", + // ProviderRootUrl = "http://localhost:51888", + // RequireHttps = false, + //ApiName = "api", + // ApiSecret = "secret" + // }, + // AddHeadersToRequest = + // { + // {"CustomerId", "Claims[CustomerId] > value"}, + // {"LocationId", "Claims[LocationId] > value"}, + // {"UserType", "Claims[sub] > value[0] > |"}, + // {"UserId", "Claims[sub] > value[1] > |"} + // }, + // AddClaimsToRequest = + // { + // {"CustomerId", "Claims[CustomerId] > value"}, + // {"UserId", "Claims[sub] > value[1] > |"} + // }, + // RouteClaimsRequirement = + // { + // {"UserType", "registered"} + // } + // } + // } + // }; - this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:51888", "api", AccessTokenType.Jwt)) - .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:51876", 200, "Hello from Laura")) - .And(x => _steps.GivenIHaveAToken("http://localhost:51888")) - .And(x => _steps.GivenThereIsAConfiguration(configuration)) - .And(x => _steps.GivenOcelotIsRunning()) - .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) - .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) - .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Forbidden)) - .BDDfy(); - } + // this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:51888", "api", AccessTokenType.Jwt)) + // .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:51876", 200, "Hello from Laura")) + // .And(x => _steps.GivenIHaveAToken("http://localhost:51888")) + // .And(x => _steps.GivenThereIsAConfiguration(configuration)) + // .And(x => _steps.GivenOcelotIsRunning()) + // .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) + // .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) + // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Forbidden)) + // .BDDfy(); + //} - [Fact] - public void should_return_response_200_using_identity_server_with_allowed_scope() - { - var configuration = new FileConfiguration - { - ReRoutes = new List - { - new FileReRoute - { - DownstreamPathTemplate = "/", - DownstreamPort = 51876, - DownstreamHost = "localhost", - DownstreamScheme = "http", - UpstreamPathTemplate = "/", - UpstreamHttpMethod = new List { "Get" }, - AuthenticationOptions = new FileAuthenticationOptions - { - AllowedScopes = new List{ "api", "api.readOnly", "openid", "offline_access" }, - Provider = "IdentityServer", - ProviderRootUrl = "http://localhost:51888", - RequireHttps = false, - ApiName = "api", - ApiSecret = "secret" - } - } - } - }; + //[Fact] + //public void should_return_response_200_using_identity_server_with_allowed_scope() + //{ + // var configuration = new FileConfiguration + // { + // ReRoutes = new List + // { + // new FileReRoute + // { + // DownstreamPathTemplate = "/", + // DownstreamPort = 51876, + // DownstreamHost = "localhost", + // DownstreamScheme = "http", + // UpstreamPathTemplate = "/", + // UpstreamHttpMethod = new List { "Get" }, + // AuthenticationOptions = new FileAuthenticationOptions + // { + // AllowedScopes = new List{ "api", "api.readOnly", "openid", "offline_access" }, + // Provider = "IdentityServer", + // ProviderRootUrl = "http://localhost:51888", + // RequireHttps = false, + // ApiName = "api", + // ApiSecret = "secret" + // } + // } + // } + // }; - this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:51888", "api", AccessTokenType.Jwt)) - .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:51876", 200, "Hello from Laura")) - .And(x => _steps.GivenIHaveATokenForApiReadOnlyScope("http://localhost:51888")) - .And(x => _steps.GivenThereIsAConfiguration(configuration)) - .And(x => _steps.GivenOcelotIsRunning()) - .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) - .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) - .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.OK)) - .BDDfy(); - } + // this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:51888", "api", AccessTokenType.Jwt)) + // .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:51876", 200, "Hello from Laura")) + // .And(x => _steps.GivenIHaveATokenForApiReadOnlyScope("http://localhost:51888")) + // .And(x => _steps.GivenThereIsAConfiguration(configuration)) + // .And(x => _steps.GivenOcelotIsRunning()) + // .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) + // .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) + // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.OK)) + // .BDDfy(); + //} - [Fact] - public void should_return_response_403_using_identity_server_with_scope_not_allowed() - { - var configuration = new FileConfiguration - { - ReRoutes = new List - { - new FileReRoute - { - DownstreamPathTemplate = "/", - DownstreamPort = 51876, - DownstreamHost = "localhost", - DownstreamScheme = "http", - UpstreamPathTemplate = "/", - UpstreamHttpMethod = new List { "Get" }, - AuthenticationOptions = new FileAuthenticationOptions - { - AllowedScopes = new List{ "api", "openid", "offline_access" }, - Provider = "IdentityServer", - ProviderRootUrl = "http://localhost:51888", - RequireHttps = false, - ApiName = "api", - ApiSecret = "secret" - } - } - } - }; + //[Fact] + //public void should_return_response_403_using_identity_server_with_scope_not_allowed() + //{ + // var configuration = new FileConfiguration + // { + // ReRoutes = new List + // { + // new FileReRoute + // { + // DownstreamPathTemplate = "/", + // DownstreamPort = 51876, + // DownstreamHost = "localhost", + // DownstreamScheme = "http", + // UpstreamPathTemplate = "/", + // UpstreamHttpMethod = new List { "Get" }, + // AuthenticationOptions = new FileAuthenticationOptions + // { + // AllowedScopes = new List{ "api", "openid", "offline_access" }, + // Provider = "IdentityServer", + // ProviderRootUrl = "http://localhost:51888", + // RequireHttps = false, + // ApiName = "api", + // ApiSecret = "secret" + // } + // } + // } + // }; - this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:51888", "api", AccessTokenType.Jwt)) - .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:51876", 200, "Hello from Laura")) - .And(x => _steps.GivenIHaveATokenForApiReadOnlyScope("http://localhost:51888")) - .And(x => _steps.GivenThereIsAConfiguration(configuration)) - .And(x => _steps.GivenOcelotIsRunning()) - .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) - .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) - .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Forbidden)) - .BDDfy(); - } + // this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:51888", "api", AccessTokenType.Jwt)) + // .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:51876", 200, "Hello from Laura")) + // .And(x => _steps.GivenIHaveATokenForApiReadOnlyScope("http://localhost:51888")) + // .And(x => _steps.GivenThereIsAConfiguration(configuration)) + // .And(x => _steps.GivenOcelotIsRunning()) + // .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) + // .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) + // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Forbidden)) + // .BDDfy(); + //} private void GivenThereIsAServiceRunningOn(string url, int statusCode, string responseBody) { diff --git a/test/Ocelot.AcceptanceTests/ClaimsToHeadersForwardingTests.cs b/test/Ocelot.AcceptanceTests/ClaimsToHeadersForwardingTests.cs index 88a294a08..80f9144f0 100644 --- a/test/Ocelot.AcceptanceTests/ClaimsToHeadersForwardingTests.cs +++ b/test/Ocelot.AcceptanceTests/ClaimsToHeadersForwardingTests.cs @@ -30,67 +30,67 @@ public ClaimsToHeadersForwardingTests() _steps = new Steps(); } - [Fact] - public void should_return_response_200_and_foward_claim_as_header() - { - var user = new TestUser() - { - Username = "test", - Password = "test", - SubjectId = "registered|1231231", - Claims = new List - { - new Claim("CustomerId", "123"), - new Claim("LocationId", "1") - } - }; + //[Fact] + //public void should_return_response_200_and_foward_claim_as_header() + //{ + // var user = new TestUser() + // { + // Username = "test", + // Password = "test", + // SubjectId = "registered|1231231", + // Claims = new List + // { + // new Claim("CustomerId", "123"), + // new Claim("LocationId", "1") + // } + // }; - var configuration = new FileConfiguration - { - ReRoutes = new List - { - new FileReRoute - { - DownstreamPathTemplate = "/", - DownstreamPort = 52876, - DownstreamScheme = "http", - DownstreamHost = "localhost", - UpstreamPathTemplate = "/", - UpstreamHttpMethod = new List { "Get" }, - AuthenticationOptions = new FileAuthenticationOptions - { - AllowedScopes = new List - { - "openid", "offline_access", "api" - }, - Provider = "IdentityServer", - ProviderRootUrl = "http://localhost:52888", - RequireHttps = false, - ApiName = "api", - ApiSecret = "secret", - }, - AddHeadersToRequest = - { - {"CustomerId", "Claims[CustomerId] > value"}, - {"LocationId", "Claims[LocationId] > value"}, - {"UserType", "Claims[sub] > value[0] > |"}, - {"UserId", "Claims[sub] > value[1] > |"} - } - } - } - }; + // var configuration = new FileConfiguration + // { + // ReRoutes = new List + // { + // new FileReRoute + // { + // DownstreamPathTemplate = "/", + // DownstreamPort = 52876, + // DownstreamScheme = "http", + // DownstreamHost = "localhost", + // UpstreamPathTemplate = "/", + // UpstreamHttpMethod = new List { "Get" }, + // AuthenticationOptions = new FileAuthenticationOptions + // { + //AllowedScopes = new List + // { + // "openid", "offline_access", "api" + // }, + // Provider = "IdentityServer", + // ProviderRootUrl = "http://localhost:52888", + // RequireHttps = false, + //ApiName = "api", + // ApiSecret = "secret", + // }, + // AddHeadersToRequest = + // { + // {"CustomerId", "Claims[CustomerId] > value"}, + // {"LocationId", "Claims[LocationId] > value"}, + // {"UserType", "Claims[sub] > value[0] > |"}, + // {"UserId", "Claims[sub] > value[1] > |"} + // } + // } + // } + // }; - this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:52888", "api", AccessTokenType.Jwt, user)) - .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:52876", 200)) - .And(x => _steps.GivenIHaveAToken("http://localhost:52888")) - .And(x => _steps.GivenThereIsAConfiguration(configuration)) - .And(x => _steps.GivenOcelotIsRunning()) - .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) - .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) - .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.OK)) - .And(x => _steps.ThenTheResponseBodyShouldBe("CustomerId: 123 LocationId: 1 UserType: registered UserId: 1231231")) - .BDDfy(); - } + // this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:52888", "api", AccessTokenType.Jwt, user)) + // .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:52876", 200)) + // .And(x => _steps.GivenIHaveAToken("http://localhost:52888")) + // .And(x => _steps.GivenThereIsAConfiguration(configuration)) + // .And(x => _steps.GivenOcelotIsRunning()) + // .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) + // .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) + // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.OK)) + // .And(x => _steps.ThenTheResponseBodyShouldBe("CustomerId: 123 LocationId: 1 UserType: registered UserId: 1231231")) + // .BDDfy(); + //} private void GivenThereIsAServiceRunningOn(string url, int statusCode) { diff --git a/test/Ocelot.AcceptanceTests/ClaimsToQueryStringForwardingTests.cs b/test/Ocelot.AcceptanceTests/ClaimsToQueryStringForwardingTests.cs index a6162c5f7..32b9dc8b6 100644 --- a/test/Ocelot.AcceptanceTests/ClaimsToQueryStringForwardingTests.cs +++ b/test/Ocelot.AcceptanceTests/ClaimsToQueryStringForwardingTests.cs @@ -30,67 +30,67 @@ public ClaimsToQueryStringForwardingTests() _steps = new Steps(); } - [Fact] - public void should_return_response_200_and_foward_claim_as_query_string() - { - var user = new TestUser() - { - Username = "test", - Password = "test", - SubjectId = "registered|1231231", - Claims = new List - { - new Claim("CustomerId", "123"), - new Claim("LocationId", "1") - } - }; - - var configuration = new FileConfiguration - { - ReRoutes = new List - { - new FileReRoute - { - DownstreamPathTemplate = "/", - DownstreamPort = 57876, - DownstreamScheme = "http", - DownstreamHost = "localhost", - UpstreamPathTemplate = "/", - UpstreamHttpMethod = new List { "Get" }, - AuthenticationOptions = new FileAuthenticationOptions - { - AllowedScopes = new List - { - "openid", "offline_access", "api" - }, - Provider = "IdentityServer", - ProviderRootUrl = "http://localhost:57888", - RequireHttps = false, - ApiName = "api", - ApiSecret = "secret", - }, - AddQueriesToRequest = - { - {"CustomerId", "Claims[CustomerId] > value"}, - {"LocationId", "Claims[LocationId] > value"}, - {"UserType", "Claims[sub] > value[0] > |"}, - {"UserId", "Claims[sub] > value[1] > |"} - } - } - } - }; - - this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:57888", "api", AccessTokenType.Jwt, user)) - .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:57876", 200)) - .And(x => _steps.GivenIHaveAToken("http://localhost:57888")) - .And(x => _steps.GivenThereIsAConfiguration(configuration)) - .And(x => _steps.GivenOcelotIsRunning()) - .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) - .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) - .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.OK)) - .And(x => _steps.ThenTheResponseBodyShouldBe("CustomerId: 123 LocationId: 1 UserType: registered UserId: 1231231")) - .BDDfy(); - } + //[Fact] + //public void should_return_response_200_and_foward_claim_as_query_string() + //{ + // var user = new TestUser() + // { + // Username = "test", + // Password = "test", + // SubjectId = "registered|1231231", + // Claims = new List + // { + // new Claim("CustomerId", "123"), + // new Claim("LocationId", "1") + // } + // }; + + // var configuration = new FileConfiguration + // { + // ReRoutes = new List + // { + // new FileReRoute + // { + // DownstreamPathTemplate = "/", + // DownstreamPort = 57876, + // DownstreamScheme = "http", + // DownstreamHost = "localhost", + // UpstreamPathTemplate = "/", + // UpstreamHttpMethod = new List { "Get" }, + // AuthenticationOptions = new FileAuthenticationOptions + // { + //AllowedScopes = new List + // { + // "openid", "offline_access", "api" + // }, + // Provider = "IdentityServer", + // ProviderRootUrl = "http://localhost:57888", + // RequireHttps = false, + //ApiName = "api", + // ApiSecret = "secret", + // }, + // AddQueriesToRequest = + // { + // {"CustomerId", "Claims[CustomerId] > value"}, + // {"LocationId", "Claims[LocationId] > value"}, + // {"UserType", "Claims[sub] > value[0] > |"}, + // {"UserId", "Claims[sub] > value[1] > |"} + // } + // } + // } + // }; + + // this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:57888", "api", AccessTokenType.Jwt, user)) + // .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:57876", 200)) + // .And(x => _steps.GivenIHaveAToken("http://localhost:57888")) + // .And(x => _steps.GivenThereIsAConfiguration(configuration)) + // .And(x => _steps.GivenOcelotIsRunning()) + // .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) + // .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) + // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.OK)) + // .And(x => _steps.ThenTheResponseBodyShouldBe("CustomerId: 123 LocationId: 1 UserType: registered UserId: 1231231")) + // .BDDfy(); + //} private void GivenThereIsAServiceRunningOn(string url, int statusCode) { diff --git a/test/Ocelot.UnitTests/Configuration/AuthenticationOptionsCreatorTests.cs b/test/Ocelot.UnitTests/Configuration/AuthenticationOptionsCreatorTests.cs index ee1292aa9..575b62b76 100644 --- a/test/Ocelot.UnitTests/Configuration/AuthenticationOptionsCreatorTests.cs +++ b/test/Ocelot.UnitTests/Configuration/AuthenticationOptionsCreatorTests.cs @@ -20,36 +20,36 @@ public AuthenticationOptionsCreatorTests() _authOptionsCreator = new AuthenticationOptionsCreator(); } - [Fact] - public void should_return_auth_options() - { - var fileReRoute = new FileReRoute() - { - AuthenticationOptions = new FileAuthenticationOptions - { - Provider = "Geoff", - ProviderRootUrl = "http://www.bbc.co.uk/", - ApiName = "Laura", - RequireHttps = true, - AllowedScopes = new List {"cheese"}, - ApiSecret = "secret" - } - }; + // [Fact] + // public void should_return_auth_options() + // { + // var fileReRoute = new FileReRoute() + // { + // AuthenticationOptions = new FileAuthenticationOptions + // { + // Provider = "Geoff", + // ProviderRootUrl = "http://www.bbc.co.uk/", + //ApiName = "Laura", + // RequireHttps = true, + //AllowedScopes = new List {"cheese"}, + // ApiSecret = "secret" + // } + // }; - var expected = new AuthenticationOptionsBuilder() - .WithProvider(fileReRoute.AuthenticationOptions?.Provider) - .WithProviderRootUrl(fileReRoute.AuthenticationOptions?.ProviderRootUrl) - .WithApiName(fileReRoute.AuthenticationOptions?.ApiName) - .WithRequireHttps(fileReRoute.AuthenticationOptions.RequireHttps) - .WithAllowedScopes(fileReRoute.AuthenticationOptions?.AllowedScopes) - .WithApiSecret(fileReRoute.AuthenticationOptions?.ApiSecret) - .Build(); + // var expected = new AuthenticationOptionsBuilder() + // .WithProvider(fileReRoute.AuthenticationOptions?.Provider) + // .WithProviderRootUrl(fileReRoute.AuthenticationOptions?.ProviderRootUrl) + // .WithApiName(fileReRoute.AuthenticationOptions?.ApiName) + // .WithRequireHttps(fileReRoute.AuthenticationOptions.RequireHttps) + // .WithAllowedScopes(fileReRoute.AuthenticationOptions?.AllowedScopes) + // .WithApiSecret(fileReRoute.AuthenticationOptions?.ApiSecret) + // .Build(); - this.Given(x => x.GivenTheFollowing(fileReRoute)) - .When(x => x.WhenICreateTheAuthenticationOptions()) - .Then(x => x.ThenTheFollowingIsReturned(expected)) - .BDDfy(); - } + // this.Given(x => x.GivenTheFollowing(fileReRoute)) + // .When(x => x.WhenICreateTheAuthenticationOptions()) + // .Then(x => x.ThenTheFollowingIsReturned(expected)) + // .BDDfy(); + // } private void GivenTheFollowing(FileReRoute fileReRoute) { @@ -61,14 +61,14 @@ private void WhenICreateTheAuthenticationOptions() _result = _authOptionsCreator.Create(_fileReRoute); } - private void ThenTheFollowingIsReturned(AuthenticationOptions expected) - { - _result.AllowedScopes.ShouldBe(expected.AllowedScopes); - _result.Provider.ShouldBe(expected.Provider); - _result.ProviderRootUrl.ShouldBe(expected.ProviderRootUrl); - _result.RequireHttps.ShouldBe(expected.RequireHttps); - _result.ApiName.ShouldBe(expected.ApiName); - _result.ApiSecret.ShouldBe(expected.ApiSecret); - } + //private void ThenTheFollowingIsReturned(AuthenticationOptions expected) + //{ + // _result.AllowedScopes.ShouldBe(expected.AllowedScopes); + // _result.Provider.ShouldBe(expected.Provider); + // _result.ProviderRootUrl.ShouldBe(expected.ProviderRootUrl); + // _result.RequireHttps.ShouldBe(expected.RequireHttps); + // _result.ApiName.ShouldBe(expected.ApiName); + // _result.ApiSecret.ShouldBe(expected.ApiSecret); + //} } } \ No newline at end of file diff --git a/test/Ocelot.UnitTests/Configuration/FileConfigurationCreatorTests.cs b/test/Ocelot.UnitTests/Configuration/FileConfigurationCreatorTests.cs index bd8c46d3a..8a701f310 100644 --- a/test/Ocelot.UnitTests/Configuration/FileConfigurationCreatorTests.cs +++ b/test/Ocelot.UnitTests/Configuration/FileConfigurationCreatorTests.cs @@ -393,132 +393,132 @@ public void should_call_request_id_creator() .BDDfy(); } - [Fact] - public void should_create_with_headers_to_extract() - { - var reRouteOptions = new ReRouteOptionsBuilder() - .WithIsAuthenticated(true) - .Build(); - - var authenticationOptions = new AuthenticationOptionsBuilder() - .WithProvider("IdentityServer") - .WithProviderRootUrl("http://localhost:51888") - .WithRequireHttps(false) - .WithApiSecret("secret") - .WithApiName("api") - .WithAllowedScopes(new List()) - .Build(); - - var expected = new List - { - new ReRouteBuilder() - .WithDownstreamPathTemplate("/products/{productId}") - .WithUpstreamPathTemplate("/api/products/{productId}") - .WithUpstreamHttpMethod(new List { "Get" }) - .WithAuthenticationOptions(authenticationOptions) - .WithClaimsToHeaders(new List - { - new ClaimToThing("CustomerId", "CustomerId", "", 0), - }) - .Build() - }; - - this.Given(x => x.GivenTheConfigIs(new FileConfiguration - { - ReRoutes = new List - { - new FileReRoute - { - UpstreamPathTemplate = "/api/products/{productId}", - DownstreamPathTemplate = "/products/{productId}", - UpstreamHttpMethod = new List { "Get" }, - ReRouteIsCaseSensitive = true, - AuthenticationOptions = new FileAuthenticationOptions - { - AllowedScopes= new List(), - Provider = "IdentityServer", - ProviderRootUrl = "http://localhost:51888", - RequireHttps = false, - ApiName= "api", - ApiSecret = "secret" - }, - AddHeadersToRequest = - { - {"CustomerId", "Claims[CustomerId] > value"}, - } - } - } - })) - .And(x => x.GivenTheConfigIsValid()) - .And(x => x.GivenTheAuthOptionsCreatorReturns(authenticationOptions)) - .And(x => x.GivenTheFollowingOptionsAreReturned(reRouteOptions)) - .And(x => x.GivenTheClaimsToThingCreatorReturns(new List{new ClaimToThing("CustomerId", "CustomerId", "", 0)})) - .And(x => x.GivenTheLoadBalancerFactoryReturns()) - .When(x => x.WhenICreateTheConfig()) - .Then(x => x.ThenTheReRoutesAre(expected)) - .And(x => x.ThenTheAuthenticationOptionsAre(expected)) - .And(x => x.ThenTheAuthOptionsCreatorIsCalledCorrectly()) - .BDDfy(); - } - - [Fact] - public void should_create_with_authentication_properties() - { - var reRouteOptions = new ReRouteOptionsBuilder() - .WithIsAuthenticated(true) - .Build(); - - var authenticationOptions = new AuthenticationOptionsBuilder() - .WithProvider("IdentityServer") - .WithProviderRootUrl("http://localhost:51888") - .WithRequireHttps(false) - .WithApiSecret("secret") - .WithApiName("api") - .WithAllowedScopes(new List()) - .Build(); - - var expected = new List - { - new ReRouteBuilder() - .WithDownstreamPathTemplate("/products/{productId}") - .WithUpstreamPathTemplate("/api/products/{productId}") - .WithUpstreamHttpMethod(new List { "Get" }) - .WithAuthenticationOptions(authenticationOptions) - .Build() - }; - - this.Given(x => x.GivenTheConfigIs(new FileConfiguration - { - ReRoutes = new List - { - new FileReRoute - { - UpstreamPathTemplate = "/api/products/{productId}", - DownstreamPathTemplate = "/products/{productId}", - UpstreamHttpMethod = new List { "Get" }, - ReRouteIsCaseSensitive = true, - AuthenticationOptions = new FileAuthenticationOptions - { - AllowedScopes = new List(), - Provider = "IdentityServer", - ProviderRootUrl = "http://localhost:51888", - RequireHttps = false, - ApiName= "api", - ApiSecret = "secret" - } - } - } - })) - .And(x => x.GivenTheConfigIsValid()) - .And(x => x.GivenTheFollowingOptionsAreReturned(reRouteOptions)) - .And(x => x.GivenTheAuthOptionsCreatorReturns(authenticationOptions)) - .And(x => x.GivenTheLoadBalancerFactoryReturns()) - .When(x => x.WhenICreateTheConfig()) - .Then(x => x.ThenTheReRoutesAre(expected)) - .And(x => x.ThenTheAuthenticationOptionsAre(expected)) - .And(x => x.ThenTheAuthOptionsCreatorIsCalledCorrectly()) - .BDDfy(); - } + //[Fact] + //public void should_create_with_headers_to_extract() + //{ + // var reRouteOptions = new ReRouteOptionsBuilder() + // .WithIsAuthenticated(true) + // .Build(); + + // var authenticationOptions = new AuthenticationOptionsBuilder() + // .WithProvider("IdentityServer") + // .WithProviderRootUrl("http://localhost:51888") + // .WithRequireHttps(false) + // .WithApiSecret("secret") + // .WithApiName("api") + // .WithAllowedScopes(new List()) + // .Build(); + + // var expected = new List + // { + // new ReRouteBuilder() + // .WithDownstreamPathTemplate("/products/{productId}") + // .WithUpstreamPathTemplate("/api/products/{productId}") + // .WithUpstreamHttpMethod(new List { "Get" }) + // .WithAuthenticationOptions(authenticationOptions) + // .WithClaimsToHeaders(new List + // { + // new ClaimToThing("CustomerId", "CustomerId", "", 0), + // }) + // .Build() + // }; + + // this.Given(x => x.GivenTheConfigIs(new FileConfiguration + // { + // ReRoutes = new List + // { + // new FileReRoute + // { + // UpstreamPathTemplate = "/api/products/{productId}", + // DownstreamPathTemplate = "/products/{productId}", + // UpstreamHttpMethod = new List { "Get" }, + // ReRouteIsCaseSensitive = true, + // AuthenticationOptions = new FileAuthenticationOptions + // { + //AllowedScopes= new List(), + // Provider = "IdentityServer", + // ProviderRootUrl = "http://localhost:51888", + // RequireHttps = false, + //ApiName= "api", + // ApiSecret = "secret" + // }, + // AddHeadersToRequest = + // { + // {"CustomerId", "Claims[CustomerId] > value"}, + // } + // } + // } + // })) + // .And(x => x.GivenTheConfigIsValid()) + // .And(x => x.GivenTheAuthOptionsCreatorReturns(authenticationOptions)) + // .And(x => x.GivenTheFollowingOptionsAreReturned(reRouteOptions)) + // .And(x => x.GivenTheClaimsToThingCreatorReturns(new List{new ClaimToThing("CustomerId", "CustomerId", "", 0)})) + // .And(x => x.GivenTheLoadBalancerFactoryReturns()) + // .When(x => x.WhenICreateTheConfig()) + // .Then(x => x.ThenTheReRoutesAre(expected)) + // .And(x => x.ThenTheAuthenticationOptionsAre(expected)) + // .And(x => x.ThenTheAuthOptionsCreatorIsCalledCorrectly()) + // .BDDfy(); + //} + + //[Fact] + //public void should_create_with_authentication_properties() + //{ + // var reRouteOptions = new ReRouteOptionsBuilder() + // .WithIsAuthenticated(true) + // .Build(); + + // var authenticationOptions = new AuthenticationOptionsBuilder() + // .WithProvider("IdentityServer") + // .WithProviderRootUrl("http://localhost:51888") + // .WithRequireHttps(false) + // .WithApiSecret("secret") + // .WithApiName("api") + // .WithAllowedScopes(new List()) + // .Build(); + + // var expected = new List + // { + // new ReRouteBuilder() + // .WithDownstreamPathTemplate("/products/{productId}") + // .WithUpstreamPathTemplate("/api/products/{productId}") + // .WithUpstreamHttpMethod(new List { "Get" }) + // .WithAuthenticationOptions(authenticationOptions) + // .Build() + // }; + + // this.Given(x => x.GivenTheConfigIs(new FileConfiguration + // { + // ReRoutes = new List + // { + // new FileReRoute + // { + // UpstreamPathTemplate = "/api/products/{productId}", + // DownstreamPathTemplate = "/products/{productId}", + // UpstreamHttpMethod = new List { "Get" }, + // ReRouteIsCaseSensitive = true, + // AuthenticationOptions = new FileAuthenticationOptions + // { + //AllowedScopes = new List(), + // Provider = "IdentityServer", + // ProviderRootUrl = "http://localhost:51888", + // RequireHttps = false, + //ApiName= "api", + // ApiSecret = "secret" + // } + // } + // } + // })) + // .And(x => x.GivenTheConfigIsValid()) + // .And(x => x.GivenTheFollowingOptionsAreReturned(reRouteOptions)) + // .And(x => x.GivenTheAuthOptionsCreatorReturns(authenticationOptions)) + // .And(x => x.GivenTheLoadBalancerFactoryReturns()) + // .When(x => x.WhenICreateTheConfig()) + // .Then(x => x.ThenTheReRoutesAre(expected)) + // .And(x => x.ThenTheAuthenticationOptionsAre(expected)) + // .And(x => x.ThenTheAuthOptionsCreatorIsCalledCorrectly()) + // .BDDfy(); + //} private void GivenTheFollowingOptionsAreReturned(ReRouteOptions fileReRouteOptions) { @@ -586,22 +586,22 @@ private void ThenTheServiceConfigurationIs(ServiceProviderConfiguration expected } } - private void ThenTheAuthenticationOptionsAre(List expectedReRoutes) - { - for (int i = 0; i < _config.Data.ReRoutes.Count; i++) - { - var result = _config.Data.ReRoutes[i].AuthenticationOptions; - var expected = expectedReRoutes[i].AuthenticationOptions; + //private void ThenTheAuthenticationOptionsAre(List expectedReRoutes) + //{ + // for (int i = 0; i < _config.Data.ReRoutes.Count; i++) + // { + // var result = _config.Data.ReRoutes[i].AuthenticationOptions; + // var expected = expectedReRoutes[i].AuthenticationOptions; - result.AllowedScopes.ShouldBe(expected.AllowedScopes); - result.Provider.ShouldBe(expected.Provider); - result.ProviderRootUrl.ShouldBe(expected.ProviderRootUrl); - result.RequireHttps.ShouldBe(expected.RequireHttps); - result.ApiName.ShouldBe(expected.ApiName); - result.ApiSecret.ShouldBe(expected.ApiSecret); + // result.AllowedScopes.ShouldBe(expected.AllowedScopes); + // result.Provider.ShouldBe(expected.Provider); + // result.ProviderRootUrl.ShouldBe(expected.ProviderRootUrl); + // result.RequireHttps.ShouldBe(expected.RequireHttps); + // result.ApiName.ShouldBe(expected.ApiName); + // result.ApiSecret.ShouldBe(expected.ApiSecret); - } - } + // } + //} private void GivenTheLoadBalancerFactoryReturns() { From 20f6ebac2f50f9e8714303820c60bbda08701e04 Mon Sep 17 00:00:00 2001 From: nicksharp Date: Mon, 26 Jun 2017 21:08:47 +0100 Subject: [PATCH 2/6] Fixing tests --- .../File/FileAuthenticationOptions.cs | 1 + .../AuthenticationTests.cs | 422 ++++++++---------- .../AuthorisationTests.cs | 372 +++++++-------- .../ClaimsToHeadersForwardingTests.cs | 120 ++--- .../ClaimsToQueryStringForwardingTests.cs | 124 ++--- 5 files changed, 512 insertions(+), 527 deletions(-) diff --git a/src/Ocelot/Configuration/File/FileAuthenticationOptions.cs b/src/Ocelot/Configuration/File/FileAuthenticationOptions.cs index 9f2de9676..8216aa8d1 100644 --- a/src/Ocelot/Configuration/File/FileAuthenticationOptions.cs +++ b/src/Ocelot/Configuration/File/FileAuthenticationOptions.cs @@ -7,6 +7,7 @@ public class FileAuthenticationOptions public FileAuthenticationOptions() { AllowedScopes = new List(); + IdentityServerConfig = new FileIdentityServerConfig(); } public string Provider { get; set; } diff --git a/test/Ocelot.AcceptanceTests/AuthenticationTests.cs b/test/Ocelot.AcceptanceTests/AuthenticationTests.cs index 060cb5bdd..641160343 100644 --- a/test/Ocelot.AcceptanceTests/AuthenticationTests.cs +++ b/test/Ocelot.AcceptanceTests/AuthenticationTests.cs @@ -34,241 +34,213 @@ public AuthenticationTests() _steps = new Steps(); } - //[Fact] - //public void should_return_401_using_identity_server_access_token() - //{ - // var configuration = new FileConfiguration - // { - // ReRoutes = new List - // { - // new FileReRoute - // { - // DownstreamPathTemplate = _downstreamServicePath, - // DownstreamPort = _downstreamServicePort, - // DownstreamHost = _downstreamServiceHost, - // DownstreamScheme = _downstreamServiceScheme, - // UpstreamPathTemplate = "/", - // UpstreamHttpMethod = new List { "Post" }, - // AuthenticationOptions = new FileAuthenticationOptions - // { - // AllowedScopes = new List(), - // Provider = "IdentityServer", - // ProviderRootUrl = _identityServerRootUrl, - // RequireHttps = false, - // ApiName = "api", - // ApiSecret = "secret" - // } - // } - // } - // }; - - // this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Jwt)) - // .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 201, string.Empty)) - // .And(x => _steps.GivenThereIsAConfiguration(configuration)) - // .And(x => _steps.GivenOcelotIsRunning()) - // .And(x => _steps.GivenThePostHasContent("postContent")) - // .When(x => _steps.WhenIPostUrlOnTheApiGateway("/")) - // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Unauthorized)) - // .BDDfy(); - //} - - //[Fact] - //public void should_return_401_using_identity_server_reference_token() - //{ - // var configuration = new FileConfiguration - // { - // ReRoutes = new List - // { - // new FileReRoute - // { - // DownstreamPathTemplate = _downstreamServicePath, - // DownstreamPort = _downstreamServicePort, - // DownstreamHost = _downstreamServiceHost, - // DownstreamScheme = _downstreamServiceScheme, - // UpstreamPathTemplate = "/", - // UpstreamHttpMethod = new List { "Post" }, - // AuthenticationOptions = new FileAuthenticationOptions - // { - // AllowedScopes = new List(), - // Provider = "IdentityServer", - // ProviderRootUrl = _identityServerRootUrl, - // RequireHttps = false, - // ApiName = "api", - // ApiSecret = "secret" - // } - // } - // } - // }; + [Fact] + public void should_return_401_using_identity_server_access_token() + { + var configuration = new FileConfiguration + { + ReRoutes = new List + { + new FileReRoute + { + DownstreamPathTemplate = _downstreamServicePath, + DownstreamPort = _downstreamServicePort, + DownstreamHost = _downstreamServiceHost, + DownstreamScheme = _downstreamServiceScheme, + UpstreamPathTemplate = "/", + UpstreamHttpMethod = new List { "Post" }, + AuthenticationOptions = new FileAuthenticationOptions + { + AllowedScopes = new List(), + Provider = "IdentityServer", + IdentityServerConfig = new FileIdentityServerConfig{ + ProviderRootUrl = _identityServerRootUrl, + RequireHttps = false, + ApiName = "api", + ApiSecret = "secret" + } + } + } + } + }; - // this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Reference)) - // .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 201, string.Empty)) - // .And(x => _steps.GivenThereIsAConfiguration(configuration)) - // .And(x => _steps.GivenOcelotIsRunning()) - // .And(x => _steps.GivenThePostHasContent("postContent")) - // .When(x => _steps.WhenIPostUrlOnTheApiGateway("/")) - // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Unauthorized)) - // .BDDfy(); - //} + this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Jwt)) + .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 201, string.Empty)) + .And(x => _steps.GivenThereIsAConfiguration(configuration)) + .And(x => _steps.GivenOcelotIsRunning()) + .And(x => _steps.GivenThePostHasContent("postContent")) + .When(x => _steps.WhenIPostUrlOnTheApiGateway("/")) + .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Unauthorized)) + .BDDfy(); + } - //[Fact] - //public void should_return_response_200_using_identity_server() - //{ - // var configuration = new FileConfiguration - // { - // ReRoutes = new List - // { - // new FileReRoute - // { - // DownstreamPathTemplate = _downstreamServicePath, - // DownstreamPort = _downstreamServicePort, - // DownstreamHost = _downstreamServiceHost, - // DownstreamScheme = _downstreamServiceScheme, - // UpstreamPathTemplate = "/", - // UpstreamHttpMethod = new List { "Get" }, - // AuthenticationOptions = new FileAuthenticationOptions - // { - // AllowedScopes = new List(), - // Provider = "IdentityServer", - // ProviderRootUrl = _identityServerRootUrl, - // RequireHttps = false, - // ApiName = "api", - // ApiSecret = "secret" - // } - // } - // } - // }; + [Fact] + public void should_return_response_200_using_identity_server() + { + var configuration = new FileConfiguration + { + ReRoutes = new List + { + new FileReRoute + { + DownstreamPathTemplate = _downstreamServicePath, + DownstreamPort = _downstreamServicePort, + DownstreamHost = _downstreamServiceHost, + DownstreamScheme = _downstreamServiceScheme, + UpstreamPathTemplate = "/", + UpstreamHttpMethod = new List { "Get" }, + AuthenticationOptions = new FileAuthenticationOptions + { + AllowedScopes = new List(), + Provider = "IdentityServer", + IdentityServerConfig = new FileIdentityServerConfig{ + ProviderRootUrl = _identityServerRootUrl, + RequireHttps = false, + ApiName = "api", + ApiSecret = "secret" + } + } + } + } + }; - // this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Jwt)) - // .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 200, "Hello from Laura")) - // .And(x => _steps.GivenIHaveAToken(_identityServerRootUrl)) - // .And(x => _steps.GivenThereIsAConfiguration(configuration)) - // .And(x => _steps.GivenOcelotIsRunning()) - // .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) - // .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) - // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.OK)) - // .And(x => _steps.ThenTheResponseBodyShouldBe("Hello from Laura")) - // .BDDfy(); - //} + this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Jwt)) + .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 200, "Hello from Laura")) + .And(x => _steps.GivenIHaveAToken(_identityServerRootUrl)) + .And(x => _steps.GivenThereIsAConfiguration(configuration)) + .And(x => _steps.GivenOcelotIsRunning()) + .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) + .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) + .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.OK)) + .And(x => _steps.ThenTheResponseBodyShouldBe("Hello from Laura")) + .BDDfy(); + } - //[Fact] - //public void should_return_response_401_using_identity_server_with_token_requested_for_other_api() - //{ - // var configuration = new FileConfiguration - // { - // ReRoutes = new List - // { - // new FileReRoute - // { - // DownstreamPathTemplate = _downstreamServicePath, - // DownstreamPort = _downstreamServicePort, - // DownstreamHost = _downstreamServiceHost, - // DownstreamScheme = _downstreamServiceScheme, - // UpstreamPathTemplate = "/", - // UpstreamHttpMethod = new List { "Get" }, - // AuthenticationOptions = new FileAuthenticationOptions - // { - // AllowedScopes = new List(), - // Provider = "IdentityServer", - // ProviderRootUrl = _identityServerRootUrl, - // RequireHttps = false, - // ApiName = "api", - // ApiSecret = "secret" - // } - // } - // } - // }; + [Fact] + public void should_return_response_401_using_identity_server_with_token_requested_for_other_api() + { + var configuration = new FileConfiguration + { + ReRoutes = new List + { + new FileReRoute + { + DownstreamPathTemplate = _downstreamServicePath, + DownstreamPort = _downstreamServicePort, + DownstreamHost = _downstreamServiceHost, + DownstreamScheme = _downstreamServiceScheme, + UpstreamPathTemplate = "/", + UpstreamHttpMethod = new List { "Get" }, + AuthenticationOptions = new FileAuthenticationOptions + { + AllowedScopes = new List(), + Provider = "IdentityServer", + IdentityServerConfig = new FileIdentityServerConfig{ + ProviderRootUrl = _identityServerRootUrl, + RequireHttps = false, + ApiName = "api", + ApiSecret = "secret" + } + } + } + } + }; - // this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Jwt)) - // .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 200, "Hello from Laura")) - // .And(x => _steps.GivenIHaveATokenForApi2(_identityServerRootUrl)) - // .And(x => _steps.GivenThereIsAConfiguration(configuration)) - // .And(x => _steps.GivenOcelotIsRunning()) - // .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) - // .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) - // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Unauthorized)) - // .BDDfy(); - //} + this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Jwt)) + .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 200, "Hello from Laura")) + .And(x => _steps.GivenIHaveATokenForApi2(_identityServerRootUrl)) + .And(x => _steps.GivenThereIsAConfiguration(configuration)) + .And(x => _steps.GivenOcelotIsRunning()) + .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) + .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) + .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Unauthorized)) + .BDDfy(); + } - //[Fact] - //public void should_return_201_using_identity_server_access_token() - //{ - // var configuration = new FileConfiguration - // { - // ReRoutes = new List - // { - // new FileReRoute - // { - // DownstreamPathTemplate = _downstreamServicePath, - // DownstreamPort = _downstreamServicePort, - // DownstreamHost = _downstreamServiceHost, - // DownstreamScheme = _downstreamServiceScheme, - // UpstreamPathTemplate = "/", - // UpstreamHttpMethod = new List { "Post" }, + [Fact] + public void should_return_201_using_identity_server_access_token() + { + var configuration = new FileConfiguration + { + ReRoutes = new List + { + new FileReRoute + { + DownstreamPathTemplate = _downstreamServicePath, + DownstreamPort = _downstreamServicePort, + DownstreamHost = _downstreamServiceHost, + DownstreamScheme = _downstreamServiceScheme, + UpstreamPathTemplate = "/", + UpstreamHttpMethod = new List { "Post" }, - // AuthenticationOptions = new FileAuthenticationOptions - // { - // AllowedScopes = new List(), - // Provider = "IdentityServer", - // ProviderRootUrl = _identityServerRootUrl, - // RequireHttps = false, - // ApiName = "api", - // ApiSecret = "secret" - // } - // } - // } - // }; + AuthenticationOptions = new FileAuthenticationOptions + { + AllowedScopes = new List(), + Provider = "IdentityServer", + IdentityServerConfig = new FileIdentityServerConfig{ + ProviderRootUrl = _identityServerRootUrl, + RequireHttps = false, + ApiName = "api", + ApiSecret = "secret" + } + } + } + } + }; - // this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Jwt)) - // .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 201, string.Empty)) - // .And(x => _steps.GivenIHaveAToken(_identityServerRootUrl)) - // .And(x => _steps.GivenThereIsAConfiguration(configuration)) - // .And(x => _steps.GivenOcelotIsRunning()) - // .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) - // .And(x => _steps.GivenThePostHasContent("postContent")) - // .When(x => _steps.WhenIPostUrlOnTheApiGateway("/")) - // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Created)) - // .BDDfy(); - //} + this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Jwt)) + .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 201, string.Empty)) + .And(x => _steps.GivenIHaveAToken(_identityServerRootUrl)) + .And(x => _steps.GivenThereIsAConfiguration(configuration)) + .And(x => _steps.GivenOcelotIsRunning()) + .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) + .And(x => _steps.GivenThePostHasContent("postContent")) + .When(x => _steps.WhenIPostUrlOnTheApiGateway("/")) + .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Created)) + .BDDfy(); + } - //[Fact] - //public void should_return_201_using_identity_server_reference_token() - //{ - // var configuration = new FileConfiguration - // { - // ReRoutes = new List - // { - // new FileReRoute - // { - // DownstreamPathTemplate = _downstreamServicePath, - // DownstreamPort = _downstreamServicePort, - // DownstreamHost = _downstreamServiceHost, - // DownstreamScheme = _downstreamServiceScheme, - // UpstreamPathTemplate = "/", - // UpstreamHttpMethod = new List { "Post" }, - // AuthenticationOptions = new FileAuthenticationOptions - // { - // AllowedScopes = new List(), - // Provider = "IdentityServer", - // ProviderRootUrl = _identityServerRootUrl, - // RequireHttps = false, - // ApiName = "api", - // ApiSecret = "secret" - // } - // } - // } - // }; + [Fact] + public void should_return_201_using_identity_server_reference_token() + { + var configuration = new FileConfiguration + { + ReRoutes = new List + { + new FileReRoute + { + DownstreamPathTemplate = _downstreamServicePath, + DownstreamPort = _downstreamServicePort, + DownstreamHost = _downstreamServiceHost, + DownstreamScheme = _downstreamServiceScheme, + UpstreamPathTemplate = "/", + UpstreamHttpMethod = new List { "Post" }, + AuthenticationOptions = new FileAuthenticationOptions + { + AllowedScopes = new List(), + Provider = "IdentityServer", + IdentityServerConfig = new FileIdentityServerConfig{ + ProviderRootUrl = _identityServerRootUrl, + RequireHttps = false, + ApiName = "api", + ApiSecret = "secret" + } + } + } + } + }; - // this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Reference)) - // .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 201, string.Empty)) - // .And(x => _steps.GivenIHaveAToken(_identityServerRootUrl)) - // .And(x => _steps.GivenThereIsAConfiguration(configuration)) - // .And(x => _steps.GivenOcelotIsRunning()) - // .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) - // .And(x => _steps.GivenThePostHasContent("postContent")) - // .When(x => _steps.WhenIPostUrlOnTheApiGateway("/")) - // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Created)) - // .BDDfy(); - //} + this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Reference)) + .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 201, string.Empty)) + .And(x => _steps.GivenIHaveAToken(_identityServerRootUrl)) + .And(x => _steps.GivenThereIsAConfiguration(configuration)) + .And(x => _steps.GivenOcelotIsRunning()) + .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) + .And(x => _steps.GivenThePostHasContent("postContent")) + .When(x => _steps.WhenIPostUrlOnTheApiGateway("/")) + .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Created)) + .BDDfy(); + } private void GivenThereIsAServiceRunningOn(string url, int statusCode, string responseBody) { diff --git a/test/Ocelot.AcceptanceTests/AuthorisationTests.cs b/test/Ocelot.AcceptanceTests/AuthorisationTests.cs index 30dc636f3..3eebd0002 100644 --- a/test/Ocelot.AcceptanceTests/AuthorisationTests.cs +++ b/test/Ocelot.AcceptanceTests/AuthorisationTests.cs @@ -28,195 +28,203 @@ public AuthorisationTests() _steps = new Steps(); } - //[Fact] - //public void should_return_response_200_authorising_route() - //{ - // var configuration = new FileConfiguration - // { - // ReRoutes = new List - // { - // new FileReRoute - // { - // DownstreamPathTemplate = "/", - // DownstreamPort = 51876, - // DownstreamScheme = "http", - // DownstreamHost = "localhost", - // UpstreamPathTemplate = "/", - // UpstreamHttpMethod = new List { "Get" }, - // AuthenticationOptions = new FileAuthenticationOptions - // { - //AllowedScopes = new List(), - // Provider = "IdentityServer", - // ProviderRootUrl = "http://localhost:51888", - // RequireHttps = false, - //ApiName = "api", - // ApiSecret = "secret" - // }, - // AddHeadersToRequest = - // { - // {"CustomerId", "Claims[CustomerId] > value"}, - // {"LocationId", "Claims[LocationId] > value"}, - // {"UserType", "Claims[sub] > value[0] > |"}, - // {"UserId", "Claims[sub] > value[1] > |"} - // }, - // AddClaimsToRequest = - // { - // {"CustomerId", "Claims[CustomerId] > value"}, - // {"UserType", "Claims[sub] > value[0] > |"}, - // {"UserId", "Claims[sub] > value[1] > |"} - // }, - // RouteClaimsRequirement = - // { - // {"UserType", "registered"} - // } - // } - // } - // }; + [Fact] + public void should_return_response_200_authorising_route() + { + var configuration = new FileConfiguration + { + ReRoutes = new List + { + new FileReRoute + { + DownstreamPathTemplate = "/", + DownstreamPort = 51876, + DownstreamScheme = "http", + DownstreamHost = "localhost", + UpstreamPathTemplate = "/", + UpstreamHttpMethod = new List { "Get" }, + AuthenticationOptions = new FileAuthenticationOptions + { + AllowedScopes = new List(), + Provider = "IdentityServer", + IdentityServerConfig = new FileIdentityServerConfig{ + ProviderRootUrl = "http://localhost:51888", + RequireHttps = false, + ApiName = "api", + ApiSecret = "secret" + } + }, + AddHeadersToRequest = + { + {"CustomerId", "Claims[CustomerId] > value"}, + {"LocationId", "Claims[LocationId] > value"}, + {"UserType", "Claims[sub] > value[0] > |"}, + {"UserId", "Claims[sub] > value[1] > |"} + }, + AddClaimsToRequest = + { + {"CustomerId", "Claims[CustomerId] > value"}, + {"UserType", "Claims[sub] > value[0] > |"}, + {"UserId", "Claims[sub] > value[1] > |"} + }, + RouteClaimsRequirement = + { + {"UserType", "registered"} + } + } + } + }; - // this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:51888", "api", AccessTokenType.Jwt)) - // .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:51876", 200, "Hello from Laura")) - // .And(x => _steps.GivenIHaveAToken("http://localhost:51888")) - // .And(x => _steps.GivenThereIsAConfiguration(configuration)) - // .And(x => _steps.GivenOcelotIsRunning()) - // .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) - // .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) - // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.OK)) - // .And(x => _steps.ThenTheResponseBodyShouldBe("Hello from Laura")) - // .BDDfy(); - //} + this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:51888", "api", AccessTokenType.Jwt)) + .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:51876", 200, "Hello from Laura")) + .And(x => _steps.GivenIHaveAToken("http://localhost:51888")) + .And(x => _steps.GivenThereIsAConfiguration(configuration)) + .And(x => _steps.GivenOcelotIsRunning()) + .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) + .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) + .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.OK)) + .And(x => _steps.ThenTheResponseBodyShouldBe("Hello from Laura")) + .BDDfy(); + } - //[Fact] - //public void should_return_response_403_authorising_route() - //{ - // var configuration = new FileConfiguration - // { - // ReRoutes = new List - // { - // new FileReRoute - // { - // DownstreamPathTemplate = "/", - // DownstreamPort = 51876, - // DownstreamScheme = "http", - // DownstreamHost = "localhost", - // UpstreamPathTemplate = "/", - // UpstreamHttpMethod = new List { "Get" }, - // AuthenticationOptions = new FileAuthenticationOptions - // { - //AllowedScopes = new List(), - // Provider = "IdentityServer", - // ProviderRootUrl = "http://localhost:51888", - // RequireHttps = false, - //ApiName = "api", - // ApiSecret = "secret" - // }, - // AddHeadersToRequest = - // { - // {"CustomerId", "Claims[CustomerId] > value"}, - // {"LocationId", "Claims[LocationId] > value"}, - // {"UserType", "Claims[sub] > value[0] > |"}, - // {"UserId", "Claims[sub] > value[1] > |"} - // }, - // AddClaimsToRequest = - // { - // {"CustomerId", "Claims[CustomerId] > value"}, - // {"UserId", "Claims[sub] > value[1] > |"} - // }, - // RouteClaimsRequirement = - // { - // {"UserType", "registered"} - // } - // } - // } - // }; + [Fact] + public void should_return_response_403_authorising_route() + { + var configuration = new FileConfiguration + { + ReRoutes = new List + { + new FileReRoute + { + DownstreamPathTemplate = "/", + DownstreamPort = 51876, + DownstreamScheme = "http", + DownstreamHost = "localhost", + UpstreamPathTemplate = "/", + UpstreamHttpMethod = new List { "Get" }, + AuthenticationOptions = new FileAuthenticationOptions + { + AllowedScopes = new List(), + Provider = "IdentityServer", + IdentityServerConfig = new FileIdentityServerConfig{ + ProviderRootUrl = "http://localhost:51888", + RequireHttps = false, + ApiName = "api", + ApiSecret = "secret" + } + }, + AddHeadersToRequest = + { + {"CustomerId", "Claims[CustomerId] > value"}, + {"LocationId", "Claims[LocationId] > value"}, + {"UserType", "Claims[sub] > value[0] > |"}, + {"UserId", "Claims[sub] > value[1] > |"} + }, + AddClaimsToRequest = + { + {"CustomerId", "Claims[CustomerId] > value"}, + {"UserId", "Claims[sub] > value[1] > |"} + }, + RouteClaimsRequirement = + { + {"UserType", "registered"} + } + } + } + }; - // this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:51888", "api", AccessTokenType.Jwt)) - // .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:51876", 200, "Hello from Laura")) - // .And(x => _steps.GivenIHaveAToken("http://localhost:51888")) - // .And(x => _steps.GivenThereIsAConfiguration(configuration)) - // .And(x => _steps.GivenOcelotIsRunning()) - // .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) - // .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) - // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Forbidden)) - // .BDDfy(); - //} + this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:51888", "api", AccessTokenType.Jwt)) + .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:51876", 200, "Hello from Laura")) + .And(x => _steps.GivenIHaveAToken("http://localhost:51888")) + .And(x => _steps.GivenThereIsAConfiguration(configuration)) + .And(x => _steps.GivenOcelotIsRunning()) + .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) + .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) + .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Forbidden)) + .BDDfy(); + } - //[Fact] - //public void should_return_response_200_using_identity_server_with_allowed_scope() - //{ - // var configuration = new FileConfiguration - // { - // ReRoutes = new List - // { - // new FileReRoute - // { - // DownstreamPathTemplate = "/", - // DownstreamPort = 51876, - // DownstreamHost = "localhost", - // DownstreamScheme = "http", - // UpstreamPathTemplate = "/", - // UpstreamHttpMethod = new List { "Get" }, - // AuthenticationOptions = new FileAuthenticationOptions - // { - // AllowedScopes = new List{ "api", "api.readOnly", "openid", "offline_access" }, - // Provider = "IdentityServer", - // ProviderRootUrl = "http://localhost:51888", - // RequireHttps = false, - // ApiName = "api", - // ApiSecret = "secret" - // } - // } - // } - // }; + [Fact] + public void should_return_response_200_using_identity_server_with_allowed_scope() + { + var configuration = new FileConfiguration + { + ReRoutes = new List + { + new FileReRoute + { + DownstreamPathTemplate = "/", + DownstreamPort = 51876, + DownstreamHost = "localhost", + DownstreamScheme = "http", + UpstreamPathTemplate = "/", + UpstreamHttpMethod = new List { "Get" }, + AuthenticationOptions = new FileAuthenticationOptions + { + AllowedScopes = new List{ "api", "api.readOnly", "openid", "offline_access" }, + Provider = "IdentityServer", + IdentityServerConfig = new FileIdentityServerConfig{ + ProviderRootUrl = "http://localhost:51888", + RequireHttps = false, + ApiName = "api", + ApiSecret = "secret" + } + } + } + } + }; - // this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:51888", "api", AccessTokenType.Jwt)) - // .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:51876", 200, "Hello from Laura")) - // .And(x => _steps.GivenIHaveATokenForApiReadOnlyScope("http://localhost:51888")) - // .And(x => _steps.GivenThereIsAConfiguration(configuration)) - // .And(x => _steps.GivenOcelotIsRunning()) - // .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) - // .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) - // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.OK)) - // .BDDfy(); - //} + this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:51888", "api", AccessTokenType.Jwt)) + .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:51876", 200, "Hello from Laura")) + .And(x => _steps.GivenIHaveATokenForApiReadOnlyScope("http://localhost:51888")) + .And(x => _steps.GivenThereIsAConfiguration(configuration)) + .And(x => _steps.GivenOcelotIsRunning()) + .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) + .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) + .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.OK)) + .BDDfy(); + } - //[Fact] - //public void should_return_response_403_using_identity_server_with_scope_not_allowed() - //{ - // var configuration = new FileConfiguration - // { - // ReRoutes = new List - // { - // new FileReRoute - // { - // DownstreamPathTemplate = "/", - // DownstreamPort = 51876, - // DownstreamHost = "localhost", - // DownstreamScheme = "http", - // UpstreamPathTemplate = "/", - // UpstreamHttpMethod = new List { "Get" }, - // AuthenticationOptions = new FileAuthenticationOptions - // { - // AllowedScopes = new List{ "api", "openid", "offline_access" }, - // Provider = "IdentityServer", - // ProviderRootUrl = "http://localhost:51888", - // RequireHttps = false, - // ApiName = "api", - // ApiSecret = "secret" - // } - // } - // } - // }; + [Fact] + public void should_return_response_403_using_identity_server_with_scope_not_allowed() + { + var configuration = new FileConfiguration + { + ReRoutes = new List + { + new FileReRoute + { + DownstreamPathTemplate = "/", + DownstreamPort = 51876, + DownstreamHost = "localhost", + DownstreamScheme = "http", + UpstreamPathTemplate = "/", + UpstreamHttpMethod = new List { "Get" }, + AuthenticationOptions = new FileAuthenticationOptions + { + AllowedScopes = new List{ "api", "openid", "offline_access" }, + Provider = "IdentityServer", + IdentityServerConfig = new FileIdentityServerConfig{ + ProviderRootUrl = "http://localhost:51888", + RequireHttps = false, + ApiName = "api", + ApiSecret = "secret" + } + } + } + } + }; - // this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:51888", "api", AccessTokenType.Jwt)) - // .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:51876", 200, "Hello from Laura")) - // .And(x => _steps.GivenIHaveATokenForApiReadOnlyScope("http://localhost:51888")) - // .And(x => _steps.GivenThereIsAConfiguration(configuration)) - // .And(x => _steps.GivenOcelotIsRunning()) - // .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) - // .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) - // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Forbidden)) - // .BDDfy(); - //} + this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:51888", "api", AccessTokenType.Jwt)) + .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:51876", 200, "Hello from Laura")) + .And(x => _steps.GivenIHaveATokenForApiReadOnlyScope("http://localhost:51888")) + .And(x => _steps.GivenThereIsAConfiguration(configuration)) + .And(x => _steps.GivenOcelotIsRunning()) + .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) + .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) + .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Forbidden)) + .BDDfy(); + } private void GivenThereIsAServiceRunningOn(string url, int statusCode, string responseBody) { diff --git a/test/Ocelot.AcceptanceTests/ClaimsToHeadersForwardingTests.cs b/test/Ocelot.AcceptanceTests/ClaimsToHeadersForwardingTests.cs index 80f9144f0..babb520e6 100644 --- a/test/Ocelot.AcceptanceTests/ClaimsToHeadersForwardingTests.cs +++ b/test/Ocelot.AcceptanceTests/ClaimsToHeadersForwardingTests.cs @@ -30,67 +30,69 @@ public ClaimsToHeadersForwardingTests() _steps = new Steps(); } - //[Fact] - //public void should_return_response_200_and_foward_claim_as_header() - //{ - // var user = new TestUser() - // { - // Username = "test", - // Password = "test", - // SubjectId = "registered|1231231", - // Claims = new List - // { - // new Claim("CustomerId", "123"), - // new Claim("LocationId", "1") - // } - // }; + [Fact] + public void should_return_response_200_and_foward_claim_as_header() + { + var user = new TestUser() + { + Username = "test", + Password = "test", + SubjectId = "registered|1231231", + Claims = new List + { + new Claim("CustomerId", "123"), + new Claim("LocationId", "1") + } + }; - // var configuration = new FileConfiguration - // { - // ReRoutes = new List - // { - // new FileReRoute - // { - // DownstreamPathTemplate = "/", - // DownstreamPort = 52876, - // DownstreamScheme = "http", - // DownstreamHost = "localhost", - // UpstreamPathTemplate = "/", - // UpstreamHttpMethod = new List { "Get" }, - // AuthenticationOptions = new FileAuthenticationOptions - // { - //AllowedScopes = new List - // { - // "openid", "offline_access", "api" - // }, - // Provider = "IdentityServer", - // ProviderRootUrl = "http://localhost:52888", - // RequireHttps = false, - //ApiName = "api", - // ApiSecret = "secret", - // }, - // AddHeadersToRequest = - // { - // {"CustomerId", "Claims[CustomerId] > value"}, - // {"LocationId", "Claims[LocationId] > value"}, - // {"UserType", "Claims[sub] > value[0] > |"}, - // {"UserId", "Claims[sub] > value[1] > |"} - // } - // } - // } - // }; + var configuration = new FileConfiguration + { + ReRoutes = new List + { + new FileReRoute + { + DownstreamPathTemplate = "/", + DownstreamPort = 52876, + DownstreamScheme = "http", + DownstreamHost = "localhost", + UpstreamPathTemplate = "/", + UpstreamHttpMethod = new List { "Get" }, + AuthenticationOptions = new FileAuthenticationOptions + { + AllowedScopes = new List + { + "openid", "offline_access", "api" + }, + Provider = "IdentityServer", + IdentityServerConfig = new FileIdentityServerConfig{ + ProviderRootUrl = "http://localhost:52888", + RequireHttps = false, + ApiName = "api", + ApiSecret = "secret" + } + }, + AddHeadersToRequest = + { + {"CustomerId", "Claims[CustomerId] > value"}, + {"LocationId", "Claims[LocationId] > value"}, + {"UserType", "Claims[sub] > value[0] > |"}, + {"UserId", "Claims[sub] > value[1] > |"} + } + } + } + }; - // this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:52888", "api", AccessTokenType.Jwt, user)) - // .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:52876", 200)) - // .And(x => _steps.GivenIHaveAToken("http://localhost:52888")) - // .And(x => _steps.GivenThereIsAConfiguration(configuration)) - // .And(x => _steps.GivenOcelotIsRunning()) - // .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) - // .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) - // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.OK)) - // .And(x => _steps.ThenTheResponseBodyShouldBe("CustomerId: 123 LocationId: 1 UserType: registered UserId: 1231231")) - // .BDDfy(); - //} + this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:52888", "api", AccessTokenType.Jwt, user)) + .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:52876", 200)) + .And(x => _steps.GivenIHaveAToken("http://localhost:52888")) + .And(x => _steps.GivenThereIsAConfiguration(configuration)) + .And(x => _steps.GivenOcelotIsRunning()) + .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) + .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) + .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.OK)) + .And(x => _steps.ThenTheResponseBodyShouldBe("CustomerId: 123 LocationId: 1 UserType: registered UserId: 1231231")) + .BDDfy(); + } private void GivenThereIsAServiceRunningOn(string url, int statusCode) { diff --git a/test/Ocelot.AcceptanceTests/ClaimsToQueryStringForwardingTests.cs b/test/Ocelot.AcceptanceTests/ClaimsToQueryStringForwardingTests.cs index 32b9dc8b6..744cfab21 100644 --- a/test/Ocelot.AcceptanceTests/ClaimsToQueryStringForwardingTests.cs +++ b/test/Ocelot.AcceptanceTests/ClaimsToQueryStringForwardingTests.cs @@ -30,67 +30,69 @@ public ClaimsToQueryStringForwardingTests() _steps = new Steps(); } - //[Fact] - //public void should_return_response_200_and_foward_claim_as_query_string() - //{ - // var user = new TestUser() - // { - // Username = "test", - // Password = "test", - // SubjectId = "registered|1231231", - // Claims = new List - // { - // new Claim("CustomerId", "123"), - // new Claim("LocationId", "1") - // } - // }; - - // var configuration = new FileConfiguration - // { - // ReRoutes = new List - // { - // new FileReRoute - // { - // DownstreamPathTemplate = "/", - // DownstreamPort = 57876, - // DownstreamScheme = "http", - // DownstreamHost = "localhost", - // UpstreamPathTemplate = "/", - // UpstreamHttpMethod = new List { "Get" }, - // AuthenticationOptions = new FileAuthenticationOptions - // { - //AllowedScopes = new List - // { - // "openid", "offline_access", "api" - // }, - // Provider = "IdentityServer", - // ProviderRootUrl = "http://localhost:57888", - // RequireHttps = false, - //ApiName = "api", - // ApiSecret = "secret", - // }, - // AddQueriesToRequest = - // { - // {"CustomerId", "Claims[CustomerId] > value"}, - // {"LocationId", "Claims[LocationId] > value"}, - // {"UserType", "Claims[sub] > value[0] > |"}, - // {"UserId", "Claims[sub] > value[1] > |"} - // } - // } - // } - // }; - - // this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:57888", "api", AccessTokenType.Jwt, user)) - // .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:57876", 200)) - // .And(x => _steps.GivenIHaveAToken("http://localhost:57888")) - // .And(x => _steps.GivenThereIsAConfiguration(configuration)) - // .And(x => _steps.GivenOcelotIsRunning()) - // .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) - // .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) - // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.OK)) - // .And(x => _steps.ThenTheResponseBodyShouldBe("CustomerId: 123 LocationId: 1 UserType: registered UserId: 1231231")) - // .BDDfy(); - //} + [Fact] + public void should_return_response_200_and_foward_claim_as_query_string() + { + var user = new TestUser() + { + Username = "test", + Password = "test", + SubjectId = "registered|1231231", + Claims = new List + { + new Claim("CustomerId", "123"), + new Claim("LocationId", "1") + } + }; + + var configuration = new FileConfiguration + { + ReRoutes = new List + { + new FileReRoute + { + DownstreamPathTemplate = "/", + DownstreamPort = 57876, + DownstreamScheme = "http", + DownstreamHost = "localhost", + UpstreamPathTemplate = "/", + UpstreamHttpMethod = new List { "Get" }, + AuthenticationOptions = new FileAuthenticationOptions + { + AllowedScopes = new List + { + "openid", "offline_access", "api" + }, + Provider = "IdentityServer", + IdentityServerConfig = new FileIdentityServerConfig{ + ProviderRootUrl = "http://localhost:57888", + RequireHttps = false, + ApiName = "api", + ApiSecret = "secret" + } + }, + AddQueriesToRequest = + { + {"CustomerId", "Claims[CustomerId] > value"}, + {"LocationId", "Claims[LocationId] > value"}, + {"UserType", "Claims[sub] > value[0] > |"}, + {"UserId", "Claims[sub] > value[1] > |"} + } + } + } + }; + + this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:57888", "api", AccessTokenType.Jwt, user)) + .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:57876", 200)) + .And(x => _steps.GivenIHaveAToken("http://localhost:57888")) + .And(x => _steps.GivenThereIsAConfiguration(configuration)) + .And(x => _steps.GivenOcelotIsRunning()) + .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) + .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) + .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.OK)) + .And(x => _steps.ThenTheResponseBodyShouldBe("CustomerId: 123 LocationId: 1 UserType: registered UserId: 1231231")) + .BDDfy(); + } private void GivenThereIsAServiceRunningOn(string url, int statusCode) { From a7eeadb4c62e7c2fbe30d85845ce42087bb0e1ac Mon Sep 17 00:00:00 2001 From: Nick Sharp Date: Mon, 26 Jun 2017 21:32:44 +0100 Subject: [PATCH 3/6] fixing tests --- .../Handler/Creator/AuthenticationHandlerCreator.cs | 2 +- src/Ocelot/Configuration/AuthenticationOptions.cs | 13 +++++-------- .../Builder/AuthenticationOptionsBuilder.cs | 8 ++++---- .../Creator/AuthenticationOptionsCreator.cs | 8 ++++---- .../ConfigurationInConsulTests.cs | 1 - 5 files changed, 14 insertions(+), 18 deletions(-) diff --git a/src/Ocelot/Authentication/Handler/Creator/AuthenticationHandlerCreator.cs b/src/Ocelot/Authentication/Handler/Creator/AuthenticationHandlerCreator.cs index 910b99e4a..5015fefa0 100644 --- a/src/Ocelot/Authentication/Handler/Creator/AuthenticationHandlerCreator.cs +++ b/src/Ocelot/Authentication/Handler/Creator/AuthenticationHandlerCreator.cs @@ -19,7 +19,7 @@ public Response Create(IApplicationBuilder app, AuthenticationO { var builder = app.New(); - var authenticationConfig = authOptions.Config as IdentityServerConfig; + var authenticationConfig = authOptions.Config; builder.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions { diff --git a/src/Ocelot/Configuration/AuthenticationOptions.cs b/src/Ocelot/Configuration/AuthenticationOptions.cs index cfb76fe48..25b65fe9b 100644 --- a/src/Ocelot/Configuration/AuthenticationOptions.cs +++ b/src/Ocelot/Configuration/AuthenticationOptions.cs @@ -2,9 +2,11 @@ namespace Ocelot.Configuration { + using Newtonsoft.Json; + public class AuthenticationOptions { - public AuthenticationOptions(string provider, List allowedScopes, IAuthenticationConfig config) + public AuthenticationOptions(string provider, List allowedScopes, IdentityServerConfig config) { Provider = provider; AllowedScopes = allowedScopes; @@ -15,15 +17,10 @@ public AuthenticationOptions(string provider, List allowedScopes, IAuthe public List AllowedScopes { get; private set; } - public IAuthenticationConfig Config { get; } - } - - - public interface IAuthenticationConfig - { + public IdentityServerConfig Config { get; private set; } } - public class IdentityServerConfig : IAuthenticationConfig + public class IdentityServerConfig { public IdentityServerConfig(string providerRootUrl, string apiName, bool requireHttps, string apiSecret) { diff --git a/src/Ocelot/Configuration/Builder/AuthenticationOptionsBuilder.cs b/src/Ocelot/Configuration/Builder/AuthenticationOptionsBuilder.cs index bd20717cd..3f83d3a32 100644 --- a/src/Ocelot/Configuration/Builder/AuthenticationOptionsBuilder.cs +++ b/src/Ocelot/Configuration/Builder/AuthenticationOptionsBuilder.cs @@ -9,7 +9,7 @@ public class AuthenticationOptionsBuilder private List _allowedScopes; - private IAuthenticationConfig _config; + private IdentityServerConfig _identityServerConfig; public AuthenticationOptionsBuilder WithProvider(string provider) { @@ -23,15 +23,15 @@ public AuthenticationOptionsBuilder WithAllowedScopes(List allowedScopes return this; } - public AuthenticationOptionsBuilder WithConfiguration(IAuthenticationConfig config) + public AuthenticationOptionsBuilder WithIdntityServerConfigConfiguration(IdentityServerConfig config) { - _config = config; + _identityServerConfig = config; return this; } public AuthenticationOptions Build() { - return new AuthenticationOptions(_provider, _allowedScopes, _config); + return new AuthenticationOptions(_provider, _allowedScopes, _identityServerConfig); } } diff --git a/src/Ocelot/Configuration/Creator/AuthenticationOptionsCreator.cs b/src/Ocelot/Configuration/Creator/AuthenticationOptionsCreator.cs index ac185cdf9..7f3f34a35 100644 --- a/src/Ocelot/Configuration/Creator/AuthenticationOptionsCreator.cs +++ b/src/Ocelot/Configuration/Creator/AuthenticationOptionsCreator.cs @@ -7,19 +7,19 @@ public class AuthenticationOptionsCreator : IAuthenticationOptionsCreator { public AuthenticationOptions Create(FileReRoute fileReRoute) { - var authenticationConfig = new AuthenticationConfigCreator().Create(fileReRoute.AuthenticationOptions); + var authenticationConfig = new IdentityServerConfigCreator().Create(fileReRoute.AuthenticationOptions); return new AuthenticationOptionsBuilder() .WithProvider(fileReRoute.AuthenticationOptions?.Provider) .WithAllowedScopes(fileReRoute.AuthenticationOptions?.AllowedScopes) - .WithConfiguration(authenticationConfig) + .WithIdntityServerConfigConfiguration(authenticationConfig) .Build(); } } - public class AuthenticationConfigCreator + public class IdentityServerConfigCreator { - public IAuthenticationConfig Create(FileAuthenticationOptions authenticationOptions) + public IdentityServerConfig Create(FileAuthenticationOptions authenticationOptions) { return new IdentityServerConfigBuilder() .WithApiName(authenticationOptions.IdentityServerConfig?.ApiName) diff --git a/test/Ocelot.AcceptanceTests/ConfigurationInConsulTests.cs b/test/Ocelot.AcceptanceTests/ConfigurationInConsulTests.cs index 0ab4cc6a4..883016102 100644 --- a/test/Ocelot.AcceptanceTests/ConfigurationInConsulTests.cs +++ b/test/Ocelot.AcceptanceTests/ConfigurationInConsulTests.cs @@ -29,7 +29,6 @@ public ConfigurationInConsul() _steps = new Steps(); } - [Fact] public void should_return_response_200_with_simple_url() { From ec0f3b32e46b0742d1b86b7f8bf8462c99bb9533 Mon Sep 17 00:00:00 2001 From: Nick Sharp Date: Tue, 27 Jun 2017 13:49:30 +0100 Subject: [PATCH 4/6] Adding deserializer config for consul --- .../Creator/AuthenticationHandlerCreator.cs | 2 +- .../Configuration/AuthenticationOptions.cs | 8 ++- .../ConsulOcelotConfigurationRepository.cs | 6 +- .../AuthenticationConfigConverter.cs | 55 +++++++++++++++++++ .../ConfigurationInConsulTests.cs | 6 +- 5 files changed, 70 insertions(+), 7 deletions(-) create mode 100644 src/Ocelot/JsonConverters/AuthenticationConfigConverter.cs diff --git a/src/Ocelot/Authentication/Handler/Creator/AuthenticationHandlerCreator.cs b/src/Ocelot/Authentication/Handler/Creator/AuthenticationHandlerCreator.cs index 5015fefa0..910b99e4a 100644 --- a/src/Ocelot/Authentication/Handler/Creator/AuthenticationHandlerCreator.cs +++ b/src/Ocelot/Authentication/Handler/Creator/AuthenticationHandlerCreator.cs @@ -19,7 +19,7 @@ public Response Create(IApplicationBuilder app, AuthenticationO { var builder = app.New(); - var authenticationConfig = authOptions.Config; + var authenticationConfig = authOptions.Config as IdentityServerConfig; builder.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions { diff --git a/src/Ocelot/Configuration/AuthenticationOptions.cs b/src/Ocelot/Configuration/AuthenticationOptions.cs index 25b65fe9b..c4a49b7d4 100644 --- a/src/Ocelot/Configuration/AuthenticationOptions.cs +++ b/src/Ocelot/Configuration/AuthenticationOptions.cs @@ -6,7 +6,7 @@ namespace Ocelot.Configuration public class AuthenticationOptions { - public AuthenticationOptions(string provider, List allowedScopes, IdentityServerConfig config) + public AuthenticationOptions(string provider, List allowedScopes, IAuthenticationConfig config) { Provider = provider; AllowedScopes = allowedScopes; @@ -17,10 +17,10 @@ public AuthenticationOptions(string provider, List allowedScopes, Identi public List AllowedScopes { get; private set; } - public IdentityServerConfig Config { get; private set; } + public IAuthenticationConfig Config { get; private set; } } - public class IdentityServerConfig + public class IdentityServerConfig : IAuthenticationConfig { public IdentityServerConfig(string providerRootUrl, string apiName, bool requireHttps, string apiSecret) { @@ -35,4 +35,6 @@ public IdentityServerConfig(string providerRootUrl, string apiName, bool require public string ApiSecret { get; private set; } public bool RequireHttps { get; private set; } } + + public interface IAuthenticationConfig {} } diff --git a/src/Ocelot/Configuration/Repository/ConsulOcelotConfigurationRepository.cs b/src/Ocelot/Configuration/Repository/ConsulOcelotConfigurationRepository.cs index 703d039b4..345293038 100644 --- a/src/Ocelot/Configuration/Repository/ConsulOcelotConfigurationRepository.cs +++ b/src/Ocelot/Configuration/Repository/ConsulOcelotConfigurationRepository.cs @@ -9,6 +9,8 @@ namespace Ocelot.Configuration.Repository { + using Ocelot.AcceptanceTests; + public class ConsulOcelotConfigurationRepository : IOcelotConfigurationRepository { private readonly ConsulClient _consul; @@ -48,7 +50,9 @@ public async Task> Get() var json = Encoding.UTF8.GetString(bytes); - var consulConfig = JsonConvert.DeserializeObject(json); + var settings = new JsonSerializerSettings(); + settings.Converters.Add(new AuthenticationConfigConverter()); + var consulConfig = JsonConvert.DeserializeObject(json, settings); return new OkResponse(consulConfig); } diff --git a/src/Ocelot/JsonConverters/AuthenticationConfigConverter.cs b/src/Ocelot/JsonConverters/AuthenticationConfigConverter.cs new file mode 100644 index 000000000..e63b1fe67 --- /dev/null +++ b/src/Ocelot/JsonConverters/AuthenticationConfigConverter.cs @@ -0,0 +1,55 @@ +using System; +using Newtonsoft.Json; +using Ocelot.Configuration; + +namespace Ocelot.AcceptanceTests +{ + using Newtonsoft.Json.Linq; + public class AuthenticationConfigConverter : JsonConverter + { + public override bool CanWrite => false; + + public override bool CanRead => true; + + public override void WriteJson(JsonWriter writer, object value, JsonSerializer serializer) + { + throw new InvalidOperationException("Use default serialization."); + } + + public override object ReadJson(JsonReader reader, Type objectType, object existingValue, JsonSerializer serializer) + { + var jsonObject = JObject.Load(reader); + var setting = default(IAuthenticationConfig); + + if (jsonObject["Provider"] != null) + { + switch (jsonObject["Provider"].Value()) + { + //case "Jwt": + // setting = new + default: + setting = new IdentityServerConfig( + jsonObject["ProviderRootUrl"].Value(), + jsonObject["ApiName"].Value(), + jsonObject["RequireHttps"].Value(), + jsonObject["ApiSecret"].Value()); + break; + } + } + else + { + setting = new IdentityServerConfig(string.Empty, string.Empty, false, string.Empty); + } + + serializer.Populate(jsonObject.CreateReader(), setting); + return setting; + } + + public override bool CanConvert(Type objectType) + { + return objectType == typeof(IAuthenticationConfig); + } + } + + +} diff --git a/test/Ocelot.AcceptanceTests/ConfigurationInConsulTests.cs b/test/Ocelot.AcceptanceTests/ConfigurationInConsulTests.cs index 883016102..afed11641 100644 --- a/test/Ocelot.AcceptanceTests/ConfigurationInConsulTests.cs +++ b/test/Ocelot.AcceptanceTests/ConfigurationInConsulTests.cs @@ -104,7 +104,9 @@ private void GivenThereIsAFakeConsulServiceDiscoveryProvider(string url) var json = reader.ReadToEnd(); - _config = JsonConvert.DeserializeObject(json); + var settings = new JsonSerializerSettings(); + settings.Converters.Add(new AuthenticationConfigConverter()); + _config = JsonConvert.DeserializeObject(json, settings); var response = JsonConvert.SerializeObject(true); @@ -166,4 +168,4 @@ public void Dispose() _steps.Dispose(); } } -} +} \ No newline at end of file From 9532d940f15e2c311ffd7782c01d3b1f7b41ed93 Mon Sep 17 00:00:00 2001 From: Nick Sharp Date: Wed, 28 Jun 2017 21:43:37 +0100 Subject: [PATCH 5/6] Implementing jwt and adding tests --- .../Creator/AuthenticationHandlerCreator.cs | 32 ++-- .../SupportedAuthenticationProviders.cs | 3 +- .../Configuration/AuthenticationOptions.cs | 13 ++ .../Builder/AuthenticationOptionsBuilder.cs | 30 +++- .../Creator/AuthenticationOptionsCreator.cs | 16 +- .../Configuration/Creator/ConfigCreator.cs | 35 +++++ .../File/FileAuthenticationOptions.cs | 9 ++ .../AuthenticationConfigConverter.cs | 8 +- .../AuthenticationHandlerFactoryTests.cs | 10 +- .../AuthenticationOptionsCreatorTests.cs | 137 +++++++++++++----- 10 files changed, 220 insertions(+), 73 deletions(-) create mode 100644 src/Ocelot/Configuration/Creator/ConfigCreator.cs diff --git a/src/Ocelot/Authentication/Handler/Creator/AuthenticationHandlerCreator.cs b/src/Ocelot/Authentication/Handler/Creator/AuthenticationHandlerCreator.cs index 910b99e4a..b4c1503a0 100644 --- a/src/Ocelot/Authentication/Handler/Creator/AuthenticationHandlerCreator.cs +++ b/src/Ocelot/Authentication/Handler/Creator/AuthenticationHandlerCreator.cs @@ -19,17 +19,31 @@ public Response Create(IApplicationBuilder app, AuthenticationO { var builder = app.New(); - var authenticationConfig = authOptions.Config as IdentityServerConfig; + if (authOptions.Provider.ToLower() == "jwt") + { + var authenticationConfig = authOptions.Config as JwtConfig; - builder.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions + builder.UseJwtBearerAuthentication( + new JwtBearerOptions() + { + Authority = authenticationConfig.Authority, + Audience = authenticationConfig.Audience + }); + } + else { - Authority = authenticationConfig.ProviderRootUrl, - ApiName = authenticationConfig.ApiName, - RequireHttpsMetadata = authenticationConfig.RequireHttps, - AllowedScopes = authOptions.AllowedScopes, - SupportedTokens = SupportedTokens.Both, - ApiSecret = authenticationConfig.ApiSecret - }); + var authenticationConfig = authOptions.Config as IdentityServerConfig; + + builder.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions + { + Authority = authenticationConfig.ProviderRootUrl, + ApiName = authenticationConfig.ApiName, + RequireHttpsMetadata = authenticationConfig.RequireHttps, + AllowedScopes = authOptions.AllowedScopes, + SupportedTokens = SupportedTokens.Both, + ApiSecret = authenticationConfig.ApiSecret + }); + } var authenticationNext = builder.Build(); diff --git a/src/Ocelot/Authentication/Handler/SupportedAuthenticationProviders.cs b/src/Ocelot/Authentication/Handler/SupportedAuthenticationProviders.cs index 2a815ee02..5662fe401 100644 --- a/src/Ocelot/Authentication/Handler/SupportedAuthenticationProviders.cs +++ b/src/Ocelot/Authentication/Handler/SupportedAuthenticationProviders.cs @@ -2,6 +2,7 @@ { public enum SupportedAuthenticationProviders { - IdentityServer + IdentityServer, + Jwt } } diff --git a/src/Ocelot/Configuration/AuthenticationOptions.cs b/src/Ocelot/Configuration/AuthenticationOptions.cs index c4a49b7d4..1c71d68b3 100644 --- a/src/Ocelot/Configuration/AuthenticationOptions.cs +++ b/src/Ocelot/Configuration/AuthenticationOptions.cs @@ -36,5 +36,18 @@ public IdentityServerConfig(string providerRootUrl, string apiName, bool require public bool RequireHttps { get; private set; } } + public class JwtConfig : IAuthenticationConfig + { + public JwtConfig(string authority, string audience) + { + Audience = audience; + Authority = authority; + } + + public string Audience { get; } + + public string Authority { get; } + } + public interface IAuthenticationConfig {} } diff --git a/src/Ocelot/Configuration/Builder/AuthenticationOptionsBuilder.cs b/src/Ocelot/Configuration/Builder/AuthenticationOptionsBuilder.cs index 3f83d3a32..ea43a23ea 100644 --- a/src/Ocelot/Configuration/Builder/AuthenticationOptionsBuilder.cs +++ b/src/Ocelot/Configuration/Builder/AuthenticationOptionsBuilder.cs @@ -9,7 +9,7 @@ public class AuthenticationOptionsBuilder private List _allowedScopes; - private IdentityServerConfig _identityServerConfig; + private IAuthenticationConfig _identityServerConfig; public AuthenticationOptionsBuilder WithProvider(string provider) { @@ -23,7 +23,7 @@ public AuthenticationOptionsBuilder WithAllowedScopes(List allowedScopes return this; } - public AuthenticationOptionsBuilder WithIdntityServerConfigConfiguration(IdentityServerConfig config) + public AuthenticationOptionsBuilder WithConfig(IAuthenticationConfig config) { _identityServerConfig = config; return this; @@ -66,11 +66,33 @@ public IdentityServerConfigBuilder WithRequireHttps(bool requireHttps) return this; } - - public IdentityServerConfig Build() { return new IdentityServerConfig(_providerRootUrl, _apiName, _requireHttps, _apiSecret); } } + + public class JwtConfigBuilder + { + public string _authority; + + public string _audience; + + public JwtConfigBuilder WithAuthority(string authority) + { + _authority = authority; + return this; + } + + public JwtConfigBuilder WithAudience(string audience) + { + _audience = audience; + return this; + } + + public JwtConfig Build() + { + return new JwtConfig(_authority, _audience); + } + } } \ No newline at end of file diff --git a/src/Ocelot/Configuration/Creator/AuthenticationOptionsCreator.cs b/src/Ocelot/Configuration/Creator/AuthenticationOptionsCreator.cs index 7f3f34a35..d5be4eee3 100644 --- a/src/Ocelot/Configuration/Creator/AuthenticationOptionsCreator.cs +++ b/src/Ocelot/Configuration/Creator/AuthenticationOptionsCreator.cs @@ -7,25 +7,13 @@ public class AuthenticationOptionsCreator : IAuthenticationOptionsCreator { public AuthenticationOptions Create(FileReRoute fileReRoute) { - var authenticationConfig = new IdentityServerConfigCreator().Create(fileReRoute.AuthenticationOptions); + var authenticationConfig = new ConfigCreator().Create(fileReRoute.AuthenticationOptions); return new AuthenticationOptionsBuilder() .WithProvider(fileReRoute.AuthenticationOptions?.Provider) .WithAllowedScopes(fileReRoute.AuthenticationOptions?.AllowedScopes) - .WithIdntityServerConfigConfiguration(authenticationConfig) + .WithConfig(authenticationConfig) .Build(); } } - - public class IdentityServerConfigCreator - { - public IdentityServerConfig Create(FileAuthenticationOptions authenticationOptions) - { - return new IdentityServerConfigBuilder() - .WithApiName(authenticationOptions.IdentityServerConfig?.ApiName) - .WithApiSecret(authenticationOptions.IdentityServerConfig?.ApiSecret) - .WithProviderRootUrl(authenticationOptions.IdentityServerConfig?.ProviderRootUrl) - .WithRequireHttps(authenticationOptions.IdentityServerConfig.RequireHttps).Build(); - } - } } \ No newline at end of file diff --git a/src/Ocelot/Configuration/Creator/ConfigCreator.cs b/src/Ocelot/Configuration/Creator/ConfigCreator.cs new file mode 100644 index 000000000..09c7ab16c --- /dev/null +++ b/src/Ocelot/Configuration/Creator/ConfigCreator.cs @@ -0,0 +1,35 @@ +namespace Ocelot.Configuration.Creator +{ + using Ocelot.Configuration.Builder; + using Ocelot.Configuration.File; + + public class ConfigCreator + { + public IAuthenticationConfig Create(FileAuthenticationOptions authenticationOptions) + { + if (authenticationOptions.Provider == "Jwt") + { + return CreateJwt(authenticationOptions); + } + + return CreateIdentityServer(authenticationOptions); + } + + private JwtConfig CreateJwt(FileAuthenticationOptions authenticationOptions) + { + return new JwtConfigBuilder() + .WithAudience(authenticationOptions.JwtConfig?.Audience) + .WithAuthority(authenticationOptions.JwtConfig?.Authority) + .Build(); + } + + private IdentityServerConfig CreateIdentityServer(FileAuthenticationOptions authenticationOptions) + { + return new IdentityServerConfigBuilder() + .WithApiName(authenticationOptions.IdentityServerConfig?.ApiName) + .WithApiSecret(authenticationOptions.IdentityServerConfig?.ApiSecret) + .WithProviderRootUrl(authenticationOptions.IdentityServerConfig?.ProviderRootUrl) + .WithRequireHttps(authenticationOptions.IdentityServerConfig.RequireHttps).Build(); + } + } +} \ No newline at end of file diff --git a/src/Ocelot/Configuration/File/FileAuthenticationOptions.cs b/src/Ocelot/Configuration/File/FileAuthenticationOptions.cs index 8216aa8d1..31be2307e 100644 --- a/src/Ocelot/Configuration/File/FileAuthenticationOptions.cs +++ b/src/Ocelot/Configuration/File/FileAuthenticationOptions.cs @@ -8,11 +8,13 @@ public FileAuthenticationOptions() { AllowedScopes = new List(); IdentityServerConfig = new FileIdentityServerConfig(); + JwtConfig = new FileJwtConfig(); } public string Provider { get; set; } public List AllowedScopes { get; set; } public FileIdentityServerConfig IdentityServerConfig { get; set; } + public FileJwtConfig JwtConfig { get; set; } } public class FileIdentityServerConfig @@ -22,4 +24,11 @@ public class FileIdentityServerConfig public bool RequireHttps { get; set; } public string ApiSecret { get; set; } } + + public class FileJwtConfig + { + public string Authority { get; set; } + + public string Audience { get; set; } + } } diff --git a/src/Ocelot/JsonConverters/AuthenticationConfigConverter.cs b/src/Ocelot/JsonConverters/AuthenticationConfigConverter.cs index e63b1fe67..06699c28a 100644 --- a/src/Ocelot/JsonConverters/AuthenticationConfigConverter.cs +++ b/src/Ocelot/JsonConverters/AuthenticationConfigConverter.cs @@ -25,8 +25,12 @@ public override object ReadJson(JsonReader reader, Type objectType, object exist { switch (jsonObject["Provider"].Value()) { - //case "Jwt": - // setting = new + case "Jwt": + setting = new JwtConfig( + jsonObject["Authority"].Value(), + jsonObject["Audience"].Value()); + break; + default: setting = new IdentityServerConfig( jsonObject["ProviderRootUrl"].Value(), diff --git a/test/Ocelot.UnitTests/Authentication/AuthenticationHandlerFactoryTests.cs b/test/Ocelot.UnitTests/Authentication/AuthenticationHandlerFactoryTests.cs index 8bf53607b..55e1a05c4 100644 --- a/test/Ocelot.UnitTests/Authentication/AuthenticationHandlerFactoryTests.cs +++ b/test/Ocelot.UnitTests/Authentication/AuthenticationHandlerFactoryTests.cs @@ -31,17 +31,19 @@ public AuthenticationHandlerFactoryTests() _authenticationHandlerFactory = new AuthenticationHandlerFactory(_creator.Object); } - [Fact] - public void should_return_identity_server_access_token_handler() + [Theory] + [InlineData("IdentityServer")] + [InlineData("Jwt")] + public void should_return_access_token_handler(string provider) { var authenticationOptions = new AuthenticationOptionsBuilder() - .WithProvider("IdentityServer") + .WithProvider(provider) .Build(); this.Given(x => x.GivenTheAuthenticationOptionsAre(authenticationOptions)) .And(x => x.GivenTheCreatorReturns()) .When(x => x.WhenIGetFromTheFactory()) - .Then(x => x.ThenTheHandlerIsReturned("IdentityServer")) + .Then(x => x.ThenTheHandlerIsReturned(provider)) .BDDfy(); } diff --git a/test/Ocelot.UnitTests/Configuration/AuthenticationOptionsCreatorTests.cs b/test/Ocelot.UnitTests/Configuration/AuthenticationOptionsCreatorTests.cs index 575b62b76..852452071 100644 --- a/test/Ocelot.UnitTests/Configuration/AuthenticationOptionsCreatorTests.cs +++ b/test/Ocelot.UnitTests/Configuration/AuthenticationOptionsCreatorTests.cs @@ -20,36 +20,78 @@ public AuthenticationOptionsCreatorTests() _authOptionsCreator = new AuthenticationOptionsCreator(); } - // [Fact] - // public void should_return_auth_options() - // { - // var fileReRoute = new FileReRoute() - // { - // AuthenticationOptions = new FileAuthenticationOptions - // { - // Provider = "Geoff", - // ProviderRootUrl = "http://www.bbc.co.uk/", - //ApiName = "Laura", - // RequireHttps = true, - //AllowedScopes = new List {"cheese"}, - // ApiSecret = "secret" - // } - // }; - - // var expected = new AuthenticationOptionsBuilder() - // .WithProvider(fileReRoute.AuthenticationOptions?.Provider) - // .WithProviderRootUrl(fileReRoute.AuthenticationOptions?.ProviderRootUrl) - // .WithApiName(fileReRoute.AuthenticationOptions?.ApiName) - // .WithRequireHttps(fileReRoute.AuthenticationOptions.RequireHttps) - // .WithAllowedScopes(fileReRoute.AuthenticationOptions?.AllowedScopes) - // .WithApiSecret(fileReRoute.AuthenticationOptions?.ApiSecret) - // .Build(); - - // this.Given(x => x.GivenTheFollowing(fileReRoute)) - // .When(x => x.WhenICreateTheAuthenticationOptions()) - // .Then(x => x.ThenTheFollowingIsReturned(expected)) - // .BDDfy(); - // } + [Fact] + public void should_return_auth_options() + { + var fileReRoute = new FileReRoute() + { + AuthenticationOptions = new FileAuthenticationOptions + { + Provider = "Geoff", + IdentityServerConfig = new FileIdentityServerConfig() + { + ProviderRootUrl = "http://www.bbc.co.uk/", + ApiName = "Laura", + RequireHttps = true, + ApiSecret = "secret" + }, + AllowedScopes = new List { "cheese" }, + + } + }; + + var authenticationConfig = new IdentityServerConfigBuilder() + .WithProviderRootUrl(fileReRoute.AuthenticationOptions?.IdentityServerConfig?.ProviderRootUrl) + .WithApiName(fileReRoute.AuthenticationOptions?.IdentityServerConfig?.ApiName) + .WithRequireHttps(fileReRoute.AuthenticationOptions.IdentityServerConfig.RequireHttps) + .WithApiSecret(fileReRoute.AuthenticationOptions?.IdentityServerConfig?.ApiSecret) + .Build(); + + var expected = new AuthenticationOptionsBuilder() + .WithProvider(fileReRoute.AuthenticationOptions?.Provider) + .WithAllowedScopes(fileReRoute.AuthenticationOptions?.AllowedScopes) + .WithConfig(authenticationConfig) + .Build(); + + this.Given(x => x.GivenTheFollowing(fileReRoute)) + .When(x => x.WhenICreateTheAuthenticationOptions()) + .Then(x => x.ThenTheFollowingIdentityServerConfigIsReturned(expected)) + .BDDfy(); + } + + [Fact] + public void should_return_Jwt_auth_options() + { + var fileReRoute = new FileReRoute() + { + AuthenticationOptions = new FileAuthenticationOptions + { + Provider = "Jwt", + JwtConfig = new FileJwtConfig() + { + Audience = "Audience", + Authority = "Authority" + }, + AllowedScopes = new List { "cheese" } + } + }; + + var authenticationConfig = new JwtConfigBuilder() + .WithAudience(fileReRoute.AuthenticationOptions?.JwtConfig?.Audience) + .WithAuthority(fileReRoute.AuthenticationOptions?.JwtConfig?.Authority) + .Build(); + + var expected = new AuthenticationOptionsBuilder() + .WithProvider(fileReRoute.AuthenticationOptions?.Provider) + .WithAllowedScopes(fileReRoute.AuthenticationOptions?.AllowedScopes) + .WithConfig(authenticationConfig) + .Build(); + + this.Given(x => x.GivenTheFollowing(fileReRoute)) + .When(x => x.WhenICreateTheAuthenticationOptions()) + .Then(x => x.ThenTheFollowingJwtConfigIsReturned(expected)) + .BDDfy(); + } private void GivenTheFollowing(FileReRoute fileReRoute) { @@ -61,14 +103,31 @@ private void WhenICreateTheAuthenticationOptions() _result = _authOptionsCreator.Create(_fileReRoute); } - //private void ThenTheFollowingIsReturned(AuthenticationOptions expected) - //{ - // _result.AllowedScopes.ShouldBe(expected.AllowedScopes); - // _result.Provider.ShouldBe(expected.Provider); - // _result.ProviderRootUrl.ShouldBe(expected.ProviderRootUrl); - // _result.RequireHttps.ShouldBe(expected.RequireHttps); - // _result.ApiName.ShouldBe(expected.ApiName); - // _result.ApiSecret.ShouldBe(expected.ApiSecret); - //} + private void ThenTheFollowingJwtConfigIsReturned(AuthenticationOptions expected) + { + _result.AllowedScopes.ShouldBe(expected.AllowedScopes); + _result.Provider.ShouldBe(expected.Provider); + + var _resultSettings = _result.Config as JwtConfig; + var expectedSettngs = expected.Config as JwtConfig; + + _resultSettings.Audience.ShouldBe(expectedSettngs.Audience); + _resultSettings.Authority.ShouldBe(expectedSettngs.Authority); + + } + + private void ThenTheFollowingIdentityServerConfigIsReturned(AuthenticationOptions expected) + { + _result.AllowedScopes.ShouldBe(expected.AllowedScopes); + _result.Provider.ShouldBe(expected.Provider); + + var _resultSettings = _result.Config as IdentityServerConfig; + var expectedSettngs = expected.Config as IdentityServerConfig; + + _resultSettings.ProviderRootUrl.ShouldBe(expectedSettngs.ProviderRootUrl); + _resultSettings.RequireHttps.ShouldBe(expectedSettngs.RequireHttps); + _resultSettings.ApiName.ShouldBe(expectedSettngs.ApiName); + _resultSettings.ApiSecret.ShouldBe(expectedSettngs.ApiSecret); + } } } \ No newline at end of file From 1168eb311042613360b121cf3e1eb453189f33ae Mon Sep 17 00:00:00 2001 From: Nick Sharp Date: Thu, 29 Jun 2017 08:58:41 +0100 Subject: [PATCH 6/6] Reenabling some tests --- .../FileConfigurationCreatorTests.cs | 248 ++++++++---------- .../TestData/AuthenticationConfigTestData.cs | 89 +++++++ 2 files changed, 197 insertions(+), 140 deletions(-) create mode 100644 test/Ocelot.UnitTests/TestData/AuthenticationConfigTestData.cs diff --git a/test/Ocelot.UnitTests/Configuration/FileConfigurationCreatorTests.cs b/test/Ocelot.UnitTests/Configuration/FileConfigurationCreatorTests.cs index 8a701f310..f7f59c978 100644 --- a/test/Ocelot.UnitTests/Configuration/FileConfigurationCreatorTests.cs +++ b/test/Ocelot.UnitTests/Configuration/FileConfigurationCreatorTests.cs @@ -17,6 +17,10 @@ namespace Ocelot.UnitTests.Configuration { + using System.Collections; + + using Ocelot.UnitTests.TestData; + public class FileConfigurationCreatorTests { private readonly Mock> _fileConfig; @@ -393,132 +397,82 @@ public void should_call_request_id_creator() .BDDfy(); } - //[Fact] - //public void should_create_with_headers_to_extract() - //{ - // var reRouteOptions = new ReRouteOptionsBuilder() - // .WithIsAuthenticated(true) - // .Build(); - - // var authenticationOptions = new AuthenticationOptionsBuilder() - // .WithProvider("IdentityServer") - // .WithProviderRootUrl("http://localhost:51888") - // .WithRequireHttps(false) - // .WithApiSecret("secret") - // .WithApiName("api") - // .WithAllowedScopes(new List()) - // .Build(); - - // var expected = new List - // { - // new ReRouteBuilder() - // .WithDownstreamPathTemplate("/products/{productId}") - // .WithUpstreamPathTemplate("/api/products/{productId}") - // .WithUpstreamHttpMethod(new List { "Get" }) - // .WithAuthenticationOptions(authenticationOptions) - // .WithClaimsToHeaders(new List - // { - // new ClaimToThing("CustomerId", "CustomerId", "", 0), - // }) - // .Build() - // }; - - // this.Given(x => x.GivenTheConfigIs(new FileConfiguration - // { - // ReRoutes = new List - // { - // new FileReRoute - // { - // UpstreamPathTemplate = "/api/products/{productId}", - // DownstreamPathTemplate = "/products/{productId}", - // UpstreamHttpMethod = new List { "Get" }, - // ReRouteIsCaseSensitive = true, - // AuthenticationOptions = new FileAuthenticationOptions - // { - //AllowedScopes= new List(), - // Provider = "IdentityServer", - // ProviderRootUrl = "http://localhost:51888", - // RequireHttps = false, - //ApiName= "api", - // ApiSecret = "secret" - // }, - // AddHeadersToRequest = - // { - // {"CustomerId", "Claims[CustomerId] > value"}, - // } - // } - // } - // })) - // .And(x => x.GivenTheConfigIsValid()) - // .And(x => x.GivenTheAuthOptionsCreatorReturns(authenticationOptions)) - // .And(x => x.GivenTheFollowingOptionsAreReturned(reRouteOptions)) - // .And(x => x.GivenTheClaimsToThingCreatorReturns(new List{new ClaimToThing("CustomerId", "CustomerId", "", 0)})) - // .And(x => x.GivenTheLoadBalancerFactoryReturns()) - // .When(x => x.WhenICreateTheConfig()) - // .Then(x => x.ThenTheReRoutesAre(expected)) - // .And(x => x.ThenTheAuthenticationOptionsAre(expected)) - // .And(x => x.ThenTheAuthOptionsCreatorIsCalledCorrectly()) - // .BDDfy(); - //} - - //[Fact] - //public void should_create_with_authentication_properties() - //{ - // var reRouteOptions = new ReRouteOptionsBuilder() - // .WithIsAuthenticated(true) - // .Build(); - - // var authenticationOptions = new AuthenticationOptionsBuilder() - // .WithProvider("IdentityServer") - // .WithProviderRootUrl("http://localhost:51888") - // .WithRequireHttps(false) - // .WithApiSecret("secret") - // .WithApiName("api") - // .WithAllowedScopes(new List()) - // .Build(); - - // var expected = new List - // { - // new ReRouteBuilder() - // .WithDownstreamPathTemplate("/products/{productId}") - // .WithUpstreamPathTemplate("/api/products/{productId}") - // .WithUpstreamHttpMethod(new List { "Get" }) - // .WithAuthenticationOptions(authenticationOptions) - // .Build() - // }; - - // this.Given(x => x.GivenTheConfigIs(new FileConfiguration - // { - // ReRoutes = new List - // { - // new FileReRoute - // { - // UpstreamPathTemplate = "/api/products/{productId}", - // DownstreamPathTemplate = "/products/{productId}", - // UpstreamHttpMethod = new List { "Get" }, - // ReRouteIsCaseSensitive = true, - // AuthenticationOptions = new FileAuthenticationOptions - // { - //AllowedScopes = new List(), - // Provider = "IdentityServer", - // ProviderRootUrl = "http://localhost:51888", - // RequireHttps = false, - //ApiName= "api", - // ApiSecret = "secret" - // } - // } - // } - // })) - // .And(x => x.GivenTheConfigIsValid()) - // .And(x => x.GivenTheFollowingOptionsAreReturned(reRouteOptions)) - // .And(x => x.GivenTheAuthOptionsCreatorReturns(authenticationOptions)) - // .And(x => x.GivenTheLoadBalancerFactoryReturns()) - // .When(x => x.WhenICreateTheConfig()) - // .Then(x => x.ThenTheReRoutesAre(expected)) - // .And(x => x.ThenTheAuthenticationOptionsAre(expected)) - // .And(x => x.ThenTheAuthOptionsCreatorIsCalledCorrectly()) - // .BDDfy(); - //} + [Theory] + [MemberData(nameof(AuthenticationConfigTestData.GetAuthenticationData), MemberType = typeof(AuthenticationConfigTestData))] + public void should_create_with_headers_to_extract(string provider, IAuthenticationConfig config, FileConfiguration fileConfig) + { + var reRouteOptions = new ReRouteOptionsBuilder() + .WithIsAuthenticated(true) + .Build(); + + var authenticationOptions = new AuthenticationOptionsBuilder() + .WithProvider(provider) + .WithAllowedScopes(new List()) + .WithConfig(config) + .Build(); + + var expected = new List + { + new ReRouteBuilder() + .WithDownstreamPathTemplate("/products/{productId}") + .WithUpstreamPathTemplate("/api/products/{productId}") + .WithUpstreamHttpMethod(new List { "Get" }) + .WithAuthenticationOptions(authenticationOptions) + .WithClaimsToHeaders(new List + { + new ClaimToThing("CustomerId", "CustomerId", "", 0), + }) + .Build() + }; + + this.Given(x => x.GivenTheConfigIs(fileConfig)) + .And(x => x.GivenTheConfigIsValid()) + .And(x => x.GivenTheAuthOptionsCreatorReturns(authenticationOptions)) + .And(x => x.GivenTheFollowingOptionsAreReturned(reRouteOptions)) + .And(x => x.GivenTheClaimsToThingCreatorReturns(new List { new ClaimToThing("CustomerId", "CustomerId", "", 0) })) + .And(x => x.GivenTheLoadBalancerFactoryReturns()) + .When(x => x.WhenICreateTheConfig()) + .Then(x => x.ThenTheReRoutesAre(expected)) + .And(x => x.ThenTheAuthenticationOptionsAre(provider, expected)) + .And(x => x.ThenTheAuthOptionsCreatorIsCalledCorrectly()) + .BDDfy(); + } + + [Theory] + [MemberData(nameof(AuthenticationConfigTestData.GetAuthenticationData), MemberType = typeof(AuthenticationConfigTestData))] + public void should_create_with_authentication_properties(string provider, IAuthenticationConfig config, FileConfiguration fileConfig) + { + var reRouteOptions = new ReRouteOptionsBuilder() + .WithIsAuthenticated(true) + .Build(); + + var authenticationOptions = new AuthenticationOptionsBuilder() + .WithProvider(provider) + .WithAllowedScopes(new List()) + .WithConfig(config) + .Build(); + + var expected = new List + { + new ReRouteBuilder() + .WithDownstreamPathTemplate("/products/{productId}") + .WithUpstreamPathTemplate("/api/products/{productId}") + .WithUpstreamHttpMethod(new List { "Get" }) + .WithAuthenticationOptions(authenticationOptions) + .Build() + }; + + this.Given(x => x.GivenTheConfigIs(fileConfig)) + .And(x => x.GivenTheConfigIsValid()) + .And(x => x.GivenTheFollowingOptionsAreReturned(reRouteOptions)) + .And(x => x.GivenTheAuthOptionsCreatorReturns(authenticationOptions)) + .And(x => x.GivenTheLoadBalancerFactoryReturns()) + .When(x => x.WhenICreateTheConfig()) + .Then(x => x.ThenTheReRoutesAre(expected)) + .And(x => x.ThenTheAuthenticationOptionsAre(provider, expected)) + .And(x => x.ThenTheAuthOptionsCreatorIsCalledCorrectly()) + .BDDfy(); + } private void GivenTheFollowingOptionsAreReturned(ReRouteOptions fileReRouteOptions) { @@ -586,22 +540,36 @@ private void ThenTheServiceConfigurationIs(ServiceProviderConfiguration expected } } - //private void ThenTheAuthenticationOptionsAre(List expectedReRoutes) - //{ - // for (int i = 0; i < _config.Data.ReRoutes.Count; i++) - // { - // var result = _config.Data.ReRoutes[i].AuthenticationOptions; - // var expected = expectedReRoutes[i].AuthenticationOptions; + private void ThenTheAuthenticationOptionsAre(string provider, List expectedReRoutes) + { + for (int i = 0; i < _config.Data.ReRoutes.Count; i++) + { + var result = _config.Data.ReRoutes[i].AuthenticationOptions; + var expected = expectedReRoutes[i].AuthenticationOptions; + + result.AllowedScopes.ShouldBe(expected.AllowedScopes); + result.Provider.ShouldBe(expected.Provider); - // result.AllowedScopes.ShouldBe(expected.AllowedScopes); - // result.Provider.ShouldBe(expected.Provider); - // result.ProviderRootUrl.ShouldBe(expected.ProviderRootUrl); - // result.RequireHttps.ShouldBe(expected.RequireHttps); - // result.ApiName.ShouldBe(expected.ApiName); - // result.ApiSecret.ShouldBe(expected.ApiSecret); + if (provider.ToLower() == "identityserver") + { + var config = result.Config as IdentityServerConfig; + var expectedConfig = expected.Config as IdentityServerConfig; - // } - //} + config.ProviderRootUrl.ShouldBe(expectedConfig.ProviderRootUrl); + config.RequireHttps.ShouldBe(expectedConfig.RequireHttps); + config.ApiName.ShouldBe(expectedConfig.ApiName); + config.ApiSecret.ShouldBe(expectedConfig.ApiSecret); + } + else + { + var config = result.Config as JwtConfig; + var expectedConfig = expected.Config as JwtConfig; + + config.Audience.ShouldBe(expectedConfig.Audience); + config.Authority.ShouldBe(expectedConfig.Authority); + } + } + } private void GivenTheLoadBalancerFactoryReturns() { diff --git a/test/Ocelot.UnitTests/TestData/AuthenticationConfigTestData.cs b/test/Ocelot.UnitTests/TestData/AuthenticationConfigTestData.cs new file mode 100644 index 000000000..5392a58dd --- /dev/null +++ b/test/Ocelot.UnitTests/TestData/AuthenticationConfigTestData.cs @@ -0,0 +1,89 @@ +namespace Ocelot.UnitTests.TestData +{ + using System.Collections.Generic; + + using Ocelot.Configuration.Builder; + using Ocelot.Configuration.File; + + public class AuthenticationConfigTestData + { + public static IEnumerable GetAuthenticationData() + { + yield return new object[] + { + "IdentityServer", + new IdentityServerConfigBuilder() + .WithRequireHttps(true) + .WithApiName("test") + .WithApiSecret("test") + .WithProviderRootUrl("test") + .Build(), + new FileConfiguration + { + ReRoutes = new List + { + new FileReRoute + { + UpstreamPathTemplate = "/api/products/{productId}", + DownstreamPathTemplate = "/products/{productId}", + UpstreamHttpMethod = new List { "Get" }, + ReRouteIsCaseSensitive = true, + AuthenticationOptions = new FileAuthenticationOptions + { + AllowedScopes = new List(), + Provider = "IdentityServer", + IdentityServerConfig = new FileIdentityServerConfig + { + ProviderRootUrl = "http://localhost:51888", + RequireHttps = false, + ApiName = "api", + ApiSecret = "secret" + } + }, + AddHeadersToRequest = + { + { "CustomerId", "Claims[CustomerId] > value" }, + } + } + } + } + }; + + yield return new object[] + { + "Jwt", + new JwtConfigBuilder() + .WithAudience("a") + .WithAuthority("au") + .Build(), + new FileConfiguration + { + ReRoutes = new List + { + new FileReRoute + { + UpstreamPathTemplate = "/api/products/{productId}", + DownstreamPathTemplate = "/products/{productId}", + UpstreamHttpMethod = new List { "Get" }, + ReRouteIsCaseSensitive = true, + AuthenticationOptions = new FileAuthenticationOptions + { + AllowedScopes = new List(), + Provider = "IdentityServer", + JwtConfig = new FileJwtConfig + { + Audience = "a", + Authority = "au" + } + }, + AddHeadersToRequest = + { + { "CustomerId", "Claims[CustomerId] > value" }, + } + } + } + } + }; + } + } +}