Can authorise routes based on claims, there is also a claims transformation middleware

2025-06-19 04:38:14 +08:00 · 2016-10-19 11:56:05 +01:00
parent 3285be3c73
commit b8951c4698
39 changed files with 700 additions and 294 deletions
--- a/test/Ocelot.UnitTests/Authorization/AuthorisationMiddlewareTests.cs
+++ b/test/Ocelot.UnitTests/Authorization/AuthorisationMiddlewareTests.cs
@ -18,7 +18,9 @@ using Xunit;

 namespace Ocelot.UnitTests.Authorization
 {
-    public class AuthorizationMiddlewareTests : IDisposable
+    using Authorisation.Middleware;
+
+    public class AuthorisationMiddlewareTests : IDisposable
    {
        private readonly Mock<IScopedRequestDataRepository> _scopedRepository;
        private readonly Mock<IAuthoriser> _authService;
@ -28,7 +30,7 @@ namespace Ocelot.UnitTests.Authorization
        private HttpResponseMessage _result;
        private OkResponse<DownstreamRoute> _downstreamRoute;

-        public AuthorizationMiddlewareTests()
+        public AuthorisationMiddlewareTests()
        {
            _url = "http://localhost:51879";
            _scopedRepository = new Mock<IScopedRequestDataRepository>();
@ -56,18 +58,17 @@ namespace Ocelot.UnitTests.Authorization
        [Fact]
        public void happy_path()
        {
-            this.Given(x => x.GivenTheDownStreamRouteIs(new DownstreamRoute(new List<TemplateVariableNameAndValue>(), new ReRouteBuilder().Build())))
+            this.Given(x => x.GivenTheDownStreamRouteIs(new DownstreamRoute(new List<TemplateVariableNameAndValue>(), new ReRouteBuilder().WithIsAuthorised(true).Build())))
                .And(x => x.GivenTheAuthServiceReturns(new OkResponse<bool>(true)))
                .When(x => x.WhenICallTheMiddleware())
-                //todo stick this back in
-                //.Then(x => x.ThenTheAuthServiceIsCalledCorrectly())
+                .Then(x => x.ThenTheAuthServiceIsCalledCorrectly())
                .BDDfy();
        }

        private void GivenTheAuthServiceReturns(Response<bool> expected)
        {
            _authService
-                .Setup(x => x.Authorise(It.IsAny<ClaimsPrincipal>(), It.IsAny<RouteClaimsRequirement>()))
+                .Setup(x => x.Authorise(It.IsAny<ClaimsPrincipal>(), It.IsAny<Dictionary<string, string>>()))
                .Returns(expected);
        }

@ -75,7 +76,7 @@ namespace Ocelot.UnitTests.Authorization
        {
            _authService
                .Verify(x => x.Authorise(It.IsAny<ClaimsPrincipal>(),
-                It.IsAny<RouteClaimsRequirement>()), Times.Once);
+                It.IsAny<Dictionary<string, string>>()), Times.Once);
        }

        private void GivenTheDownStreamRouteIs(DownstreamRoute downstreamRoute)
--- a/test/Ocelot.UnitTests/Authorization/ClaimsAuthoriserTests.cs
+++ b/test/Ocelot.UnitTests/Authorization/ClaimsAuthoriserTests.cs
@ -1,7 +1,6 @@
 using System.Collections.Generic;
 using System.Security.Claims;
 using Ocelot.Authorisation;
-using Ocelot.Claims.Parser;
 using Ocelot.Responses;
 using Shouldly;
 using TestStack.BDDfy;
@ -9,11 +8,13 @@ using Xunit;

 namespace Ocelot.UnitTests.Authorization
 {
+    using Ocelot.Infrastructure.Claims.Parser;
+
    public class ClaimsAuthoriserTests
    {
        private readonly ClaimsAuthoriser _claimsAuthoriser;
        private ClaimsPrincipal _claimsPrincipal;
-        private RouteClaimsRequirement _requirement;
+        private Dictionary<string, string> _requirement;
        private Response<bool> _result;

        public ClaimsAuthoriserTests()
@ -28,10 +29,10 @@ namespace Ocelot.UnitTests.Authorization
                {
                    new Claim("UserType", "registered")
                }))))
-                .And(x => x.GivenARouteClaimsRequirement(new RouteClaimsRequirement(new Dictionary<string, string>
+                .And(x => x.GivenARouteClaimsRequirement(new Dictionary<string, string>
                {
                    {"UserType", "registered"}
-                })))
+                }))
                .When(x => x.WhenICallTheAuthoriser())
                .Then(x => x.ThenTheUserIsAuthorised())
                .BDDfy();
@ -41,10 +42,10 @@ namespace Ocelot.UnitTests.Authorization
        public void should_not_authorise_user()
        {
            this.Given(x => x.GivenAClaimsPrincipal(new ClaimsPrincipal(new ClaimsIdentity(new List<Claim>()))))
-            .And(x => x.GivenARouteClaimsRequirement(new RouteClaimsRequirement(new Dictionary<string, string>
+            .And(x => x.GivenARouteClaimsRequirement(new Dictionary<string, string>
                {
                    { "UserType", "registered" }
-                })))
+                }))
            .When(x => x.WhenICallTheAuthoriser())
            .Then(x => x.ThenTheUserIsntAuthorised())
            .BDDfy();
@ -55,7 +56,7 @@ namespace Ocelot.UnitTests.Authorization
            _claimsPrincipal = claimsPrincipal;
        }

-        private void GivenARouteClaimsRequirement(RouteClaimsRequirement requirement)
+        private void GivenARouteClaimsRequirement(Dictionary<string, string> requirement)
        {
            _requirement = requirement;
        }