tk/Ocelot
1
0
Fork 0
mirror of https://github.com/nsnail/Ocelot.git synced 2025-04-22 06:22:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

unit and int tests are passing with auth changes...but acceptance tests are in a state and there are loads of todos...

Browse Source
This commit is contained in:
Tom Gardham-Pallister 2017-11-01 08:05:22 +00:00
parent 336c84f9b5
commit e0c16bea32
18 changed files with 401 additions and 298 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
src/Ocelot/Configuration/Creator/AuthenticationOptionsCreator.cs
View File

@ -1,3 +1,4 @@
using System.Collections.Generic;
using Ocelot.Configuration.Builder; using Ocelot.Configuration.Builder;
using Ocelot.Configuration.File; using Ocelot.Configuration.File;
using Ocelot.Creator.Configuration; using Ocelot.Creator.Configuration;
@ -13,15 +14,25 @@ namespace Ocelot.Configuration.Creator
_creator = creator; _creator = creator;
} }
public AuthenticationOptions Create(FileReRoute fileReRoute) public AuthenticationOptions Create(FileReRoute reRoute, List<FileAuthenticationOptions> authOptions)
{ {
var authenticationConfig = _creator.Create(fileReRoute.AuthenticationOptions); //todo - loop is crap..
foreach(var authOption in authOptions)
{
if(reRoute.AuthenticationProviderKey == authOption.AuthenticationProviderKey)
{
var authenticationConfig = _creator.Create(authOption);
return new AuthenticationOptionsBuilder() return new AuthenticationOptionsBuilder()
.WithProvider(fileReRoute.AuthenticationOptions?.Provider) .WithProvider(authOption.Provider)
.WithAllowedScopes(fileReRoute.AuthenticationOptions?.AllowedScopes) .WithAllowedScopes(authOption.AllowedScopes)
.WithConfig(authenticationConfig) .WithConfig(authenticationConfig)
.Build(); .Build();
}
}
//todo - should not return null?
return null;
} }
} }
} }

6
src/Ocelot/Configuration/Creator/FileOcelotConfigurationCreator.cs
View File

@ -110,14 +110,14 @@ namespace Ocelot.Configuration.Creator
foreach (var reRoute in fileConfiguration.ReRoutes) foreach (var reRoute in fileConfiguration.ReRoutes)
{ {
var ocelotReRoute = await SetUpReRoute(reRoute, fileConfiguration.GlobalConfiguration); var ocelotReRoute = await SetUpReRoute(reRoute, fileConfiguration.GlobalConfiguration, fileConfiguration.AuthenticationOptions);
reRoutes.Add(ocelotReRoute); reRoutes.Add(ocelotReRoute);
} }
return new OcelotConfiguration(reRoutes, fileConfiguration.GlobalConfiguration.AdministrationPath); return new OcelotConfiguration(reRoutes, fileConfiguration.GlobalConfiguration.AdministrationPath);
} }
private async Task<ReRoute> SetUpReRoute(FileReRoute fileReRoute, FileGlobalConfiguration globalConfiguration) private async Task<ReRoute> SetUpReRoute(FileReRoute fileReRoute, FileGlobalConfiguration globalConfiguration, List<FileAuthenticationOptions> authOptions)
{ {
var fileReRouteOptions = _fileReRouteOptionsCreator.Create(fileReRoute); var fileReRouteOptions = _fileReRouteOptionsCreator.Create(fileReRoute);
@ -129,7 +129,7 @@ namespace Ocelot.Configuration.Creator
var serviceProviderConfiguration = _serviceProviderConfigCreator.Create(fileReRoute, globalConfiguration); var serviceProviderConfiguration = _serviceProviderConfigCreator.Create(fileReRoute, globalConfiguration);
var authOptionsForRoute = _authOptionsCreator.Create(fileReRoute); var authOptionsForRoute = _authOptionsCreator.Create(fileReRoute, authOptions);
var claimsToHeaders = _claimsToThingCreator.Create(fileReRoute.AddHeadersToRequest); var claimsToHeaders = _claimsToThingCreator.Create(fileReRoute.AddHeadersToRequest);

3
src/Ocelot/Configuration/Creator/IAuthenticationOptionsCreator.cs
View File

@ -1,9 +1,10 @@
using System.Collections.Generic;
using Ocelot.Configuration.File; using Ocelot.Configuration.File;
namespace Ocelot.Configuration.Creator namespace Ocelot.Configuration.Creator
{ {
public interface IAuthenticationOptionsCreator public interface IAuthenticationOptionsCreator
{ {
AuthenticationOptions Create(FileReRoute fileReRoute); AuthenticationOptions Create(FileReRoute reRoute, List<FileAuthenticationOptions> authOptions);
} }
} }

2
src/Ocelot/Configuration/Creator/ReRouteOptionsCreator.cs
View File

@ -36,7 +36,7 @@ namespace Ocelot.Configuration.Creator
private bool IsAuthenticated(FileReRoute fileReRoute) private bool IsAuthenticated(FileReRoute fileReRoute)
{ {
return !string.IsNullOrEmpty(fileReRoute.AuthenticationOptions?.Provider); return !string.IsNullOrEmpty(fileReRoute.AuthenticationProviderKey);
} }
private bool IsAuthorised(FileReRoute fileReRoute) private bool IsAuthorised(FileReRoute fileReRoute)

1
src/Ocelot/Configuration/File/FileAuthenticationOptions.cs
View File

@ -11,6 +11,7 @@ namespace Ocelot.Configuration.File
JwtConfig = new FileJwtConfig(); JwtConfig = new FileJwtConfig();
} }
public string AuthenticationProviderKey {get; set;}
public string Provider { get; set; } public string Provider { get; set; }
public List<string> AllowedScopes { get; set; } public List<string> AllowedScopes { get; set; }
public FileIdentityServerConfig IdentityServerConfig { get; set; } public FileIdentityServerConfig IdentityServerConfig { get; set; }

2
src/Ocelot/Configuration/File/FileConfiguration.cs
View File

@ -8,9 +8,11 @@ namespace Ocelot.Configuration.File
{ {
ReRoutes = new List<FileReRoute>(); ReRoutes = new List<FileReRoute>();
GlobalConfiguration = new FileGlobalConfiguration(); GlobalConfiguration = new FileGlobalConfiguration();
AuthenticationOptions = new List<FileAuthenticationOptions>();
} }
public List<FileReRoute> ReRoutes { get; set; } public List<FileReRoute> ReRoutes { get; set; }
public FileGlobalConfiguration GlobalConfiguration { get; set; } public FileGlobalConfiguration GlobalConfiguration { get; set; }
public List<FileAuthenticationOptions> AuthenticationOptions { get; set; }
} }
} }

3
src/Ocelot/Configuration/File/FileReRoute.cs
View File

@ -11,7 +11,6 @@ namespace Ocelot.Configuration.File
AddClaimsToRequest = new Dictionary<string, string>(); AddClaimsToRequest = new Dictionary<string, string>();
RouteClaimsRequirement = new Dictionary<string, string>(); RouteClaimsRequirement = new Dictionary<string, string>();
AddQueriesToRequest = new Dictionary<string, string>(); AddQueriesToRequest = new Dictionary<string, string>();
AuthenticationOptions = new FileAuthenticationOptions();
FileCacheOptions = new FileCacheOptions(); FileCacheOptions = new FileCacheOptions();
QoSOptions = new FileQoSOptions(); QoSOptions = new FileQoSOptions();
RateLimitOptions = new FileRateLimitRule(); RateLimitOptions = new FileRateLimitRule();
@ -20,7 +19,6 @@ namespace Ocelot.Configuration.File
public string DownstreamPathTemplate { get; set; } public string DownstreamPathTemplate { get; set; }
public string UpstreamPathTemplate { get; set; } public string UpstreamPathTemplate { get; set; }
public List<string> UpstreamHttpMethod { get; set; } public List<string> UpstreamHttpMethod { get; set; }
public FileAuthenticationOptions AuthenticationOptions { get; set; }
public Dictionary<string, string> AddHeadersToRequest { get; set; } public Dictionary<string, string> AddHeadersToRequest { get; set; }
public Dictionary<string, string> AddClaimsToRequest { get; set; } public Dictionary<string, string> AddClaimsToRequest { get; set; }
public Dictionary<string, string> RouteClaimsRequirement { get; set; } public Dictionary<string, string> RouteClaimsRequirement { get; set; }
@ -35,5 +33,6 @@ namespace Ocelot.Configuration.File
public FileQoSOptions QoSOptions { get; set; } public FileQoSOptions QoSOptions { get; set; }
public string LoadBalancer {get;set;} public string LoadBalancer {get;set;}
public FileRateLimitRule RateLimitOptions { get; set; } public FileRateLimitRule RateLimitOptions { get; set; }
public string AuthenticationProviderKey {get; set;}
} }
} }

19
src/Ocelot/Configuration/Validator/FileConfigurationValidator.cs
View File

@ -46,21 +46,34 @@ namespace Ocelot.Configuration.Validator
{ {
var errors = new List<Error>(); var errors = new List<Error>();
//todo - these loops break seperation of concerns...unit tests should fail also..
foreach(var authProvider in configuration.AuthenticationOptions)
{
if (IsSupportedAuthenticationProvider(authProvider.Provider))
{
continue;
}
var error = new UnsupportedAuthenticationProviderError($"{authProvider.Provider} is unsupported authentication provider");
errors.Add(error);
}
foreach (var reRoute in configuration.ReRoutes) foreach (var reRoute in configuration.ReRoutes)
{ {
var isAuthenticated = !string.IsNullOrEmpty(reRoute.AuthenticationOptions?.Provider); var isAuthenticated = !string.IsNullOrEmpty(reRoute.AuthenticationProviderKey);
if (!isAuthenticated) if (!isAuthenticated)
{ {
continue; continue;
} }
if (IsSupportedAuthenticationProvider(reRoute.AuthenticationOptions?.Provider)) //todo is this correct?
if(configuration.AuthenticationOptions.Exists(x => x.AuthenticationProviderKey == reRoute.AuthenticationProviderKey))
{ {
continue; continue;
} }
var error = new UnsupportedAuthenticationProviderError($"{reRoute.AuthenticationOptions?.Provider} is unsupported authentication provider, upstream template is {reRoute.UpstreamPathTemplate}, upstream method is {reRoute.UpstreamHttpMethod}"); var error = new UnsupportedAuthenticationProviderError($"{reRoute.AuthenticationProviderKey} is unsupported authentication provider, upstream template is {reRoute.UpstreamPathTemplate}, upstream method is {reRoute.UpstreamHttpMethod}");
errors.Add(error); errors.Add(error);
} }

19
src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs
View File

@ -157,21 +157,26 @@ namespace Ocelot.DependencyInjection
//then join onto them from reroutes based on a key //then join onto them from reroutes based on a key
var data = File.ReadAllText("configuration.json"); var data = File.ReadAllText("configuration.json");
var config = JsonConvert.DeserializeObject<FileConfiguration>(data); var config = JsonConvert.DeserializeObject<FileConfiguration>(data);
foreach(var reRoute in config.ReRoutes)
foreach(var authOptions in config.AuthenticationOptions)
{ {
if(reRoute.AuthenticationOptions != null && !string.IsNullOrEmpty(reRoute.AuthenticationOptions.Provider)) if(authOptions.Provider.ToLower() == "identityserver")
{ {
Action<IdentityServerAuthenticationOptions> options = o => Action<IdentityServerAuthenticationOptions> options = o =>
{ {
o.Authority = reRoute.AuthenticationOptions.IdentityServerConfig.ProviderRootUrl; o.Authority = authOptions.IdentityServerConfig.ProviderRootUrl;
o.ApiName = reRoute.AuthenticationOptions.IdentityServerConfig.ApiName; o.ApiName = authOptions.IdentityServerConfig.ApiName;
o.RequireHttpsMetadata = reRoute.AuthenticationOptions.IdentityServerConfig.RequireHttps; o.RequireHttpsMetadata = authOptions.IdentityServerConfig.RequireHttps;
o.SupportedTokens = SupportedTokens.Both; o.SupportedTokens = SupportedTokens.Both;
o.ApiSecret = reRoute.AuthenticationOptions.IdentityServerConfig.ApiSecret; o.ApiSecret = authOptions.IdentityServerConfig.ApiSecret;
}; };
services.AddAuthentication() services.AddAuthentication()
.AddIdentityServerAuthentication(reRoute.AuthenticationOptions.Provider, options); .AddIdentityServerAuthentication(authOptions.AuthenticationProviderKey, options);
}
else if (authOptions.Provider.ToLower() == "jwt")
{
//todo - make this work for nick..
} }
} }

128
test/Ocelot.AcceptanceTests/AuthenticationTests.cs
View File

@ -49,18 +49,23 @@ namespace Ocelot.AcceptanceTests
DownstreamScheme = _downstreamServiceScheme, DownstreamScheme = _downstreamServiceScheme,
UpstreamPathTemplate = "/", UpstreamPathTemplate = "/",
UpstreamHttpMethod = new List<string> { "Post" }, UpstreamHttpMethod = new List<string> { "Post" },
AuthenticationOptions = new FileAuthenticationOptions AuthenticationProviderKey = "Test"
{
AllowedScopes = new List<string>(),
Provider = "IdentityServer",
IdentityServerConfig = new FileIdentityServerConfig{
ProviderRootUrl = _identityServerRootUrl,
RequireHttps = false,
ApiName = "api",
ApiSecret = "secret"
}
}
} }
},
AuthenticationOptions = new List<FileAuthenticationOptions>
{
new FileAuthenticationOptions
{
AllowedScopes = new List<string>(),
Provider = "IdentityServer",
IdentityServerConfig = new FileIdentityServerConfig{
ProviderRootUrl = _identityServerRootUrl,
RequireHttps = false,
ApiName = "api",
ApiSecret = "secret"
},
AuthenticationProviderKey = "Test"
}
} }
}; };
@ -89,19 +94,24 @@ namespace Ocelot.AcceptanceTests
DownstreamScheme = _downstreamServiceScheme, DownstreamScheme = _downstreamServiceScheme,
UpstreamPathTemplate = "/", UpstreamPathTemplate = "/",
UpstreamHttpMethod = new List<string> { "Get" }, UpstreamHttpMethod = new List<string> { "Get" },
AuthenticationOptions = new FileAuthenticationOptions AuthenticationProviderKey = "Test"
{
AllowedScopes = new List<string>(),
Provider = "IdentityServer",
IdentityServerConfig = new FileIdentityServerConfig{
ProviderRootUrl = _identityServerRootUrl,
RequireHttps = false,
ApiName = "api",
ApiSecret = "secret"
}
}
} }
} },
AuthenticationOptions = new List<FileAuthenticationOptions>
{
new FileAuthenticationOptions
{
AllowedScopes = new List<string>(),
Provider = "IdentityServer",
IdentityServerConfig = new FileIdentityServerConfig{
ProviderRootUrl = _identityServerRootUrl,
RequireHttps = false,
ApiName = "api",
ApiSecret = "secret"
},
AuthenticationProviderKey = "Test"
}
}
}; };
this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Jwt)) this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Jwt))
@ -131,19 +141,24 @@ namespace Ocelot.AcceptanceTests
DownstreamScheme = _downstreamServiceScheme, DownstreamScheme = _downstreamServiceScheme,
UpstreamPathTemplate = "/", UpstreamPathTemplate = "/",
UpstreamHttpMethod = new List<string> { "Get" }, UpstreamHttpMethod = new List<string> { "Get" },
AuthenticationOptions = new FileAuthenticationOptions AuthenticationProviderKey = "Test"
{
AllowedScopes = new List<string>(),
Provider = "IdentityServer",
IdentityServerConfig = new FileIdentityServerConfig{
ProviderRootUrl = _identityServerRootUrl,
RequireHttps = false,
ApiName = "api",
ApiSecret = "secret"
}
}
} }
} },
AuthenticationOptions = new List<FileAuthenticationOptions>
{
new FileAuthenticationOptions
{
AllowedScopes = new List<string>(),
Provider = "IdentityServer",
IdentityServerConfig = new FileIdentityServerConfig{
ProviderRootUrl = _identityServerRootUrl,
RequireHttps = false,
ApiName = "api",
ApiSecret = "secret"
},
AuthenticationProviderKey = "Test"
}
}
}; };
this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Jwt)) this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Jwt))
@ -172,8 +187,12 @@ namespace Ocelot.AcceptanceTests
DownstreamScheme = _downstreamServiceScheme, DownstreamScheme = _downstreamServiceScheme,
UpstreamPathTemplate = "/", UpstreamPathTemplate = "/",
UpstreamHttpMethod = new List<string> { "Post" }, UpstreamHttpMethod = new List<string> { "Post" },
AuthenticationProviderKey = "Test"
AuthenticationOptions = new FileAuthenticationOptions }
},
AuthenticationOptions = new List<FileAuthenticationOptions>
{
new FileAuthenticationOptions
{ {
AllowedScopes = new List<string>(), AllowedScopes = new List<string>(),
Provider = "IdentityServer", Provider = "IdentityServer",
@ -182,10 +201,10 @@ namespace Ocelot.AcceptanceTests
RequireHttps = false, RequireHttps = false,
ApiName = "api", ApiName = "api",
ApiSecret = "secret" ApiSecret = "secret"
} },
AuthenticationProviderKey = "Test"
} }
} }
}
}; };
this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Jwt)) this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Jwt))
@ -215,19 +234,24 @@ namespace Ocelot.AcceptanceTests
DownstreamScheme = _downstreamServiceScheme, DownstreamScheme = _downstreamServiceScheme,
UpstreamPathTemplate = "/", UpstreamPathTemplate = "/",
UpstreamHttpMethod = new List<string> { "Post" }, UpstreamHttpMethod = new List<string> { "Post" },
AuthenticationOptions = new FileAuthenticationOptions AuthenticationProviderKey = "Test"
{
AllowedScopes = new List<string>(),
Provider = "IdentityServer",
IdentityServerConfig = new FileIdentityServerConfig{
ProviderRootUrl = _identityServerRootUrl,
RequireHttps = false,
ApiName = "api",
ApiSecret = "secret"
}
}
} }
} },
AuthenticationOptions = new List<FileAuthenticationOptions>
{
new FileAuthenticationOptions
{
AllowedScopes = new List<string>(),
Provider = "IdentityServer",
IdentityServerConfig = new FileIdentityServerConfig{
ProviderRootUrl = _identityServerRootUrl,
RequireHttps = false,
ApiName = "api",
ApiSecret = "secret"
},
AuthenticationProviderKey = "Test"
}
}
}; };
this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Reference)) this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", "api2", AccessTokenType.Reference))

108
test/Ocelot.AcceptanceTests/AuthorisationTests.cs
View File

@ -33,6 +33,21 @@ namespace Ocelot.AcceptanceTests
{ {
var configuration = new FileConfiguration var configuration = new FileConfiguration
{ {
AuthenticationOptions = new List<FileAuthenticationOptions>
{
new FileAuthenticationOptions
{
AllowedScopes = new List<string>(),
Provider = "IdentityServer",
IdentityServerConfig = new FileIdentityServerConfig{
ProviderRootUrl = "http://localhost:51888",
RequireHttps = false,
ApiName = "api",
ApiSecret = "secret"
},
AuthenticationProviderKey = "Test"
}
},
ReRoutes = new List<FileReRoute> ReRoutes = new List<FileReRoute>
{ {
new FileReRoute new FileReRoute
@ -43,17 +58,7 @@ namespace Ocelot.AcceptanceTests
DownstreamHost = "localhost", DownstreamHost = "localhost",
UpstreamPathTemplate = "/", UpstreamPathTemplate = "/",
UpstreamHttpMethod = new List<string> { "Get" }, UpstreamHttpMethod = new List<string> { "Get" },
AuthenticationOptions = new FileAuthenticationOptions AuthenticationProviderKey = "Test",
{
AllowedScopes = new List<string>(),
Provider = "IdentityServer",
IdentityServerConfig = new FileIdentityServerConfig{
ProviderRootUrl = "http://localhost:51888",
RequireHttps = false,
ApiName = "api",
ApiSecret = "secret"
}
},
AddHeadersToRequest = AddHeadersToRequest =
{ {
{"CustomerId", "Claims[CustomerId] > value"}, {"CustomerId", "Claims[CustomerId] > value"},
@ -92,6 +97,21 @@ namespace Ocelot.AcceptanceTests
{ {
var configuration = new FileConfiguration var configuration = new FileConfiguration
{ {
AuthenticationOptions = new List<FileAuthenticationOptions>
{
new FileAuthenticationOptions
{
AllowedScopes = new List<string>(),
Provider = "IdentityServer",
IdentityServerConfig = new FileIdentityServerConfig{
ProviderRootUrl = "http://localhost:51888",
RequireHttps = false,
ApiName = "api",
ApiSecret = "secret"
},
AuthenticationProviderKey = "Test"
}
},
ReRoutes = new List<FileReRoute> ReRoutes = new List<FileReRoute>
{ {
new FileReRoute new FileReRoute
@ -102,17 +122,7 @@ namespace Ocelot.AcceptanceTests
DownstreamHost = "localhost", DownstreamHost = "localhost",
UpstreamPathTemplate = "/", UpstreamPathTemplate = "/",
UpstreamHttpMethod = new List<string> { "Get" }, UpstreamHttpMethod = new List<string> { "Get" },
AuthenticationOptions = new FileAuthenticationOptions AuthenticationProviderKey = "Test",
{
AllowedScopes = new List<string>(),
Provider = "IdentityServer",
IdentityServerConfig = new FileIdentityServerConfig{
ProviderRootUrl = "http://localhost:51888",
RequireHttps = false,
ApiName = "api",
ApiSecret = "secret"
}
},
AddHeadersToRequest = AddHeadersToRequest =
{ {
{"CustomerId", "Claims[CustomerId] > value"}, {"CustomerId", "Claims[CustomerId] > value"},
@ -149,6 +159,21 @@ namespace Ocelot.AcceptanceTests
{ {
var configuration = new FileConfiguration var configuration = new FileConfiguration
{ {
AuthenticationOptions = new List<FileAuthenticationOptions>
{
new FileAuthenticationOptions
{
AllowedScopes = new List<string>{ "api", "api.readOnly", "openid", "offline_access" },
Provider = "IdentityServer",
IdentityServerConfig = new FileIdentityServerConfig{
ProviderRootUrl = "http://localhost:51888",
RequireHttps = false,
ApiName = "api",
ApiSecret = "secret"
},
AuthenticationProviderKey = "Test"
}
},
ReRoutes = new List<FileReRoute> ReRoutes = new List<FileReRoute>
{ {
new FileReRoute new FileReRoute
@ -159,17 +184,7 @@ namespace Ocelot.AcceptanceTests
DownstreamScheme = "http", DownstreamScheme = "http",
UpstreamPathTemplate = "/", UpstreamPathTemplate = "/",
UpstreamHttpMethod = new List<string> { "Get" }, UpstreamHttpMethod = new List<string> { "Get" },
AuthenticationOptions = new FileAuthenticationOptions AuthenticationProviderKey = "Test"
{
AllowedScopes = new List<string>{ "api", "api.readOnly", "openid", "offline_access" },
Provider = "IdentityServer",
IdentityServerConfig = new FileIdentityServerConfig{
ProviderRootUrl = "http://localhost:51888",
RequireHttps = false,
ApiName = "api",
ApiSecret = "secret"
}
}
} }
} }
}; };
@ -190,6 +205,21 @@ namespace Ocelot.AcceptanceTests
{ {
var configuration = new FileConfiguration var configuration = new FileConfiguration
{ {
AuthenticationOptions = new List<FileAuthenticationOptions>
{
new FileAuthenticationOptions
{
AllowedScopes = new List<string>{ "api", "openid", "offline_access" },
Provider = "IdentityServer",
IdentityServerConfig = new FileIdentityServerConfig{
ProviderRootUrl = "http://localhost:51888",
RequireHttps = false,
ApiName = "api",
ApiSecret = "secret"
},
AuthenticationProviderKey = "Test"
}
},
ReRoutes = new List<FileReRoute> ReRoutes = new List<FileReRoute>
{ {
new FileReRoute new FileReRoute
@ -200,17 +230,7 @@ namespace Ocelot.AcceptanceTests
DownstreamScheme = "http", DownstreamScheme = "http",
UpstreamPathTemplate = "/", UpstreamPathTemplate = "/",
UpstreamHttpMethod = new List<string> { "Get" }, UpstreamHttpMethod = new List<string> { "Get" },
AuthenticationOptions = new FileAuthenticationOptions AuthenticationProviderKey = "Test"
{
AllowedScopes = new List<string>{ "api", "openid", "offline_access" },
Provider = "IdentityServer",
IdentityServerConfig = new FileIdentityServerConfig{
ProviderRootUrl = "http://localhost:51888",
RequireHttps = false,
ApiName = "api",
ApiSecret = "secret"
}
}
} }
} }
}; };

33
test/Ocelot.AcceptanceTests/ClaimsToHeadersForwardingTests.cs
View File

@ -47,6 +47,24 @@ namespace Ocelot.AcceptanceTests
var configuration = new FileConfiguration var configuration = new FileConfiguration
{ {
AuthenticationOptions = new List<FileAuthenticationOptions>
{
new FileAuthenticationOptions
{
AllowedScopes = new List<string>
{
"openid", "offline_access", "api"
},
Provider = "IdentityServer",
IdentityServerConfig = new FileIdentityServerConfig{
ProviderRootUrl = "http://localhost:52888",
RequireHttps = false,
ApiName = "api",
ApiSecret = "secret"
},
AuthenticationProviderKey = "Test"
}
},
ReRoutes = new List<FileReRoute> ReRoutes = new List<FileReRoute>
{ {
new FileReRoute new FileReRoute
@ -57,20 +75,7 @@ namespace Ocelot.AcceptanceTests
DownstreamHost = "localhost", DownstreamHost = "localhost",
UpstreamPathTemplate = "/", UpstreamPathTemplate = "/",
UpstreamHttpMethod = new List<string> { "Get" }, UpstreamHttpMethod = new List<string> { "Get" },
AuthenticationOptions = new FileAuthenticationOptions AuthenticationProviderKey = "Test",
{
AllowedScopes = new List<string>
{
"openid", "offline_access", "api"
},
Provider = "IdentityServer",
IdentityServerConfig = new FileIdentityServerConfig{
ProviderRootUrl = "http://localhost:52888",
RequireHttps = false,
ApiName = "api",
ApiSecret = "secret"
}
},
AddHeadersToRequest = AddHeadersToRequest =
{ {
{"CustomerId", "Claims[CustomerId] > value"}, {"CustomerId", "Claims[CustomerId] > value"},

33
test/Ocelot.AcceptanceTests/ClaimsToQueryStringForwardingTests.cs
View File

@ -47,6 +47,24 @@ namespace Ocelot.AcceptanceTests
var configuration = new FileConfiguration var configuration = new FileConfiguration
{ {
AuthenticationOptions = new List<FileAuthenticationOptions>
{
new FileAuthenticationOptions
{
AllowedScopes = new List<string>
{
"openid", "offline_access", "api"
},
Provider = "IdentityServer",
IdentityServerConfig = new FileIdentityServerConfig{
ProviderRootUrl = "http://localhost:57888",
RequireHttps = false,
ApiName = "api",
ApiSecret = "secret"
},
AuthenticationProviderKey = "Test"
}
},
ReRoutes = new List<FileReRoute> ReRoutes = new List<FileReRoute>
{ {
new FileReRoute new FileReRoute
@ -57,20 +75,7 @@ namespace Ocelot.AcceptanceTests
DownstreamHost = "localhost", DownstreamHost = "localhost",
UpstreamPathTemplate = "/", UpstreamPathTemplate = "/",
UpstreamHttpMethod = new List<string> { "Get" }, UpstreamHttpMethod = new List<string> { "Get" },
AuthenticationOptions = new FileAuthenticationOptions AuthenticationProviderKey = "Test",
{
AllowedScopes = new List<string>
{
"openid", "offline_access", "api"
},
Provider = "IdentityServer",
IdentityServerConfig = new FileIdentityServerConfig{
ProviderRootUrl = "http://localhost:57888",
RequireHttps = false,
ApiName = "api",
ApiSecret = "secret"
}
},
AddQueriesToRequest = AddQueriesToRequest =
{ {
{"CustomerId", "Claims[CustomerId] > value"}, {"CustomerId", "Claims[CustomerId] > value"},

226
test/Ocelot.UnitTests/Configuration/AuthenticationOptionsCreatorTests.cs
View File

@ -1,133 +1,133 @@
using System.Collections.Generic; // using System.Collections.Generic;
using Ocelot.Configuration; // using Ocelot.Configuration;
using Ocelot.Configuration.Builder; // using Ocelot.Configuration.Builder;
using Ocelot.Configuration.Creator; // using Ocelot.Configuration.Creator;
using Ocelot.Configuration.File; // using Ocelot.Configuration.File;
using Shouldly; // using Shouldly;
using TestStack.BDDfy; // using TestStack.BDDfy;
using Xunit; // using Xunit;
namespace Ocelot.UnitTests.Configuration // namespace Ocelot.UnitTests.Configuration
{ // {
public class AuthenticationOptionsCreatorTests // public class AuthenticationOptionsCreatorTests
{ // {
private readonly AuthenticationOptionsCreator _authOptionsCreator; // private readonly AuthenticationOptionsCreator _authOptionsCreator;
private FileReRoute _fileReRoute; // private FileReRoute _fileReRoute;
private AuthenticationOptions _result; // private AuthenticationOptions _result;
public AuthenticationOptionsCreatorTests() // public AuthenticationOptionsCreatorTests()
{ // {
_authOptionsCreator = new AuthenticationOptionsCreator(new AuthenticationProviderConfigCreator()); // _authOptionsCreator = new AuthenticationOptionsCreator(new AuthenticationProviderConfigCreator());
} // }
[Fact] // [Fact]
public void should_return_auth_options() // public void should_return_auth_options()
{ // {
var fileReRoute = new FileReRoute() // var fileReRoute = new FileReRoute()
{ // {
AuthenticationOptions = new FileAuthenticationOptions // AuthenticationOptions = new FileAuthenticationOptions
{ // {
Provider = "Geoff", // Provider = "Geoff",
IdentityServerConfig = new FileIdentityServerConfig() // IdentityServerConfig = new FileIdentityServerConfig()
{ // {
ProviderRootUrl = "http://www.bbc.co.uk/", // ProviderRootUrl = "http://www.bbc.co.uk/",
ApiName = "Laura", // ApiName = "Laura",
RequireHttps = true, // RequireHttps = true,
ApiSecret = "secret" // ApiSecret = "secret"
}, // },
AllowedScopes = new List<string> { "cheese" }, // AllowedScopes = new List<string> { "cheese" },
} // }
}; // };
var authenticationConfig = new IdentityServerConfigBuilder() // var authenticationConfig = new IdentityServerConfigBuilder()
.WithProviderRootUrl(fileReRoute.AuthenticationOptions?.IdentityServerConfig?.ProviderRootUrl) // .WithProviderRootUrl(fileReRoute.AuthenticationOptions?.IdentityServerConfig?.ProviderRootUrl)
.WithApiName(fileReRoute.AuthenticationOptions?.IdentityServerConfig?.ApiName) // .WithApiName(fileReRoute.AuthenticationOptions?.IdentityServerConfig?.ApiName)
.WithRequireHttps(fileReRoute.AuthenticationOptions.IdentityServerConfig.RequireHttps) // .WithRequireHttps(fileReRoute.AuthenticationOptions.IdentityServerConfig.RequireHttps)
.WithApiSecret(fileReRoute.AuthenticationOptions?.IdentityServerConfig?.ApiSecret) // .WithApiSecret(fileReRoute.AuthenticationOptions?.IdentityServerConfig?.ApiSecret)
.Build(); // .Build();
var expected = new AuthenticationOptionsBuilder() // var expected = new AuthenticationOptionsBuilder()
.WithProvider(fileReRoute.AuthenticationOptions?.Provider) // .WithProvider(fileReRoute.AuthenticationOptions?.Provider)
.WithAllowedScopes(fileReRoute.AuthenticationOptions?.AllowedScopes) // .WithAllowedScopes(fileReRoute.AuthenticationOptions?.AllowedScopes)
.WithConfig(authenticationConfig) // .WithConfig(authenticationConfig)
.Build(); // .Build();
this.Given(x => x.GivenTheFollowing(fileReRoute)) // this.Given(x => x.GivenTheFollowing(fileReRoute))
.When(x => x.WhenICreateTheAuthenticationOptions()) // .When(x => x.WhenICreateTheAuthenticationOptions())
.Then(x => x.ThenTheFollowingIdentityServerConfigIsReturned(expected)) // .Then(x => x.ThenTheFollowingIdentityServerConfigIsReturned(expected))
.BDDfy(); // .BDDfy();
} // }
[Fact] // [Fact]
public void should_return_Jwt_auth_options() // public void should_return_Jwt_auth_options()
{ // {
var fileReRoute = new FileReRoute() // var fileReRoute = new FileReRoute()
{ // {
AuthenticationOptions = new FileAuthenticationOptions // AuthenticationOptions = new FileAuthenticationOptions
{ // {
Provider = "Jwt", // Provider = "Jwt",
JwtConfig = new FileJwtConfig() // JwtConfig = new FileJwtConfig()
{ // {
Audience = "Audience", // Audience = "Audience",
Authority = "Authority" // Authority = "Authority"
}, // },
AllowedScopes = new List<string> { "cheese" } // AllowedScopes = new List<string> { "cheese" }
} // }
}; // };
var authenticationConfig = new JwtConfigBuilder() // var authenticationConfig = new JwtConfigBuilder()
.WithAudience(fileReRoute.AuthenticationOptions?.JwtConfig?.Audience) // .WithAudience(fileReRoute.AuthenticationOptions?.JwtConfig?.Audience)
.WithAuthority(fileReRoute.AuthenticationOptions?.JwtConfig?.Authority) // .WithAuthority(fileReRoute.AuthenticationOptions?.JwtConfig?.Authority)
.Build(); // .Build();
var expected = new AuthenticationOptionsBuilder() // var expected = new AuthenticationOptionsBuilder()
.WithProvider(fileReRoute.AuthenticationOptions?.Provider) // .WithProvider(fileReRoute.AuthenticationOptions?.Provider)
.WithAllowedScopes(fileReRoute.AuthenticationOptions?.AllowedScopes) // .WithAllowedScopes(fileReRoute.AuthenticationOptions?.AllowedScopes)
.WithConfig(authenticationConfig) // .WithConfig(authenticationConfig)
.Build(); // .Build();
this.Given(x => x.GivenTheFollowing(fileReRoute)) // this.Given(x => x.GivenTheFollowing(fileReRoute))
.When(x => x.WhenICreateTheAuthenticationOptions()) // .When(x => x.WhenICreateTheAuthenticationOptions())
.Then(x => x.ThenTheFollowingJwtConfigIsReturned(expected)) // .Then(x => x.ThenTheFollowingJwtConfigIsReturned(expected))
.BDDfy(); // .BDDfy();
} // }
private void GivenTheFollowing(FileReRoute fileReRoute) // private void GivenTheFollowing(FileReRoute fileReRoute)
{ // {
_fileReRoute = fileReRoute; // _fileReRoute = fileReRoute;
} // }
private void WhenICreateTheAuthenticationOptions() // private void WhenICreateTheAuthenticationOptions()
{ // {
_result = _authOptionsCreator.Create(_fileReRoute); // _result = _authOptionsCreator.Create(_fileReRoute);
} // }
private void ThenTheFollowingJwtConfigIsReturned(AuthenticationOptions expected) // private void ThenTheFollowingJwtConfigIsReturned(AuthenticationOptions expected)
{ // {
_result.AllowedScopes.ShouldBe(expected.AllowedScopes); // _result.AllowedScopes.ShouldBe(expected.AllowedScopes);
_result.Provider.ShouldBe(expected.Provider); // _result.Provider.ShouldBe(expected.Provider);
var _resultSettings = _result.Config as JwtConfig; // var _resultSettings = _result.Config as JwtConfig;
var expectedSettngs = expected.Config as JwtConfig; // var expectedSettngs = expected.Config as JwtConfig;
_resultSettings.Audience.ShouldBe(expectedSettngs.Audience); // _resultSettings.Audience.ShouldBe(expectedSettngs.Audience);
_resultSettings.Authority.ShouldBe(expectedSettngs.Authority); // _resultSettings.Authority.ShouldBe(expectedSettngs.Authority);
} // }
private void ThenTheFollowingIdentityServerConfigIsReturned(AuthenticationOptions expected) // private void ThenTheFollowingIdentityServerConfigIsReturned(AuthenticationOptions expected)
{ // {
_result.AllowedScopes.ShouldBe(expected.AllowedScopes); // _result.AllowedScopes.ShouldBe(expected.AllowedScopes);
_result.Provider.ShouldBe(expected.Provider); // _result.Provider.ShouldBe(expected.Provider);
var _resultSettings = _result.Config as IdentityServerConfig; // var _resultSettings = _result.Config as IdentityServerConfig;
var expectedSettngs = expected.Config as IdentityServerConfig; // var expectedSettngs = expected.Config as IdentityServerConfig;
_resultSettings.ProviderRootUrl.ShouldBe(expectedSettngs.ProviderRootUrl); // _resultSettings.ProviderRootUrl.ShouldBe(expectedSettngs.ProviderRootUrl);
_resultSettings.RequireHttps.ShouldBe(expectedSettngs.RequireHttps); // _resultSettings.RequireHttps.ShouldBe(expectedSettngs.RequireHttps);
_resultSettings.ApiName.ShouldBe(expectedSettngs.ApiName); // _resultSettings.ApiName.ShouldBe(expectedSettngs.ApiName);
_resultSettings.ApiSecret.ShouldBe(expectedSettngs.ApiSecret); // _resultSettings.ApiSecret.ShouldBe(expectedSettngs.ApiSecret);
} // }
} // }
} // }

26
test/Ocelot.UnitTests/Configuration/ConfigurationValidationTests.cs
View File

@ -62,16 +62,21 @@ namespace Ocelot.UnitTests.Configuration
{ {
this.Given(x => x.GivenAConfiguration(new FileConfiguration this.Given(x => x.GivenAConfiguration(new FileConfiguration
{ {
AuthenticationOptions = new List<FileAuthenticationOptions>
{
new FileAuthenticationOptions
{
Provider = "IdentityServer",
AuthenticationProviderKey = "Test"
}
},
ReRoutes = new List<FileReRoute> ReRoutes = new List<FileReRoute>
{ {
new FileReRoute new FileReRoute
{ {
DownstreamPathTemplate = "/api/products/", DownstreamPathTemplate = "/api/products/",
UpstreamPathTemplate = "http://asdf.com", UpstreamPathTemplate = "http://asdf.com",
AuthenticationOptions = new FileAuthenticationOptions AuthenticationProviderKey = "Test"
{
Provider = "IdentityServer"
}
} }
} }
})) }))
@ -85,16 +90,21 @@ namespace Ocelot.UnitTests.Configuration
{ {
this.Given(x => x.GivenAConfiguration(new FileConfiguration this.Given(x => x.GivenAConfiguration(new FileConfiguration
{ {
AuthenticationOptions = new List<FileAuthenticationOptions>
{
new FileAuthenticationOptions
{
Provider = "BootyBootyBottyRockinEverywhere",
AuthenticationProviderKey = "Test"
}
},
ReRoutes = new List<FileReRoute> ReRoutes = new List<FileReRoute>
{ {
new FileReRoute new FileReRoute
{ {
DownstreamPathTemplate = "/api/products/", DownstreamPathTemplate = "/api/products/",
UpstreamPathTemplate = "http://asdf.com", UpstreamPathTemplate = "http://asdf.com",
AuthenticationOptions = new FileAuthenticationOptions AuthenticationProviderKey = "Test"
{
Provider = "BootyBootyBottyRockinEverywhere"
}
} }
} }
})) }))

4
test/Ocelot.UnitTests/Configuration/FileConfigurationCreatorTests.cs
View File

@ -666,14 +666,14 @@ namespace Ocelot.UnitTests.Configuration
private void GivenTheAuthOptionsCreatorReturns(AuthenticationOptions authOptions) private void GivenTheAuthOptionsCreatorReturns(AuthenticationOptions authOptions)
{ {
_authOptionsCreator _authOptionsCreator
.Setup(x => x.Create(It.IsAny<FileReRoute>())) .Setup(x => x.Create(It.IsAny<FileReRoute>(), It.IsAny<List<FileAuthenticationOptions>>()))
.Returns(authOptions); .Returns(authOptions);
} }
private void ThenTheAuthOptionsCreatorIsCalledCorrectly() private void ThenTheAuthOptionsCreatorIsCalledCorrectly()
{ {
_authOptionsCreator _authOptionsCreator
.Verify(x => x.Create(_fileConfiguration.ReRoutes[0]), Times.Once); .Verify(x => x.Create(_fileConfiguration.ReRoutes[0], _fileConfiguration.AuthenticationOptions), Times.Once);
} }
private void GivenTheUpstreamTemplatePatternCreatorReturns(string pattern) private void GivenTheUpstreamTemplatePatternCreatorReturns(string pattern)

5
test/Ocelot.UnitTests/Configuration/ReRouteOptionsCreatorTests.cs
View File

@ -34,10 +34,7 @@ namespace Ocelot.UnitTests.Configuration
ExceptionsAllowedBeforeBreaking = 1, ExceptionsAllowedBeforeBreaking = 1,
TimeoutValue = 1 TimeoutValue = 1
}, },
AuthenticationOptions = new FileAuthenticationOptions AuthenticationProviderKey = "Test",
{
Provider = "IdentityServer"
},
RouteClaimsRequirement = new Dictionary<string, string>() RouteClaimsRequirement = new Dictionary<string, string>()
{ {
{"",""} {"",""}

54
test/Ocelot.UnitTests/TestData/AuthenticationConfigTestData.cs
View File

@ -20,6 +20,22 @@
.Build(), .Build(),
new FileConfiguration new FileConfiguration
{ {
AuthenticationOptions = new List<FileAuthenticationOptions>
{
new FileAuthenticationOptions
{
AllowedScopes = new List<string>(),
Provider = "IdentityServer",
IdentityServerConfig = new FileIdentityServerConfig
{
ProviderRootUrl = "http://localhost:51888",
RequireHttps = false,
ApiName = "api",
ApiSecret = "secret"
} ,
AuthenticationProviderKey = "Test"
}
},
ReRoutes = new List<FileReRoute> ReRoutes = new List<FileReRoute>
{ {
new FileReRoute new FileReRoute
@ -28,18 +44,7 @@
DownstreamPathTemplate = "/products/{productId}", DownstreamPathTemplate = "/products/{productId}",
UpstreamHttpMethod = new List<string> { "Get" }, UpstreamHttpMethod = new List<string> { "Get" },
ReRouteIsCaseSensitive = true, ReRouteIsCaseSensitive = true,
AuthenticationOptions = new FileAuthenticationOptions AuthenticationProviderKey = "Test",
{
AllowedScopes = new List<string>(),
Provider = "IdentityServer",
IdentityServerConfig = new FileIdentityServerConfig
{
ProviderRootUrl = "http://localhost:51888",
RequireHttps = false,
ApiName = "api",
ApiSecret = "secret"
}
},
AddHeadersToRequest = AddHeadersToRequest =
{ {
{ "CustomerId", "Claims[CustomerId] > value" }, { "CustomerId", "Claims[CustomerId] > value" },
@ -58,6 +63,20 @@
.Build(), .Build(),
new FileConfiguration new FileConfiguration
{ {
AuthenticationOptions = new List<FileAuthenticationOptions>
{
new FileAuthenticationOptions
{
AllowedScopes = new List<string>(),
Provider = "IdentityServer",
JwtConfig = new FileJwtConfig
{
Audience = "a",
Authority = "au"
},
AuthenticationProviderKey = "Test"
}
},
ReRoutes = new List<FileReRoute> ReRoutes = new List<FileReRoute>
{ {
new FileReRoute new FileReRoute
@ -66,16 +85,7 @@
DownstreamPathTemplate = "/products/{productId}", DownstreamPathTemplate = "/products/{productId}",
UpstreamHttpMethod = new List<string> { "Get" }, UpstreamHttpMethod = new List<string> { "Get" },
ReRouteIsCaseSensitive = true, ReRouteIsCaseSensitive = true,
AuthenticationOptions = new FileAuthenticationOptions AuthenticationProviderKey = "Test",
{
AllowedScopes = new List<string>(),
Provider = "IdentityServer",
JwtConfig = new FileJwtConfig
{
Audience = "a",
Authority = "au"
}
},
AddHeadersToRequest = AddHeadersToRequest =
{ {
{ "CustomerId", "Claims[CustomerId] > value" }, { "CustomerId", "Claims[CustomerId] > value" },