diff --git a/src/Ocelot/Configuration/File/FileAuthenticationOptions.cs b/src/Ocelot/Configuration/File/FileAuthenticationOptions.cs index 9f2de967..8216aa8d 100644 --- a/src/Ocelot/Configuration/File/FileAuthenticationOptions.cs +++ b/src/Ocelot/Configuration/File/FileAuthenticationOptions.cs @@ -7,6 +7,7 @@ namespace Ocelot.Configuration.File public FileAuthenticationOptions() { AllowedScopes = new List(); + IdentityServerConfig = new FileIdentityServerConfig(); } public string Provider { get; set; } diff --git a/test/Ocelot.AcceptanceTests/AuthenticationTests.cs b/test/Ocelot.AcceptanceTests/AuthenticationTests.cs index 060cb5bd..64116034 100644 --- a/test/Ocelot.AcceptanceTests/AuthenticationTests.cs +++ b/test/Ocelot.AcceptanceTests/AuthenticationTests.cs @@ -34,241 +34,213 @@ namespace Ocelot.AcceptanceTests _steps = new Steps(); } - //[Fact] - //public void should_return_401_using_identity_server_access_token() - //{ - // var configuration = new FileConfiguration - // { - // ReRoutes = new List - // { - // new FileReRoute - // { - // DownstreamPathTemplate = _downstreamServicePath, - // DownstreamPort = _downstreamServicePort, - // DownstreamHost = _downstreamServiceHost, - // DownstreamScheme = _downstreamServiceScheme, - // UpstreamPathTemplate = "/", - // UpstreamHttpMethod = new List { "Post" }, - // AuthenticationOptions = new FileAuthenticationOptions - // { - // AllowedScopes = new List(), - // Provider = "IdentityServer", - // ProviderRootUrl = _identityServerRootUrl, - // RequireHttps = false, - // ApiName = "api", - // ApiSecret = "secret" - // } - // } - // } - // }; + [Fact] + public void should_return_401_using_identity_server_access_token() + { + var configuration = new FileConfiguration + { + ReRoutes = new List + { + new FileReRoute + { + DownstreamPathTemplate = _downstreamServicePath, + DownstreamPort = _downstreamServicePort, + DownstreamHost = _downstreamServiceHost, + DownstreamScheme = _downstreamServiceScheme, + UpstreamPathTemplate = "/", + UpstreamHttpMethod = new List { "Post" }, + AuthenticationOptions = new FileAuthenticationOptions + { + AllowedScopes = new List(), + Provider = "IdentityServer", + IdentityServerConfig = new FileIdentityServerConfig{ + ProviderRootUrl = _identityServerRootUrl, + RequireHttps = false, + ApiName = "api", + ApiSecret = "secret" + } + } + } + } + }; - // this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Jwt)) - // .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 201, string.Empty)) - // .And(x => _steps.GivenThereIsAConfiguration(configuration)) - // .And(x => _steps.GivenOcelotIsRunning()) - // .And(x => _steps.GivenThePostHasContent("postContent")) - // .When(x => _steps.WhenIPostUrlOnTheApiGateway("/")) - // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Unauthorized)) - // .BDDfy(); - //} + this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Jwt)) + .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 201, string.Empty)) + .And(x => _steps.GivenThereIsAConfiguration(configuration)) + .And(x => _steps.GivenOcelotIsRunning()) + .And(x => _steps.GivenThePostHasContent("postContent")) + .When(x => _steps.WhenIPostUrlOnTheApiGateway("/")) + .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Unauthorized)) + .BDDfy(); + } - //[Fact] - //public void should_return_401_using_identity_server_reference_token() - //{ - // var configuration = new FileConfiguration - // { - // ReRoutes = new List - // { - // new FileReRoute - // { - // DownstreamPathTemplate = _downstreamServicePath, - // DownstreamPort = _downstreamServicePort, - // DownstreamHost = _downstreamServiceHost, - // DownstreamScheme = _downstreamServiceScheme, - // UpstreamPathTemplate = "/", - // UpstreamHttpMethod = new List { "Post" }, - // AuthenticationOptions = new FileAuthenticationOptions - // { - // AllowedScopes = new List(), - // Provider = "IdentityServer", - // ProviderRootUrl = _identityServerRootUrl, - // RequireHttps = false, - // ApiName = "api", - // ApiSecret = "secret" - // } - // } - // } - // }; + [Fact] + public void should_return_response_200_using_identity_server() + { + var configuration = new FileConfiguration + { + ReRoutes = new List + { + new FileReRoute + { + DownstreamPathTemplate = _downstreamServicePath, + DownstreamPort = _downstreamServicePort, + DownstreamHost = _downstreamServiceHost, + DownstreamScheme = _downstreamServiceScheme, + UpstreamPathTemplate = "/", + UpstreamHttpMethod = new List { "Get" }, + AuthenticationOptions = new FileAuthenticationOptions + { + AllowedScopes = new List(), + Provider = "IdentityServer", + IdentityServerConfig = new FileIdentityServerConfig{ + ProviderRootUrl = _identityServerRootUrl, + RequireHttps = false, + ApiName = "api", + ApiSecret = "secret" + } + } + } + } + }; - // this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Reference)) - // .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 201, string.Empty)) - // .And(x => _steps.GivenThereIsAConfiguration(configuration)) - // .And(x => _steps.GivenOcelotIsRunning()) - // .And(x => _steps.GivenThePostHasContent("postContent")) - // .When(x => _steps.WhenIPostUrlOnTheApiGateway("/")) - // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Unauthorized)) - // .BDDfy(); - //} + this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Jwt)) + .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 200, "Hello from Laura")) + .And(x => _steps.GivenIHaveAToken(_identityServerRootUrl)) + .And(x => _steps.GivenThereIsAConfiguration(configuration)) + .And(x => _steps.GivenOcelotIsRunning()) + .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) + .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) + .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.OK)) + .And(x => _steps.ThenTheResponseBodyShouldBe("Hello from Laura")) + .BDDfy(); + } - //[Fact] - //public void should_return_response_200_using_identity_server() - //{ - // var configuration = new FileConfiguration - // { - // ReRoutes = new List - // { - // new FileReRoute - // { - // DownstreamPathTemplate = _downstreamServicePath, - // DownstreamPort = _downstreamServicePort, - // DownstreamHost = _downstreamServiceHost, - // DownstreamScheme = _downstreamServiceScheme, - // UpstreamPathTemplate = "/", - // UpstreamHttpMethod = new List { "Get" }, - // AuthenticationOptions = new FileAuthenticationOptions - // { - // AllowedScopes = new List(), - // Provider = "IdentityServer", - // ProviderRootUrl = _identityServerRootUrl, - // RequireHttps = false, - // ApiName = "api", - // ApiSecret = "secret" - // } - // } - // } - // }; + [Fact] + public void should_return_response_401_using_identity_server_with_token_requested_for_other_api() + { + var configuration = new FileConfiguration + { + ReRoutes = new List + { + new FileReRoute + { + DownstreamPathTemplate = _downstreamServicePath, + DownstreamPort = _downstreamServicePort, + DownstreamHost = _downstreamServiceHost, + DownstreamScheme = _downstreamServiceScheme, + UpstreamPathTemplate = "/", + UpstreamHttpMethod = new List { "Get" }, + AuthenticationOptions = new FileAuthenticationOptions + { + AllowedScopes = new List(), + Provider = "IdentityServer", + IdentityServerConfig = new FileIdentityServerConfig{ + ProviderRootUrl = _identityServerRootUrl, + RequireHttps = false, + ApiName = "api", + ApiSecret = "secret" + } + } + } + } + }; - // this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Jwt)) - // .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 200, "Hello from Laura")) - // .And(x => _steps.GivenIHaveAToken(_identityServerRootUrl)) - // .And(x => _steps.GivenThereIsAConfiguration(configuration)) - // .And(x => _steps.GivenOcelotIsRunning()) - // .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) - // .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) - // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.OK)) - // .And(x => _steps.ThenTheResponseBodyShouldBe("Hello from Laura")) - // .BDDfy(); - //} + this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Jwt)) + .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 200, "Hello from Laura")) + .And(x => _steps.GivenIHaveATokenForApi2(_identityServerRootUrl)) + .And(x => _steps.GivenThereIsAConfiguration(configuration)) + .And(x => _steps.GivenOcelotIsRunning()) + .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) + .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) + .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Unauthorized)) + .BDDfy(); + } - //[Fact] - //public void should_return_response_401_using_identity_server_with_token_requested_for_other_api() - //{ - // var configuration = new FileConfiguration - // { - // ReRoutes = new List - // { - // new FileReRoute - // { - // DownstreamPathTemplate = _downstreamServicePath, - // DownstreamPort = _downstreamServicePort, - // DownstreamHost = _downstreamServiceHost, - // DownstreamScheme = _downstreamServiceScheme, - // UpstreamPathTemplate = "/", - // UpstreamHttpMethod = new List { "Get" }, - // AuthenticationOptions = new FileAuthenticationOptions - // { - // AllowedScopes = new List(), - // Provider = "IdentityServer", - // ProviderRootUrl = _identityServerRootUrl, - // RequireHttps = false, - // ApiName = "api", - // ApiSecret = "secret" - // } - // } - // } - // }; + [Fact] + public void should_return_201_using_identity_server_access_token() + { + var configuration = new FileConfiguration + { + ReRoutes = new List + { + new FileReRoute + { + DownstreamPathTemplate = _downstreamServicePath, + DownstreamPort = _downstreamServicePort, + DownstreamHost = _downstreamServiceHost, + DownstreamScheme = _downstreamServiceScheme, + UpstreamPathTemplate = "/", + UpstreamHttpMethod = new List { "Post" }, - // this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Jwt)) - // .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 200, "Hello from Laura")) - // .And(x => _steps.GivenIHaveATokenForApi2(_identityServerRootUrl)) - // .And(x => _steps.GivenThereIsAConfiguration(configuration)) - // .And(x => _steps.GivenOcelotIsRunning()) - // .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) - // .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) - // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Unauthorized)) - // .BDDfy(); - //} + AuthenticationOptions = new FileAuthenticationOptions + { + AllowedScopes = new List(), + Provider = "IdentityServer", + IdentityServerConfig = new FileIdentityServerConfig{ + ProviderRootUrl = _identityServerRootUrl, + RequireHttps = false, + ApiName = "api", + ApiSecret = "secret" + } + } + } + } + }; - //[Fact] - //public void should_return_201_using_identity_server_access_token() - //{ - // var configuration = new FileConfiguration - // { - // ReRoutes = new List - // { - // new FileReRoute - // { - // DownstreamPathTemplate = _downstreamServicePath, - // DownstreamPort = _downstreamServicePort, - // DownstreamHost = _downstreamServiceHost, - // DownstreamScheme = _downstreamServiceScheme, - // UpstreamPathTemplate = "/", - // UpstreamHttpMethod = new List { "Post" }, + this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Jwt)) + .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 201, string.Empty)) + .And(x => _steps.GivenIHaveAToken(_identityServerRootUrl)) + .And(x => _steps.GivenThereIsAConfiguration(configuration)) + .And(x => _steps.GivenOcelotIsRunning()) + .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) + .And(x => _steps.GivenThePostHasContent("postContent")) + .When(x => _steps.WhenIPostUrlOnTheApiGateway("/")) + .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Created)) + .BDDfy(); + } - // AuthenticationOptions = new FileAuthenticationOptions - // { - // AllowedScopes = new List(), - // Provider = "IdentityServer", - // ProviderRootUrl = _identityServerRootUrl, - // RequireHttps = false, - // ApiName = "api", - // ApiSecret = "secret" - // } - // } - // } - // }; + [Fact] + public void should_return_201_using_identity_server_reference_token() + { + var configuration = new FileConfiguration + { + ReRoutes = new List + { + new FileReRoute + { + DownstreamPathTemplate = _downstreamServicePath, + DownstreamPort = _downstreamServicePort, + DownstreamHost = _downstreamServiceHost, + DownstreamScheme = _downstreamServiceScheme, + UpstreamPathTemplate = "/", + UpstreamHttpMethod = new List { "Post" }, + AuthenticationOptions = new FileAuthenticationOptions + { + AllowedScopes = new List(), + Provider = "IdentityServer", + IdentityServerConfig = new FileIdentityServerConfig{ + ProviderRootUrl = _identityServerRootUrl, + RequireHttps = false, + ApiName = "api", + ApiSecret = "secret" + } + } + } + } + }; - // this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Jwt)) - // .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 201, string.Empty)) - // .And(x => _steps.GivenIHaveAToken(_identityServerRootUrl)) - // .And(x => _steps.GivenThereIsAConfiguration(configuration)) - // .And(x => _steps.GivenOcelotIsRunning()) - // .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) - // .And(x => _steps.GivenThePostHasContent("postContent")) - // .When(x => _steps.WhenIPostUrlOnTheApiGateway("/")) - // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Created)) - // .BDDfy(); - //} - - //[Fact] - //public void should_return_201_using_identity_server_reference_token() - //{ - // var configuration = new FileConfiguration - // { - // ReRoutes = new List - // { - // new FileReRoute - // { - // DownstreamPathTemplate = _downstreamServicePath, - // DownstreamPort = _downstreamServicePort, - // DownstreamHost = _downstreamServiceHost, - // DownstreamScheme = _downstreamServiceScheme, - // UpstreamPathTemplate = "/", - // UpstreamHttpMethod = new List { "Post" }, - // AuthenticationOptions = new FileAuthenticationOptions - // { - // AllowedScopes = new List(), - // Provider = "IdentityServer", - // ProviderRootUrl = _identityServerRootUrl, - // RequireHttps = false, - // ApiName = "api", - // ApiSecret = "secret" - // } - // } - // } - // }; - - // this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Reference)) - // .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 201, string.Empty)) - // .And(x => _steps.GivenIHaveAToken(_identityServerRootUrl)) - // .And(x => _steps.GivenThereIsAConfiguration(configuration)) - // .And(x => _steps.GivenOcelotIsRunning()) - // .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) - // .And(x => _steps.GivenThePostHasContent("postContent")) - // .When(x => _steps.WhenIPostUrlOnTheApiGateway("/")) - // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Created)) - // .BDDfy(); - //} + this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Reference)) + .And(x => x.GivenThereIsAServiceRunningOn(_downstreamServiceUrl, 201, string.Empty)) + .And(x => _steps.GivenIHaveAToken(_identityServerRootUrl)) + .And(x => _steps.GivenThereIsAConfiguration(configuration)) + .And(x => _steps.GivenOcelotIsRunning()) + .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) + .And(x => _steps.GivenThePostHasContent("postContent")) + .When(x => _steps.WhenIPostUrlOnTheApiGateway("/")) + .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Created)) + .BDDfy(); + } private void GivenThereIsAServiceRunningOn(string url, int statusCode, string responseBody) { diff --git a/test/Ocelot.AcceptanceTests/AuthorisationTests.cs b/test/Ocelot.AcceptanceTests/AuthorisationTests.cs index 30dc636f..3eebd000 100644 --- a/test/Ocelot.AcceptanceTests/AuthorisationTests.cs +++ b/test/Ocelot.AcceptanceTests/AuthorisationTests.cs @@ -28,195 +28,203 @@ namespace Ocelot.AcceptanceTests _steps = new Steps(); } - //[Fact] - //public void should_return_response_200_authorising_route() - //{ - // var configuration = new FileConfiguration - // { - // ReRoutes = new List - // { - // new FileReRoute - // { - // DownstreamPathTemplate = "/", - // DownstreamPort = 51876, - // DownstreamScheme = "http", - // DownstreamHost = "localhost", - // UpstreamPathTemplate = "/", - // UpstreamHttpMethod = new List { "Get" }, - // AuthenticationOptions = new FileAuthenticationOptions - // { - //AllowedScopes = new List(), - // Provider = "IdentityServer", - // ProviderRootUrl = "http://localhost:51888", - // RequireHttps = false, - //ApiName = "api", - // ApiSecret = "secret" - // }, - // AddHeadersToRequest = - // { - // {"CustomerId", "Claims[CustomerId] > value"}, - // {"LocationId", "Claims[LocationId] > value"}, - // {"UserType", "Claims[sub] > value[0] > |"}, - // {"UserId", "Claims[sub] > value[1] > |"} - // }, - // AddClaimsToRequest = - // { - // {"CustomerId", "Claims[CustomerId] > value"}, - // {"UserType", "Claims[sub] > value[0] > |"}, - // {"UserId", "Claims[sub] > value[1] > |"} - // }, - // RouteClaimsRequirement = - // { - // {"UserType", "registered"} - // } - // } - // } - // }; + [Fact] + public void should_return_response_200_authorising_route() + { + var configuration = new FileConfiguration + { + ReRoutes = new List + { + new FileReRoute + { + DownstreamPathTemplate = "/", + DownstreamPort = 51876, + DownstreamScheme = "http", + DownstreamHost = "localhost", + UpstreamPathTemplate = "/", + UpstreamHttpMethod = new List { "Get" }, + AuthenticationOptions = new FileAuthenticationOptions + { + AllowedScopes = new List(), + Provider = "IdentityServer", + IdentityServerConfig = new FileIdentityServerConfig{ + ProviderRootUrl = "http://localhost:51888", + RequireHttps = false, + ApiName = "api", + ApiSecret = "secret" + } + }, + AddHeadersToRequest = + { + {"CustomerId", "Claims[CustomerId] > value"}, + {"LocationId", "Claims[LocationId] > value"}, + {"UserType", "Claims[sub] > value[0] > |"}, + {"UserId", "Claims[sub] > value[1] > |"} + }, + AddClaimsToRequest = + { + {"CustomerId", "Claims[CustomerId] > value"}, + {"UserType", "Claims[sub] > value[0] > |"}, + {"UserId", "Claims[sub] > value[1] > |"} + }, + RouteClaimsRequirement = + { + {"UserType", "registered"} + } + } + } + }; - // this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:51888", "api", AccessTokenType.Jwt)) - // .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:51876", 200, "Hello from Laura")) - // .And(x => _steps.GivenIHaveAToken("http://localhost:51888")) - // .And(x => _steps.GivenThereIsAConfiguration(configuration)) - // .And(x => _steps.GivenOcelotIsRunning()) - // .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) - // .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) - // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.OK)) - // .And(x => _steps.ThenTheResponseBodyShouldBe("Hello from Laura")) - // .BDDfy(); - //} + this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:51888", "api", AccessTokenType.Jwt)) + .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:51876", 200, "Hello from Laura")) + .And(x => _steps.GivenIHaveAToken("http://localhost:51888")) + .And(x => _steps.GivenThereIsAConfiguration(configuration)) + .And(x => _steps.GivenOcelotIsRunning()) + .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) + .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) + .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.OK)) + .And(x => _steps.ThenTheResponseBodyShouldBe("Hello from Laura")) + .BDDfy(); + } - //[Fact] - //public void should_return_response_403_authorising_route() - //{ - // var configuration = new FileConfiguration - // { - // ReRoutes = new List - // { - // new FileReRoute - // { - // DownstreamPathTemplate = "/", - // DownstreamPort = 51876, - // DownstreamScheme = "http", - // DownstreamHost = "localhost", - // UpstreamPathTemplate = "/", - // UpstreamHttpMethod = new List { "Get" }, - // AuthenticationOptions = new FileAuthenticationOptions - // { - //AllowedScopes = new List(), - // Provider = "IdentityServer", - // ProviderRootUrl = "http://localhost:51888", - // RequireHttps = false, - //ApiName = "api", - // ApiSecret = "secret" - // }, - // AddHeadersToRequest = - // { - // {"CustomerId", "Claims[CustomerId] > value"}, - // {"LocationId", "Claims[LocationId] > value"}, - // {"UserType", "Claims[sub] > value[0] > |"}, - // {"UserId", "Claims[sub] > value[1] > |"} - // }, - // AddClaimsToRequest = - // { - // {"CustomerId", "Claims[CustomerId] > value"}, - // {"UserId", "Claims[sub] > value[1] > |"} - // }, - // RouteClaimsRequirement = - // { - // {"UserType", "registered"} - // } - // } - // } - // }; + [Fact] + public void should_return_response_403_authorising_route() + { + var configuration = new FileConfiguration + { + ReRoutes = new List + { + new FileReRoute + { + DownstreamPathTemplate = "/", + DownstreamPort = 51876, + DownstreamScheme = "http", + DownstreamHost = "localhost", + UpstreamPathTemplate = "/", + UpstreamHttpMethod = new List { "Get" }, + AuthenticationOptions = new FileAuthenticationOptions + { + AllowedScopes = new List(), + Provider = "IdentityServer", + IdentityServerConfig = new FileIdentityServerConfig{ + ProviderRootUrl = "http://localhost:51888", + RequireHttps = false, + ApiName = "api", + ApiSecret = "secret" + } + }, + AddHeadersToRequest = + { + {"CustomerId", "Claims[CustomerId] > value"}, + {"LocationId", "Claims[LocationId] > value"}, + {"UserType", "Claims[sub] > value[0] > |"}, + {"UserId", "Claims[sub] > value[1] > |"} + }, + AddClaimsToRequest = + { + {"CustomerId", "Claims[CustomerId] > value"}, + {"UserId", "Claims[sub] > value[1] > |"} + }, + RouteClaimsRequirement = + { + {"UserType", "registered"} + } + } + } + }; - // this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:51888", "api", AccessTokenType.Jwt)) - // .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:51876", 200, "Hello from Laura")) - // .And(x => _steps.GivenIHaveAToken("http://localhost:51888")) - // .And(x => _steps.GivenThereIsAConfiguration(configuration)) - // .And(x => _steps.GivenOcelotIsRunning()) - // .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) - // .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) - // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Forbidden)) - // .BDDfy(); - //} + this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:51888", "api", AccessTokenType.Jwt)) + .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:51876", 200, "Hello from Laura")) + .And(x => _steps.GivenIHaveAToken("http://localhost:51888")) + .And(x => _steps.GivenThereIsAConfiguration(configuration)) + .And(x => _steps.GivenOcelotIsRunning()) + .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) + .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) + .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Forbidden)) + .BDDfy(); + } - //[Fact] - //public void should_return_response_200_using_identity_server_with_allowed_scope() - //{ - // var configuration = new FileConfiguration - // { - // ReRoutes = new List - // { - // new FileReRoute - // { - // DownstreamPathTemplate = "/", - // DownstreamPort = 51876, - // DownstreamHost = "localhost", - // DownstreamScheme = "http", - // UpstreamPathTemplate = "/", - // UpstreamHttpMethod = new List { "Get" }, - // AuthenticationOptions = new FileAuthenticationOptions - // { - // AllowedScopes = new List{ "api", "api.readOnly", "openid", "offline_access" }, - // Provider = "IdentityServer", - // ProviderRootUrl = "http://localhost:51888", - // RequireHttps = false, - // ApiName = "api", - // ApiSecret = "secret" - // } - // } - // } - // }; + [Fact] + public void should_return_response_200_using_identity_server_with_allowed_scope() + { + var configuration = new FileConfiguration + { + ReRoutes = new List + { + new FileReRoute + { + DownstreamPathTemplate = "/", + DownstreamPort = 51876, + DownstreamHost = "localhost", + DownstreamScheme = "http", + UpstreamPathTemplate = "/", + UpstreamHttpMethod = new List { "Get" }, + AuthenticationOptions = new FileAuthenticationOptions + { + AllowedScopes = new List{ "api", "api.readOnly", "openid", "offline_access" }, + Provider = "IdentityServer", + IdentityServerConfig = new FileIdentityServerConfig{ + ProviderRootUrl = "http://localhost:51888", + RequireHttps = false, + ApiName = "api", + ApiSecret = "secret" + } + } + } + } + }; - // this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:51888", "api", AccessTokenType.Jwt)) - // .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:51876", 200, "Hello from Laura")) - // .And(x => _steps.GivenIHaveATokenForApiReadOnlyScope("http://localhost:51888")) - // .And(x => _steps.GivenThereIsAConfiguration(configuration)) - // .And(x => _steps.GivenOcelotIsRunning()) - // .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) - // .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) - // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.OK)) - // .BDDfy(); - //} + this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:51888", "api", AccessTokenType.Jwt)) + .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:51876", 200, "Hello from Laura")) + .And(x => _steps.GivenIHaveATokenForApiReadOnlyScope("http://localhost:51888")) + .And(x => _steps.GivenThereIsAConfiguration(configuration)) + .And(x => _steps.GivenOcelotIsRunning()) + .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) + .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) + .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.OK)) + .BDDfy(); + } - //[Fact] - //public void should_return_response_403_using_identity_server_with_scope_not_allowed() - //{ - // var configuration = new FileConfiguration - // { - // ReRoutes = new List - // { - // new FileReRoute - // { - // DownstreamPathTemplate = "/", - // DownstreamPort = 51876, - // DownstreamHost = "localhost", - // DownstreamScheme = "http", - // UpstreamPathTemplate = "/", - // UpstreamHttpMethod = new List { "Get" }, - // AuthenticationOptions = new FileAuthenticationOptions - // { - // AllowedScopes = new List{ "api", "openid", "offline_access" }, - // Provider = "IdentityServer", - // ProviderRootUrl = "http://localhost:51888", - // RequireHttps = false, - // ApiName = "api", - // ApiSecret = "secret" - // } - // } - // } - // }; + [Fact] + public void should_return_response_403_using_identity_server_with_scope_not_allowed() + { + var configuration = new FileConfiguration + { + ReRoutes = new List + { + new FileReRoute + { + DownstreamPathTemplate = "/", + DownstreamPort = 51876, + DownstreamHost = "localhost", + DownstreamScheme = "http", + UpstreamPathTemplate = "/", + UpstreamHttpMethod = new List { "Get" }, + AuthenticationOptions = new FileAuthenticationOptions + { + AllowedScopes = new List{ "api", "openid", "offline_access" }, + Provider = "IdentityServer", + IdentityServerConfig = new FileIdentityServerConfig{ + ProviderRootUrl = "http://localhost:51888", + RequireHttps = false, + ApiName = "api", + ApiSecret = "secret" + } + } + } + } + }; - // this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:51888", "api", AccessTokenType.Jwt)) - // .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:51876", 200, "Hello from Laura")) - // .And(x => _steps.GivenIHaveATokenForApiReadOnlyScope("http://localhost:51888")) - // .And(x => _steps.GivenThereIsAConfiguration(configuration)) - // .And(x => _steps.GivenOcelotIsRunning()) - // .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) - // .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) - // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Forbidden)) - // .BDDfy(); - //} + this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:51888", "api", AccessTokenType.Jwt)) + .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:51876", 200, "Hello from Laura")) + .And(x => _steps.GivenIHaveATokenForApiReadOnlyScope("http://localhost:51888")) + .And(x => _steps.GivenThereIsAConfiguration(configuration)) + .And(x => _steps.GivenOcelotIsRunning()) + .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) + .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) + .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.Forbidden)) + .BDDfy(); + } private void GivenThereIsAServiceRunningOn(string url, int statusCode, string responseBody) { diff --git a/test/Ocelot.AcceptanceTests/ClaimsToHeadersForwardingTests.cs b/test/Ocelot.AcceptanceTests/ClaimsToHeadersForwardingTests.cs index 80f9144f..babb520e 100644 --- a/test/Ocelot.AcceptanceTests/ClaimsToHeadersForwardingTests.cs +++ b/test/Ocelot.AcceptanceTests/ClaimsToHeadersForwardingTests.cs @@ -30,67 +30,69 @@ namespace Ocelot.AcceptanceTests _steps = new Steps(); } - //[Fact] - //public void should_return_response_200_and_foward_claim_as_header() - //{ - // var user = new TestUser() - // { - // Username = "test", - // Password = "test", - // SubjectId = "registered|1231231", - // Claims = new List - // { - // new Claim("CustomerId", "123"), - // new Claim("LocationId", "1") - // } - // }; + [Fact] + public void should_return_response_200_and_foward_claim_as_header() + { + var user = new TestUser() + { + Username = "test", + Password = "test", + SubjectId = "registered|1231231", + Claims = new List + { + new Claim("CustomerId", "123"), + new Claim("LocationId", "1") + } + }; - // var configuration = new FileConfiguration - // { - // ReRoutes = new List - // { - // new FileReRoute - // { - // DownstreamPathTemplate = "/", - // DownstreamPort = 52876, - // DownstreamScheme = "http", - // DownstreamHost = "localhost", - // UpstreamPathTemplate = "/", - // UpstreamHttpMethod = new List { "Get" }, - // AuthenticationOptions = new FileAuthenticationOptions - // { - //AllowedScopes = new List - // { - // "openid", "offline_access", "api" - // }, - // Provider = "IdentityServer", - // ProviderRootUrl = "http://localhost:52888", - // RequireHttps = false, - //ApiName = "api", - // ApiSecret = "secret", - // }, - // AddHeadersToRequest = - // { - // {"CustomerId", "Claims[CustomerId] > value"}, - // {"LocationId", "Claims[LocationId] > value"}, - // {"UserType", "Claims[sub] > value[0] > |"}, - // {"UserId", "Claims[sub] > value[1] > |"} - // } - // } - // } - // }; + var configuration = new FileConfiguration + { + ReRoutes = new List + { + new FileReRoute + { + DownstreamPathTemplate = "/", + DownstreamPort = 52876, + DownstreamScheme = "http", + DownstreamHost = "localhost", + UpstreamPathTemplate = "/", + UpstreamHttpMethod = new List { "Get" }, + AuthenticationOptions = new FileAuthenticationOptions + { + AllowedScopes = new List + { + "openid", "offline_access", "api" + }, + Provider = "IdentityServer", + IdentityServerConfig = new FileIdentityServerConfig{ + ProviderRootUrl = "http://localhost:52888", + RequireHttps = false, + ApiName = "api", + ApiSecret = "secret" + } + }, + AddHeadersToRequest = + { + {"CustomerId", "Claims[CustomerId] > value"}, + {"LocationId", "Claims[LocationId] > value"}, + {"UserType", "Claims[sub] > value[0] > |"}, + {"UserId", "Claims[sub] > value[1] > |"} + } + } + } + }; - // this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:52888", "api", AccessTokenType.Jwt, user)) - // .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:52876", 200)) - // .And(x => _steps.GivenIHaveAToken("http://localhost:52888")) - // .And(x => _steps.GivenThereIsAConfiguration(configuration)) - // .And(x => _steps.GivenOcelotIsRunning()) - // .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) - // .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) - // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.OK)) - // .And(x => _steps.ThenTheResponseBodyShouldBe("CustomerId: 123 LocationId: 1 UserType: registered UserId: 1231231")) - // .BDDfy(); - //} + this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:52888", "api", AccessTokenType.Jwt, user)) + .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:52876", 200)) + .And(x => _steps.GivenIHaveAToken("http://localhost:52888")) + .And(x => _steps.GivenThereIsAConfiguration(configuration)) + .And(x => _steps.GivenOcelotIsRunning()) + .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) + .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) + .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.OK)) + .And(x => _steps.ThenTheResponseBodyShouldBe("CustomerId: 123 LocationId: 1 UserType: registered UserId: 1231231")) + .BDDfy(); + } private void GivenThereIsAServiceRunningOn(string url, int statusCode) { diff --git a/test/Ocelot.AcceptanceTests/ClaimsToQueryStringForwardingTests.cs b/test/Ocelot.AcceptanceTests/ClaimsToQueryStringForwardingTests.cs index 32b9dc8b..744cfab2 100644 --- a/test/Ocelot.AcceptanceTests/ClaimsToQueryStringForwardingTests.cs +++ b/test/Ocelot.AcceptanceTests/ClaimsToQueryStringForwardingTests.cs @@ -30,67 +30,69 @@ namespace Ocelot.AcceptanceTests _steps = new Steps(); } - //[Fact] - //public void should_return_response_200_and_foward_claim_as_query_string() - //{ - // var user = new TestUser() - // { - // Username = "test", - // Password = "test", - // SubjectId = "registered|1231231", - // Claims = new List - // { - // new Claim("CustomerId", "123"), - // new Claim("LocationId", "1") - // } - // }; + [Fact] + public void should_return_response_200_and_foward_claim_as_query_string() + { + var user = new TestUser() + { + Username = "test", + Password = "test", + SubjectId = "registered|1231231", + Claims = new List + { + new Claim("CustomerId", "123"), + new Claim("LocationId", "1") + } + }; - // var configuration = new FileConfiguration - // { - // ReRoutes = new List - // { - // new FileReRoute - // { - // DownstreamPathTemplate = "/", - // DownstreamPort = 57876, - // DownstreamScheme = "http", - // DownstreamHost = "localhost", - // UpstreamPathTemplate = "/", - // UpstreamHttpMethod = new List { "Get" }, - // AuthenticationOptions = new FileAuthenticationOptions - // { - //AllowedScopes = new List - // { - // "openid", "offline_access", "api" - // }, - // Provider = "IdentityServer", - // ProviderRootUrl = "http://localhost:57888", - // RequireHttps = false, - //ApiName = "api", - // ApiSecret = "secret", - // }, - // AddQueriesToRequest = - // { - // {"CustomerId", "Claims[CustomerId] > value"}, - // {"LocationId", "Claims[LocationId] > value"}, - // {"UserType", "Claims[sub] > value[0] > |"}, - // {"UserId", "Claims[sub] > value[1] > |"} - // } - // } - // } - // }; + var configuration = new FileConfiguration + { + ReRoutes = new List + { + new FileReRoute + { + DownstreamPathTemplate = "/", + DownstreamPort = 57876, + DownstreamScheme = "http", + DownstreamHost = "localhost", + UpstreamPathTemplate = "/", + UpstreamHttpMethod = new List { "Get" }, + AuthenticationOptions = new FileAuthenticationOptions + { + AllowedScopes = new List + { + "openid", "offline_access", "api" + }, + Provider = "IdentityServer", + IdentityServerConfig = new FileIdentityServerConfig{ + ProviderRootUrl = "http://localhost:57888", + RequireHttps = false, + ApiName = "api", + ApiSecret = "secret" + } + }, + AddQueriesToRequest = + { + {"CustomerId", "Claims[CustomerId] > value"}, + {"LocationId", "Claims[LocationId] > value"}, + {"UserType", "Claims[sub] > value[0] > |"}, + {"UserId", "Claims[sub] > value[1] > |"} + } + } + } + }; - // this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:57888", "api", AccessTokenType.Jwt, user)) - // .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:57876", 200)) - // .And(x => _steps.GivenIHaveAToken("http://localhost:57888")) - // .And(x => _steps.GivenThereIsAConfiguration(configuration)) - // .And(x => _steps.GivenOcelotIsRunning()) - // .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) - // .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) - // .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.OK)) - // .And(x => _steps.ThenTheResponseBodyShouldBe("CustomerId: 123 LocationId: 1 UserType: registered UserId: 1231231")) - // .BDDfy(); - //} + this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:57888", "api", AccessTokenType.Jwt, user)) + .And(x => x.GivenThereIsAServiceRunningOn("http://localhost:57876", 200)) + .And(x => _steps.GivenIHaveAToken("http://localhost:57888")) + .And(x => _steps.GivenThereIsAConfiguration(configuration)) + .And(x => _steps.GivenOcelotIsRunning()) + .And(x => _steps.GivenIHaveAddedATokenToMyRequest()) + .When(x => _steps.WhenIGetUrlOnTheApiGateway("/")) + .Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.OK)) + .And(x => _steps.ThenTheResponseBodyShouldBe("CustomerId: 123 LocationId: 1 UserType: registered UserId: 1231231")) + .BDDfy(); + } private void GivenThereIsAServiceRunningOn(string url, int statusCode) {