mirror of
https://github.com/nsnail/Ocelot.git
synced 2025-06-19 05:48:16 +08:00
Merge pull request #110 from sharpn/develop
Adding JWT authentication for use with auth0
This commit is contained in:
Tom Pallister
@ -28,26 +28,68 @@ namespace Ocelot.UnitTests.Configuration
|
||||
AuthenticationOptions = new FileAuthenticationOptions
|
||||
{
|
||||
Provider = "Geoff",
|
||||
ProviderRootUrl = "http://www.bbc.co.uk/",
|
||||
ApiName = "Laura",
|
||||
RequireHttps = true,
|
||||
AllowedScopes = new List<string> {"cheese"},
|
||||
ApiSecret = "secret"
|
||||
IdentityServerConfig = new FileIdentityServerConfig()
|
||||
{
|
||||
ProviderRootUrl = "http://www.bbc.co.uk/",
|
||||
ApiName = "Laura",
|
||||
RequireHttps = true,
|
||||
ApiSecret = "secret"
|
||||
},
|
||||
AllowedScopes = new List<string> { "cheese" },
|
||||
|
||||
}
|
||||
};
|
||||
|
||||
var authenticationConfig = new IdentityServerConfigBuilder()
|
||||
.WithProviderRootUrl(fileReRoute.AuthenticationOptions?.IdentityServerConfig?.ProviderRootUrl)
|
||||
.WithApiName(fileReRoute.AuthenticationOptions?.IdentityServerConfig?.ApiName)
|
||||
.WithRequireHttps(fileReRoute.AuthenticationOptions.IdentityServerConfig.RequireHttps)
|
||||
.WithApiSecret(fileReRoute.AuthenticationOptions?.IdentityServerConfig?.ApiSecret)
|
||||
.Build();
|
||||
|
||||
var expected = new AuthenticationOptionsBuilder()
|
||||
.WithProvider(fileReRoute.AuthenticationOptions?.Provider)
|
||||
.WithProviderRootUrl(fileReRoute.AuthenticationOptions?.ProviderRootUrl)
|
||||
.WithApiName(fileReRoute.AuthenticationOptions?.ApiName)
|
||||
.WithRequireHttps(fileReRoute.AuthenticationOptions.RequireHttps)
|
||||
.WithAllowedScopes(fileReRoute.AuthenticationOptions?.AllowedScopes)
|
||||
.WithApiSecret(fileReRoute.AuthenticationOptions?.ApiSecret)
|
||||
.WithConfig(authenticationConfig)
|
||||
.Build();
|
||||
|
||||
this.Given(x => x.GivenTheFollowing(fileReRoute))
|
||||
.When(x => x.WhenICreateTheAuthenticationOptions())
|
||||
.Then(x => x.ThenTheFollowingIsReturned(expected))
|
||||
.Then(x => x.ThenTheFollowingIdentityServerConfigIsReturned(expected))
|
||||
.BDDfy();
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void should_return_Jwt_auth_options()
|
||||
{
|
||||
var fileReRoute = new FileReRoute()
|
||||
{
|
||||
AuthenticationOptions = new FileAuthenticationOptions
|
||||
{
|
||||
Provider = "Jwt",
|
||||
JwtConfig = new FileJwtConfig()
|
||||
{
|
||||
Audience = "Audience",
|
||||
Authority = "Authority"
|
||||
},
|
||||
AllowedScopes = new List<string> { "cheese" }
|
||||
}
|
||||
};
|
||||
|
||||
var authenticationConfig = new JwtConfigBuilder()
|
||||
.WithAudience(fileReRoute.AuthenticationOptions?.JwtConfig?.Audience)
|
||||
.WithAuthority(fileReRoute.AuthenticationOptions?.JwtConfig?.Authority)
|
||||
.Build();
|
||||
|
||||
var expected = new AuthenticationOptionsBuilder()
|
||||
.WithProvider(fileReRoute.AuthenticationOptions?.Provider)
|
||||
.WithAllowedScopes(fileReRoute.AuthenticationOptions?.AllowedScopes)
|
||||
.WithConfig(authenticationConfig)
|
||||
.Build();
|
||||
|
||||
this.Given(x => x.GivenTheFollowing(fileReRoute))
|
||||
.When(x => x.WhenICreateTheAuthenticationOptions())
|
||||
.Then(x => x.ThenTheFollowingJwtConfigIsReturned(expected))
|
||||
.BDDfy();
|
||||
}
|
||||
|
||||
@ -61,14 +103,31 @@ namespace Ocelot.UnitTests.Configuration
|
||||
_result = _authOptionsCreator.Create(_fileReRoute);
|
||||
}
|
||||
|
||||
private void ThenTheFollowingIsReturned(AuthenticationOptions expected)
|
||||
private void ThenTheFollowingJwtConfigIsReturned(AuthenticationOptions expected)
|
||||
{
|
||||
_result.AllowedScopes.ShouldBe(expected.AllowedScopes);
|
||||
_result.Provider.ShouldBe(expected.Provider);
|
||||
_result.ProviderRootUrl.ShouldBe(expected.ProviderRootUrl);
|
||||
_result.RequireHttps.ShouldBe(expected.RequireHttps);
|
||||
_result.ApiName.ShouldBe(expected.ApiName);
|
||||
_result.ApiSecret.ShouldBe(expected.ApiSecret);
|
||||
|
||||
var _resultSettings = _result.Config as JwtConfig;
|
||||
var expectedSettngs = expected.Config as JwtConfig;
|
||||
|
||||
_resultSettings.Audience.ShouldBe(expectedSettngs.Audience);
|
||||
_resultSettings.Authority.ShouldBe(expectedSettngs.Authority);
|
||||
|
||||
}
|
||||
|
||||
private void ThenTheFollowingIdentityServerConfigIsReturned(AuthenticationOptions expected)
|
||||
{
|
||||
_result.AllowedScopes.ShouldBe(expected.AllowedScopes);
|
||||
_result.Provider.ShouldBe(expected.Provider);
|
||||
|
||||
var _resultSettings = _result.Config as IdentityServerConfig;
|
||||
var expectedSettngs = expected.Config as IdentityServerConfig;
|
||||
|
||||
_resultSettings.ProviderRootUrl.ShouldBe(expectedSettngs.ProviderRootUrl);
|
||||
_resultSettings.RequireHttps.ShouldBe(expectedSettngs.RequireHttps);
|
||||
_resultSettings.ApiName.ShouldBe(expectedSettngs.ApiName);
|
||||
_resultSettings.ApiSecret.ShouldBe(expectedSettngs.ApiSecret);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -18,6 +18,10 @@ using Xunit;
|
||||
|
||||
namespace Ocelot.UnitTests.Configuration
|
||||
{
|
||||
using System.Collections;
|
||||
|
||||
using Ocelot.UnitTests.TestData;
|
||||
|
||||
public class FileConfigurationCreatorTests
|
||||
{
|
||||
private readonly Mock<IOptions<FileConfiguration>> _fileConfig;
|
||||
@ -440,20 +444,18 @@ namespace Ocelot.UnitTests.Configuration
|
||||
.BDDfy();
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void should_create_with_headers_to_extract()
|
||||
[Theory]
|
||||
[MemberData(nameof(AuthenticationConfigTestData.GetAuthenticationData), MemberType = typeof(AuthenticationConfigTestData))]
|
||||
public void should_create_with_headers_to_extract(string provider, IAuthenticationConfig config, FileConfiguration fileConfig)
|
||||
{
|
||||
var reRouteOptions = new ReRouteOptionsBuilder()
|
||||
.WithIsAuthenticated(true)
|
||||
.Build();
|
||||
|
||||
var authenticationOptions = new AuthenticationOptionsBuilder()
|
||||
.WithProvider("IdentityServer")
|
||||
.WithProviderRootUrl("http://localhost:51888")
|
||||
.WithRequireHttps(false)
|
||||
.WithApiSecret("secret")
|
||||
.WithApiName("api")
|
||||
.WithProvider(provider)
|
||||
.WithAllowedScopes(new List<string>())
|
||||
.WithConfig(config)
|
||||
.Build();
|
||||
|
||||
var expected = new List<ReRoute>
|
||||
@ -470,59 +472,32 @@ namespace Ocelot.UnitTests.Configuration
|
||||
.Build()
|
||||
};
|
||||
|
||||
this.Given(x => x.GivenTheConfigIs(new FileConfiguration
|
||||
{
|
||||
ReRoutes = new List<FileReRoute>
|
||||
{
|
||||
new FileReRoute
|
||||
{
|
||||
UpstreamPathTemplate = "/api/products/{productId}",
|
||||
DownstreamPathTemplate = "/products/{productId}",
|
||||
UpstreamHttpMethod = new List<string> { "Get" },
|
||||
ReRouteIsCaseSensitive = true,
|
||||
AuthenticationOptions = new FileAuthenticationOptions
|
||||
{
|
||||
AllowedScopes= new List<string>(),
|
||||
Provider = "IdentityServer",
|
||||
ProviderRootUrl = "http://localhost:51888",
|
||||
RequireHttps = false,
|
||||
ApiName= "api",
|
||||
ApiSecret = "secret"
|
||||
},
|
||||
AddHeadersToRequest =
|
||||
{
|
||||
{"CustomerId", "Claims[CustomerId] > value"},
|
||||
}
|
||||
}
|
||||
}
|
||||
}))
|
||||
this.Given(x => x.GivenTheConfigIs(fileConfig))
|
||||
.And(x => x.GivenTheConfigIsValid())
|
||||
.And(x => x.GivenTheAuthOptionsCreatorReturns(authenticationOptions))
|
||||
.And(x => x.GivenTheFollowingOptionsAreReturned(reRouteOptions))
|
||||
.And(x => x.GivenTheClaimsToThingCreatorReturns(new List<ClaimToThing>{new ClaimToThing("CustomerId", "CustomerId", "", 0)}))
|
||||
.And(x => x.GivenTheClaimsToThingCreatorReturns(new List<ClaimToThing> { new ClaimToThing("CustomerId", "CustomerId", "", 0) }))
|
||||
.And(x => x.GivenTheLoadBalancerFactoryReturns())
|
||||
.When(x => x.WhenICreateTheConfig())
|
||||
.Then(x => x.ThenTheReRoutesAre(expected))
|
||||
.And(x => x.ThenTheAuthenticationOptionsAre(expected))
|
||||
.And(x => x.ThenTheAuthenticationOptionsAre(provider, expected))
|
||||
.And(x => x.ThenTheAuthOptionsCreatorIsCalledCorrectly())
|
||||
.BDDfy();
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void should_create_with_authentication_properties()
|
||||
[Theory]
|
||||
[MemberData(nameof(AuthenticationConfigTestData.GetAuthenticationData), MemberType = typeof(AuthenticationConfigTestData))]
|
||||
public void should_create_with_authentication_properties(string provider, IAuthenticationConfig config, FileConfiguration fileConfig)
|
||||
{
|
||||
var reRouteOptions = new ReRouteOptionsBuilder()
|
||||
.WithIsAuthenticated(true)
|
||||
.Build();
|
||||
|
||||
var authenticationOptions = new AuthenticationOptionsBuilder()
|
||||
.WithProvider("IdentityServer")
|
||||
.WithProviderRootUrl("http://localhost:51888")
|
||||
.WithRequireHttps(false)
|
||||
.WithApiSecret("secret")
|
||||
.WithApiName("api")
|
||||
.WithAllowedScopes(new List<string>())
|
||||
.Build();
|
||||
var authenticationOptions = new AuthenticationOptionsBuilder()
|
||||
.WithProvider(provider)
|
||||
.WithAllowedScopes(new List<string>())
|
||||
.WithConfig(config)
|
||||
.Build();
|
||||
|
||||
var expected = new List<ReRoute>
|
||||
{
|
||||
@ -534,35 +509,14 @@ namespace Ocelot.UnitTests.Configuration
|
||||
.Build()
|
||||
};
|
||||
|
||||
this.Given(x => x.GivenTheConfigIs(new FileConfiguration
|
||||
{
|
||||
ReRoutes = new List<FileReRoute>
|
||||
{
|
||||
new FileReRoute
|
||||
{
|
||||
UpstreamPathTemplate = "/api/products/{productId}",
|
||||
DownstreamPathTemplate = "/products/{productId}",
|
||||
UpstreamHttpMethod = new List<string> { "Get" },
|
||||
ReRouteIsCaseSensitive = true,
|
||||
AuthenticationOptions = new FileAuthenticationOptions
|
||||
{
|
||||
AllowedScopes = new List<string>(),
|
||||
Provider = "IdentityServer",
|
||||
ProviderRootUrl = "http://localhost:51888",
|
||||
RequireHttps = false,
|
||||
ApiName= "api",
|
||||
ApiSecret = "secret"
|
||||
}
|
||||
}
|
||||
}
|
||||
}))
|
||||
this.Given(x => x.GivenTheConfigIs(fileConfig))
|
||||
.And(x => x.GivenTheConfigIsValid())
|
||||
.And(x => x.GivenTheFollowingOptionsAreReturned(reRouteOptions))
|
||||
.And(x => x.GivenTheAuthOptionsCreatorReturns(authenticationOptions))
|
||||
.And(x => x.GivenTheLoadBalancerFactoryReturns())
|
||||
.When(x => x.WhenICreateTheConfig())
|
||||
.Then(x => x.ThenTheReRoutesAre(expected))
|
||||
.And(x => x.ThenTheAuthenticationOptionsAre(expected))
|
||||
.And(x => x.ThenTheAuthenticationOptionsAre(provider, expected))
|
||||
.And(x => x.ThenTheAuthOptionsCreatorIsCalledCorrectly())
|
||||
.BDDfy();
|
||||
}
|
||||
@ -633,7 +587,7 @@ namespace Ocelot.UnitTests.Configuration
|
||||
}
|
||||
}
|
||||
|
||||
private void ThenTheAuthenticationOptionsAre(List<ReRoute> expectedReRoutes)
|
||||
private void ThenTheAuthenticationOptionsAre(string provider, List<ReRoute> expectedReRoutes)
|
||||
{
|
||||
for (int i = 0; i < _config.Data.ReRoutes.Count; i++)
|
||||
{
|
||||
@ -642,11 +596,25 @@ namespace Ocelot.UnitTests.Configuration
|
||||
|
||||
result.AllowedScopes.ShouldBe(expected.AllowedScopes);
|
||||
result.Provider.ShouldBe(expected.Provider);
|
||||
result.ProviderRootUrl.ShouldBe(expected.ProviderRootUrl);
|
||||
result.RequireHttps.ShouldBe(expected.RequireHttps);
|
||||
result.ApiName.ShouldBe(expected.ApiName);
|
||||
result.ApiSecret.ShouldBe(expected.ApiSecret);
|
||||
|
||||
if (provider.ToLower() == "identityserver")
|
||||
{
|
||||
var config = result.Config as IdentityServerConfig;
|
||||
var expectedConfig = expected.Config as IdentityServerConfig;
|
||||
|
||||
config.ProviderRootUrl.ShouldBe(expectedConfig.ProviderRootUrl);
|
||||
config.RequireHttps.ShouldBe(expectedConfig.RequireHttps);
|
||||
config.ApiName.ShouldBe(expectedConfig.ApiName);
|
||||
config.ApiSecret.ShouldBe(expectedConfig.ApiSecret);
|
||||
}
|
||||
else
|
||||
{
|
||||
var config = result.Config as JwtConfig;
|
||||
var expectedConfig = expected.Config as JwtConfig;
|
||||
|
||||
config.Audience.ShouldBe(expectedConfig.Audience);
|
||||
config.Authority.ShouldBe(expectedConfig.Authority);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user