Merge pull request #107 from TomPallister/feature/tokens-work-across-ocelots

Feature/tokens work across ocelots
2025-04-22 06:22:50 +08:00 · 2017-06-24 13:11:18 +01:00 · 2017-06-24 13:11:18 +01:00 · 1f762601e5
commit 1f762601e5
parent bc7bfc8917 e96d66139f
15 changed files with 242 additions and 9 deletions
--- a/.gitignore
+++ b/.gitignore
@ -183,6 +183,7 @@ ClientBin/
 *.dbmdl
 *.dbproj.schemaview
 *.pfx
 !idsrv3test.pfx
 *.publishsettings
 node_modules/
 orleans.codegen.cs
--- a/src/Ocelot/Authentication/Handler/Creator/AuthenticationHandlerCreator.cs
+++ b/src/Ocelot/Authentication/Handler/Creator/AuthenticationHandlerCreator.cs
@ -1,3 +1,4 @@
 using System;
 using IdentityServer4.AccessTokenValidation;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
--- a/src/Ocelot/Configuration/Creator/IdentityServerConfigurationCreator.cs
+++ b/src/Ocelot/Configuration/Creator/IdentityServerConfigurationCreator.cs
@ -13,6 +13,8 @@ namespace Ocelot.Configuration.Creator
            var username = Environment.GetEnvironmentVariable("OCELOT_USERNAME");
            var hash = Environment.GetEnvironmentVariable("OCELOT_HASH");
            var salt = Environment.GetEnvironmentVariable("OCELOT_SALT");
            var credentialsSigningCertificateLocation = Environment.GetEnvironmentVariable("OCELOT_CERTIFICATE");
            var credentialsSigningCertificatePassword = Environment.GetEnvironmentVariable("OCELOT_CERTIFICATE_PASSWORD");
            return new IdentityServerConfiguration(
                "admin",
@ -28,7 +30,9 @@ namespace Ocelot.Configuration.Creator
                new List<User>
                {
                    new User("admin", username, hash, salt)
-                }
+                },
                credentialsSigningCertificateLocation,
                credentialsSigningCertificatePassword
            );
        }
    }
--- a/src/Ocelot/Configuration/Provider/IIdentityServerConfiguration.cs
+++ b/src/Ocelot/Configuration/Provider/IIdentityServerConfiguration.cs
@ -17,5 +17,7 @@ namespace Ocelot.Configuration.Provider
        AccessTokenType AccessTokenType {get;}
        bool RequireClientSecret {get;}
        List<User> Users {get;}
        string CredentialsSigningCertificateLocation { get; }
        string CredentialsSigningCertificatePassword { get; }
    }
 }
--- a/src/Ocelot/Configuration/Provider/IdentityServerConfiguration.cs
+++ b/src/Ocelot/Configuration/Provider/IdentityServerConfiguration.cs
@ -17,7 +17,7 @@ namespace Ocelot.Configuration.Provider
            IEnumerable<string>  grantType,
            AccessTokenType accessTokenType,
            bool requireClientSecret,
-            List<User> users)
+            List<User> users, string credentialsSigningCertificateLocation, string credentialsSigningCertificatePassword)
        {
            ApiName = apiName;
            RequireHttps = requireHttps;
@ -30,6 +30,8 @@ namespace Ocelot.Configuration.Provider
            AccessTokenType = accessTokenType;
            RequireClientSecret = requireClientSecret;
            Users = users;
            CredentialsSigningCertificateLocation = credentialsSigningCertificateLocation;
            CredentialsSigningCertificatePassword = credentialsSigningCertificatePassword;
        }
        public string ApiName { get; private set; }
@ -43,5 +45,7 @@ namespace Ocelot.Configuration.Provider
        public AccessTokenType AccessTokenType {get;private set;}
        public bool RequireClientSecret {get;private set;}
        public List<User> Users {get;private set;}
        public string CredentialsSigningCertificateLocation { get; private set; }
        public string CredentialsSigningCertificatePassword { get; private set; }
    }
 }
--- a/src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs
+++ b/src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs
@ -41,6 +41,8 @@ using System.Collections.Generic;
 using System.Linq;
 using System.Net.Http;
 using System.Reflection;
 using System.Security.Cryptography.X509Certificates;
 using Microsoft.IdentityModel.Tokens;
 using Ocelot.Configuration;
 using FileConfigurationProvider = Ocelot.Configuration.Provider.FileConfigurationProvider;
@ -87,8 +89,10 @@ namespace Ocelot.DependencyInjection
            {
                services.TryAddSingleton<IIdentityServerConfiguration>(identityServerConfiguration);
                services.TryAddSingleton<IHashMatcher, HashMatcher>();
-                services.AddIdentityServer()
+                var identityServerBuilder = services
-                    .AddTemporarySigningCredential()
+                    .AddIdentityServer(options => {
                        options.IssuerUri = "Ocelot";
                    })
                    .AddInMemoryApiResources(new List<ApiResource>
                    {
                        new ApiResource
@ -120,6 +124,16 @@ namespace Ocelot.DependencyInjection
                            RequireClientSecret = identityServerConfiguration.RequireClientSecret
                        }
                    }).AddResourceOwnerValidator<OcelotResourceOwnerPasswordValidator>();
                if (string.IsNullOrEmpty(identityServerConfiguration.CredentialsSigningCertificateLocation) || string.IsNullOrEmpty(identityServerConfiguration.CredentialsSigningCertificatePassword))
                {
                    identityServerBuilder.AddTemporarySigningCredential();
                }
                else
                {
                    var cert = new X509Certificate2(identityServerConfiguration.CredentialsSigningCertificateLocation, identityServerConfiguration.CredentialsSigningCertificatePassword);
                    identityServerBuilder.AddSigningCredential(cert);
                }
            }
            var assembly = typeof(FileConfigurationController).GetTypeInfo().Assembly;
--- a/src/Ocelot/Middleware/OcelotMiddlewareExtensions.cs
+++ b/src/Ocelot/Middleware/OcelotMiddlewareExtensions.cs
@ -181,7 +181,6 @@ namespace Ocelot.Middleware
                builder.Map(configuration.AdministrationPath, app =>
                {
                    var identityServerUrl = $"{baseSchemeUrlAndPort}/{configuration.AdministrationPath.Remove(0,1)}";
                    app.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions
                    {
                        Authority = identityServerUrl,
--- a/test/Ocelot.AcceptanceTests/Ocelot.AcceptanceTests.csproj
+++ b/test/Ocelot.AcceptanceTests/Ocelot.AcceptanceTests.csproj
@ -15,7 +15,7 @@
  </PropertyGroup>
  <ItemGroup>
-    <None Update="configuration.json">
+    <None Update="configuration.json;appsettings.json">
      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
    </None>
  </ItemGroup>
--- a/test/Ocelot.AcceptanceTests/appsettings.json
+++ b/test/Ocelot.AcceptanceTests/appsettings.json
@ -0,0 +1,10 @@
 {
  "Logging": {
    "IncludeScopes": true,
    "LogLevel": {
      "Default": "Error",
      "System": "Error",
      "Microsoft": "Error"
    }
  }
 }
--- a/test/Ocelot.IntegrationTests/AdministrationTests.cs
+++ b/test/Ocelot.IntegrationTests/AdministrationTests.cs
@ -19,15 +19,19 @@ namespace Ocelot.IntegrationTests
    public class AdministrationTests : IDisposable
    {
        private readonly HttpClient _httpClient;
        private readonly HttpClient _httpClientTwo;
        private HttpResponseMessage _response;
        private IWebHost _builder;
        private IWebHostBuilder _webHostBuilder;
        private readonly string _ocelotBaseUrl;
        private BearerToken _token;
        private IWebHostBuilder _webHostBuilderTwo;
        private IWebHost _builderTwo;
        public AdministrationTests()
        {
            _httpClient = new HttpClient();
            _httpClientTwo = new HttpClient();
            _ocelotBaseUrl = "http://localhost:5000";
            _httpClient.BaseAddress = new Uri(_ocelotBaseUrl);
        }
@ -70,6 +74,27 @@ namespace Ocelot.IntegrationTests
                 .BDDfy();
         }
        [Fact]
        public void should_be_able_to_use_token_from_ocelot_a_on_ocelot_b()
        {
            var configuration = new FileConfiguration
            {
                GlobalConfiguration = new FileGlobalConfiguration
                {
                    AdministrationPath = "/administration"
                }
            };
            this.Given(x => GivenThereIsAConfiguration(configuration))
                .And(x => GivenIdentityServerSigningEnvironmentalVariablesAreSet())
                .And(x => GivenOcelotIsRunning())
                .And(x => GivenIHaveAnOcelotToken("/administration"))
                .And(x => GivenAnotherOcelotIsRunning("http://localhost:5007"))
                .When(x => WhenIGetUrlOnTheSecondOcelot("/administration/configuration"))
                .Then(x => ThenTheStatusCodeShouldBe(HttpStatusCode.OK))
                .BDDfy();
        }
        [Fact]
        public void should_return_file_configuration()
        {
@ -193,6 +218,36 @@ namespace Ocelot.IntegrationTests
                .BDDfy();
        }
        private void GivenAnotherOcelotIsRunning(string baseUrl)
        {
            _httpClientTwo.BaseAddress = new Uri(baseUrl);
            _webHostBuilderTwo = new WebHostBuilder()
               .UseUrls(baseUrl)
               .UseKestrel()
               .UseContentRoot(Directory.GetCurrentDirectory())
               .ConfigureServices(x => {
                   x.AddSingleton(_webHostBuilderTwo);
               })
               .UseStartup<Startup>();
            _builderTwo = _webHostBuilderTwo.Build();
            _builderTwo.Start();
        }
        private void GivenIdentityServerSigningEnvironmentalVariablesAreSet()
        {
            Environment.SetEnvironmentVariable("OCELOT_CERTIFICATE", "idsrv3test.pfx");
            Environment.SetEnvironmentVariable("OCELOT_CERTIFICATE_PASSWORD", "idsrv3test");
        }
        private void WhenIGetUrlOnTheSecondOcelot(string url)
        {
            _httpClientTwo.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", _token.AccessToken);
            _response = _httpClientTwo.GetAsync(url).Result;
        }
        private void WhenIPostOnTheApiGateway(string url, FileConfiguration updatedConfiguration)
        {
            var json = JsonConvert.SerializeObject(updatedConfiguration);
@ -305,6 +360,8 @@ namespace Ocelot.IntegrationTests
        public void Dispose()
        {
            Environment.SetEnvironmentVariable("OCELOT_CERTIFICATE", "");
            Environment.SetEnvironmentVariable("OCELOT_CERTIFICATE_PASSWORD", "");
            _builder?.Dispose();
            _httpClient?.Dispose();
        }
--- a/test/Ocelot.IntegrationTests/Ocelot.IntegrationTests.csproj
+++ b/test/Ocelot.IntegrationTests/Ocelot.IntegrationTests.csproj
@ -15,7 +15,7 @@
  </PropertyGroup>
  <ItemGroup>
-    <None Update="configuration.json;appsettings.json">
+    <None Update="configuration.json;appsettings.json;idsrv3test.pfx">
      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
    </None>
  </ItemGroup>
--- a/test/Ocelot.IntegrationTests/appsettings.json
+++ b/test/Ocelot.IntegrationTests/appsettings.json
@ -3,8 +3,8 @@
    "IncludeScopes": true,
    "LogLevel": {
      "Default": "Error",
-      "System": "Information",
+      "System": "Error",
-      "Microsoft": "Information"
+      "Microsoft": "Error"
    }
  }
 }
--- a/test/Ocelot.IntegrationTests/idsrv3test.pfx
+++ b/test/Ocelot.IntegrationTests/idsrv3test.pfx
--- a/test/Ocelot.UnitTests/Configuration/IdentityServerConfigurationCreatorTests.cs
+++ b/test/Ocelot.UnitTests/Configuration/IdentityServerConfigurationCreatorTests.cs
@ -0,0 +1,16 @@
 using Ocelot.Configuration.Creator;
 using Shouldly;
 using Xunit;
 namespace Ocelot.UnitTests.Configuration
 {
    public class IdentityServerConfigurationCreatorTests
    {
        [Fact]
        public void happy_path_only_exists_for_test_coverage_even_uncle_bob_probably_wouldnt_test_this()
        {
            var result = IdentityServerConfigurationCreator.GetIdentityServerConfiguration();
            result.ApiName.ShouldBe("admin");
        }
    }
 }
--- a/test/Ocelot.UnitTests/Errors/ExceptionHandlerMiddlewareTests.cs
+++ b/test/Ocelot.UnitTests/Errors/ExceptionHandlerMiddlewareTests.cs
@ -0,0 +1,125 @@
 using System;
 using System.IO;
 using System.Net;
 using System.Net.Http;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.TestHost;
 using Microsoft.Extensions.DependencyInjection;
 using Moq;
 using Ocelot.DownstreamRouteFinder;
 using Ocelot.DownstreamUrlCreator;
 using Ocelot.DownstreamUrlCreator.UrlTemplateReplacer;
 using Ocelot.Errors.Middleware;
 using Ocelot.Infrastructure.RequestData;
 using Ocelot.Logging;
 using Ocelot.Responses;
 using Ocelot.Values;
 using Shouldly;
 using TestStack.BDDfy;
 using Xunit;
 namespace Ocelot.UnitTests.Errors
 {
    public class ExceptionHandlerMiddlewareTests
    {
        private readonly Mock<IRequestScopedDataRepository> _scopedRepository;
        private readonly string _url;
        private TestServer _server;
        private HttpClient _client;
        private HttpResponseMessage _result;
        public ExceptionHandlerMiddlewareTests()
        {
            _url = "http://localhost:52879";
            _scopedRepository = new Mock<IRequestScopedDataRepository>();
        }
        [Fact]
        public void should_call_next_middleware()
        {
            this.Given(_ => GivenASuccessfulRequest())
                .When(_ => WhenIMakeTheRequest())
                .Then(_ => ThenTheResponseIsOk())
                .BDDfy();
        }
        [Fact]
        public void should_call_return_error()
        {
            this.Given(_ => GivenAnError())
                .When(_ => WhenIMakeTheRequest())
                .Then(_ => ThenTheResponseIsError())
                .BDDfy();
        }
        private void ThenTheResponseIsOk()
        {
            _result.StatusCode.ShouldBe(HttpStatusCode.OK);
        }
         private void ThenTheResponseIsError()
        {
            _result.StatusCode.ShouldBe(HttpStatusCode.InternalServerError);
        }
        private void WhenIMakeTheRequest()
        {
            _result = _client.GetAsync("/").Result;
        }
        private void GivenASuccessfulRequest()
        {
            var builder = new WebHostBuilder()
              .ConfigureServices(x =>
              {
                  x.AddSingleton<IOcelotLoggerFactory, AspDotNetLoggerFactory>();
                  x.AddLogging();
                  x.AddSingleton(_scopedRepository.Object);
              })
              .UseUrls(_url)
              .UseKestrel()
              .UseContentRoot(Directory.GetCurrentDirectory())
              .UseIISIntegration()
              .UseUrls(_url)
              .Configure(app =>
              {
                  app.UseExceptionHandlerMiddleware();
                  app.Run(async context =>
                    {
                        context.Response.StatusCode = 200;
                    });
              });
            _server = new TestServer(builder);
            _client = _server.CreateClient();
        }
        private void GivenAnError()
        {
            var builder = new WebHostBuilder()
              .ConfigureServices(x =>
              {
                  x.AddSingleton<IOcelotLoggerFactory, AspDotNetLoggerFactory>();
                  x.AddLogging();
                  x.AddSingleton(_scopedRepository.Object);
              })
              .UseUrls(_url)
              .UseKestrel()
              .UseContentRoot(Directory.GetCurrentDirectory())
              .UseIISIntegration()
              .UseUrls(_url)
              .Configure(app =>
              {
                    app.UseExceptionHandlerMiddleware();
                    app.Use(async (context, next) =>
                    {
                        throw new Exception("BOOM");
                    });
              });
            _server = new TestServer(builder);
            _client = _server.CreateClient();
        }
    }
 }