tk/Ocelot
1
0
Fork 0
mirror of https://github.com/nsnail/Ocelot.git synced 2025-04-22 14:02:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

Can authorise routes based on claims, there is also a claims transformation middleware

Browse Source
This commit is contained in:
tom.pallister 2016-10-19 11:56:05 +01:00
parent 3285be3c73
commit b8951c4698
39 changed files with 700 additions and 294 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
src/Ocelot/Authorisation/AddClaims.cs
View File

@ -1,45 +0,0 @@
using System.Collections.Generic;
using System.Linq;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Primitives;
using Ocelot.Claims.Parser;
using Ocelot.Configuration;
using Ocelot.HeaderBuilder;
using Ocelot.Responses;
namespace Ocelot.Authorisation
{
public class AddClaims : IAddHeadersToRequest
{
private readonly IClaimsParser _claimsParser;
public AddClaims(IClaimsParser claimsParser)
{
_claimsParser = claimsParser;
}
public Response SetHeadersOnContext(List<ClaimToHeader> configurationHeaderExtractorProperties, HttpContext context)
{
foreach (var config in configurationHeaderExtractorProperties)
{
var value = _claimsParser.GetValue(context.User.Claims, config.ClaimKey, config.Delimiter, config.Index);
if (value.IsError)
{
return new ErrorResponse(value.Errors);
}
var exists = context.Request.Headers.FirstOrDefault(x => x.Key == config.HeaderKey);
if (!string.IsNullOrEmpty(exists.Key))
{
context.Request.Headers.Remove(exists);
}
context.Request.Headers.Add(config.HeaderKey, new StringValues(value.Data));
}
return new OkResponse();
}
}
}

60
src/Ocelot/Authorisation/AuthorisationMiddleware.cs
View File

@ -1,60 +0,0 @@
using System.Collections.Generic;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
using Ocelot.DownstreamRouteFinder;
using Ocelot.Errors;
using Ocelot.Middleware;
using Ocelot.Responses;
using Ocelot.ScopedData;
namespace Ocelot.Authorisation
{
public class AuthorisationMiddleware : OcelotMiddleware
{
private readonly RequestDelegate _next;
private readonly IScopedRequestDataRepository _scopedRequestDataRepository;
private readonly IAuthoriser _authoriser;
public AuthorisationMiddleware(RequestDelegate next,
IScopedRequestDataRepository scopedRequestDataRepository,
IAuthoriser authoriser)
: base(scopedRequestDataRepository)
{
_next = next;
_scopedRequestDataRepository = scopedRequestDataRepository;
_authoriser = authoriser;
}
public async Task Invoke(HttpContext context)
{
var downstreamRoute = _scopedRequestDataRepository.Get<DownstreamRoute>("DownstreamRoute");
if (downstreamRoute.IsError)
{
SetPipelineError(downstreamRoute.Errors);
return;
}
//todo - call authoriser
var authorised = new OkResponse<bool>(true); //_authoriser.Authorise(context.User, new RouteClaimsRequirement(new Dictionary<string, string>()));
if (authorised.IsError)
{
SetPipelineError(authorised.Errors);
return;
}
if (authorised.Data)
{
await _next.Invoke(context);
}
else
{
SetPipelineError(new List<Error>
{
new UnauthorisedError($"{context.User.Identity.Name} unable to access {downstreamRoute.Data.ReRoute.UpstreamTemplate}")
});
}
}
}
}

7
src/Ocelot/Authorisation/ClaimsAuthoriser.cs
View File

@ -1,12 +1,13 @@
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using Ocelot.Claims.Parser;
using Ocelot.Errors;
using Ocelot.Responses;
namespace Ocelot.Authorisation
{
using Infrastructure.Claims.Parser;
public class ClaimsAuthoriser : IAuthoriser
{
private readonly IClaimsParser _claimsParser;
@ -16,9 +17,9 @@ namespace Ocelot.Authorisation
_claimsParser = claimsParser;
}
public Response<bool> Authorise(ClaimsPrincipal claimsPrincipal, RouteClaimsRequirement routeClaimsRequirement)
public Response<bool> Authorise(ClaimsPrincipal claimsPrincipal, Dictionary<string, string> routeClaimsRequirement)
{
foreach (var required in routeClaimsRequirement.RequiredClaimsAndValues)
foreach (var required in routeClaimsRequirement)
{
var value = _claimsParser.GetValue(claimsPrincipal.Claims, required.Key, string.Empty, 0);

13
src/Ocelot/Authorisation/IAddClaims.cs
View File

@ -1,13 +0,0 @@
using System.Collections.Generic;
using Microsoft.AspNetCore.Http;
using Ocelot.Configuration;
using Ocelot.Responses;
namespace Ocelot.Authorisation
{
public interface IAddClaims
{
Response SetHeadersOnContext(List<ClaimToHeader> configurationHeaderExtractorProperties,
HttpContext context);
}
}

4
src/Ocelot/Authorisation/IAuthoriser.cs
View File

@ -3,9 +3,11 @@ using Ocelot.Responses;
namespace Ocelot.Authorisation
{
using System.Collections.Generic;
public interface IAuthoriser
{
Response<bool> Authorise(ClaimsPrincipal claimsPrincipal,
RouteClaimsRequirement routeClaimsRequirement);
Dictionary<string, string> routeClaimsRequirement);
}
}

66
src/Ocelot/Authorisation/Middleware/AuthorisationMiddleware.cs Normal file
View File

@ -0,0 +1,66 @@
namespace Ocelot.Authorisation.Middleware
{
using System.Collections.Generic;
using System.Threading.Tasks;
using DownstreamRouteFinder;
using Errors;
using Microsoft.AspNetCore.Http;
using Ocelot.Middleware;
using ScopedData;
public class AuthorisationMiddleware : OcelotMiddleware
{
private readonly RequestDelegate _next;
private readonly IScopedRequestDataRepository _scopedRequestDataRepository;
private readonly IAuthoriser _authoriser;
public AuthorisationMiddleware(RequestDelegate next,
IScopedRequestDataRepository scopedRequestDataRepository,
IAuthoriser authoriser)
: base(scopedRequestDataRepository)
{
_next = next;
_scopedRequestDataRepository = scopedRequestDataRepository;
_authoriser = authoriser;
}
public async Task Invoke(HttpContext context)
{
var downstreamRoute = _scopedRequestDataRepository.Get<DownstreamRoute>("DownstreamRoute");
if (downstreamRoute.IsError)
{
SetPipelineError(downstreamRoute.Errors);
return;
}
if (downstreamRoute.Data.ReRoute.IsAuthorised)
{
var authorised = _authoriser.Authorise(context.User, downstreamRoute.Data.ReRoute.RouteClaimsRequirement);
if (authorised.IsError)
{
SetPipelineError(authorised.Errors);
return;
}
if (authorised.Data)
{
await _next.Invoke(context);
}
else
{
SetPipelineError(new List<Error>
{
new UnauthorisedError(
$"{context.User.Identity.Name} unable to access {downstreamRoute.Data.ReRoute.UpstreamTemplate}")
});
}
}
else
{
await _next.Invoke(context);
}
}
}
}

6
src/Ocelot/Authorisation/AuthorisationMiddlewareMiddlewareExtensions.cs → src/Ocelot/Authorisation/Middleware/AuthorisationMiddlewareMiddlewareExtensions.cs
View File

@ -1,7 +1,7 @@
using Microsoft.AspNetCore.Builder;
namespace Ocelot.Authorisation
namespace Ocelot.Authorisation.Middleware
{
using Microsoft.AspNetCore.Builder;
public static class AuthorisationMiddlewareMiddlewareExtensions
{
public static IApplicationBuilder UseAuthorisationMiddleware(this IApplicationBuilder builder)

14
src/Ocelot/Authorisation/RouteClaimsRequirement.cs
View File

@ -1,14 +0,0 @@
using System.Collections.Generic;
namespace Ocelot.Authorisation
{
public class RouteClaimsRequirement
{
public RouteClaimsRequirement(Dictionary<string, string> requiredClaimsAndValues)
{
RequiredClaimsAndValues = requiredClaimsAndValues;
}
public Dictionary<string, string> RequiredClaimsAndValues { get; private set; }
}
}

46
src/Ocelot/ClaimsBuilder/AddClaimsToRequest.cs Normal file
View File

@ -0,0 +1,46 @@
namespace Ocelot.ClaimsBuilder
{
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using Configuration;
using Infrastructure.Claims.Parser;
using Microsoft.AspNetCore.Http;
using Responses;
public class AddClaimsToRequest : IAddClaimsToRequest
{
private readonly IClaimsParser _claimsParser;
public AddClaimsToRequest(IClaimsParser claimsParser)
{
_claimsParser = claimsParser;
}
public Response SetClaimsOnContext(List<ClaimToThing> claimsToThings, HttpContext context)
{
foreach (var config in claimsToThings)
{
var value = _claimsParser.GetValue(context.User.Claims, config.NewKey, config.Delimiter, config.Index);
if (value.IsError)
{
return new ErrorResponse(value.Errors);
}
var exists = context.User.Claims.FirstOrDefault(x => x.Type == config.ExistingKey);
var identity = context.User.Identity as ClaimsIdentity;
if (exists != null)
{
identity?.RemoveClaim(exists);
}
identity?.AddClaim(new Claim(config.ExistingKey, value.Data));
}
return new OkResponse();
}
}
}

13
src/Ocelot/ClaimsBuilder/IAddClaimsToRequest.cs Normal file
View File

@ -0,0 +1,13 @@
namespace Ocelot.ClaimsBuilder
{
using System.Collections.Generic;
using Configuration;
using Microsoft.AspNetCore.Http;
using Responses;
public interface IAddClaimsToRequest
{
Response SetClaimsOnContext(List<ClaimToThing> claimsToThings,
HttpContext context);
}
}

44
src/Ocelot/ClaimsBuilder/Middleware/ClaimsBuilderMiddleware.cs Normal file
View File

@ -0,0 +1,44 @@
namespace Ocelot.ClaimsBuilder.Middleware
{
using System.Linq;
using System.Threading.Tasks;
using DownstreamRouteFinder;
using Microsoft.AspNetCore.Http;
using Ocelot.Middleware;
using ScopedData;
public class ClaimsBuilderMiddleware : OcelotMiddleware
{
private readonly RequestDelegate _next;
private readonly IAddClaimsToRequest _addClaimsToRequest;
private readonly IScopedRequestDataRepository _scopedRequestDataRepository;
public ClaimsBuilderMiddleware(RequestDelegate next,
IScopedRequestDataRepository scopedRequestDataRepository,
IAddClaimsToRequest addClaimsToRequest)
: base(scopedRequestDataRepository)
{
_next = next;
_addClaimsToRequest = addClaimsToRequest;
_scopedRequestDataRepository = scopedRequestDataRepository;
}
public async Task Invoke(HttpContext context)
{
var downstreamRoute = _scopedRequestDataRepository.Get<DownstreamRoute>("DownstreamRoute");
if (downstreamRoute.Data.ReRoute.ClaimsToClaims.Any())
{
var result = _addClaimsToRequest.SetClaimsOnContext(downstreamRoute.Data.ReRoute.ClaimsToClaims, context);
if (result.IsError)
{
SetPipelineError(result.Errors);
return;
}
}
await _next.Invoke(context);
}
}
}

12
src/Ocelot/ClaimsBuilder/Middleware/ClaimsBuilderMiddlewareExtensions.cs Normal file
View File

@ -0,0 +1,12 @@
namespace Ocelot.ClaimsBuilder.Middleware
{
using Microsoft.AspNetCore.Builder;
public static class ClaimsBuilderMiddlewareExtensions
{
public static IApplicationBuilder UseClaimsBuilderMiddleware(this IApplicationBuilder builder)
{
return builder.UseMiddleware<ClaimsBuilderMiddleware>();
}
}
}

29
src/Ocelot/Configuration/Builder/ReRouteBuilder.cs
View File

@ -15,7 +15,10 @@ namespace Ocelot.Configuration.Builder
private List<string> _additionalScopes;
private bool _requireHttps;
private string _scopeSecret;
private List<ClaimToHeader> _configHeaderExtractorProperties;
private List<ClaimToThing> _configHeaderExtractorProperties;
private List<ClaimToThing> _claimToClaims;
private Dictionary<string, string> _routeClaimRequirement;
private bool _isAuthorised;
public ReRouteBuilder()
{
@ -48,8 +51,14 @@ namespace Ocelot.Configuration.Builder
{
_isAuthenticated = input;
return this;
}
public ReRouteBuilder WithIsAuthorised(bool input)
{
_isAuthorised = input;
return this;
}
public ReRouteBuilder WithAuthenticationProvider(string input)
{
_authenticationProvider = input;
@ -86,15 +95,27 @@ namespace Ocelot.Configuration.Builder
return this;
}
public ReRouteBuilder WithConfigurationHeaderExtractorProperties(List<ClaimToHeader> input)
public ReRouteBuilder WithClaimsToHeaders(List<ClaimToThing> input)
{
_configHeaderExtractorProperties = input;
return this;
}
public ReRouteBuilder WithClaimsToClaims(List<ClaimToThing> input)
{
_claimToClaims = input;
return this;
}
public ReRouteBuilder WithRouteClaimsRequirement(Dictionary<string, string> input)
{
_routeClaimRequirement = input;
return this;
}
public ReRoute Build()
{
return new ReRoute(_downstreamTemplate, _upstreamTemplate, _upstreamHttpMethod, _upstreamTemplatePattern, _isAuthenticated, new AuthenticationOptions(_authenticationProvider, _authenticationProviderUrl, _scopeName, _requireHttps, _additionalScopes, _scopeSecret), _configHeaderExtractorProperties);
return new ReRoute(_downstreamTemplate, _upstreamTemplate, _upstreamHttpMethod, _upstreamTemplatePattern, _isAuthenticated, new AuthenticationOptions(_authenticationProvider, _authenticationProviderUrl, _scopeName, _requireHttps, _additionalScopes, _scopeSecret), _configHeaderExtractorProperties, _claimToClaims, _routeClaimRequirement, _isAuthorised);
}
}
}

18
src/Ocelot/Configuration/ClaimToHeader.cs
View File

@ -1,18 +0,0 @@
namespace Ocelot.Configuration
{
public class ClaimToHeader
{
public ClaimToHeader(string headerKey, string claimKey, string delimiter, int index)
{
ClaimKey = claimKey;
Delimiter = delimiter;
Index = index;
HeaderKey = headerKey;
}
public string HeaderKey { get; private set; }
public string ClaimKey { get; private set; }
public string Delimiter { get; private set; }
public int Index { get; private set; }
}
}

18
src/Ocelot/Configuration/ClaimToThing.cs Normal file
View File

@ -0,0 +1,18 @@
namespace Ocelot.Configuration
{
public class ClaimToThing
{
public ClaimToThing(string existingKey, string newKey, string delimiter, int index)
{
NewKey = newKey;
Delimiter = delimiter;
Index = index;
ExistingKey = existingKey;
}
public string ExistingKey { get; private set; }
public string NewKey { get; private set; }
public string Delimiter { get; private set; }
public int Index { get; private set; }
}
}

31
src/Ocelot/Configuration/Creator/YamlOcelotConfigurationCreator.cs
View File

@ -18,18 +18,18 @@ namespace Ocelot.Configuration.Creator
private readonly IConfigurationValidator _configurationValidator;
private const string RegExMatchEverything = ".*";
private const string RegExMatchEndString = "$";
private readonly IClaimToHeaderConfigurationParser _claimToHeaderConfigurationParser;
private readonly IClaimToThingConfigurationParser _claimToThingConfigurationParser;
private readonly ILogger<YamlOcelotConfigurationCreator> _logger;
public YamlOcelotConfigurationCreator(
IOptions<YamlConfiguration> options,
IConfigurationValidator configurationValidator,
IClaimToHeaderConfigurationParser claimToHeaderConfigurationParser,
IClaimToThingConfigurationParser claimToThingConfigurationParser,
ILogger<YamlOcelotConfigurationCreator> logger)
{
_options = options;
_configurationValidator = configurationValidator;
_claimToHeaderConfigurationParser = claimToHeaderConfigurationParser;
_claimToThingConfigurationParser = claimToThingConfigurationParser;
_logger = logger;
}
@ -89,6 +89,8 @@ namespace Ocelot.Configuration.Creator
var isAuthenticated = !string.IsNullOrEmpty(reRoute.AuthenticationOptions?.Provider);
var isAuthorised = reRoute.RouteClaimsRequirement?.Count > 0;
if (isAuthenticated)
{
var authOptionsForRoute = new AuthenticationOptions(reRoute.AuthenticationOptions.Provider,
@ -96,37 +98,38 @@ namespace Ocelot.Configuration.Creator
reRoute.AuthenticationOptions.RequireHttps, reRoute.AuthenticationOptions.AdditionalScopes,
reRoute.AuthenticationOptions.ScopeSecret);
var configHeaders = GetHeadersToAddToRequest(reRoute);
var claimsToHeaders = GetAddThingsToRequest(reRoute.AddHeadersToRequest);
var claimsToClaims = GetAddThingsToRequest(reRoute.AddClaimsToRequest);
return new ReRoute(reRoute.DownstreamTemplate, reRoute.UpstreamTemplate,
reRoute.UpstreamHttpMethod, upstreamTemplate, isAuthenticated,
authOptionsForRoute, configHeaders
authOptionsForRoute, claimsToHeaders, claimsToClaims, reRoute.RouteClaimsRequirement, isAuthorised
);
}
return new ReRoute(reRoute.DownstreamTemplate, reRoute.UpstreamTemplate, reRoute.UpstreamHttpMethod,
upstreamTemplate, isAuthenticated, null, new List<ClaimToHeader>());
upstreamTemplate, isAuthenticated, null, new List<ClaimToThing>(), new List<ClaimToThing>(), reRoute.RouteClaimsRequirement, isAuthorised);
}
private List<ClaimToHeader> GetHeadersToAddToRequest(YamlReRoute reRoute)
private List<ClaimToThing> GetAddThingsToRequest(Dictionary<string,string> thingBeingAdded)
{
var configHeaders = new List<ClaimToHeader>();
var claimsToTHings = new List<ClaimToThing>();
foreach (var add in reRoute.AddHeadersToRequest)
foreach (var add in thingBeingAdded)
{
var configurationHeader = _claimToHeaderConfigurationParser.Extract(add.Key, add.Value);
var claimToHeader = _claimToThingConfigurationParser.Extract(add.Key, add.Value);
if (configurationHeader.IsError)
if (claimToHeader.IsError)
{
_logger.LogCritical(new EventId(1, "Application Failed to start"),
$"Unable to extract configuration for key: {add.Key} and value: {add.Value} your configuration file is incorrect");
throw new Exception(configurationHeader.Errors[0].Message);
throw new Exception(claimToHeader.Errors[0].Message);
}
configHeaders.Add(configurationHeader.Data);
claimsToTHings.Add(claimToHeader.Data);
}
return configHeaders;
return claimsToTHings;
}
private bool IsPlaceHolder(string upstreamTemplate, int i)

16
src/Ocelot/Configuration/Parser/ClaimToHeaderConfigurationParser.cs → src/Ocelot/Configuration/Parser/ClaimToThingConfigurationParser.cs
View File

@ -6,13 +6,13 @@ using Ocelot.Responses;
namespace Ocelot.Configuration.Parser
{
public class ClaimToHeaderConfigurationParser : IClaimToHeaderConfigurationParser
public class ClaimToThingConfigurationParser : IClaimToThingConfigurationParser
{
private readonly Regex _claimRegex = new Regex("Claims\\[.*\\]");
private readonly Regex _indexRegex = new Regex("value\\[.*\\]");
private const string SplitToken = ">";
public Response<ClaimToHeader> Extract(string headerKey, string value)
public Response<ClaimToThing> Extract(string existingKey, string value)
{
try
{
@ -20,7 +20,7 @@ namespace Ocelot.Configuration.Parser
if (instructions.Length <= 1)
{
return new ErrorResponse<ClaimToHeader>(
return new ErrorResponse<ClaimToThing>(
new List<Error>
{
new NoInstructionsError(SplitToken)
@ -31,14 +31,14 @@ namespace Ocelot.Configuration.Parser
if (!claimMatch)
{
return new ErrorResponse<ClaimToHeader>(
return new ErrorResponse<ClaimToThing>(
new List<Error>
{
new InstructionNotForClaimsError()
});
}
var claimKey = GetIndexValue(instructions[0]);
var newKey = GetIndexValue(instructions[0]);
var index = 0;
var delimiter = string.Empty;
@ -48,12 +48,12 @@ namespace Ocelot.Configuration.Parser
delimiter = instructions[2].Trim();
}
return new OkResponse<ClaimToHeader>(
new ClaimToHeader(headerKey, claimKey, delimiter, index));
return new OkResponse<ClaimToThing>(
new ClaimToThing(existingKey, newKey, delimiter, index));
}
catch (Exception exception)
{
return new ErrorResponse<ClaimToHeader>(
return new ErrorResponse<ClaimToThing>(
new List<Error>
{
new ParsingConfigurationHeaderError(exception)

9
src/Ocelot/Configuration/Parser/IClaimToHeaderConfigurationParser.cs
View File

@ -1,9 +0,0 @@
using Ocelot.Responses;
namespace Ocelot.Configuration.Parser
{
public interface IClaimToHeaderConfigurationParser
{
Response<ClaimToHeader> Extract(string headerKey, string value);
}
}

9
src/Ocelot/Configuration/Parser/IClaimToThingConfigurationParser.cs Normal file
View File

@ -0,0 +1,9 @@
using Ocelot.Responses;
namespace Ocelot.Configuration.Parser
{
public interface IClaimToThingConfigurationParser
{
Response<ClaimToThing> Extract(string existingKey, string value);
}
}

14
src/Ocelot/Configuration/ReRoute.cs
View File

@ -4,7 +4,7 @@ namespace Ocelot.Configuration
{
public class ReRoute
{
public ReRoute(string downstreamTemplate, string upstreamTemplate, string upstreamHttpMethod, string upstreamTemplatePattern, bool isAuthenticated, AuthenticationOptions authenticationOptions, List<ClaimToHeader> configurationHeaderExtractorProperties)
public ReRoute(string downstreamTemplate, string upstreamTemplate, string upstreamHttpMethod, string upstreamTemplatePattern, bool isAuthenticated, AuthenticationOptions authenticationOptions, List<ClaimToThing> configurationHeaderExtractorProperties, List<ClaimToThing> claimsToClaims, Dictionary<string, string> routeClaimsRequirement, bool isAuthorised)
{
DownstreamTemplate = downstreamTemplate;
UpstreamTemplate = upstreamTemplate;
@ -12,8 +12,12 @@ namespace Ocelot.Configuration
UpstreamTemplatePattern = upstreamTemplatePattern;
IsAuthenticated = isAuthenticated;
AuthenticationOptions = authenticationOptions;
RouteClaimsRequirement = routeClaimsRequirement;
IsAuthorised = isAuthorised;
ClaimsToClaims = claimsToClaims
?? new List<ClaimToThing>();
ClaimsToHeaders = configurationHeaderExtractorProperties
?? new List<ClaimToHeader>();
?? new List<ClaimToThing>();
}
public string DownstreamTemplate { get; private set; }
@ -21,7 +25,11 @@ namespace Ocelot.Configuration
public string UpstreamTemplatePattern { get; private set; }
public string UpstreamHttpMethod { get; private set; }
public bool IsAuthenticated { get; private set; }
public bool IsAuthorised { get; private set; }
public AuthenticationOptions AuthenticationOptions { get; private set; }
public List<ClaimToHeader> ClaimsToHeaders { get; private set; }
public List<ClaimToThing> ClaimsToHeaders { get; private set; }
public List<ClaimToThing> ClaimsToClaims { get; private set; }
public Dictionary<string, string> RouteClaimsRequirement { get; private set; }
}
}

6
src/Ocelot/Configuration/Yaml/YamlReRoute.cs
View File

@ -7,7 +7,8 @@ namespace Ocelot.Configuration.Yaml
public YamlReRoute()
{
AddHeadersToRequest = new Dictionary<string, string>();
AddClaims = new Dictionary<string, string>();
AddClaimsToRequest = new Dictionary<string, string>();
RouteClaimsRequirement = new Dictionary<string, string>();
}
public string DownstreamTemplate { get; set; }
@ -15,6 +16,7 @@ namespace Ocelot.Configuration.Yaml
public string UpstreamHttpMethod { get; set; }
public YamlAuthenticationOptions AuthenticationOptions { get; set; }
public Dictionary<string, string> AddHeadersToRequest { get; set; }
public Dictionary<string, string> AddClaims { get; set; }
public Dictionary<string, string> AddClaimsToRequest { get; set; }
public Dictionary<string, string> RouteClaimsRequirement { get; set; }
}
}

7
src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs
View File

@ -5,7 +5,6 @@ using Microsoft.Extensions.DependencyInjection;
using Ocelot.Authentication.Handler.Creator;
using Ocelot.Authentication.Handler.Factory;
using Ocelot.Authorisation;
using Ocelot.Claims.Parser;
using Ocelot.Configuration.Creator;
using Ocelot.Configuration.Parser;
using Ocelot.Configuration.Provider;
@ -23,6 +22,9 @@ using Ocelot.ScopedData;
namespace Ocelot.DependencyInjection
{
using ClaimsBuilder;
using Infrastructure.Claims.Parser;
public static class ServiceCollectionExtensions
{
public static IServiceCollection AddOcelotYamlConfiguration(this IServiceCollection services, IConfigurationRoot configurationRoot)
@ -34,7 +36,7 @@ namespace Ocelot.DependencyInjection
services.AddSingleton<IOcelotConfigurationCreator, YamlOcelotConfigurationCreator>();
services.AddSingleton<IOcelotConfigurationProvider, YamlOcelotConfigurationProvider>();
services.AddSingleton<IOcelotConfigurationRepository, InMemoryOcelotConfigurationRepository>();
services.AddSingleton<IClaimToHeaderConfigurationParser, ClaimToHeaderConfigurationParser>();
services.AddSingleton<IClaimToThingConfigurationParser, ClaimToThingConfigurationParser>();
services.AddSingleton<IConfigurationValidator, ConfigurationValidator>();
return services;
@ -48,6 +50,7 @@ namespace Ocelot.DependencyInjection
// ocelot services.
services.AddSingleton<IAuthoriser, ClaimsAuthoriser>();
services.AddSingleton<IAddClaimsToRequest, AddClaimsToRequest>();
services.AddSingleton<IAddHeadersToRequest, AddHeadersToRequest>();
services.AddSingleton<IClaimsParser, ClaimsParser>();
services.AddSingleton<IUrlPathToUrlTemplateMatcher, RegExUrlMatcher>();

13
src/Ocelot/HeaderBuilder/AddHeadersToRequest.cs
View File

@ -2,12 +2,13 @@
using System.Linq;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Primitives;
using Ocelot.Claims.Parser;
using Ocelot.Configuration;
using Ocelot.Responses;
namespace Ocelot.HeaderBuilder
{
using Infrastructure.Claims.Parser;
public class AddHeadersToRequest : IAddHeadersToRequest
{
private readonly IClaimsParser _claimsParser;
@ -17,25 +18,25 @@ namespace Ocelot.HeaderBuilder
_claimsParser = claimsParser;
}
public Response SetHeadersOnContext(List<ClaimToHeader> configurationHeaderExtractorProperties, HttpContext context)
public Response SetHeadersOnContext(List<ClaimToThing> claimsToThings, HttpContext context)
{
foreach (var config in configurationHeaderExtractorProperties)
foreach (var config in claimsToThings)
{
var value = _claimsParser.GetValue(context.User.Claims, config.ClaimKey, config.Delimiter, config.Index);
var value = _claimsParser.GetValue(context.User.Claims, config.NewKey, config.Delimiter, config.Index);
if (value.IsError)
{
return new ErrorResponse(value.Errors);
}
var exists = context.Request.Headers.FirstOrDefault(x => x.Key == config.HeaderKey);
var exists = context.Request.Headers.FirstOrDefault(x => x.Key == config.ExistingKey);
if (!string.IsNullOrEmpty(exists.Key))
{
context.Request.Headers.Remove(exists);
}
context.Request.Headers.Add(config.HeaderKey, new StringValues(value.Data));
context.Request.Headers.Add(config.ExistingKey, new StringValues(value.Data));
}
return new OkResponse();

2
src/Ocelot/HeaderBuilder/IAddHeadersToRequest.cs
View File

@ -7,7 +7,7 @@ namespace Ocelot.HeaderBuilder
{
public interface IAddHeadersToRequest
{
Response SetHeadersOnContext(List<ClaimToHeader> configurationHeaderExtractorProperties,
Response SetHeadersOnContext(List<ClaimToThing> claimsToThings,
HttpContext context);
}
}

6
src/Ocelot/Claims/Parser/CannotFindClaimError.cs → src/Ocelot/Infrastructure/Claims/Parser/CannotFindClaimError.cs
View File

@ -1,7 +1,7 @@
using Ocelot.Errors;
namespace Ocelot.Claims.Parser
namespace Ocelot.Infrastructure.Claims.Parser
{
using Errors;
public class CannotFindClaimError : Error
{
public CannotFindClaimError(string message)

14
src/Ocelot/Claims/Parser/ClaimsParser.cs → src/Ocelot/Infrastructure/Claims/Parser/ClaimsParser.cs
View File

@ -1,11 +1,11 @@
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using Ocelot.Errors;
using Ocelot.Responses;
namespace Ocelot.Claims.Parser
namespace Ocelot.Infrastructure.Claims.Parser
{
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using Errors;
using Responses;
public class ClaimsParser : IClaimsParser
{
public Response<string> GetValue(IEnumerable<Claim> claims, string key, string delimiter, int index)

10
src/Ocelot/Claims/Parser/IClaimsParser.cs → src/Ocelot/Infrastructure/Claims/Parser/IClaimsParser.cs
View File

@ -1,9 +1,9 @@
using System.Collections.Generic;
using System.Security.Claims;
using Ocelot.Responses;
namespace Ocelot.Claims.Parser
namespace Ocelot.Infrastructure.Claims.Parser
{
using System.Collections.Generic;
using System.Security.Claims;
using Responses;
public interface IClaimsParser
{
Response<string> GetValue(IEnumerable<Claim> claims, string key, string delimiter, int index);

6
src/Ocelot/Middleware/OcelotMiddlewareExtensions.cs
View File

@ -1,6 +1,5 @@
using Microsoft.AspNetCore.Builder;
using Ocelot.Authentication.Middleware;
using Ocelot.Authorisation;
using Ocelot.DownstreamRouteFinder.Middleware;
using Ocelot.DownstreamUrlCreator.Middleware;
using Ocelot.HeaderBuilder.Middleware;
@ -10,6 +9,9 @@ using Ocelot.Responder.Middleware;
namespace Ocelot.Middleware
{
using Authorisation.Middleware;
using ClaimsBuilder.Middleware;
public static class OcelotMiddlewareExtensions
{
public static IApplicationBuilder UseOcelot(this IApplicationBuilder builder)
@ -20,6 +22,8 @@ namespace Ocelot.Middleware
builder.UseAuthenticationMiddleware();
builder.UseClaimsBuilderMiddleware();
builder.UseAuthorisationMiddleware();
builder.UseHttpRequestHeadersBuilderMiddleware();

8
src/Ocelot/Responder/ErrorsToHttpStatusCodeMapper.cs
View File

@ -14,6 +14,14 @@ namespace Ocelot.Responder
return new OkResponse<int>(401);
}
if (errors.Any(e => e.Code == OcelotErrorCode.UnauthorizedError
|| e.Code == OcelotErrorCode.ClaimValueNotAuthorisedError
|| e.Code == OcelotErrorCode.UserDoesNotHaveClaimError
|| e.Code == OcelotErrorCode.CannotFindClaimError))
{
return new OkResponse<int>(403);
}
return new OkResponse<int>(404);
}
}

69
test/Ocelot.AcceptanceTests/AuthorisationTests.cs
View File

@ -74,11 +74,15 @@ namespace Ocelot.AcceptanceTests
{"UserType", "Claims[sub] > value[0] > |"},
{"UserId", "Claims[sub] > value[1] > |"}
},
AddClaims =
AddClaimsToRequest =
{
{"CustomerId", "Claims[CustomerId] > value"},
{"UserType", "Claims[sub] > value[0] > |"},
{"UserId", "Claims[sub] > value[1] > |"}
},
RouteClaimsRequirement =
{
{"UserType", "registered"}
}
}
}
@ -91,26 +95,66 @@ namespace Ocelot.AcceptanceTests
.BDDfy();
}
[Fact]
public void should_return_response_403_authorising_route()
{
this.Given(x => x.GivenThereIsAnIdentityServerOn("http://localhost:51888", "api", AccessTokenType.Jwt))
.And(x => x.GivenThereIsAServiceRunningOn("http://localhost:51876", 200, "Hello from Laura"))
.And(x => x.GivenIHaveAToken("http://localhost:51888"))
.And(x => x.GivenThereIsAConfiguration(new YamlConfiguration
{
ReRoutes = new List<YamlReRoute>
{
new YamlReRoute
{
DownstreamTemplate = "http://localhost:51876/",
UpstreamTemplate = "/",
UpstreamHttpMethod = "Get",
AuthenticationOptions = new YamlAuthenticationOptions
{
AdditionalScopes = new List<string>(),
Provider = "IdentityServer",
ProviderRootUrl = "http://localhost:51888",
RequireHttps = false,
ScopeName = "api",
ScopeSecret = "secret"
},
AddHeadersToRequest =
{
{"CustomerId", "Claims[CustomerId] > value"},
{"LocationId", "Claims[LocationId] > value"},
{"UserType", "Claims[sub] > value[0] > |"},
{"UserId", "Claims[sub] > value[1] > |"}
},
AddClaimsToRequest =
{
{"CustomerId", "Claims[CustomerId] > value"},
{"UserId", "Claims[sub] > value[1] > |"}
},
RouteClaimsRequirement =
{
{"UserType", "registered"}
}
}
}
}))
.And(x => x.GivenTheApiGatewayIsRunning())
.And(x => x.GivenIHaveAddedATokenToMyRequest())
.When(x => x.WhenIGetUrlOnTheApiGateway("/"))
.Then(x => x.ThenTheStatusCodeShouldBe(HttpStatusCode.Forbidden))
.BDDfy();
}
private void WhenIGetUrlOnTheApiGateway(string url)
{
_response = _ocelotClient.GetAsync(url).Result;
}
private void WhenIPostUrlOnTheApiGateway(string url)
{
_response = _ocelotClient.PostAsync(url, _postContent).Result;
}
private void ThenTheResponseBodyShouldBe(string expectedBody)
{
_response.Content.ReadAsStringAsync().Result.ShouldBe(expectedBody);
}
private void GivenThePostHasContent(string postcontent)
{
_postContent = new StringContent(postcontent);
}
/// <summary>
/// This is annoying cos it should be in the constructor but we need to set up the yaml file before calling startup so its a step.
/// </summary>
@ -184,7 +228,8 @@ namespace Ocelot.AcceptanceTests
{
Value = "secret".Sha256()
}
}
},
IncludeAllClaimsForUser = true
},
StandardScopes.OpenId,

15
test/Ocelot.UnitTests/Authorization/AuthorizationMiddlewareTests.cs → test/Ocelot.UnitTests/Authorization/AuthorisationMiddlewareTests.cs
View File

@ -18,7 +18,9 @@ using Xunit;
namespace Ocelot.UnitTests.Authorization
{
public class AuthorizationMiddlewareTests : IDisposable
using Authorisation.Middleware;
public class AuthorisationMiddlewareTests : IDisposable
{
private readonly Mock<IScopedRequestDataRepository> _scopedRepository;
private readonly Mock<IAuthoriser> _authService;
@ -28,7 +30,7 @@ namespace Ocelot.UnitTests.Authorization
private HttpResponseMessage _result;
private OkResponse<DownstreamRoute> _downstreamRoute;
public AuthorizationMiddlewareTests()
public AuthorisationMiddlewareTests()
{
_url = "http://localhost:51879";
_scopedRepository = new Mock<IScopedRequestDataRepository>();
@ -56,18 +58,17 @@ namespace Ocelot.UnitTests.Authorization
[Fact]
public void happy_path()
{
this.Given(x => x.GivenTheDownStreamRouteIs(new DownstreamRoute(new List<TemplateVariableNameAndValue>(), new ReRouteBuilder().Build())))
this.Given(x => x.GivenTheDownStreamRouteIs(new DownstreamRoute(new List<TemplateVariableNameAndValue>(), new ReRouteBuilder().WithIsAuthorised(true).Build())))
.And(x => x.GivenTheAuthServiceReturns(new OkResponse<bool>(true)))
.When(x => x.WhenICallTheMiddleware())
//todo stick this back in
//.Then(x => x.ThenTheAuthServiceIsCalledCorrectly())
.Then(x => x.ThenTheAuthServiceIsCalledCorrectly())
.BDDfy();
}
private void GivenTheAuthServiceReturns(Response<bool> expected)
{
_authService
.Setup(x => x.Authorise(It.IsAny<ClaimsPrincipal>(), It.IsAny<RouteClaimsRequirement>()))
.Setup(x => x.Authorise(It.IsAny<ClaimsPrincipal>(), It.IsAny<Dictionary<string, string>>()))
.Returns(expected);
}
@ -75,7 +76,7 @@ namespace Ocelot.UnitTests.Authorization
{
_authService
.Verify(x => x.Authorise(It.IsAny<ClaimsPrincipal>(),
It.IsAny<RouteClaimsRequirement>()), Times.Once);
It.IsAny<Dictionary<string, string>>()), Times.Once);
}
private void GivenTheDownStreamRouteIs(DownstreamRoute downstreamRoute)

15
test/Ocelot.UnitTests/Authorization/ClaimsAuthoriserTests.cs
View File

@ -1,7 +1,6 @@
using System.Collections.Generic;
using System.Security.Claims;
using Ocelot.Authorisation;
using Ocelot.Claims.Parser;
using Ocelot.Responses;
using Shouldly;
using TestStack.BDDfy;
@ -9,11 +8,13 @@ using Xunit;
namespace Ocelot.UnitTests.Authorization
{
using Ocelot.Infrastructure.Claims.Parser;
public class ClaimsAuthoriserTests
{
private readonly ClaimsAuthoriser _claimsAuthoriser;
private ClaimsPrincipal _claimsPrincipal;
private RouteClaimsRequirement _requirement;
private Dictionary<string, string> _requirement;
private Response<bool> _result;
public ClaimsAuthoriserTests()
@ -28,10 +29,10 @@ namespace Ocelot.UnitTests.Authorization
{
new Claim("UserType", "registered")
}))))
.And(x => x.GivenARouteClaimsRequirement(new RouteClaimsRequirement(new Dictionary<string, string>
.And(x => x.GivenARouteClaimsRequirement(new Dictionary<string, string>
{
{"UserType", "registered"}
})))
}))
.When(x => x.WhenICallTheAuthoriser())
.Then(x => x.ThenTheUserIsAuthorised())
.BDDfy();
@ -41,10 +42,10 @@ namespace Ocelot.UnitTests.Authorization
public void should_not_authorise_user()
{
this.Given(x => x.GivenAClaimsPrincipal(new ClaimsPrincipal(new ClaimsIdentity(new List<Claim>()))))
.And(x => x.GivenARouteClaimsRequirement(new RouteClaimsRequirement(new Dictionary<string, string>
.And(x => x.GivenARouteClaimsRequirement(new Dictionary<string, string>
{
{ "UserType", "registered" }
})))
}))
.When(x => x.WhenICallTheAuthoriser())
.Then(x => x.ThenTheUserIsntAuthorised())
.BDDfy();
@ -55,7 +56,7 @@ namespace Ocelot.UnitTests.Authorization
_claimsPrincipal = claimsPrincipal;
}
private void GivenARouteClaimsRequirement(RouteClaimsRequirement requirement)
private void GivenARouteClaimsRequirement(Dictionary<string, string> requirement)
{
_requirement = requirement;
}

145
test/Ocelot.UnitTests/ClaimsBuilder/AddClaimsToRequestTests.cs Normal file
View File

@ -0,0 +1,145 @@
namespace Ocelot.UnitTests.ClaimsBuilder
{
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using Errors;
using Microsoft.AspNetCore.Http;
using Moq;
using Ocelot.ClaimsBuilder;
using Ocelot.Configuration;
using Ocelot.Infrastructure.Claims.Parser;
using Responses;
using Shouldly;
using TestStack.BDDfy;
using Xunit;
public class AddClaimsToRequestTests
{
private readonly AddClaimsToRequest _addClaimsToRequest;
private readonly Mock<IClaimsParser> _parser;
private List<ClaimToThing> _claimsToThings;
private HttpContext _context;
private Response _result;
private Response<string> _claimValue;
public AddClaimsToRequestTests()
{
_parser = new Mock<IClaimsParser>();
_addClaimsToRequest = new AddClaimsToRequest(_parser.Object);
}
[Fact]
public void should_add_claims_to_context()
{
var context = new DefaultHttpContext
{
User = new ClaimsPrincipal(new ClaimsIdentity(new List<Claim>
{
new Claim("test", "data")
}))
};
this.Given(
x => x.GivenClaimsToThings(new List<ClaimToThing>
{
new ClaimToThing("claim-key", "", "", 0)
}))
.Given(x => x.GivenHttpContext(context))
.And(x => x.GivenTheClaimParserReturns(new OkResponse<string>("value")))
.When(x => x.WhenIAddClaimsToTheRequest())
.Then(x => x.ThenTheResultIsSuccess())
.BDDfy();
}
[Fact]
public void if_claims_exists_should_replace_it()
{
var context = new DefaultHttpContext
{
User = new ClaimsPrincipal(new ClaimsIdentity(new List<Claim>
{
new Claim("existing-key", "data"),
new Claim("new-key", "data")
})),
};
this.Given(
x => x.GivenClaimsToThings(new List<ClaimToThing>
{
new ClaimToThing("existing-key", "new-key", "", 0)
}))
.Given(x => x.GivenHttpContext(context))
.And(x => x.GivenTheClaimParserReturns(new OkResponse<string>("value")))
.When(x => x.WhenIAddClaimsToTheRequest())
.Then(x => x.ThenTheResultIsSuccess())
.BDDfy();
}
[Fact]
public void should_return_error()
{
this.Given(
x => x.GivenClaimsToThings(new List<ClaimToThing>
{
new ClaimToThing("", "", "", 0)
}))
.Given(x => x.GivenHttpContext(new DefaultHttpContext()))
.And(x => x.GivenTheClaimParserReturns(new ErrorResponse<string>(new List<Error>
{
new AnyError()
})))
.When(x => x.WhenIAddClaimsToTheRequest())
.Then(x => x.ThenTheResultIsError())
.BDDfy();
}
private void GivenClaimsToThings(List<ClaimToThing> configuration)
{
_claimsToThings = configuration;
}
private void GivenHttpContext(HttpContext context)
{
_context = context;
}
private void GivenTheClaimParserReturns(Response<string> claimValue)
{
_claimValue = claimValue;
_parser
.Setup(
x =>
x.GetValue(It.IsAny<IEnumerable<Claim>>(),
It.IsAny<string>(),
It.IsAny<string>(),
It.IsAny<int>()))
.Returns(_claimValue);
}
private void WhenIAddClaimsToTheRequest()
{
_result = _addClaimsToRequest.SetClaimsOnContext(_claimsToThings, _context);
}
private void ThenTheResultIsSuccess()
{
_result.IsError.ShouldBe(false);
}
private void ThenTheResultIsError()
{
_result.IsError.ShouldBe(true);
}
class AnyError : Error
{
public AnyError()
: base("blahh", OcelotErrorCode.UnknownError)
{
}
}
}
}

111
test/Ocelot.UnitTests/ClaimsBuilder/ClaimsBuilderMiddlewareTests.cs Normal file
View File

@ -0,0 +1,111 @@
namespace Ocelot.UnitTests.ClaimsBuilder
{
using System;
using System.Collections.Generic;
using System.IO;
using System.Net.Http;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.TestHost;
using Microsoft.Extensions.DependencyInjection;
using Moq;
using Ocelot.ClaimsBuilder;
using Ocelot.ClaimsBuilder.Middleware;
using Ocelot.Configuration;
using Ocelot.Configuration.Builder;
using Ocelot.DownstreamRouteFinder;
using Ocelot.DownstreamRouteFinder.UrlMatcher;
using Responses;
using ScopedData;
using TestStack.BDDfy;
using Xunit;
public class ClaimsBuilderMiddlewareTests : IDisposable
{
private readonly Mock<IScopedRequestDataRepository> _scopedRepository;
private readonly Mock<IAddClaimsToRequest> _addHeaders;
private readonly string _url;
private readonly TestServer _server;
private readonly HttpClient _client;
private Response<DownstreamRoute> _downstreamRoute;
private HttpResponseMessage _result;
public ClaimsBuilderMiddlewareTests()
{
_url = "http://localhost:51879";
_scopedRepository = new Mock<IScopedRequestDataRepository>();
_addHeaders = new Mock<IAddClaimsToRequest>();
var builder = new WebHostBuilder()
.ConfigureServices(x =>
{
x.AddSingleton(_addHeaders.Object);
x.AddSingleton(_scopedRepository.Object);
})
.UseUrls(_url)
.UseKestrel()
.UseContentRoot(Directory.GetCurrentDirectory())
.UseIISIntegration()
.UseUrls(_url)
.Configure(app =>
{
app.UseClaimsBuilderMiddleware();
});
_server = new TestServer(builder);
_client = _server.CreateClient();
}
[Fact]
public void happy_path()
{
var downstreamRoute = new DownstreamRoute(new List<TemplateVariableNameAndValue>(),
new ReRouteBuilder()
.WithDownstreamTemplate("any old string")
.WithClaimsToClaims(new List<ClaimToThing>
{
new ClaimToThing("sub", "UserType", "|", 0)
})
.Build());
this.Given(x => x.GivenTheDownStreamRouteIs(downstreamRoute))
.And(x => x.GivenTheAddClaimsToRequestReturns())
.When(x => x.WhenICallTheMiddleware())
.Then(x => x.ThenTheClaimsToRequestIsCalledCorrectly())
.BDDfy();
}
private void GivenTheAddClaimsToRequestReturns()
{
_addHeaders
.Setup(x => x.SetClaimsOnContext(It.IsAny<List<ClaimToThing>>(),
It.IsAny<HttpContext>()))
.Returns(new OkResponse());
}
private void ThenTheClaimsToRequestIsCalledCorrectly()
{
_addHeaders
.Verify(x => x.SetClaimsOnContext(It.IsAny<List<ClaimToThing>>(),
It.IsAny<HttpContext>()), Times.Once);
}
private void WhenICallTheMiddleware()
{
_result = _client.GetAsync(_url).Result;
}
private void GivenTheDownStreamRouteIs(DownstreamRoute downstreamRoute)
{
_downstreamRoute = new OkResponse<DownstreamRoute>(downstreamRoute);
_scopedRepository
.Setup(x => x.Get<DownstreamRoute>(It.IsAny<string>()))
.Returns(_downstreamRoute);
}
public void Dispose()
{
_client.Dispose();
_server.Dispose();
}
}
}

30
test/Ocelot.UnitTests/Configuration/ConfigurationHeadersExtractorTests.cs → test/Ocelot.UnitTests/Configuration/ClaimToThingConfigurationParserTests.cs
View File

@ -10,15 +10,15 @@ using Xunit;
namespace Ocelot.UnitTests.Configuration
{
public class ConfigurationHeadersExtractorTests
public class ClaimToThingConfigurationParserTests
{
private Dictionary<string, string> _dictionary;
private readonly IClaimToHeaderConfigurationParser _claimToHeaderConfigurationParser;
private Response<ClaimToHeader> _result;
private readonly IClaimToThingConfigurationParser _claimToThingConfigurationParser;
private Response<ClaimToThing> _result;
public ConfigurationHeadersExtractorTests()
public ClaimToThingConfigurationParserTests()
{
_claimToHeaderConfigurationParser = new ClaimToHeaderConfigurationParser();
_claimToThingConfigurationParser = new ClaimToThingConfigurationParser();
}
[Fact]
@ -31,7 +31,7 @@ namespace Ocelot.UnitTests.Configuration
.When(x => x.WhenICallTheExtractor())
.Then(
x =>
x.ThenAnErrorIsReturned(new ErrorResponse<ClaimToHeader>(
x.ThenAnErrorIsReturned(new ErrorResponse<ClaimToThing>(
new List<Error>
{
new NoInstructionsError(">")
@ -49,7 +49,7 @@ namespace Ocelot.UnitTests.Configuration
.When(x => x.WhenICallTheExtractor())
.Then(
x =>
x.ThenAnErrorIsReturned(new ErrorResponse<ClaimToHeader>(
x.ThenAnErrorIsReturned(new ErrorResponse<ClaimToThing>(
new List<Error>
{
new InstructionNotForClaimsError()
@ -68,8 +68,8 @@ namespace Ocelot.UnitTests.Configuration
.Then(
x =>
x.ThenTheClaimParserPropertiesAreReturned(
new OkResponse<ClaimToHeader>(
new ClaimToHeader("CustomerId", "CustomerId", "", 0))))
new OkResponse<ClaimToThing>(
new ClaimToThing("CustomerId", "CustomerId", "", 0))))
.BDDfy();
}
@ -84,20 +84,20 @@ namespace Ocelot.UnitTests.Configuration
.Then(
x =>
x.ThenTheClaimParserPropertiesAreReturned(
new OkResponse<ClaimToHeader>(
new ClaimToHeader("UserId", "Subject", "|", 0))))
new OkResponse<ClaimToThing>(
new ClaimToThing("UserId", "Subject", "|", 0))))
.BDDfy();
}
private void ThenAnErrorIsReturned(Response<ClaimToHeader> expected)
private void ThenAnErrorIsReturned(Response<ClaimToThing> expected)
{
_result.IsError.ShouldBe(expected.IsError);
_result.Errors[0].ShouldBeOfType(expected.Errors[0].GetType());
}
private void ThenTheClaimParserPropertiesAreReturned(Response<ClaimToHeader> expected)
private void ThenTheClaimParserPropertiesAreReturned(Response<ClaimToThing> expected)
{
_result.Data.ClaimKey.ShouldBe(expected.Data.ClaimKey);
_result.Data.NewKey.ShouldBe(expected.Data.NewKey);
_result.Data.Delimiter.ShouldBe(expected.Data.Delimiter);
_result.Data.Index.ShouldBe(expected.Data.Index);
_result.IsError.ShouldBe(expected.IsError);
@ -106,7 +106,7 @@ namespace Ocelot.UnitTests.Configuration
private void WhenICallTheExtractor()
{
var first = _dictionary.First();
_result = _claimToHeaderConfigurationParser.Extract(first.Key, first.Value);
_result = _claimToThingConfigurationParser.Extract(first.Key, first.Value);
}
private void GivenTheDictionaryIs(Dictionary<string, string> dictionary)

14
test/Ocelot.UnitTests/Configuration/YamlConfigurationCreatorTests.cs
View File

@ -21,14 +21,14 @@ namespace Ocelot.UnitTests.Configuration
private readonly Mock<IConfigurationValidator> _validator;
private Response<IOcelotConfiguration> _config;
private YamlConfiguration _yamlConfiguration;
private readonly Mock<IClaimToHeaderConfigurationParser> _configParser;
private readonly Mock<IClaimToThingConfigurationParser> _configParser;
private readonly Mock<ILogger<YamlOcelotConfigurationCreator>> _logger;
private readonly YamlOcelotConfigurationCreator _ocelotConfigurationCreator;
public YamlConfigurationCreatorTests()
{
_logger = new Mock<ILogger<YamlOcelotConfigurationCreator>>();
_configParser = new Mock<IClaimToHeaderConfigurationParser>();
_configParser = new Mock<IClaimToThingConfigurationParser>();
_validator = new Mock<IConfigurationValidator>();
_yamlConfig = new Mock<IOptions<YamlConfiguration>>();
_ocelotConfigurationCreator = new YamlOcelotConfigurationCreator(
@ -79,9 +79,9 @@ namespace Ocelot.UnitTests.Configuration
.WithRequireHttps(false)
.WithScopeSecret("secret")
.WithAuthenticationProviderScopeName("api")
.WithConfigurationHeaderExtractorProperties(new List<ClaimToHeader>
.WithClaimsToHeaders(new List<ClaimToThing>
{
new ClaimToHeader("CustomerId", "CustomerId", "", 0),
new ClaimToThing("CustomerId", "CustomerId", "", 0),
})
.Build()
};
@ -112,18 +112,18 @@ namespace Ocelot.UnitTests.Configuration
}
}))
.And(x => x.GivenTheYamlConfigIsValid())
.And(x => x.GivenTheConfigHeaderExtractorReturns(new ClaimToHeader("CustomerId", "CustomerId", "", 0)))
.And(x => x.GivenTheConfigHeaderExtractorReturns(new ClaimToThing("CustomerId", "CustomerId", "", 0)))
.When(x => x.WhenICreateTheConfig())
.Then(x => x.ThenTheReRoutesAre(expected))
.And(x => x.ThenTheAuthenticationOptionsAre(expected))
.BDDfy();
}
private void GivenTheConfigHeaderExtractorReturns(ClaimToHeader expected)
private void GivenTheConfigHeaderExtractorReturns(ClaimToThing expected)
{
_configParser
.Setup(x => x.Extract(It.IsAny<string>(), It.IsAny<string>()))
.Returns(new OkResponse<ClaimToHeader>(expected));
.Returns(new OkResponse<ClaimToThing>(expected));
}
[Fact]

19
test/Ocelot.UnitTests/HeaderBuilder/AddHeadersToRequestTests.cs
View File

@ -4,7 +4,6 @@ using System.Security.Claims;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Primitives;
using Moq;
using Ocelot.Claims.Parser;
using Ocelot.Configuration;
using Ocelot.Errors;
using Ocelot.HeaderBuilder;
@ -15,11 +14,13 @@ using Xunit;
namespace Ocelot.UnitTests.HeaderBuilder
{
using Ocelot.Infrastructure.Claims.Parser;
public class AddHeadersToRequestTests
{
private readonly AddHeadersToRequest _addHeadersToRequest;
private readonly Mock<IClaimsParser> _parser;
private List<ClaimToHeader> _configuration;
private List<ClaimToThing> _configuration;
private HttpContext _context;
private Response _result;
private Response<string> _claimValue;
@ -42,9 +43,9 @@ namespace Ocelot.UnitTests.HeaderBuilder
};
this.Given(
x => x.GivenConfigurationHeaderExtractorProperties(new List<ClaimToHeader>
x => x.GivenConfigurationHeaderExtractorProperties(new List<ClaimToThing>
{
new ClaimToHeader("header-key", "", "", 0)
new ClaimToThing("header-key", "", "", 0)
}))
.Given(x => x.GivenHttpContext(context))
.And(x => x.GivenTheClaimParserReturns(new OkResponse<string>("value")))
@ -68,9 +69,9 @@ namespace Ocelot.UnitTests.HeaderBuilder
context.Request.Headers.Add("header-key", new StringValues("initial"));
this.Given(
x => x.GivenConfigurationHeaderExtractorProperties(new List<ClaimToHeader>
x => x.GivenConfigurationHeaderExtractorProperties(new List<ClaimToThing>
{
new ClaimToHeader("header-key", "", "", 0)
new ClaimToThing("header-key", "", "", 0)
}))
.Given(x => x.GivenHttpContext(context))
.And(x => x.GivenTheClaimParserReturns(new OkResponse<string>("value")))
@ -84,9 +85,9 @@ namespace Ocelot.UnitTests.HeaderBuilder
public void should_return_error()
{
this.Given(
x => x.GivenConfigurationHeaderExtractorProperties(new List<ClaimToHeader>
x => x.GivenConfigurationHeaderExtractorProperties(new List<ClaimToThing>
{
new ClaimToHeader("", "", "", 0)
new ClaimToThing("", "", "", 0)
}))
.Given(x => x.GivenHttpContext(new DefaultHttpContext()))
.And(x => x.GivenTheClaimParserReturns(new ErrorResponse<string>(new List<Error>
@ -104,7 +105,7 @@ namespace Ocelot.UnitTests.HeaderBuilder
header.Value.First().ShouldBe(_claimValue.Data);
}
private void GivenConfigurationHeaderExtractorProperties(List<ClaimToHeader> configuration)
private void GivenConfigurationHeaderExtractorProperties(List<ClaimToThing> configuration)
{
_configuration = configuration;
}

8
test/Ocelot.UnitTests/HeaderBuilder/HttpRequestHeadersBuilderMiddlewareTests.cs
View File

@ -61,9 +61,9 @@ namespace Ocelot.UnitTests.HeaderBuilder
var downstreamRoute = new DownstreamRoute(new List<TemplateVariableNameAndValue>(),
new ReRouteBuilder()
.WithDownstreamTemplate("any old string")
.WithConfigurationHeaderExtractorProperties(new List<ClaimToHeader>
.WithClaimsToHeaders(new List<ClaimToThing>
{
new ClaimToHeader("UserId", "Subject", "", 0)
new ClaimToThing("UserId", "Subject", "", 0)
})
.Build());
@ -77,7 +77,7 @@ namespace Ocelot.UnitTests.HeaderBuilder
private void GivenTheAddHeadersToRequestReturns(string claimValue)
{
_addHeaders
.Setup(x => x.SetHeadersOnContext(It.IsAny<List<ClaimToHeader>>(),
.Setup(x => x.SetHeadersOnContext(It.IsAny<List<ClaimToThing>>(),
It.IsAny<HttpContext>()))
.Returns(new OkResponse());
}
@ -85,7 +85,7 @@ namespace Ocelot.UnitTests.HeaderBuilder
private void ThenTheAddHeadersToRequestIsCalledCorrectly()
{
_addHeaders
.Verify(x => x.SetHeadersOnContext(It.IsAny<List<ClaimToHeader>>(),
.Verify(x => x.SetHeadersOnContext(It.IsAny<List<ClaimToThing>>(),
It.IsAny<HttpContext>()), Times.Once);
}

20
test/Ocelot.UnitTests/HeaderBuilder/ClaimParserTests.cs → test/Ocelot.UnitTests/Infrastructure/ClaimParserTests.cs
View File

@ -1,14 +1,14 @@
using System.Collections.Generic;
using System.Security.Claims;
using Ocelot.Claims.Parser;
using Ocelot.Errors;
using Ocelot.Responses;
using Shouldly;
using TestStack.BDDfy;
using Xunit;
namespace Ocelot.UnitTests.HeaderBuilder
namespace Ocelot.UnitTests.Infrastructure
{
using System.Collections.Generic;
using System.Security.Claims;
using Errors;
using Ocelot.Infrastructure.Claims.Parser;
using Responses;
using Shouldly;
using TestStack.BDDfy;
using Xunit;
public class ClaimParserTests
{
private readonly IClaimsParser _claimsParser;