tk/Ocelot
1
0
Fork 0
mirror of https://github.com/nsnail/Ocelot.git synced 2025-06-19 23:28:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

[New feature] Support claims to path transformation (#968)

Browse Source 
* Add the option to change DownstreamPath based on Claims

* Add tests for Claims to downstream path
This commit is contained in:
Víctor Martos
2019-08-12 19:03:20 +02:00
committed by Thiago Loureiro
parent b32850a804
commit 8117366313
13 changed files with 644 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

201
test/Ocelot.AcceptanceTests/ClaimsToDownstreamPathTests.cs Normal file
View File

@ -0,0 +1,201 @@
using Xunit;
namespace Ocelot.AcceptanceTests
{
using IdentityServer4.AccessTokenValidation;
using IdentityServer4.Models;
using IdentityServer4.Test;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection;
using Ocelot.Configuration.File;
using Shouldly;
using System;
using System.Collections.Generic;
using System.IO;
using System.Net;
using TestStack.BDDfy;
public class ClaimsToDownstreamPathTests : IDisposable
{
private IWebHost _servicebuilder;
private IWebHost _identityServerBuilder;
private readonly Steps _steps;
private Action<IdentityServerAuthenticationOptions> _options;
private string _identityServerRootUrl = "http://localhost:57888";
private string _downstreamFinalPath;
public ClaimsToDownstreamPathTests()
{
_steps = new Steps();
_options = o =>
{
o.Authority = _identityServerRootUrl;
o.ApiName = "api";
o.RequireHttpsMetadata = false;
o.SupportedTokens = SupportedTokens.Both;
o.ApiSecret = "secret";
};
}
[Fact]
public void should_return_200_and_change_downstream_path()
{
var user = new TestUser()
{
Username = "test",
Password = "test",
SubjectId = "registered|1231231",
};
var configuration = new FileConfiguration
{
ReRoutes = new List<FileReRoute>
{
new FileReRoute
{
DownstreamPathTemplate = "/users/{userId}",
DownstreamHostAndPorts = new List<FileHostAndPort>
{
new FileHostAndPort
{
Host = "localhost",
Port = 57876,
},
},
DownstreamScheme = "http",
UpstreamPathTemplate = "/users",
UpstreamHttpMethod = new List<string> { "Get" },
AuthenticationOptions = new FileAuthenticationOptions
{
AuthenticationProviderKey = "Test",
AllowedScopes = new List<string>
{
"openid", "offline_access", "api",
},
},
ChangeDownstreamPathTemplate =
{
{"userId", "Claims[sub] > value[1] > |"},
},
},
},
};
this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:57888", "api", AccessTokenType.Jwt, user))
.And(x => x.GivenThereIsAServiceRunningOn("http://localhost:57876", 200))
.And(x => _steps.GivenIHaveAToken("http://localhost:57888"))
.And(x => _steps.GivenThereIsAConfiguration(configuration))
.And(x => _steps.GivenOcelotIsRunning(_options, "Test"))
.And(x => _steps.GivenIHaveAddedATokenToMyRequest())
.When(x => _steps.WhenIGetUrlOnTheApiGateway("/users"))
.Then(x => _steps.ThenTheStatusCodeShouldBe(HttpStatusCode.OK))
.And(x => _steps.ThenTheResponseBodyShouldBe("UserId: 1231231"))
.And(x => _downstreamFinalPath.ShouldBe("/users/1231231"))
.BDDfy();
}
private void GivenThereIsAServiceRunningOn(string url, int statusCode)
{
_servicebuilder = new WebHostBuilder()
.UseUrls(url)
.UseKestrel()
.UseContentRoot(Directory.GetCurrentDirectory())
.UseIISIntegration()
.UseUrls(url)
.Configure(app =>
{
app.Run(async context =>
{
_downstreamFinalPath = context.Request.Path.Value;
string userId = _downstreamFinalPath.Replace("/users/", string.Empty);
var responseBody = $"UserId: {userId}";
context.Response.StatusCode = statusCode;
await context.Response.WriteAsync(responseBody);
});
})
.Build();
_servicebuilder.Start();
}
private void GivenThereIsAnIdentityServerOn(string url, string apiName, AccessTokenType tokenType, TestUser user)
{
_identityServerBuilder = new WebHostBuilder()
.UseUrls(url)
.UseKestrel()
.UseContentRoot(Directory.GetCurrentDirectory())
.UseIISIntegration()
.UseUrls(url)
.ConfigureServices(services =>
{
services.AddLogging();
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryApiResources(new List<ApiResource>
{
new ApiResource
{
Name = apiName,
Description = "My API",
Enabled = true,
DisplayName = "test",
Scopes = new List<Scope>()
{
new Scope("api"),
new Scope("openid"),
new Scope("offline_access")
},
ApiSecrets = new List<Secret>()
{
new Secret
{
Value = "secret".Sha256()
}
},
UserClaims = new List<string>()
{
"CustomerId", "LocationId", "UserType", "UserId"
}
}
})
.AddInMemoryClients(new List<Client>
{
new Client
{
ClientId = "client",
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
ClientSecrets = new List<Secret> {new Secret("secret".Sha256())},
AllowedScopes = new List<string> { apiName, "openid", "offline_access" },
AccessTokenType = tokenType,
Enabled = true,
RequireClientSecret = false
}
})
.AddTestUsers(new List<TestUser>
{
user
});
})
.Configure(app =>
{
app.UseIdentityServer();
})
.Build();
_identityServerBuilder.Start();
_steps.VerifyIdentiryServerStarted(url);
}
public void Dispose()
{
_servicebuilder?.Dispose();
_steps.Dispose();
_identityServerBuilder?.Dispose();
}
}
}

196
test/Ocelot.UnitTests/DownstreamPathManipulation/ChangeDownstreamPathTemplateTests.cs Normal file
View File

@ -0,0 +1,196 @@
using Moq;
using Ocelot.Configuration;
using Ocelot.DownstreamRouteFinder.UrlMatcher;
using Ocelot.Errors;
using Ocelot.Infrastructure;
using Ocelot.Infrastructure.Claims.Parser;
using Ocelot.PathManipulation;
using Ocelot.Responses;
using Ocelot.UnitTests.Responder;
using Ocelot.Values;
using Shouldly;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using TestStack.BDDfy;
using Xunit;
namespace Ocelot.UnitTests.DownstreamPathManipulation
{
public class ChangeDownstreamPathTemplateTests
{
private readonly ChangeDownstreamPathTemplate _changeDownstreamPath;
private DownstreamPathTemplate _downstreamPathTemplate;
private readonly Mock<IClaimsParser> _parser;
private List<ClaimToThing> _configuration;
private List<Claim> _claims;
private Response _result;
private Response<string> _claimValue;
private List<PlaceholderNameAndValue> _placeholderValues;
public ChangeDownstreamPathTemplateTests()
{
_parser = new Mock<IClaimsParser>();
_changeDownstreamPath = new ChangeDownstreamPathTemplate(_parser.Object);
}
[Fact]
public void should_change_downstream_path_request()
{
var claims = new List<Claim>
{
new Claim("test", "data"),
};
var placeHolderValues = new List<PlaceholderNameAndValue>();
this.Given(
x => x.GivenAClaimToThing(new List<ClaimToThing>
{
new ClaimToThing("path-key", "", "", 0),
}))
.And(x => x.GivenClaims(claims))
.And(x => x.GivenDownstreamPathTemplate("/api/test/{path-key}"))
.And(x => x.GivenPlaceholderNameAndValues(placeHolderValues))
.And(x => x.GivenTheClaimParserReturns(new OkResponse<string>("value")))
.When(x => x.WhenIChangeDownstreamPath())
.Then(x => x.ThenTheResultIsSuccess())
.And(x => x.ThenClaimDataIsContainedInPlaceHolder("{path-key}", "value"))
.BDDfy();
}
[Fact]
public void should_replace_existing_placeholder_value()
{
var claims = new List<Claim>
{
new Claim("test", "data"),
};
var placeHolderValues = new List<PlaceholderNameAndValue>
{
new PlaceholderNameAndValue ("{path-key}", "old_value"),
};
this.Given(
x => x.GivenAClaimToThing(new List<ClaimToThing>
{
new ClaimToThing("path-key", "", "", 0),
}))
.And(x => x.GivenClaims(claims))
.And(x => x.GivenDownstreamPathTemplate("/api/test/{path-key}"))
.And(x => x.GivenPlaceholderNameAndValues(placeHolderValues))
.And(x => x.GivenTheClaimParserReturns(new OkResponse<string>("value")))
.When(x => x.WhenIChangeDownstreamPath())
.Then(x => x.ThenTheResultIsSuccess())
.And(x => x.ThenClaimDataIsContainedInPlaceHolder("{path-key}", "value"))
.BDDfy();
}
[Fact]
public void should_return_error_when_no_placeholder_in_downstream_path()
{
var claims = new List<Claim>
{
new Claim("test", "data"),
};
var placeHolderValues = new List<PlaceholderNameAndValue>();
this.Given(
x => x.GivenAClaimToThing(new List<ClaimToThing>
{
new ClaimToThing("path-key", "", "", 0),
}))
.And(x => x.GivenClaims(claims))
.And(x => x.GivenDownstreamPathTemplate("/api/test"))
.And(x => x.GivenPlaceholderNameAndValues(placeHolderValues))
.And(x => x.GivenTheClaimParserReturns(new OkResponse<string>("value")))
.When(x => x.WhenIChangeDownstreamPath())
.Then(x => x.ThenTheResultIsCouldNotFindPlaceholderError())
.BDDfy();
}
[Fact]
private void should_return_error_when_claim_parser_returns_error()
{
var claims = new List<Claim>
{
new Claim("test", "data"),
};
var placeHolderValues = new List<PlaceholderNameAndValue>();
this.Given(
x => x.GivenAClaimToThing(new List<ClaimToThing>
{
new ClaimToThing("path-key", "", "", 0),
}))
.And(x => x.GivenClaims(claims))
.And(x => x.GivenDownstreamPathTemplate("/api/test/{path-key}"))
.And(x => x.GivenPlaceholderNameAndValues(placeHolderValues))
.And(x => x.GivenTheClaimParserReturns(new ErrorResponse<string>(new List<Error>
{
new AnyError(),
})))
.When(x => x.WhenIChangeDownstreamPath())
.Then(x => x.ThenTheResultIsError())
.BDDfy();
}
private void GivenAClaimToThing(List<ClaimToThing> configuration)
{
_configuration = configuration;
}
private void GivenClaims(List<Claim> claims)
{
_claims = claims;
}
private void GivenDownstreamPathTemplate(string template)
{
_downstreamPathTemplate = new DownstreamPathTemplate(template);
}
private void GivenPlaceholderNameAndValues(List<PlaceholderNameAndValue> placeholders)
{
_placeholderValues = placeholders;
}
private void GivenTheClaimParserReturns(Response<string> claimValue)
{
_claimValue = claimValue;
_parser
.Setup(
x =>
x.GetValue(It.IsAny<IEnumerable<Claim>>(),
It.IsAny<string>(),
It.IsAny<string>(),
It.IsAny<int>()))
.Returns(_claimValue);
}
private void WhenIChangeDownstreamPath()
{
_result = _changeDownstreamPath.ChangeDownstreamPath(_configuration, _claims,
_downstreamPathTemplate, _placeholderValues);
}
private void ThenTheResultIsSuccess()
{
_result.IsError.ShouldBe(false);
}
private void ThenTheResultIsCouldNotFindPlaceholderError()
{
_result.IsError.ShouldBe(true);
_result.Errors.Count.ShouldBe(1);
_result.Errors.First().ShouldBeOfType<CouldNotFindPlaceholderError>();
}
private void ThenTheResultIsError()
{
_result.IsError.ShouldBe(true);
}
private void ThenClaimDataIsContainedInPlaceHolder(string name, string value)
{
var placeHolder = _placeholderValues.FirstOrDefault(ph => ph.Name == name && ph.Value == value);
placeHolder.ShouldNotBeNull();
_placeholderValues.Count.ShouldBe(1);
}
}
}

101
test/Ocelot.UnitTests/DownstreamPathManipulation/ClaimsToDownstreamPathMiddlewareTests.cs Normal file
View File

@ -0,0 +1,101 @@
using Microsoft.AspNetCore.Http;
using Moq;
using Ocelot.Configuration;
using Ocelot.Configuration.Builder;
using Ocelot.DownstreamRouteFinder;
using Ocelot.DownstreamRouteFinder.UrlMatcher;
using Ocelot.Logging;
using Ocelot.Middleware;
using Ocelot.PathManipulation;
using Ocelot.PathManipulation.Middleware;
using Ocelot.Request.Middleware;
using Ocelot.Responses;
using Ocelot.Values;
using System.Collections.Generic;
using System.Net.Http;
using System.Security.Claims;
using System.Threading.Tasks;
using TestStack.BDDfy;
using Xunit;
namespace Ocelot.UnitTests.DownstreamPathManipulation
{
public class ClaimsToDownstreamPathMiddlewareTests
{
private readonly Mock<IChangeDownstreamPathTemplate> _changePath;
private Mock<IOcelotLoggerFactory> _loggerFactory;
private Mock<IOcelotLogger> _logger;
private ClaimsToDownstreamPathMiddleware _middleware;
private DownstreamContext _downstreamContext;
private OcelotRequestDelegate _next;
public ClaimsToDownstreamPathMiddlewareTests()
{
_downstreamContext = new DownstreamContext(new DefaultHttpContext());
_loggerFactory = new Mock<IOcelotLoggerFactory>();
_logger = new Mock<IOcelotLogger>();
_loggerFactory.Setup(x => x.CreateLogger<ClaimsToDownstreamPathMiddleware>()).Returns(_logger.Object);
_next = context => Task.CompletedTask;
_changePath = new Mock<IChangeDownstreamPathTemplate>();
_downstreamContext.DownstreamRequest = new DownstreamRequest(new HttpRequestMessage(HttpMethod.Get, "http://test.com"));
_middleware = new ClaimsToDownstreamPathMiddleware(_next, _loggerFactory.Object, _changePath.Object);
}
[Fact]
public void should_call_add_queries_correctly()
{
var downstreamRoute = new DownstreamRoute(new List<PlaceholderNameAndValue>(),
new ReRouteBuilder()
.WithDownstreamReRoute(new DownstreamReRouteBuilder()
.WithDownstreamPathTemplate("any old string")
.WithClaimsToDownstreamPath(new List<ClaimToThing>
{
new ClaimToThing("UserId", "Subject", "", 0),
})
.WithUpstreamHttpMethod(new List<string> { "Get" })
.Build())
.WithUpstreamHttpMethod(new List<string> { "Get" })
.Build());
this.Given(x => x.GivenTheDownStreamRouteIs(downstreamRoute))
.And(x => x.GivenTheChangeDownstreamPathReturnsOk())
.When(x => x.WhenICallTheMiddleware())
.Then(x => x.ThenChangeDownstreamPathIsCalledCorrectly())
.BDDfy();
}
private void WhenICallTheMiddleware()
{
_middleware.Invoke(_downstreamContext).GetAwaiter().GetResult();
}
private void GivenTheChangeDownstreamPathReturnsOk()
{
_changePath
.Setup(x => x.ChangeDownstreamPath(
It.IsAny<List<ClaimToThing>>(),
It.IsAny<IEnumerable<Claim>>(),
It.IsAny<DownstreamPathTemplate>(),
It.IsAny<List<PlaceholderNameAndValue>>()))
.Returns(new OkResponse());
}
private void ThenChangeDownstreamPathIsCalledCorrectly()
{
_changePath
.Verify(x => x.ChangeDownstreamPath(
It.IsAny<List<ClaimToThing>>(),
It.IsAny<IEnumerable<Claim>>(),
_downstreamContext.DownstreamReRoute.DownstreamPathTemplate,
_downstreamContext.TemplatePlaceholderNameAndValues), Times.Once);
}
private void GivenTheDownStreamRouteIs(DownstreamRoute downstreamRoute)
{
_downstreamContext.TemplatePlaceholderNameAndValues = downstreamRoute.TemplatePlaceholderNameAndValues;
_downstreamContext.DownstreamReRoute = downstreamRoute.ReRoute.DownstreamReRoute[0];
}
}
}