tk/Ocelot
1
0
Fork 0
mirror of https://github.com/nsnail/Ocelot.git synced 2025-04-22 20:12:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

Can authorise routes based on claims, there is also a claims transformation middleware

Browse Source
This commit is contained in:
tom.pallister 2016-10-19 11:56:05 +01:00
parent 3285be3c73
commit b8951c4698
39 changed files with 700 additions and 294 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
src/Ocelot/Authorisation/AddClaims.cs
View File

@ -1,45 +0,0 @@
using System.Collections.Generic;
using System.Linq;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Primitives;
using Ocelot.Claims.Parser;
using Ocelot.Configuration;
using Ocelot.HeaderBuilder;
using Ocelot.Responses;
namespace Ocelot.Authorisation
{
public class AddClaims : IAddHeadersToRequest
{
private readonly IClaimsParser _claimsParser;
public AddClaims(IClaimsParser claimsParser)
{
_claimsParser = claimsParser;
}
public Response SetHeadersOnContext(List<ClaimToHeader> configurationHeaderExtractorProperties, HttpContext context)
{
foreach (var config in configurationHeaderExtractorProperties)
{
var value = _claimsParser.GetValue(context.User.Claims, config.ClaimKey, config.Delimiter, config.Index);
if (value.IsError)
{
return new ErrorResponse(value.Errors);
}
var exists = context.Request.Headers.FirstOrDefault(x => x.Key == config.HeaderKey);
if (!string.IsNullOrEmpty(exists.Key))
{
context.Request.Headers.Remove(exists);
}
context.Request.Headers.Add(config.HeaderKey, new StringValues(value.Data));
}
return new OkResponse();
}
}
}

60
src/Ocelot/Authorisation/AuthorisationMiddleware.cs
View File

@ -1,60 +0,0 @@
using System.Collections.Generic;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
using Ocelot.DownstreamRouteFinder;
using Ocelot.Errors;
using Ocelot.Middleware;
using Ocelot.Responses;
using Ocelot.ScopedData;
namespace Ocelot.Authorisation
{
public class AuthorisationMiddleware : OcelotMiddleware
{
private readonly RequestDelegate _next;
private readonly IScopedRequestDataRepository _scopedRequestDataRepository;
private readonly IAuthoriser _authoriser;
public AuthorisationMiddleware(RequestDelegate next,
IScopedRequestDataRepository scopedRequestDataRepository,
IAuthoriser authoriser)
: base(scopedRequestDataRepository)
{
_next = next;
_scopedRequestDataRepository = scopedRequestDataRepository;
_authoriser = authoriser;
}
public async Task Invoke(HttpContext context)
{
var downstreamRoute = _scopedRequestDataRepository.Get<DownstreamRoute>("DownstreamRoute");
if (downstreamRoute.IsError)
{
SetPipelineError(downstreamRoute.Errors);
return;
}
//todo - call authoriser
var authorised = new OkResponse<bool>(true); //_authoriser.Authorise(context.User, new RouteClaimsRequirement(new Dictionary<string, string>()));
if (authorised.IsError)
{
SetPipelineError(authorised.Errors);
return;
}
if (authorised.Data)
{
await _next.Invoke(context);
}
else
{
SetPipelineError(new List<Error>
{
new UnauthorisedError($"{context.User.Identity.Name} unable to access {downstreamRoute.Data.ReRoute.UpstreamTemplate}")
});
}
}
}
}

7
src/Ocelot/Authorisation/ClaimsAuthoriser.cs
View File

@ -1,12 +1,13 @@
using System.Collections.Generic; using System.Collections.Generic;
using System.Linq; using System.Linq;
using System.Security.Claims; using System.Security.Claims;
using Ocelot.Claims.Parser;
using Ocelot.Errors; using Ocelot.Errors;
using Ocelot.Responses; using Ocelot.Responses;
namespace Ocelot.Authorisation namespace Ocelot.Authorisation
{ {
using Infrastructure.Claims.Parser;
public class ClaimsAuthoriser : IAuthoriser public class ClaimsAuthoriser : IAuthoriser
{ {
private readonly IClaimsParser _claimsParser; private readonly IClaimsParser _claimsParser;
@ -16,9 +17,9 @@ namespace Ocelot.Authorisation
_claimsParser = claimsParser; _claimsParser = claimsParser;
} }
public Response<bool> Authorise(ClaimsPrincipal claimsPrincipal, RouteClaimsRequirement routeClaimsRequirement) public Response<bool> Authorise(ClaimsPrincipal claimsPrincipal, Dictionary<string, string> routeClaimsRequirement)
{ {
foreach (var required in routeClaimsRequirement.RequiredClaimsAndValues) foreach (var required in routeClaimsRequirement)
{ {
var value = _claimsParser.GetValue(claimsPrincipal.Claims, required.Key, string.Empty, 0); var value = _claimsParser.GetValue(claimsPrincipal.Claims, required.Key, string.Empty, 0);

13
src/Ocelot/Authorisation/IAddClaims.cs
View File

@ -1,13 +0,0 @@
using System.Collections.Generic;
using Microsoft.AspNetCore.Http;
using Ocelot.Configuration;
using Ocelot.Responses;
namespace Ocelot.Authorisation
{
public interface IAddClaims
{
Response SetHeadersOnContext(List<ClaimToHeader> configurationHeaderExtractorProperties,
HttpContext context);
}
}

4
src/Ocelot/Authorisation/IAuthoriser.cs
View File

@ -3,9 +3,11 @@ using Ocelot.Responses;
namespace Ocelot.Authorisation namespace Ocelot.Authorisation
{ {
using System.Collections.Generic;
public interface IAuthoriser public interface IAuthoriser
{ {
Response<bool> Authorise(ClaimsPrincipal claimsPrincipal, Response<bool> Authorise(ClaimsPrincipal claimsPrincipal,
RouteClaimsRequirement routeClaimsRequirement); Dictionary<string, string> routeClaimsRequirement);
} }
} }

66
src/Ocelot/Authorisation/Middleware/AuthorisationMiddleware.cs Normal file
View File

@ -0,0 +1,66 @@
namespace Ocelot.Authorisation.Middleware
{
using System.Collections.Generic;
using System.Threading.Tasks;
using DownstreamRouteFinder;
using Errors;
using Microsoft.AspNetCore.Http;
using Ocelot.Middleware;
using ScopedData;
public class AuthorisationMiddleware : OcelotMiddleware
{
private readonly RequestDelegate _next;
private readonly IScopedRequestDataRepository _scopedRequestDataRepository;
private readonly IAuthoriser _authoriser;
public AuthorisationMiddleware(RequestDelegate next,
IScopedRequestDataRepository scopedRequestDataRepository,
IAuthoriser authoriser)
: base(scopedRequestDataRepository)
{
_next = next;
_scopedRequestDataRepository = scopedRequestDataRepository;
_authoriser = authoriser;
}
public async Task Invoke(HttpContext context)
{
var downstreamRoute = _scopedRequestDataRepository.Get<DownstreamRoute>("DownstreamRoute");
if (downstreamRoute.IsError)
{
SetPipelineError(downstreamRoute.Errors);
return;
}
if (downstreamRoute.Data.ReRoute.IsAuthorised)
{
var authorised = _authoriser.Authorise(context.User, downstreamRoute.Data.ReRoute.RouteClaimsRequirement);
if (authorised.IsError)
{
SetPipelineError(authorised.Errors);
return;
}
if (authorised.Data)
{
await _next.Invoke(context);
}
else
{
SetPipelineError(new List<Error>
{
new UnauthorisedError(
$"{context.User.Identity.Name} unable to access {downstreamRoute.Data.ReRoute.UpstreamTemplate}")
});
}
}
else
{
await _next.Invoke(context);
}
}
}
}

6
src/Ocelot/Authorisation/AuthorisationMiddlewareMiddlewareExtensions.cs → src/Ocelot/Authorisation/Middleware/AuthorisationMiddlewareMiddlewareExtensions.cs
View File

@ -1,7 +1,7 @@
using Microsoft.AspNetCore.Builder; namespace Ocelot.Authorisation.Middleware
namespace Ocelot.Authorisation
{ {
using Microsoft.AspNetCore.Builder;
public static class AuthorisationMiddlewareMiddlewareExtensions public static class AuthorisationMiddlewareMiddlewareExtensions
{ {
public static IApplicationBuilder UseAuthorisationMiddleware(this IApplicationBuilder builder) public static IApplicationBuilder UseAuthorisationMiddleware(this IApplicationBuilder builder)

14
src/Ocelot/Authorisation/RouteClaimsRequirement.cs
View File

@ -1,14 +0,0 @@
using System.Collections.Generic;
namespace Ocelot.Authorisation
{
public class RouteClaimsRequirement
{
public RouteClaimsRequirement(Dictionary<string, string> requiredClaimsAndValues)
{
RequiredClaimsAndValues = requiredClaimsAndValues;
}
public Dictionary<string, string> RequiredClaimsAndValues { get; private set; }
}
}

46
src/Ocelot/ClaimsBuilder/AddClaimsToRequest.cs Normal file
View File

@ -0,0 +1,46 @@
namespace Ocelot.ClaimsBuilder
{
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using Configuration;
using Infrastructure.Claims.Parser;
using Microsoft.AspNetCore.Http;
using Responses;
public class AddClaimsToRequest : IAddClaimsToRequest
{
private readonly IClaimsParser _claimsParser;
public AddClaimsToRequest(IClaimsParser claimsParser)
{
_claimsParser = claimsParser;
}
public Response SetClaimsOnContext(List<ClaimToThing> claimsToThings, HttpContext context)
{
foreach (var config in claimsToThings)
{
var value = _claimsParser.GetValue(context.User.Claims, config.NewKey, config.Delimiter, config.Index);
if (value.IsError)
{
return new ErrorResponse(value.Errors);
}
var exists = context.User.Claims.FirstOrDefault(x => x.Type == config.ExistingKey);
var identity = context.User.Identity as ClaimsIdentity;
if (exists != null)
{
identity?.RemoveClaim(exists);
}
identity?.AddClaim(new Claim(config.ExistingKey, value.Data));
}
return new OkResponse();
}
}
}

13
src/Ocelot/ClaimsBuilder/IAddClaimsToRequest.cs Normal file
View File

@ -0,0 +1,13 @@
namespace Ocelot.ClaimsBuilder
{
using System.Collections.Generic;
using Configuration;
using Microsoft.AspNetCore.Http;
using Responses;
public interface IAddClaimsToRequest
{
Response SetClaimsOnContext(List<ClaimToThing> claimsToThings,
HttpContext context);
}
}

44
src/Ocelot/ClaimsBuilder/Middleware/ClaimsBuilderMiddleware.cs Normal file
View File

@ -0,0 +1,44 @@
namespace Ocelot.ClaimsBuilder.Middleware
{
using System.Linq;
using System.Threading.Tasks;
using DownstreamRouteFinder;
using Microsoft.AspNetCore.Http;
using Ocelot.Middleware;
using ScopedData;
public class ClaimsBuilderMiddleware : OcelotMiddleware
{
private readonly RequestDelegate _next;
private readonly IAddClaimsToRequest _addClaimsToRequest;
private readonly IScopedRequestDataRepository _scopedRequestDataRepository;
public ClaimsBuilderMiddleware(RequestDelegate next,
IScopedRequestDataRepository scopedRequestDataRepository,
IAddClaimsToRequest addClaimsToRequest)
: base(scopedRequestDataRepository)
{
_next = next;
_addClaimsToRequest = addClaimsToRequest;
_scopedRequestDataRepository = scopedRequestDataRepository;
}
public async Task Invoke(HttpContext context)
{
var downstreamRoute = _scopedRequestDataRepository.Get<DownstreamRoute>("DownstreamRoute");
if (downstreamRoute.Data.ReRoute.ClaimsToClaims.Any())
{
var result = _addClaimsToRequest.SetClaimsOnContext(downstreamRoute.Data.ReRoute.ClaimsToClaims, context);
if (result.IsError)
{
SetPipelineError(result.Errors);
return;
}
}
await _next.Invoke(context);
}
}
}

12
src/Ocelot/ClaimsBuilder/Middleware/ClaimsBuilderMiddlewareExtensions.cs Normal file
View File

@ -0,0 +1,12 @@
namespace Ocelot.ClaimsBuilder.Middleware
{
using Microsoft.AspNetCore.Builder;
public static class ClaimsBuilderMiddlewareExtensions
{
public static IApplicationBuilder UseClaimsBuilderMiddleware(this IApplicationBuilder builder)
{
return builder.UseMiddleware<ClaimsBuilderMiddleware>();
}
}
}

29
src/Ocelot/Configuration/Builder/ReRouteBuilder.cs
View File

@ -15,7 +15,10 @@ namespace Ocelot.Configuration.Builder
private List<string> _additionalScopes; private List<string> _additionalScopes;
private bool _requireHttps; private bool _requireHttps;
private string _scopeSecret; private string _scopeSecret;
private List<ClaimToHeader> _configHeaderExtractorProperties; private List<ClaimToThing> _configHeaderExtractorProperties;
private List<ClaimToThing> _claimToClaims;
private Dictionary<string, string> _routeClaimRequirement;
private bool _isAuthorised;
public ReRouteBuilder() public ReRouteBuilder()
{ {
@ -48,8 +51,14 @@ namespace Ocelot.Configuration.Builder
{ {
_isAuthenticated = input; _isAuthenticated = input;
return this; return this;
} }
public ReRouteBuilder WithIsAuthorised(bool input)
{
_isAuthorised = input;
return this;
}
public ReRouteBuilder WithAuthenticationProvider(string input) public ReRouteBuilder WithAuthenticationProvider(string input)
{ {
_authenticationProvider = input; _authenticationProvider = input;
@ -86,15 +95,27 @@ namespace Ocelot.Configuration.Builder
return this; return this;
} }
public ReRouteBuilder WithConfigurationHeaderExtractorProperties(List<ClaimToHeader> input) public ReRouteBuilder WithClaimsToHeaders(List<ClaimToThing> input)
{ {
_configHeaderExtractorProperties = input; _configHeaderExtractorProperties = input;
return this; return this;
} }
public ReRouteBuilder WithClaimsToClaims(List<ClaimToThing> input)
{
_claimToClaims = input;
return this;
}
public ReRouteBuilder WithRouteClaimsRequirement(Dictionary<string, string> input)
{
_routeClaimRequirement = input;
return this;
}
public ReRoute Build() public ReRoute Build()
{ {
return new ReRoute(_downstreamTemplate, _upstreamTemplate, _upstreamHttpMethod, _upstreamTemplatePattern, _isAuthenticated, new AuthenticationOptions(_authenticationProvider, _authenticationProviderUrl, _scopeName, _requireHttps, _additionalScopes, _scopeSecret), _configHeaderExtractorProperties); return new ReRoute(_downstreamTemplate, _upstreamTemplate, _upstreamHttpMethod, _upstreamTemplatePattern, _isAuthenticated, new AuthenticationOptions(_authenticationProvider, _authenticationProviderUrl, _scopeName, _requireHttps, _additionalScopes, _scopeSecret), _configHeaderExtractorProperties, _claimToClaims, _routeClaimRequirement, _isAuthorised);
} }
} }
} }

18
src/Ocelot/Configuration/ClaimToHeader.cs
View File

@ -1,18 +0,0 @@
namespace Ocelot.Configuration
{
public class ClaimToHeader
{
public ClaimToHeader(string headerKey, string claimKey, string delimiter, int index)
{
ClaimKey = claimKey;
Delimiter = delimiter;
Index = index;
HeaderKey = headerKey;
}
public string HeaderKey { get; private set; }
public string ClaimKey { get; private set; }
public string Delimiter { get; private set; }
public int Index { get; private set; }
}
}

18
src/Ocelot/Configuration/ClaimToThing.cs Normal file
View File

@ -0,0 +1,18 @@
namespace Ocelot.Configuration
{
public class ClaimToThing
{
public ClaimToThing(string existingKey, string newKey, string delimiter, int index)
{
NewKey = newKey;
Delimiter = delimiter;
Index = index;
ExistingKey = existingKey;
}
public string ExistingKey { get; private set; }
public string NewKey { get; private set; }
public string Delimiter { get; private set; }
public int Index { get; private set; }
}
}

31
src/Ocelot/Configuration/Creator/YamlOcelotConfigurationCreator.cs
View File

@ -18,18 +18,18 @@ namespace Ocelot.Configuration.Creator
private readonly IConfigurationValidator _configurationValidator; private readonly IConfigurationValidator _configurationValidator;
private const string RegExMatchEverything = ".*"; private const string RegExMatchEverything = ".*";
private const string RegExMatchEndString = "$"; private const string RegExMatchEndString = "$";
private readonly IClaimToHeaderConfigurationParser _claimToHeaderConfigurationParser; private readonly IClaimToThingConfigurationParser _claimToThingConfigurationParser;
private readonly ILogger<YamlOcelotConfigurationCreator> _logger; private readonly ILogger<YamlOcelotConfigurationCreator> _logger;
public YamlOcelotConfigurationCreator( public YamlOcelotConfigurationCreator(
IOptions<YamlConfiguration> options, IOptions<YamlConfiguration> options,
IConfigurationValidator configurationValidator, IConfigurationValidator configurationValidator,
IClaimToHeaderConfigurationParser claimToHeaderConfigurationParser, IClaimToThingConfigurationParser claimToThingConfigurationParser,
ILogger<YamlOcelotConfigurationCreator> logger) ILogger<YamlOcelotConfigurationCreator> logger)
{ {
_options = options; _options = options;
_configurationValidator = configurationValidator; _configurationValidator = configurationValidator;
_claimToHeaderConfigurationParser = claimToHeaderConfigurationParser; _claimToThingConfigurationParser = claimToThingConfigurationParser;
_logger = logger; _logger = logger;
} }
@ -89,6 +89,8 @@ namespace Ocelot.Configuration.Creator
var isAuthenticated = !string.IsNullOrEmpty(reRoute.AuthenticationOptions?.Provider); var isAuthenticated = !string.IsNullOrEmpty(reRoute.AuthenticationOptions?.Provider);
var isAuthorised = reRoute.RouteClaimsRequirement?.Count > 0;
if (isAuthenticated) if (isAuthenticated)
{ {
var authOptionsForRoute = new AuthenticationOptions(reRoute.AuthenticationOptions.Provider, var authOptionsForRoute = new AuthenticationOptions(reRoute.AuthenticationOptions.Provider,
@ -96,37 +98,38 @@ namespace Ocelot.Configuration.Creator
reRoute.AuthenticationOptions.RequireHttps, reRoute.AuthenticationOptions.AdditionalScopes, reRoute.AuthenticationOptions.RequireHttps, reRoute.AuthenticationOptions.AdditionalScopes,
reRoute.AuthenticationOptions.ScopeSecret); reRoute.AuthenticationOptions.ScopeSecret);
var configHeaders = GetHeadersToAddToRequest(reRoute); var claimsToHeaders = GetAddThingsToRequest(reRoute.AddHeadersToRequest);
var claimsToClaims = GetAddThingsToRequest(reRoute.AddClaimsToRequest);
return new ReRoute(reRoute.DownstreamTemplate, reRoute.UpstreamTemplate, return new ReRoute(reRoute.DownstreamTemplate, reRoute.UpstreamTemplate,
reRoute.UpstreamHttpMethod, upstreamTemplate, isAuthenticated, reRoute.UpstreamHttpMethod, upstreamTemplate, isAuthenticated,
authOptionsForRoute, configHeaders authOptionsForRoute, claimsToHeaders, claimsToClaims, reRoute.RouteClaimsRequirement, isAuthorised
); );
} }
return new ReRoute(reRoute.DownstreamTemplate, reRoute.UpstreamTemplate, reRoute.UpstreamHttpMethod, return new ReRoute(reRoute.DownstreamTemplate, reRoute.UpstreamTemplate, reRoute.UpstreamHttpMethod,
upstreamTemplate, isAuthenticated, null, new List<ClaimToHeader>()); upstreamTemplate, isAuthenticated, null, new List<ClaimToThing>(), new List<ClaimToThing>(), reRoute.RouteClaimsRequirement, isAuthorised);
} }
private List<ClaimToHeader> GetHeadersToAddToRequest(YamlReRoute reRoute) private List<ClaimToThing> GetAddThingsToRequest(Dictionary<string,string> thingBeingAdded)
{ {
var configHeaders = new List<ClaimToHeader>(); var claimsToTHings = new List<ClaimToThing>();
foreach (var add in reRoute.AddHeadersToRequest) foreach (var add in thingBeingAdded)
{ {
var configurationHeader = _claimToHeaderConfigurationParser.Extract(add.Key, add.Value); var claimToHeader = _claimToThingConfigurationParser.Extract(add.Key, add.Value);
if (configurationHeader.IsError) if (claimToHeader.IsError)
{ {
_logger.LogCritical(new EventId(1, "Application Failed to start"), _logger.LogCritical(new EventId(1, "Application Failed to start"),
$"Unable to extract configuration for key: {add.Key} and value: {add.Value} your configuration file is incorrect"); $"Unable to extract configuration for key: {add.Key} and value: {add.Value} your configuration file is incorrect");
throw new Exception(configurationHeader.Errors[0].Message); throw new Exception(claimToHeader.Errors[0].Message);
} }
configHeaders.Add(configurationHeader.Data); claimsToTHings.Add(claimToHeader.Data);
} }
return configHeaders; return claimsToTHings;
} }
private bool IsPlaceHolder(string upstreamTemplate, int i) private bool IsPlaceHolder(string upstreamTemplate, int i)

16
src/Ocelot/Configuration/Parser/ClaimToHeaderConfigurationParser.cs → src/Ocelot/Configuration/Parser/ClaimToThingConfigurationParser.cs
View File

@ -6,13 +6,13 @@ using Ocelot.Responses;
namespace Ocelot.Configuration.Parser namespace Ocelot.Configuration.Parser
{ {
public class ClaimToHeaderConfigurationParser : IClaimToHeaderConfigurationParser public class ClaimToThingConfigurationParser : IClaimToThingConfigurationParser
{ {
private readonly Regex _claimRegex = new Regex("Claims\\[.*\\]"); private readonly Regex _claimRegex = new Regex("Claims\\[.*\\]");
private readonly Regex _indexRegex = new Regex("value\\[.*\\]"); private readonly Regex _indexRegex = new Regex("value\\[.*\\]");
private const string SplitToken = ">"; private const string SplitToken = ">";
public Response<ClaimToHeader> Extract(string headerKey, string value) public Response<ClaimToThing> Extract(string existingKey, string value)
{ {
try try
{ {
@ -20,7 +20,7 @@ namespace Ocelot.Configuration.Parser
if (instructions.Length <= 1) if (instructions.Length <= 1)
{ {
return new ErrorResponse<ClaimToHeader>( return new ErrorResponse<ClaimToThing>(
new List<Error> new List<Error>
{ {
new NoInstructionsError(SplitToken) new NoInstructionsError(SplitToken)
@ -31,14 +31,14 @@ namespace Ocelot.Configuration.Parser
if (!claimMatch) if (!claimMatch)
{ {
return new ErrorResponse<ClaimToHeader>( return new ErrorResponse<ClaimToThing>(
new List<Error> new List<Error>
{ {
new InstructionNotForClaimsError() new InstructionNotForClaimsError()
}); });
} }
var claimKey = GetIndexValue(instructions[0]); var newKey = GetIndexValue(instructions[0]);
var index = 0; var index = 0;
var delimiter = string.Empty; var delimiter = string.Empty;
@ -48,12 +48,12 @@ namespace Ocelot.Configuration.Parser
delimiter = instructions[2].Trim(); delimiter = instructions[2].Trim();
} }
return new OkResponse<ClaimToHeader>( return new OkResponse<ClaimToThing>(
new ClaimToHeader(headerKey, claimKey, delimiter, index)); new ClaimToThing(existingKey, newKey, delimiter, index));
} }
catch (Exception exception) catch (Exception exception)
{ {
return new ErrorResponse<ClaimToHeader>( return new ErrorResponse<ClaimToThing>(
new List<Error> new List<Error>
{ {
new ParsingConfigurationHeaderError(exception) new ParsingConfigurationHeaderError(exception)

9
src/Ocelot/Configuration/Parser/IClaimToHeaderConfigurationParser.cs
View File

@ -1,9 +0,0 @@
using Ocelot.Responses;
namespace Ocelot.Configuration.Parser
{
public interface IClaimToHeaderConfigurationParser
{
Response<ClaimToHeader> Extract(string headerKey, string value);
}
}

9
src/Ocelot/Configuration/Parser/IClaimToThingConfigurationParser.cs Normal file
View File

@ -0,0 +1,9 @@
using Ocelot.Responses;
namespace Ocelot.Configuration.Parser
{
public interface IClaimToThingConfigurationParser
{
Response<ClaimToThing> Extract(string existingKey, string value);
}
}

14
src/Ocelot/Configuration/ReRoute.cs
View File

@ -4,7 +4,7 @@ namespace Ocelot.Configuration
{ {
public class ReRoute public class ReRoute
{ {
public ReRoute(string downstreamTemplate, string upstreamTemplate, string upstreamHttpMethod, string upstreamTemplatePattern, bool isAuthenticated, AuthenticationOptions authenticationOptions, List<ClaimToHeader> configurationHeaderExtractorProperties) public ReRoute(string downstreamTemplate, string upstreamTemplate, string upstreamHttpMethod, string upstreamTemplatePattern, bool isAuthenticated, AuthenticationOptions authenticationOptions, List<ClaimToThing> configurationHeaderExtractorProperties, List<ClaimToThing> claimsToClaims, Dictionary<string, string> routeClaimsRequirement, bool isAuthorised)
{ {
DownstreamTemplate = downstreamTemplate; DownstreamTemplate = downstreamTemplate;
UpstreamTemplate = upstreamTemplate; UpstreamTemplate = upstreamTemplate;
@ -12,8 +12,12 @@ namespace Ocelot.Configuration
UpstreamTemplatePattern = upstreamTemplatePattern; UpstreamTemplatePattern = upstreamTemplatePattern;
IsAuthenticated = isAuthenticated; IsAuthenticated = isAuthenticated;
AuthenticationOptions = authenticationOptions; AuthenticationOptions = authenticationOptions;
RouteClaimsRequirement = routeClaimsRequirement;
IsAuthorised = isAuthorised;
ClaimsToClaims = claimsToClaims
?? new List<ClaimToThing>();
ClaimsToHeaders = configurationHeaderExtractorProperties ClaimsToHeaders = configurationHeaderExtractorProperties
?? new List<ClaimToHeader>(); ?? new List<ClaimToThing>();
} }
public string DownstreamTemplate { get; private set; } public string DownstreamTemplate { get; private set; }
@ -21,7 +25,11 @@ namespace Ocelot.Configuration
public string UpstreamTemplatePattern { get; private set; } public string UpstreamTemplatePattern { get; private set; }
public string UpstreamHttpMethod { get; private set; } public string UpstreamHttpMethod { get; private set; }
public bool IsAuthenticated { get; private set; } public bool IsAuthenticated { get; private set; }
public bool IsAuthorised { get; private set; }
public AuthenticationOptions AuthenticationOptions { get; private set; } public AuthenticationOptions AuthenticationOptions { get; private set; }
public List<ClaimToHeader> ClaimsToHeaders { get; private set; } public List<ClaimToThing> ClaimsToHeaders { get; private set; }
public List<ClaimToThing> ClaimsToClaims { get; private set; }
public Dictionary<string, string> RouteClaimsRequirement { get; private set; }
} }
} }

6
src/Ocelot/Configuration/Yaml/YamlReRoute.cs
View File

@ -7,7 +7,8 @@ namespace Ocelot.Configuration.Yaml
public YamlReRoute() public YamlReRoute()
{ {
AddHeadersToRequest = new Dictionary<string, string>(); AddHeadersToRequest = new Dictionary<string, string>();
AddClaims = new Dictionary<string, string>(); AddClaimsToRequest = new Dictionary<string, string>();
RouteClaimsRequirement = new Dictionary<string, string>();
} }
public string DownstreamTemplate { get; set; } public string DownstreamTemplate { get; set; }
@ -15,6 +16,7 @@ namespace Ocelot.Configuration.Yaml
public string UpstreamHttpMethod { get; set; } public string UpstreamHttpMethod { get; set; }
public YamlAuthenticationOptions AuthenticationOptions { get; set; } public YamlAuthenticationOptions AuthenticationOptions { get; set; }
public Dictionary<string, string> AddHeadersToRequest { get; set; } public Dictionary<string, string> AddHeadersToRequest { get; set; }
public Dictionary<string, string> AddClaims { get; set; } public Dictionary<string, string> AddClaimsToRequest { get; set; }
public Dictionary<string, string> RouteClaimsRequirement { get; set; }
} }
} }

7
src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs
View File

@ -5,7 +5,6 @@ using Microsoft.Extensions.DependencyInjection;
using Ocelot.Authentication.Handler.Creator; using Ocelot.Authentication.Handler.Creator;
using Ocelot.Authentication.Handler.Factory; using Ocelot.Authentication.Handler.Factory;
using Ocelot.Authorisation; using Ocelot.Authorisation;
using Ocelot.Claims.Parser;
using Ocelot.Configuration.Creator; using Ocelot.Configuration.Creator;
using Ocelot.Configuration.Parser; using Ocelot.Configuration.Parser;
using Ocelot.Configuration.Provider; using Ocelot.Configuration.Provider;
@ -23,6 +22,9 @@ using Ocelot.ScopedData;
namespace Ocelot.DependencyInjection namespace Ocelot.DependencyInjection
{ {
using ClaimsBuilder;
using Infrastructure.Claims.Parser;
public static class ServiceCollectionExtensions public static class ServiceCollectionExtensions
{ {
public static IServiceCollection AddOcelotYamlConfiguration(this IServiceCollection services, IConfigurationRoot configurationRoot) public static IServiceCollection AddOcelotYamlConfiguration(this IServiceCollection services, IConfigurationRoot configurationRoot)
@ -34,7 +36,7 @@ namespace Ocelot.DependencyInjection
services.AddSingleton<IOcelotConfigurationCreator, YamlOcelotConfigurationCreator>(); services.AddSingleton<IOcelotConfigurationCreator, YamlOcelotConfigurationCreator>();
services.AddSingleton<IOcelotConfigurationProvider, YamlOcelotConfigurationProvider>(); services.AddSingleton<IOcelotConfigurationProvider, YamlOcelotConfigurationProvider>();
services.AddSingleton<IOcelotConfigurationRepository, InMemoryOcelotConfigurationRepository>(); services.AddSingleton<IOcelotConfigurationRepository, InMemoryOcelotConfigurationRepository>();
services.AddSingleton<IClaimToHeaderConfigurationParser, ClaimToHeaderConfigurationParser>(); services.AddSingleton<IClaimToThingConfigurationParser, ClaimToThingConfigurationParser>();
services.AddSingleton<IConfigurationValidator, ConfigurationValidator>(); services.AddSingleton<IConfigurationValidator, ConfigurationValidator>();
return services; return services;
@ -48,6 +50,7 @@ namespace Ocelot.DependencyInjection
// ocelot services. // ocelot services.
services.AddSingleton<IAuthoriser, ClaimsAuthoriser>(); services.AddSingleton<IAuthoriser, ClaimsAuthoriser>();
services.AddSingleton<IAddClaimsToRequest, AddClaimsToRequest>();
services.AddSingleton<IAddHeadersToRequest, AddHeadersToRequest>(); services.AddSingleton<IAddHeadersToRequest, AddHeadersToRequest>();
services.AddSingleton<IClaimsParser, ClaimsParser>(); services.AddSingleton<IClaimsParser, ClaimsParser>();
services.AddSingleton<IUrlPathToUrlTemplateMatcher, RegExUrlMatcher>(); services.AddSingleton<IUrlPathToUrlTemplateMatcher, RegExUrlMatcher>();

13
src/Ocelot/HeaderBuilder/AddHeadersToRequest.cs
View File

@ -2,12 +2,13 @@
using System.Linq; using System.Linq;
using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Primitives; using Microsoft.Extensions.Primitives;
using Ocelot.Claims.Parser;
using Ocelot.Configuration; using Ocelot.Configuration;
using Ocelot.Responses; using Ocelot.Responses;
namespace Ocelot.HeaderBuilder namespace Ocelot.HeaderBuilder
{ {
using Infrastructure.Claims.Parser;
public class AddHeadersToRequest : IAddHeadersToRequest public class AddHeadersToRequest : IAddHeadersToRequest
{ {
private readonly IClaimsParser _claimsParser; private readonly IClaimsParser _claimsParser;
@ -17,25 +18,25 @@ namespace Ocelot.HeaderBuilder
_claimsParser = claimsParser; _claimsParser = claimsParser;
} }
public Response SetHeadersOnContext(List<ClaimToHeader> configurationHeaderExtractorProperties, HttpContext context) public Response SetHeadersOnContext(List<ClaimToThing> claimsToThings, HttpContext context)
{ {
foreach (var config in configurationHeaderExtractorProperties) foreach (var config in claimsToThings)
{ {
var value = _claimsParser.GetValue(context.User.Claims, config.ClaimKey, config.Delimiter, config.Index); var value = _claimsParser.GetValue(context.User.Claims, config.NewKey, config.Delimiter, config.Index);
if (value.IsError) if (value.IsError)
{ {
return new ErrorResponse(value.Errors); return new ErrorResponse(value.Errors);
} }
var exists = context.Request.Headers.FirstOrDefault(x => x.Key == config.HeaderKey); var exists = context.Request.Headers.FirstOrDefault(x => x.Key == config.ExistingKey);
if (!string.IsNullOrEmpty(exists.Key)) if (!string.IsNullOrEmpty(exists.Key))
{ {
context.Request.Headers.Remove(exists); context.Request.Headers.Remove(exists);
} }
context.Request.Headers.Add(config.HeaderKey, new StringValues(value.Data)); context.Request.Headers.Add(config.ExistingKey, new StringValues(value.Data));
} }
return new OkResponse(); return new OkResponse();

2
src/Ocelot/HeaderBuilder/IAddHeadersToRequest.cs
View File

@ -7,7 +7,7 @@ namespace Ocelot.HeaderBuilder
{ {
public interface IAddHeadersToRequest public interface IAddHeadersToRequest
{ {
Response SetHeadersOnContext(List<ClaimToHeader> configurationHeaderExtractorProperties, Response SetHeadersOnContext(List<ClaimToThing> claimsToThings,
HttpContext context); HttpContext context);
} }
} }

6
src/Ocelot/Claims/Parser/CannotFindClaimError.cs → src/Ocelot/Infrastructure/Claims/Parser/CannotFindClaimError.cs
View File

@ -1,7 +1,7 @@
using Ocelot.Errors; namespace Ocelot.Infrastructure.Claims.Parser
namespace Ocelot.Claims.Parser
{ {
using Errors;
public class CannotFindClaimError : Error public class CannotFindClaimError : Error
{ {
public CannotFindClaimError(string message) public CannotFindClaimError(string message)

14
src/Ocelot/Claims/Parser/ClaimsParser.cs → src/Ocelot/Infrastructure/Claims/Parser/ClaimsParser.cs
View File

@ -1,11 +1,11 @@
using System.Collections.Generic; namespace Ocelot.Infrastructure.Claims.Parser
using System.Linq;
using System.Security.Claims;
using Ocelot.Errors;
using Ocelot.Responses;
namespace Ocelot.Claims.Parser
{ {
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using Errors;
using Responses;
public class ClaimsParser : IClaimsParser public class ClaimsParser : IClaimsParser
{ {
public Response<string> GetValue(IEnumerable<Claim> claims, string key, string delimiter, int index) public Response<string> GetValue(IEnumerable<Claim> claims, string key, string delimiter, int index)

10
src/Ocelot/Claims/Parser/IClaimsParser.cs → src/Ocelot/Infrastructure/Claims/Parser/IClaimsParser.cs
View File

@ -1,9 +1,9 @@
using System.Collections.Generic; namespace Ocelot.Infrastructure.Claims.Parser
using System.Security.Claims;
using Ocelot.Responses;
namespace Ocelot.Claims.Parser
{ {
using System.Collections.Generic;
using System.Security.Claims;
using Responses;
public interface IClaimsParser public interface IClaimsParser
{ {
Response<string> GetValue(IEnumerable<Claim> claims, string key, string delimiter, int index); Response<string> GetValue(IEnumerable<Claim> claims, string key, string delimiter, int index);

6
src/Ocelot/Middleware/OcelotMiddlewareExtensions.cs
View File

@ -1,6 +1,5 @@
using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Builder;
using Ocelot.Authentication.Middleware; using Ocelot.Authentication.Middleware;
using Ocelot.Authorisation;
using Ocelot.DownstreamRouteFinder.Middleware; using Ocelot.DownstreamRouteFinder.Middleware;
using Ocelot.DownstreamUrlCreator.Middleware; using Ocelot.DownstreamUrlCreator.Middleware;
using Ocelot.HeaderBuilder.Middleware; using Ocelot.HeaderBuilder.Middleware;
@ -10,6 +9,9 @@ using Ocelot.Responder.Middleware;
namespace Ocelot.Middleware namespace Ocelot.Middleware
{ {
using Authorisation.Middleware;
using ClaimsBuilder.Middleware;
public static class OcelotMiddlewareExtensions public static class OcelotMiddlewareExtensions
{ {
public static IApplicationBuilder UseOcelot(this IApplicationBuilder builder) public static IApplicationBuilder UseOcelot(this IApplicationBuilder builder)
@ -20,6 +22,8 @@ namespace Ocelot.Middleware
builder.UseAuthenticationMiddleware(); builder.UseAuthenticationMiddleware();
builder.UseClaimsBuilderMiddleware();
builder.UseAuthorisationMiddleware(); builder.UseAuthorisationMiddleware();
builder.UseHttpRequestHeadersBuilderMiddleware(); builder.UseHttpRequestHeadersBuilderMiddleware();

8
src/Ocelot/Responder/ErrorsToHttpStatusCodeMapper.cs
View File

@ -14,6 +14,14 @@ namespace Ocelot.Responder
return new OkResponse<int>(401); return new OkResponse<int>(401);
} }
if (errors.Any(e => e.Code == OcelotErrorCode.UnauthorizedError
|| e.Code == OcelotErrorCode.ClaimValueNotAuthorisedError
|| e.Code == OcelotErrorCode.UserDoesNotHaveClaimError
|| e.Code == OcelotErrorCode.CannotFindClaimError))
{
return new OkResponse<int>(403);
}
return new OkResponse<int>(404); return new OkResponse<int>(404);
} }
} }

69
test/Ocelot.AcceptanceTests/AuthorisationTests.cs
View File

@ -74,11 +74,15 @@ namespace Ocelot.AcceptanceTests
{"UserType", "Claims[sub] > value[0] > |"}, {"UserType", "Claims[sub] > value[0] > |"},
{"UserId", "Claims[sub] > value[1] > |"} {"UserId", "Claims[sub] > value[1] > |"}
}, },
AddClaims = AddClaimsToRequest =
{ {
{"CustomerId", "Claims[CustomerId] > value"}, {"CustomerId", "Claims[CustomerId] > value"},
{"UserType", "Claims[sub] > value[0] > |"}, {"UserType", "Claims[sub] > value[0] > |"},
{"UserId", "Claims[sub] > value[1] > |"} {"UserId", "Claims[sub] > value[1] > |"}
},
RouteClaimsRequirement =
{
{"UserType", "registered"}
} }
} }
} }
@ -91,26 +95,66 @@ namespace Ocelot.AcceptanceTests
.BDDfy(); .BDDfy();
} }
[Fact]
public void should_return_response_403_authorising_route()
{
this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:51888", "api", AccessTokenType.Jwt))
.And(x => x.GivenThereIsAServiceRunningOn("http://localhost:51876", 200, "Hello from Laura"))
.And(x => x.GivenIHaveAToken("http://localhost:51888"))
.And(x => x.GivenThereIsAConfiguration(new YamlConfiguration
{
ReRoutes = new List<YamlReRoute>
{
new YamlReRoute
{
DownstreamTemplate = "http://localhost:51876/",
UpstreamTemplate = "/",
UpstreamHttpMethod = "Get",
AuthenticationOptions = new YamlAuthenticationOptions
{
AdditionalScopes = new List<string>(),
Provider = "IdentityServer",
ProviderRootUrl = "http://localhost:51888",
RequireHttps = false,
ScopeName = "api",
ScopeSecret = "secret"
},
AddHeadersToRequest =
{
{"CustomerId", "Claims[CustomerId] > value"},
{"LocationId", "Claims[LocationId] > value"},
{"UserType", "Claims[sub] > value[0] > |"},
{"UserId", "Claims[sub] > value[1] > |"}
},
AddClaimsToRequest =
{
{"CustomerId", "Claims[CustomerId] > value"},
{"UserId", "Claims[sub] > value[1] > |"}
},
RouteClaimsRequirement =
{
{"UserType", "registered"}
}
}
}
}))
.And(x => x.GivenTheApiGatewayIsRunning())
.And(x => x.GivenIHaveAddedATokenToMyRequest())
.When(x => x.WhenIGetUrlOnTheApiGateway("/"))
.Then(x => x.ThenTheStatusCodeShouldBe(HttpStatusCode.Forbidden))
.BDDfy();
}
private void WhenIGetUrlOnTheApiGateway(string url) private void WhenIGetUrlOnTheApiGateway(string url)
{ {
_response = _ocelotClient.GetAsync(url).Result; _response = _ocelotClient.GetAsync(url).Result;
} }
private void WhenIPostUrlOnTheApiGateway(string url)
{
_response = _ocelotClient.PostAsync(url, _postContent).Result;
}
private void ThenTheResponseBodyShouldBe(string expectedBody) private void ThenTheResponseBodyShouldBe(string expectedBody)
{ {
_response.Content.ReadAsStringAsync().Result.ShouldBe(expectedBody); _response.Content.ReadAsStringAsync().Result.ShouldBe(expectedBody);
} }
private void GivenThePostHasContent(string postcontent)
{
_postContent = new StringContent(postcontent);
}
/// <summary> /// <summary>
/// This is annoying cos it should be in the constructor but we need to set up the yaml file before calling startup so its a step. /// This is annoying cos it should be in the constructor but we need to set up the yaml file before calling startup so its a step.
/// </summary> /// </summary>
@ -184,7 +228,8 @@ namespace Ocelot.AcceptanceTests
{ {
Value = "secret".Sha256() Value = "secret".Sha256()
} }
} },
IncludeAllClaimsForUser = true
}, },
StandardScopes.OpenId, StandardScopes.OpenId,

15
test/Ocelot.UnitTests/Authorization/AuthorizationMiddlewareTests.cs → test/Ocelot.UnitTests/Authorization/AuthorisationMiddlewareTests.cs
View File

@ -18,7 +18,9 @@ using Xunit;
namespace Ocelot.UnitTests.Authorization namespace Ocelot.UnitTests.Authorization
{ {
public class AuthorizationMiddlewareTests : IDisposable using Authorisation.Middleware;
public class AuthorisationMiddlewareTests : IDisposable
{ {
private readonly Mock<IScopedRequestDataRepository> _scopedRepository; private readonly Mock<IScopedRequestDataRepository> _scopedRepository;
private readonly Mock<IAuthoriser> _authService; private readonly Mock<IAuthoriser> _authService;
@ -28,7 +30,7 @@ namespace Ocelot.UnitTests.Authorization
private HttpResponseMessage _result; private HttpResponseMessage _result;
private OkResponse<DownstreamRoute> _downstreamRoute; private OkResponse<DownstreamRoute> _downstreamRoute;
public AuthorizationMiddlewareTests() public AuthorisationMiddlewareTests()
{ {
_url = "http://localhost:51879"; _url = "http://localhost:51879";
_scopedRepository = new Mock<IScopedRequestDataRepository>(); _scopedRepository = new Mock<IScopedRequestDataRepository>();
@ -56,18 +58,17 @@ namespace Ocelot.UnitTests.Authorization
[Fact] [Fact]
public void happy_path() public void happy_path()
{ {
this.Given(x => x.GivenTheDownStreamRouteIs(new DownstreamRoute(new List<TemplateVariableNameAndValue>(), new ReRouteBuilder().Build()))) this.Given(x => x.GivenTheDownStreamRouteIs(new DownstreamRoute(new List<TemplateVariableNameAndValue>(), new ReRouteBuilder().WithIsAuthorised(true).Build())))
.And(x => x.GivenTheAuthServiceReturns(new OkResponse<bool>(true))) .And(x => x.GivenTheAuthServiceReturns(new OkResponse<bool>(true)))
.When(x => x.WhenICallTheMiddleware()) .When(x => x.WhenICallTheMiddleware())
//todo stick this back in .Then(x => x.ThenTheAuthServiceIsCalledCorrectly())
//.Then(x => x.ThenTheAuthServiceIsCalledCorrectly())
.BDDfy(); .BDDfy();
} }
private void GivenTheAuthServiceReturns(Response<bool> expected) private void GivenTheAuthServiceReturns(Response<bool> expected)
{ {
_authService _authService
.Setup(x => x.Authorise(It.IsAny<ClaimsPrincipal>(), It.IsAny<RouteClaimsRequirement>())) .Setup(x => x.Authorise(It.IsAny<ClaimsPrincipal>(), It.IsAny<Dictionary<string, string>>()))
.Returns(expected); .Returns(expected);
} }
@ -75,7 +76,7 @@ namespace Ocelot.UnitTests.Authorization
{ {
_authService _authService
.Verify(x => x.Authorise(It.IsAny<ClaimsPrincipal>(), .Verify(x => x.Authorise(It.IsAny<ClaimsPrincipal>(),
It.IsAny<RouteClaimsRequirement>()), Times.Once); It.IsAny<Dictionary<string, string>>()), Times.Once);
} }
private void GivenTheDownStreamRouteIs(DownstreamRoute downstreamRoute) private void GivenTheDownStreamRouteIs(DownstreamRoute downstreamRoute)

15
test/Ocelot.UnitTests/Authorization/ClaimsAuthoriserTests.cs
View File

@ -1,7 +1,6 @@
using System.Collections.Generic; using System.Collections.Generic;
using System.Security.Claims; using System.Security.Claims;
using Ocelot.Authorisation; using Ocelot.Authorisation;
using Ocelot.Claims.Parser;
using Ocelot.Responses; using Ocelot.Responses;
using Shouldly; using Shouldly;
using TestStack.BDDfy; using TestStack.BDDfy;
@ -9,11 +8,13 @@ using Xunit;
namespace Ocelot.UnitTests.Authorization namespace Ocelot.UnitTests.Authorization
{ {
using Ocelot.Infrastructure.Claims.Parser;
public class ClaimsAuthoriserTests public class ClaimsAuthoriserTests
{ {
private readonly ClaimsAuthoriser _claimsAuthoriser; private readonly ClaimsAuthoriser _claimsAuthoriser;
private ClaimsPrincipal _claimsPrincipal; private ClaimsPrincipal _claimsPrincipal;
private RouteClaimsRequirement _requirement; private Dictionary<string, string> _requirement;
private Response<bool> _result; private Response<bool> _result;
public ClaimsAuthoriserTests() public ClaimsAuthoriserTests()
@ -28,10 +29,10 @@ namespace Ocelot.UnitTests.Authorization
{ {
new Claim("UserType", "registered") new Claim("UserType", "registered")
})))) }))))
.And(x => x.GivenARouteClaimsRequirement(new RouteClaimsRequirement(new Dictionary<string, string> .And(x => x.GivenARouteClaimsRequirement(new Dictionary<string, string>
{ {
{"UserType", "registered"} {"UserType", "registered"}
}))) }))
.When(x => x.WhenICallTheAuthoriser()) .When(x => x.WhenICallTheAuthoriser())
.Then(x => x.ThenTheUserIsAuthorised()) .Then(x => x.ThenTheUserIsAuthorised())
.BDDfy(); .BDDfy();
@ -41,10 +42,10 @@ namespace Ocelot.UnitTests.Authorization
public void should_not_authorise_user() public void should_not_authorise_user()
{ {
this.Given(x => x.GivenAClaimsPrincipal(new ClaimsPrincipal(new ClaimsIdentity(new List<Claim>())))) this.Given(x => x.GivenAClaimsPrincipal(new ClaimsPrincipal(new ClaimsIdentity(new List<Claim>()))))
.And(x => x.GivenARouteClaimsRequirement(new RouteClaimsRequirement(new Dictionary<string, string> .And(x => x.GivenARouteClaimsRequirement(new Dictionary<string, string>
{ {
{ "UserType", "registered" } { "UserType", "registered" }
}))) }))
.When(x => x.WhenICallTheAuthoriser()) .When(x => x.WhenICallTheAuthoriser())
.Then(x => x.ThenTheUserIsntAuthorised()) .Then(x => x.ThenTheUserIsntAuthorised())
.BDDfy(); .BDDfy();
@ -55,7 +56,7 @@ namespace Ocelot.UnitTests.Authorization
_claimsPrincipal = claimsPrincipal; _claimsPrincipal = claimsPrincipal;
} }
private void GivenARouteClaimsRequirement(RouteClaimsRequirement requirement) private void GivenARouteClaimsRequirement(Dictionary<string, string> requirement)
{ {
_requirement = requirement; _requirement = requirement;
} }

145
test/Ocelot.UnitTests/ClaimsBuilder/AddClaimsToRequestTests.cs Normal file
View File

@ -0,0 +1,145 @@
namespace Ocelot.UnitTests.ClaimsBuilder
{
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using Errors;
using Microsoft.AspNetCore.Http;
using Moq;
using Ocelot.ClaimsBuilder;
using Ocelot.Configuration;
using Ocelot.Infrastructure.Claims.Parser;
using Responses;
using Shouldly;
using TestStack.BDDfy;
using Xunit;
public class AddClaimsToRequestTests
{
private readonly AddClaimsToRequest _addClaimsToRequest;
private readonly Mock<IClaimsParser> _parser;
private List<ClaimToThing> _claimsToThings;
private HttpContext _context;
private Response _result;
private Response<string> _claimValue;
public AddClaimsToRequestTests()
{
_parser = new Mock<IClaimsParser>();
_addClaimsToRequest = new AddClaimsToRequest(_parser.Object);
}
[Fact]
public void should_add_claims_to_context()
{
var context = new DefaultHttpContext
{
User = new ClaimsPrincipal(new ClaimsIdentity(new List<Claim>
{
new Claim("test", "data")
}))
};
this.Given(
x => x.GivenClaimsToThings(new List<ClaimToThing>
{
new ClaimToThing("claim-key", "", "", 0)
}))
.Given(x => x.GivenHttpContext(context))
.And(x => x.GivenTheClaimParserReturns(new OkResponse<string>("value")))
.When(x => x.WhenIAddClaimsToTheRequest())
.Then(x => x.ThenTheResultIsSuccess())
.BDDfy();
}
[Fact]
public void if_claims_exists_should_replace_it()
{
var context = new DefaultHttpContext
{
User = new ClaimsPrincipal(new ClaimsIdentity(new List<Claim>
{
new Claim("existing-key", "data"),
new Claim("new-key", "data")
})),
};
this.Given(
x => x.GivenClaimsToThings(new List<ClaimToThing>
{
new ClaimToThing("existing-key", "new-key", "", 0)
}))
.Given(x => x.GivenHttpContext(context))
.And(x => x.GivenTheClaimParserReturns(new OkResponse<string>("value")))
.When(x => x.WhenIAddClaimsToTheRequest())
.Then(x => x.ThenTheResultIsSuccess())
.BDDfy();
}
[Fact]
public void should_return_error()
{
this.Given(
x => x.GivenClaimsToThings(new List<ClaimToThing>
{
new ClaimToThing("", "", "", 0)
}))
.Given(x => x.GivenHttpContext(new DefaultHttpContext()))
.And(x => x.GivenTheClaimParserReturns(new ErrorResponse<string>(new List<Error>
{
new AnyError()
})))
.When(x => x.WhenIAddClaimsToTheRequest())
.Then(x => x.ThenTheResultIsError())
.BDDfy();
}
private void GivenClaimsToThings(List<ClaimToThing> configuration)
{
_claimsToThings = configuration;
}
private void GivenHttpContext(HttpContext context)
{
_context = context;
}
private void GivenTheClaimParserReturns(Response<string> claimValue)
{
_claimValue = claimValue;
_parser
.Setup(
x =>
x.GetValue(It.IsAny<IEnumerable<Claim>>(),
It.IsAny<string>(),
It.IsAny<string>(),
It.IsAny<int>()))
.Returns(_claimValue);
}
private void WhenIAddClaimsToTheRequest()
{
_result = _addClaimsToRequest.SetClaimsOnContext(_claimsToThings, _context);
}
private void ThenTheResultIsSuccess()
{
_result.IsError.ShouldBe(false);
}
private void ThenTheResultIsError()
{
_result.IsError.ShouldBe(true);
}
class AnyError : Error
{
public AnyError()
: base("blahh", OcelotErrorCode.UnknownError)
{
}
}
}
}

111
test/Ocelot.UnitTests/ClaimsBuilder/ClaimsBuilderMiddlewareTests.cs Normal file
View File

@ -0,0 +1,111 @@
namespace Ocelot.UnitTests.ClaimsBuilder
{
using System;
using System.Collections.Generic;
using System.IO;
using System.Net.Http;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.TestHost;
using Microsoft.Extensions.DependencyInjection;
using Moq;
using Ocelot.ClaimsBuilder;
using Ocelot.ClaimsBuilder.Middleware;
using Ocelot.Configuration;
using Ocelot.Configuration.Builder;
using Ocelot.DownstreamRouteFinder;
using Ocelot.DownstreamRouteFinder.UrlMatcher;
using Responses;
using ScopedData;
using TestStack.BDDfy;
using Xunit;
public class ClaimsBuilderMiddlewareTests : IDisposable
{
private readonly Mock<IScopedRequestDataRepository> _scopedRepository;
private readonly Mock<IAddClaimsToRequest> _addHeaders;
private readonly string _url;
private readonly TestServer _server;
private readonly HttpClient _client;
private Response<DownstreamRoute> _downstreamRoute;
private HttpResponseMessage _result;
public ClaimsBuilderMiddlewareTests()
{
_url = "http://localhost:51879";
_scopedRepository = new Mock<IScopedRequestDataRepository>();
_addHeaders = new Mock<IAddClaimsToRequest>();
var builder = new WebHostBuilder()
.ConfigureServices(x =>
{
x.AddSingleton(_addHeaders.Object);
x.AddSingleton(_scopedRepository.Object);
})
.UseUrls(_url)
.UseKestrel()
.UseContentRoot(Directory.GetCurrentDirectory())
.UseIISIntegration()
.UseUrls(_url)
.Configure(app =>
{
app.UseClaimsBuilderMiddleware();
});
_server = new TestServer(builder);
_client = _server.CreateClient();
}
[Fact]
public void happy_path()
{
var downstreamRoute = new DownstreamRoute(new List<TemplateVariableNameAndValue>(),
new ReRouteBuilder()
.WithDownstreamTemplate("any old string")
.WithClaimsToClaims(new List<ClaimToThing>
{
new ClaimToThing("sub", "UserType", "|", 0)
})
.Build());
this.Given(x => x.GivenTheDownStreamRouteIs(downstreamRoute))
.And(x => x.GivenTheAddClaimsToRequestReturns())
.When(x => x.WhenICallTheMiddleware())
.Then(x => x.ThenTheClaimsToRequestIsCalledCorrectly())
.BDDfy();
}
private void GivenTheAddClaimsToRequestReturns()
{
_addHeaders
.Setup(x => x.SetClaimsOnContext(It.IsAny<List<ClaimToThing>>(),
It.IsAny<HttpContext>()))
.Returns(new OkResponse());
}
private void ThenTheClaimsToRequestIsCalledCorrectly()
{
_addHeaders
.Verify(x => x.SetClaimsOnContext(It.IsAny<List<ClaimToThing>>(),
It.IsAny<HttpContext>()), Times.Once);
}
private void WhenICallTheMiddleware()
{
_result = _client.GetAsync(_url).Result;
}
private void GivenTheDownStreamRouteIs(DownstreamRoute downstreamRoute)
{
_downstreamRoute = new OkResponse<DownstreamRoute>(downstreamRoute);
_scopedRepository
.Setup(x => x.Get<DownstreamRoute>(It.IsAny<string>()))
.Returns(_downstreamRoute);
}
public void Dispose()
{
_client.Dispose();
_server.Dispose();
}
}
}

30
test/Ocelot.UnitTests/Configuration/ConfigurationHeadersExtractorTests.cs → test/Ocelot.UnitTests/Configuration/ClaimToThingConfigurationParserTests.cs
View File

@ -10,15 +10,15 @@ using Xunit;
namespace Ocelot.UnitTests.Configuration namespace Ocelot.UnitTests.Configuration
{ {
public class ConfigurationHeadersExtractorTests public class ClaimToThingConfigurationParserTests
{ {
private Dictionary<string, string> _dictionary; private Dictionary<string, string> _dictionary;
private readonly IClaimToHeaderConfigurationParser _claimToHeaderConfigurationParser; private readonly IClaimToThingConfigurationParser _claimToThingConfigurationParser;
private Response<ClaimToHeader> _result; private Response<ClaimToThing> _result;
public ConfigurationHeadersExtractorTests() public ClaimToThingConfigurationParserTests()
{ {
_claimToHeaderConfigurationParser = new ClaimToHeaderConfigurationParser(); _claimToThingConfigurationParser = new ClaimToThingConfigurationParser();
} }
[Fact] [Fact]
@ -31,7 +31,7 @@ namespace Ocelot.UnitTests.Configuration
.When(x => x.WhenICallTheExtractor()) .When(x => x.WhenICallTheExtractor())
.Then( .Then(
x => x =>
x.ThenAnErrorIsReturned(new ErrorResponse<ClaimToHeader>( x.ThenAnErrorIsReturned(new ErrorResponse<ClaimToThing>(
new List<Error> new List<Error>
{ {
new NoInstructionsError(">") new NoInstructionsError(">")
@ -49,7 +49,7 @@ namespace Ocelot.UnitTests.Configuration
.When(x => x.WhenICallTheExtractor()) .When(x => x.WhenICallTheExtractor())
.Then( .Then(
x => x =>
x.ThenAnErrorIsReturned(new ErrorResponse<ClaimToHeader>( x.ThenAnErrorIsReturned(new ErrorResponse<ClaimToThing>(
new List<Error> new List<Error>
{ {
new InstructionNotForClaimsError() new InstructionNotForClaimsError()
@ -68,8 +68,8 @@ namespace Ocelot.UnitTests.Configuration
.Then( .Then(
x => x =>
x.ThenTheClaimParserPropertiesAreReturned( x.ThenTheClaimParserPropertiesAreReturned(
new OkResponse<ClaimToHeader>( new OkResponse<ClaimToThing>(
new ClaimToHeader("CustomerId", "CustomerId", "", 0)))) new ClaimToThing("CustomerId", "CustomerId", "", 0))))
.BDDfy(); .BDDfy();
} }
@ -84,20 +84,20 @@ namespace Ocelot.UnitTests.Configuration
.Then( .Then(
x => x =>
x.ThenTheClaimParserPropertiesAreReturned( x.ThenTheClaimParserPropertiesAreReturned(
new OkResponse<ClaimToHeader>( new OkResponse<ClaimToThing>(
new ClaimToHeader("UserId", "Subject", "|", 0)))) new ClaimToThing("UserId", "Subject", "|", 0))))
.BDDfy(); .BDDfy();
} }
private void ThenAnErrorIsReturned(Response<ClaimToHeader> expected) private void ThenAnErrorIsReturned(Response<ClaimToThing> expected)
{ {
_result.IsError.ShouldBe(expected.IsError); _result.IsError.ShouldBe(expected.IsError);
_result.Errors[0].ShouldBeOfType(expected.Errors[0].GetType()); _result.Errors[0].ShouldBeOfType(expected.Errors[0].GetType());
} }
private void ThenTheClaimParserPropertiesAreReturned(Response<ClaimToHeader> expected) private void ThenTheClaimParserPropertiesAreReturned(Response<ClaimToThing> expected)
{ {
_result.Data.ClaimKey.ShouldBe(expected.Data.ClaimKey); _result.Data.NewKey.ShouldBe(expected.Data.NewKey);
_result.Data.Delimiter.ShouldBe(expected.Data.Delimiter); _result.Data.Delimiter.ShouldBe(expected.Data.Delimiter);
_result.Data.Index.ShouldBe(expected.Data.Index); _result.Data.Index.ShouldBe(expected.Data.Index);
_result.IsError.ShouldBe(expected.IsError); _result.IsError.ShouldBe(expected.IsError);
@ -106,7 +106,7 @@ namespace Ocelot.UnitTests.Configuration
private void WhenICallTheExtractor() private void WhenICallTheExtractor()
{ {
var first = _dictionary.First(); var first = _dictionary.First();
_result = _claimToHeaderConfigurationParser.Extract(first.Key, first.Value); _result = _claimToThingConfigurationParser.Extract(first.Key, first.Value);
} }
private void GivenTheDictionaryIs(Dictionary<string, string> dictionary) private void GivenTheDictionaryIs(Dictionary<string, string> dictionary)

14
test/Ocelot.UnitTests/Configuration/YamlConfigurationCreatorTests.cs
View File

@ -21,14 +21,14 @@ namespace Ocelot.UnitTests.Configuration
private readonly Mock<IConfigurationValidator> _validator; private readonly Mock<IConfigurationValidator> _validator;
private Response<IOcelotConfiguration> _config; private Response<IOcelotConfiguration> _config;
private YamlConfiguration _yamlConfiguration; private YamlConfiguration _yamlConfiguration;
private readonly Mock<IClaimToHeaderConfigurationParser> _configParser; private readonly Mock<IClaimToThingConfigurationParser> _configParser;
private readonly Mock<ILogger<YamlOcelotConfigurationCreator>> _logger; private readonly Mock<ILogger<YamlOcelotConfigurationCreator>> _logger;
private readonly YamlOcelotConfigurationCreator _ocelotConfigurationCreator; private readonly YamlOcelotConfigurationCreator _ocelotConfigurationCreator;
public YamlConfigurationCreatorTests() public YamlConfigurationCreatorTests()
{ {
_logger = new Mock<ILogger<YamlOcelotConfigurationCreator>>(); _logger = new Mock<ILogger<YamlOcelotConfigurationCreator>>();
_configParser = new Mock<IClaimToHeaderConfigurationParser>(); _configParser = new Mock<IClaimToThingConfigurationParser>();
_validator = new Mock<IConfigurationValidator>(); _validator = new Mock<IConfigurationValidator>();
_yamlConfig = new Mock<IOptions<YamlConfiguration>>(); _yamlConfig = new Mock<IOptions<YamlConfiguration>>();
_ocelotConfigurationCreator = new YamlOcelotConfigurationCreator( _ocelotConfigurationCreator = new YamlOcelotConfigurationCreator(
@ -79,9 +79,9 @@ namespace Ocelot.UnitTests.Configuration
.WithRequireHttps(false) .WithRequireHttps(false)
.WithScopeSecret("secret") .WithScopeSecret("secret")
.WithAuthenticationProviderScopeName("api") .WithAuthenticationProviderScopeName("api")
.WithConfigurationHeaderExtractorProperties(new List<ClaimToHeader> .WithClaimsToHeaders(new List<ClaimToThing>
{ {
new ClaimToHeader("CustomerId", "CustomerId", "", 0), new ClaimToThing("CustomerId", "CustomerId", "", 0),
}) })
.Build() .Build()
}; };
@ -112,18 +112,18 @@ namespace Ocelot.UnitTests.Configuration
} }
})) }))
.And(x => x.GivenTheYamlConfigIsValid()) .And(x => x.GivenTheYamlConfigIsValid())
.And(x => x.GivenTheConfigHeaderExtractorReturns(new ClaimToHeader("CustomerId", "CustomerId", "", 0))) .And(x => x.GivenTheConfigHeaderExtractorReturns(new ClaimToThing("CustomerId", "CustomerId", "", 0)))
.When(x => x.WhenICreateTheConfig()) .When(x => x.WhenICreateTheConfig())
.Then(x => x.ThenTheReRoutesAre(expected)) .Then(x => x.ThenTheReRoutesAre(expected))
.And(x => x.ThenTheAuthenticationOptionsAre(expected)) .And(x => x.ThenTheAuthenticationOptionsAre(expected))
.BDDfy(); .BDDfy();
} }
private void GivenTheConfigHeaderExtractorReturns(ClaimToHeader expected) private void GivenTheConfigHeaderExtractorReturns(ClaimToThing expected)
{ {
_configParser _configParser
.Setup(x => x.Extract(It.IsAny<string>(), It.IsAny<string>())) .Setup(x => x.Extract(It.IsAny<string>(), It.IsAny<string>()))
.Returns(new OkResponse<ClaimToHeader>(expected)); .Returns(new OkResponse<ClaimToThing>(expected));
} }
[Fact] [Fact]

19
test/Ocelot.UnitTests/HeaderBuilder/AddHeadersToRequestTests.cs
View File

@ -4,7 +4,6 @@ using System.Security.Claims;
using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Primitives; using Microsoft.Extensions.Primitives;
using Moq; using Moq;
using Ocelot.Claims.Parser;
using Ocelot.Configuration; using Ocelot.Configuration;
using Ocelot.Errors; using Ocelot.Errors;
using Ocelot.HeaderBuilder; using Ocelot.HeaderBuilder;
@ -15,11 +14,13 @@ using Xunit;
namespace Ocelot.UnitTests.HeaderBuilder namespace Ocelot.UnitTests.HeaderBuilder
{ {
using Ocelot.Infrastructure.Claims.Parser;
public class AddHeadersToRequestTests public class AddHeadersToRequestTests
{ {
private readonly AddHeadersToRequest _addHeadersToRequest; private readonly AddHeadersToRequest _addHeadersToRequest;
private readonly Mock<IClaimsParser> _parser; private readonly Mock<IClaimsParser> _parser;
private List<ClaimToHeader> _configuration; private List<ClaimToThing> _configuration;
private HttpContext _context; private HttpContext _context;
private Response _result; private Response _result;
private Response<string> _claimValue; private Response<string> _claimValue;
@ -42,9 +43,9 @@ namespace Ocelot.UnitTests.HeaderBuilder
}; };
this.Given( this.Given(
x => x.GivenConfigurationHeaderExtractorProperties(new List<ClaimToHeader> x => x.GivenConfigurationHeaderExtractorProperties(new List<ClaimToThing>
{ {
new ClaimToHeader("header-key", "", "", 0) new ClaimToThing("header-key", "", "", 0)
})) }))
.Given(x => x.GivenHttpContext(context)) .Given(x => x.GivenHttpContext(context))
.And(x => x.GivenTheClaimParserReturns(new OkResponse<string>("value"))) .And(x => x.GivenTheClaimParserReturns(new OkResponse<string>("value")))
@ -68,9 +69,9 @@ namespace Ocelot.UnitTests.HeaderBuilder
context.Request.Headers.Add("header-key", new StringValues("initial")); context.Request.Headers.Add("header-key", new StringValues("initial"));
this.Given( this.Given(
x => x.GivenConfigurationHeaderExtractorProperties(new List<ClaimToHeader> x => x.GivenConfigurationHeaderExtractorProperties(new List<ClaimToThing>
{ {
new ClaimToHeader("header-key", "", "", 0) new ClaimToThing("header-key", "", "", 0)
})) }))
.Given(x => x.GivenHttpContext(context)) .Given(x => x.GivenHttpContext(context))
.And(x => x.GivenTheClaimParserReturns(new OkResponse<string>("value"))) .And(x => x.GivenTheClaimParserReturns(new OkResponse<string>("value")))
@ -84,9 +85,9 @@ namespace Ocelot.UnitTests.HeaderBuilder
public void should_return_error() public void should_return_error()
{ {
this.Given( this.Given(
x => x.GivenConfigurationHeaderExtractorProperties(new List<ClaimToHeader> x => x.GivenConfigurationHeaderExtractorProperties(new List<ClaimToThing>
{ {
new ClaimToHeader("", "", "", 0) new ClaimToThing("", "", "", 0)
})) }))
.Given(x => x.GivenHttpContext(new DefaultHttpContext())) .Given(x => x.GivenHttpContext(new DefaultHttpContext()))
.And(x => x.GivenTheClaimParserReturns(new ErrorResponse<string>(new List<Error> .And(x => x.GivenTheClaimParserReturns(new ErrorResponse<string>(new List<Error>
@ -104,7 +105,7 @@ namespace Ocelot.UnitTests.HeaderBuilder
header.Value.First().ShouldBe(_claimValue.Data); header.Value.First().ShouldBe(_claimValue.Data);
} }
private void GivenConfigurationHeaderExtractorProperties(List<ClaimToHeader> configuration) private void GivenConfigurationHeaderExtractorProperties(List<ClaimToThing> configuration)
{ {
_configuration = configuration; _configuration = configuration;
} }

8
test/Ocelot.UnitTests/HeaderBuilder/HttpRequestHeadersBuilderMiddlewareTests.cs
View File

@ -61,9 +61,9 @@ namespace Ocelot.UnitTests.HeaderBuilder
var downstreamRoute = new DownstreamRoute(new List<TemplateVariableNameAndValue>(), var downstreamRoute = new DownstreamRoute(new List<TemplateVariableNameAndValue>(),
new ReRouteBuilder() new ReRouteBuilder()
.WithDownstreamTemplate("any old string") .WithDownstreamTemplate("any old string")
.WithConfigurationHeaderExtractorProperties(new List<ClaimToHeader> .WithClaimsToHeaders(new List<ClaimToThing>
{ {
new ClaimToHeader("UserId", "Subject", "", 0) new ClaimToThing("UserId", "Subject", "", 0)
}) })
.Build()); .Build());
@ -77,7 +77,7 @@ namespace Ocelot.UnitTests.HeaderBuilder
private void GivenTheAddHeadersToRequestReturns(string claimValue) private void GivenTheAddHeadersToRequestReturns(string claimValue)
{ {
_addHeaders _addHeaders
.Setup(x => x.SetHeadersOnContext(It.IsAny<List<ClaimToHeader>>(), .Setup(x => x.SetHeadersOnContext(It.IsAny<List<ClaimToThing>>(),
It.IsAny<HttpContext>())) It.IsAny<HttpContext>()))
.Returns(new OkResponse()); .Returns(new OkResponse());
} }
@ -85,7 +85,7 @@ namespace Ocelot.UnitTests.HeaderBuilder
private void ThenTheAddHeadersToRequestIsCalledCorrectly() private void ThenTheAddHeadersToRequestIsCalledCorrectly()
{ {
_addHeaders _addHeaders
.Verify(x => x.SetHeadersOnContext(It.IsAny<List<ClaimToHeader>>(), .Verify(x => x.SetHeadersOnContext(It.IsAny<List<ClaimToThing>>(),
It.IsAny<HttpContext>()), Times.Once); It.IsAny<HttpContext>()), Times.Once);
} }

20
test/Ocelot.UnitTests/HeaderBuilder/ClaimParserTests.cs → test/Ocelot.UnitTests/Infrastructure/ClaimParserTests.cs
View File

@ -1,14 +1,14 @@
using System.Collections.Generic; namespace Ocelot.UnitTests.Infrastructure
using System.Security.Claims;
using Ocelot.Claims.Parser;
using Ocelot.Errors;
using Ocelot.Responses;
using Shouldly;
using TestStack.BDDfy;
using Xunit;
namespace Ocelot.UnitTests.HeaderBuilder
{ {
using System.Collections.Generic;
using System.Security.Claims;
using Errors;
using Ocelot.Infrastructure.Claims.Parser;
using Responses;
using Shouldly;
using TestStack.BDDfy;
using Xunit;
public class ClaimParserTests public class ClaimParserTests
{ {
private readonly IClaimsParser _claimsParser; private readonly IClaimsParser _claimsParser;