tk/Ocelot
1
0
Fork 0
mirror of https://github.com/nsnail/Ocelot.git synced 2025-04-20 18:02:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

all packages upgraded and tests passing

Browse Source
This commit is contained in:
TomPallister 2020-12-01 11:06:49 +00:00
parent 17b0555f55
commit f62ed72dde
15 changed files with 1999 additions and 1943 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
docs/features/administration.rst
View File

@ -12,17 +12,20 @@ This will bring down everything needed by the admin API.
Providing your own IdentityServer Providing your own IdentityServer
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All you need to do to hook into your own IdentityServer is add the following to your ConfigureServices method. All you need to do to hook into your own IdentityServer is add the following to your ConfigureServices method.
.. code-block:: csharp .. code-block:: csharp
public virtual void ConfigureServices(IServiceCollection services) public virtual void ConfigureServices(IServiceCollection services)
{ {
Action<IdentityServerAuthenticationOptions> options = o => { Action<JwtBearerOptions> options = o =>
// o.Authority = ; {
// o.ApiName = ; o.Authority = identityServerRootUrl;
o.RequireHttpsMetadata = false;
o.TokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false,
};
// etc.... // etc....
}; };

8
docs/features/authentication.rst
View File

@ -97,16 +97,14 @@ In order to use IdentityServer bearer tokens, register your IdentityServer servi
public void ConfigureServices(IServiceCollection services) public void ConfigureServices(IServiceCollection services)
{ {
var authenticationProviderKey = "TestKey"; var authenticationProviderKey = "TestKey";
Action<IdentityServerAuthenticationOptions> options = o => Action<JwtBearerOptions> options = o =>
{ {
o.Authority = "https://whereyouridentityserverlives.com"; o.Authority = "https://whereyouridentityserverlives.com";
o.ApiName = "api"; // etc
o.SupportedTokens = SupportedTokens.Both;
o.ApiSecret = "secret";
}; };
services.AddAuthentication() services.AddAuthentication()
.AddIdentityServerAuthentication(authenticationProviderKey, options); .AddJwtBearer(authenticationProviderKey, options);
services.AddOcelot(); services.AddOcelot();
} }

2
src/Ocelot.Administration/Ocelot.Administration.csproj
View File

@ -31,7 +31,7 @@
<PrivateAssets>all</PrivateAssets> <PrivateAssets>all</PrivateAssets>
</PackageReference> </PackageReference>
<PackageReference Include="IdentityServer4.AccessTokenValidation" Version="3.0.1" /> <PackageReference Include="IdentityServer4.AccessTokenValidation" Version="3.0.1" />
<PackageReference Include="IdentityServer4" Version="3.1.1" /> <PackageReference Include="IdentityServer4" Version="4.1.1" />
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<PackageReference Update="Microsoft.SourceLink.GitHub" Version="1.0.0" /> <PackageReference Update="Microsoft.SourceLink.GitHub" Version="1.0.0" />

45
src/Ocelot.Administration/OcelotBuilderExtensions.cs
View File

@ -1,7 +1,6 @@
using Ocelot.DependencyInjection; using Ocelot.DependencyInjection;
using IdentityServer4.AccessTokenValidation; using IdentityServer4.AccessTokenValidation;
using IdentityServer4.Models; using IdentityServer4.Models;
using Microsoft.AspNetCore.Builder;
using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.DependencyInjection.Extensions; using Microsoft.Extensions.DependencyInjection.Extensions;
@ -10,6 +9,9 @@ using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.IdentityModel.Tokens.Jwt; using System.IdentityModel.Tokens.Jwt;
using System.Security.Cryptography.X509Certificates; using System.Security.Cryptography.X509Certificates;
using System.Linq;
using Microsoft.IdentityModel.Tokens;
using Microsoft.AspNetCore.Authentication.JwtBearer;
namespace Ocelot.Administration namespace Ocelot.Administration
{ {
@ -18,6 +20,7 @@ namespace Ocelot.Administration
public static IOcelotAdministrationBuilder AddAdministration(this IOcelotBuilder builder, string path, string secret) public static IOcelotAdministrationBuilder AddAdministration(this IOcelotBuilder builder, string path, string secret)
{ {
var administrationPath = new AdministrationPath(path); var administrationPath = new AdministrationPath(path);
builder.Services.AddSingleton<OcelotMiddlewareConfigurationDelegate>(IdentityServerMiddlewareConfigurationProvider.Get); builder.Services.AddSingleton<OcelotMiddlewareConfigurationDelegate>(IdentityServerMiddlewareConfigurationProvider.Get);
//add identity server for admin area //add identity server for admin area
@ -32,7 +35,7 @@ namespace Ocelot.Administration
return new OcelotAdministrationBuilder(builder.Services, builder.Configuration); return new OcelotAdministrationBuilder(builder.Services, builder.Configuration);
} }
public static IOcelotAdministrationBuilder AddAdministration(this IOcelotBuilder builder, string path, Action<IdentityServerAuthenticationOptions> configureOptions) public static IOcelotAdministrationBuilder AddAdministration(this IOcelotBuilder builder, string path, Action<JwtBearerOptions> configureOptions)
{ {
var administrationPath = new AdministrationPath(path); var administrationPath = new AdministrationPath(path);
builder.Services.AddSingleton<OcelotMiddlewareConfigurationDelegate>(IdentityServerMiddlewareConfigurationProvider.Get); builder.Services.AddSingleton<OcelotMiddlewareConfigurationDelegate>(IdentityServerMiddlewareConfigurationProvider.Get);
@ -46,11 +49,11 @@ namespace Ocelot.Administration
return new OcelotAdministrationBuilder(builder.Services, builder.Configuration); return new OcelotAdministrationBuilder(builder.Services, builder.Configuration);
} }
private static void AddIdentityServer(Action<IdentityServerAuthenticationOptions> configOptions, IOcelotBuilder builder) private static void AddIdentityServer(Action<JwtBearerOptions> configOptions, IOcelotBuilder builder)
{ {
builder.Services builder.Services
.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme) .AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddIdentityServerAuthentication(configOptions); .AddJwtBearer("Bearer", configOptions);
} }
private static void AddIdentityServer(IIdentityServerConfiguration identityServerConfiguration, IAdministrationPath adminPath, IOcelotBuilder builder, IConfiguration configuration) private static void AddIdentityServer(IIdentityServerConfiguration identityServerConfiguration, IAdministrationPath adminPath, IOcelotBuilder builder, IConfiguration configuration)
@ -60,7 +63,9 @@ namespace Ocelot.Administration
.AddIdentityServer(o => .AddIdentityServer(o =>
{ {
o.IssuerUri = "Ocelot"; o.IssuerUri = "Ocelot";
o.EmitStaticAudienceClaim = true;
}) })
.AddInMemoryApiScopes(ApiScopes(identityServerConfiguration))
.AddInMemoryApiResources(Resources(identityServerConfiguration)) .AddInMemoryApiResources(Resources(identityServerConfiguration))
.AddInMemoryClients(Client(identityServerConfiguration)); .AddInMemoryClients(Client(identityServerConfiguration));
@ -68,14 +73,17 @@ namespace Ocelot.Administration
var baseSchemeUrlAndPort = urlFinder.Find(); var baseSchemeUrlAndPort = urlFinder.Find();
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
builder.Services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme) builder.Services
.AddIdentityServerAuthentication(o => .AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddJwtBearer("Bearer", options =>
{ {
o.Authority = baseSchemeUrlAndPort + adminPath.Path; options.Authority = baseSchemeUrlAndPort + adminPath.Path;
o.ApiName = identityServerConfiguration.ApiName; options.RequireHttpsMetadata = identityServerConfiguration.RequireHttps;
o.RequireHttpsMetadata = identityServerConfiguration.RequireHttps;
o.SupportedTokens = SupportedTokens.Both; options.TokenValidationParameters = new TokenValidationParameters
o.ApiSecret = identityServerConfiguration.ApiSecret; {
ValidateAudience = false,
};
}); });
//todo - refactor naming.. //todo - refactor naming..
@ -91,6 +99,11 @@ namespace Ocelot.Administration
} }
} }
private static IEnumerable<ApiScope> ApiScopes(IIdentityServerConfiguration identityServerConfiguration)
{
return identityServerConfiguration.AllowedScopes.Select(s => new ApiScope(s));
}
private static List<ApiResource> Resources(IIdentityServerConfiguration identityServerConfiguration) private static List<ApiResource> Resources(IIdentityServerConfiguration identityServerConfiguration)
{ {
return new List<ApiResource> return new List<ApiResource>
@ -101,9 +114,9 @@ namespace Ocelot.Administration
{ {
new Secret new Secret
{ {
Value = identityServerConfiguration.ApiSecret.Sha256() Value = identityServerConfiguration.ApiSecret.Sha256(),
} },
} },
}, },
}; };
} }
@ -117,8 +130,8 @@ namespace Ocelot.Administration
ClientId = identityServerConfiguration.ApiName, ClientId = identityServerConfiguration.ApiName,
AllowedGrantTypes = GrantTypes.ClientCredentials, AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets = new List<Secret> {new Secret(identityServerConfiguration.ApiSecret.Sha256())}, ClientSecrets = new List<Secret> {new Secret(identityServerConfiguration.ApiSecret.Sha256())},
AllowedScopes = { identityServerConfiguration.ApiName } AllowedScopes = identityServerConfiguration.AllowedScopes,
} },
}; };
} }
} }

21
test/Ocelot.AcceptanceTests/AuthenticationTests.cs
View File

@ -278,6 +278,11 @@ namespace Ocelot.AcceptanceTests
services.AddLogging(); services.AddLogging();
services.AddIdentityServer() services.AddIdentityServer()
.AddDeveloperSigningCredential() .AddDeveloperSigningCredential()
.AddInMemoryApiScopes(new List<ApiScope>
{
new ApiScope(apiName, "test"),
new ApiScope(api2Name, "test"),
})
.AddInMemoryApiResources(new List<ApiResource> .AddInMemoryApiResources(new List<ApiResource>
{ {
new ApiResource new ApiResource
@ -286,12 +291,12 @@ namespace Ocelot.AcceptanceTests
Description = "My API", Description = "My API",
Enabled = true, Enabled = true,
DisplayName = "test", DisplayName = "test",
Scopes = new List<Scope>() Scopes = new List<string>()
{ {
new Scope("api"), "api",
new Scope("api.readOnly"), "api.readOnly",
new Scope("openid"), "openid",
new Scope("offline_access"), "offline_access",
}, },
ApiSecrets = new List<Secret>() ApiSecrets = new List<Secret>()
{ {
@ -311,10 +316,10 @@ namespace Ocelot.AcceptanceTests
Description = "My second API", Description = "My second API",
Enabled = true, Enabled = true,
DisplayName = "second test", DisplayName = "second test",
Scopes = new List<Scope>() Scopes = new List<string>()
{ {
new Scope("api2"), "api2",
new Scope("api2.readOnly"), "api2.readOnly",
}, },
ApiSecrets = new List<Secret>() ApiSecrets = new List<Secret>()
{ {

119
test/Ocelot.AcceptanceTests/AuthorisationTests.cs
View File

@ -58,34 +58,34 @@ namespace Ocelot.AcceptanceTests
{ {
Host = "localhost", Host = "localhost",
Port = port, Port = port,
} },
}, },
DownstreamScheme = "http", DownstreamScheme = "http",
UpstreamPathTemplate = "/", UpstreamPathTemplate = "/",
UpstreamHttpMethod = new List<string> { "Get" }, UpstreamHttpMethod = new List<string> { "Get" },
AuthenticationOptions = new FileAuthenticationOptions AuthenticationOptions = new FileAuthenticationOptions
{ {
AuthenticationProviderKey = "Test" AuthenticationProviderKey = "Test",
}, },
AddHeadersToRequest = AddHeadersToRequest =
{ {
{"CustomerId", "Claims[CustomerId] > value"}, {"CustomerId", "Claims[CustomerId] > value"},
{"LocationId", "Claims[LocationId] > value"}, {"LocationId", "Claims[LocationId] > value"},
{"UserType", "Claims[sub] > value[0] > |"}, {"UserType", "Claims[sub] > value[0] > |"},
{"UserId", "Claims[sub] > value[1] > |"} {"UserId", "Claims[sub] > value[1] > |"},
}, },
AddClaimsToRequest = AddClaimsToRequest =
{ {
{"CustomerId", "Claims[CustomerId] > value"}, {"CustomerId", "Claims[CustomerId] > value"},
{"UserType", "Claims[sub] > value[0] > |"}, {"UserType", "Claims[sub] > value[0] > |"},
{"UserId", "Claims[sub] > value[1] > |"} {"UserId", "Claims[sub] > value[1] > |"},
}, },
RouteClaimsRequirement = RouteClaimsRequirement =
{ {
{"UserType", "registered"} {"UserType", "registered"},
} },
} },
} },
}; };
this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", AccessTokenType.Jwt)) this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", AccessTokenType.Jwt))
@ -118,33 +118,33 @@ namespace Ocelot.AcceptanceTests
{ {
Host = "localhost", Host = "localhost",
Port = port, Port = port,
} },
}, },
DownstreamScheme = "http", DownstreamScheme = "http",
UpstreamPathTemplate = "/", UpstreamPathTemplate = "/",
UpstreamHttpMethod = new List<string> { "Get" }, UpstreamHttpMethod = new List<string> { "Get" },
AuthenticationOptions = new FileAuthenticationOptions AuthenticationOptions = new FileAuthenticationOptions
{ {
AuthenticationProviderKey = "Test" AuthenticationProviderKey = "Test",
}, },
AddHeadersToRequest = AddHeadersToRequest =
{ {
{"CustomerId", "Claims[CustomerId] > value"}, {"CustomerId", "Claims[CustomerId] > value"},
{"LocationId", "Claims[LocationId] > value"}, {"LocationId", "Claims[LocationId] > value"},
{"UserType", "Claims[sub] > value[0] > |"}, {"UserType", "Claims[sub] > value[0] > |"},
{"UserId", "Claims[sub] > value[1] > |"} {"UserId", "Claims[sub] > value[1] > |"},
}, },
AddClaimsToRequest = AddClaimsToRequest =
{ {
{"CustomerId", "Claims[CustomerId] > value"}, {"CustomerId", "Claims[CustomerId] > value"},
{"UserId", "Claims[sub] > value[1] > |"} {"UserId", "Claims[sub] > value[1] > |"},
}, },
RouteClaimsRequirement = RouteClaimsRequirement =
{ {
{"UserType", "registered"} {"UserType", "registered"},
} },
} },
} },
}; };
this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", AccessTokenType.Jwt)) this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", AccessTokenType.Jwt))
@ -176,7 +176,7 @@ namespace Ocelot.AcceptanceTests
{ {
Host = "localhost", Host = "localhost",
Port = port, Port = port,
} },
}, },
DownstreamScheme = "http", DownstreamScheme = "http",
UpstreamPathTemplate = "/", UpstreamPathTemplate = "/",
@ -186,8 +186,8 @@ namespace Ocelot.AcceptanceTests
AuthenticationProviderKey = "Test", AuthenticationProviderKey = "Test",
AllowedScopes = new List<string>{ "api", "api.readOnly", "openid", "offline_access" }, AllowedScopes = new List<string>{ "api", "api.readOnly", "openid", "offline_access" },
}, },
} },
} },
}; };
this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", AccessTokenType.Jwt)) this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", AccessTokenType.Jwt))
@ -219,7 +219,7 @@ namespace Ocelot.AcceptanceTests
{ {
Host = "localhost", Host = "localhost",
Port = port, Port = port,
} },
}, },
DownstreamScheme = "http", DownstreamScheme = "http",
UpstreamPathTemplate = "/", UpstreamPathTemplate = "/",
@ -229,8 +229,8 @@ namespace Ocelot.AcceptanceTests
AuthenticationProviderKey = "Test", AuthenticationProviderKey = "Test",
AllowedScopes = new List<string>{ "api", "openid", "offline_access" }, AllowedScopes = new List<string>{ "api", "openid", "offline_access" },
}, },
} },
} },
}; };
this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", AccessTokenType.Jwt)) this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", AccessTokenType.Jwt))
@ -262,21 +262,21 @@ namespace Ocelot.AcceptanceTests
{ {
Host = "localhost", Host = "localhost",
Port = port, Port = port,
} },
}, },
DownstreamScheme = "http", DownstreamScheme = "http",
UpstreamPathTemplate = "/", UpstreamPathTemplate = "/",
UpstreamHttpMethod = new List<string> { "Get" }, UpstreamHttpMethod = new List<string> { "Get" },
AuthenticationOptions = new FileAuthenticationOptions AuthenticationOptions = new FileAuthenticationOptions
{ {
AuthenticationProviderKey = "Test" AuthenticationProviderKey = "Test",
}, },
RouteClaimsRequirement = RouteClaimsRequirement =
{ {
{"Role", "User"} {"Role", "User"},
} },
} },
} },
}; };
var users = new List<TestUser> var users = new List<TestUser>
@ -289,9 +289,9 @@ namespace Ocelot.AcceptanceTests
Claims = new List<Claim> Claims = new List<Claim>
{ {
new Claim("Role", "AdminUser"), new Claim("Role", "AdminUser"),
new Claim("Role", "User") new Claim("Role", "User"),
},
}, },
}
}; };
this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", AccessTokenType.Jwt, users)) this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", AccessTokenType.Jwt, users))
@ -328,6 +328,13 @@ namespace Ocelot.AcceptanceTests
services.AddLogging(); services.AddLogging();
services.AddIdentityServer() services.AddIdentityServer()
.AddDeveloperSigningCredential() .AddDeveloperSigningCredential()
.AddInMemoryApiScopes(new List<ApiScope>
{
new ApiScope(apiName, "test"),
new ApiScope("openid", "test"),
new ApiScope("offline_access", "test"),
new ApiScope("api.readOnly", "test"),
})
.AddInMemoryApiResources(new List<ApiResource> .AddInMemoryApiResources(new List<ApiResource>
{ {
new ApiResource new ApiResource
@ -336,24 +343,24 @@ namespace Ocelot.AcceptanceTests
Description = "My API", Description = "My API",
Enabled = true, Enabled = true,
DisplayName = "test", DisplayName = "test",
Scopes = new List<Scope>() Scopes = new List<string>()
{ {
new Scope("api"), "api",
new Scope("api.readOnly"), "api.readOnly",
new Scope("openid"), "openid",
new Scope("offline_access") "offline_access",
}, },
ApiSecrets = new List<Secret>() ApiSecrets = new List<Secret>()
{ {
new Secret new Secret
{ {
Value = "secret".Sha256() Value = "secret".Sha256(),
} },
}, },
UserClaims = new List<string>() UserClaims = new List<string>()
{ {
"CustomerId", "LocationId", "UserType", "UserId" "CustomerId", "LocationId", "UserType", "UserId",
} },
}, },
}) })
.AddInMemoryClients(new List<Client> .AddInMemoryClients(new List<Client>
@ -366,8 +373,8 @@ namespace Ocelot.AcceptanceTests
AllowedScopes = new List<string> { apiName, "api.readOnly", "openid", "offline_access" }, AllowedScopes = new List<string> { apiName, "api.readOnly", "openid", "offline_access" },
AccessTokenType = tokenType, AccessTokenType = tokenType,
Enabled = true, Enabled = true,
RequireClientSecret = false RequireClientSecret = false,
} },
}) })
.AddTestUsers(new List<TestUser> .AddTestUsers(new List<TestUser>
{ {
@ -379,9 +386,9 @@ namespace Ocelot.AcceptanceTests
Claims = new List<Claim> Claims = new List<Claim>
{ {
new Claim("CustomerId", "123"), new Claim("CustomerId", "123"),
new Claim("LocationId", "321") new Claim("LocationId", "321"),
} },
} },
}); });
}) })
.Configure(app => .Configure(app =>
@ -408,6 +415,10 @@ namespace Ocelot.AcceptanceTests
services.AddLogging(); services.AddLogging();
services.AddIdentityServer() services.AddIdentityServer()
.AddDeveloperSigningCredential() .AddDeveloperSigningCredential()
.AddInMemoryApiScopes(new List<ApiScope>
{
new ApiScope(apiName, "test"),
})
.AddInMemoryApiResources(new List<ApiResource> .AddInMemoryApiResources(new List<ApiResource>
{ {
new ApiResource new ApiResource
@ -416,24 +427,24 @@ namespace Ocelot.AcceptanceTests
Description = "My API", Description = "My API",
Enabled = true, Enabled = true,
DisplayName = "test", DisplayName = "test",
Scopes = new List<Scope>() Scopes = new List<string>()
{ {
new Scope("api"), "api",
new Scope("api.readOnly"), "api.readOnly",
new Scope("openid"), "openid",
new Scope("offline_access"), "offline_access",
}, },
ApiSecrets = new List<Secret>() ApiSecrets = new List<Secret>()
{ {
new Secret new Secret
{ {
Value = "secret".Sha256() Value = "secret".Sha256(),
} },
}, },
UserClaims = new List<string>() UserClaims = new List<string>()
{ {
"CustomerId", "LocationId", "UserType", "UserId", "Role" "CustomerId", "LocationId", "UserType", "UserId", "Role",
} },
}, },
}) })
.AddInMemoryClients(new List<Client> .AddInMemoryClients(new List<Client>
@ -447,7 +458,7 @@ namespace Ocelot.AcceptanceTests
AccessTokenType = tokenType, AccessTokenType = tokenType,
Enabled = true, Enabled = true,
RequireClientSecret = false, RequireClientSecret = false,
} },
}) })
.AddTestUsers(users); .AddTestUsers(users);
}) })

31
test/Ocelot.AcceptanceTests/ClaimsToDownstreamPathTests.cs
View File

@ -144,6 +144,13 @@ namespace Ocelot.AcceptanceTests
services.AddLogging(); services.AddLogging();
services.AddIdentityServer() services.AddIdentityServer()
.AddDeveloperSigningCredential() .AddDeveloperSigningCredential()
.AddInMemoryApiScopes(new List<ApiScope>
{
new ApiScope(apiName, "test"),
new ApiScope("openid", "test"),
new ApiScope("offline_access", "test"),
new ApiScope("api.readOnly", "test"),
})
.AddInMemoryApiResources(new List<ApiResource> .AddInMemoryApiResources(new List<ApiResource>
{ {
new ApiResource new ApiResource
@ -152,24 +159,24 @@ namespace Ocelot.AcceptanceTests
Description = "My API", Description = "My API",
Enabled = true, Enabled = true,
DisplayName = "test", DisplayName = "test",
Scopes = new List<Scope>() Scopes = new List<string>()
{ {
new Scope("api"), "api",
new Scope("openid"), "openid",
new Scope("offline_access") "offline_access",
}, },
ApiSecrets = new List<Secret>() ApiSecrets = new List<Secret>()
{ {
new Secret new Secret
{ {
Value = "secret".Sha256() Value = "secret".Sha256(),
} },
}, },
UserClaims = new List<string>() UserClaims = new List<string>()
{ {
"CustomerId", "LocationId", "UserType", "UserId" "CustomerId", "LocationId", "UserType", "UserId",
} },
} },
}) })
.AddInMemoryClients(new List<Client> .AddInMemoryClients(new List<Client>
{ {
@ -181,12 +188,12 @@ namespace Ocelot.AcceptanceTests
AllowedScopes = new List<string> { apiName, "openid", "offline_access" }, AllowedScopes = new List<string> { apiName, "openid", "offline_access" },
AccessTokenType = tokenType, AccessTokenType = tokenType,
Enabled = true, Enabled = true,
RequireClientSecret = false RequireClientSecret = false,
} },
}) })
.AddTestUsers(new List<TestUser> .AddTestUsers(new List<TestUser>
{ {
user user,
}); });
}) })
.Configure(app => .Configure(app =>

47
test/Ocelot.AcceptanceTests/ClaimsToHeadersForwardingTests.cs
View File

@ -55,8 +55,8 @@ namespace Ocelot.AcceptanceTests
Claims = new List<Claim> Claims = new List<Claim>
{ {
new Claim("CustomerId", "123"), new Claim("CustomerId", "123"),
new Claim("LocationId", "1") new Claim("LocationId", "1"),
} },
}; };
int port = RandomPortFinder.GetRandomPort(); int port = RandomPortFinder.GetRandomPort();
@ -74,7 +74,7 @@ namespace Ocelot.AcceptanceTests
{ {
Host = "localhost", Host = "localhost",
Port = port, Port = port,
} },
}, },
DownstreamScheme = "http", DownstreamScheme = "http",
UpstreamPathTemplate = "/", UpstreamPathTemplate = "/",
@ -84,7 +84,7 @@ namespace Ocelot.AcceptanceTests
AuthenticationProviderKey = "Test", AuthenticationProviderKey = "Test",
AllowedScopes = new List<string> AllowedScopes = new List<string>
{ {
"openid", "offline_access", "api" "openid", "offline_access", "api",
}, },
}, },
AddHeadersToRequest = AddHeadersToRequest =
@ -92,10 +92,10 @@ namespace Ocelot.AcceptanceTests
{"CustomerId", "Claims[CustomerId] > value"}, {"CustomerId", "Claims[CustomerId] > value"},
{"LocationId", "Claims[LocationId] > value"}, {"LocationId", "Claims[LocationId] > value"},
{"UserType", "Claims[sub] > value[0] > |"}, {"UserType", "Claims[sub] > value[0] > |"},
{"UserId", "Claims[sub] > value[1] > |"} {"UserId", "Claims[sub] > value[1] > |"},
} },
} },
} },
}; };
this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", AccessTokenType.Jwt, user)) this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", AccessTokenType.Jwt, user))
@ -138,6 +138,13 @@ namespace Ocelot.AcceptanceTests
services.AddLogging(); services.AddLogging();
services.AddIdentityServer() services.AddIdentityServer()
.AddDeveloperSigningCredential() .AddDeveloperSigningCredential()
.AddInMemoryApiScopes(new List<ApiScope>
{
new ApiScope(apiName, "test"),
new ApiScope("openid", "test"),
new ApiScope("offline_access", "test"),
new ApiScope("api.readOnly", "test"),
})
.AddInMemoryApiResources(new List<ApiResource> .AddInMemoryApiResources(new List<ApiResource>
{ {
new ApiResource new ApiResource
@ -146,24 +153,24 @@ namespace Ocelot.AcceptanceTests
Description = "My API", Description = "My API",
Enabled = true, Enabled = true,
DisplayName = "test", DisplayName = "test",
Scopes = new List<Scope>() Scopes = new List<string>()
{ {
new Scope("api"), "api",
new Scope("openid"), "openid",
new Scope("offline_access") "offline_access",
}, },
ApiSecrets = new List<Secret>() ApiSecrets = new List<Secret>()
{ {
new Secret new Secret
{ {
Value = "secret".Sha256() Value = "secret".Sha256(),
} },
}, },
UserClaims = new List<string>() UserClaims = new List<string>()
{ {
"CustomerId", "LocationId", "UserType", "UserId" "CustomerId", "LocationId", "UserType", "UserId",
} },
} },
}) })
.AddInMemoryClients(new List<Client> .AddInMemoryClients(new List<Client>
{ {
@ -175,12 +182,12 @@ namespace Ocelot.AcceptanceTests
AllowedScopes = new List<string> { apiName, "openid", "offline_access" }, AllowedScopes = new List<string> { apiName, "openid", "offline_access" },
AccessTokenType = tokenType, AccessTokenType = tokenType,
Enabled = true, Enabled = true,
RequireClientSecret = false RequireClientSecret = false,
} },
}) })
.AddTestUsers(new List<TestUser> .AddTestUsers(new List<TestUser>
{ {
user user,
}); });
}) })
.Configure(app => .Configure(app =>

96
test/Ocelot.AcceptanceTests/ClaimsToQueryStringForwardingTests.cs
View File

@ -1,23 +1,22 @@
using IdentityServer4.AccessTokenValidation; namespace Ocelot.AcceptanceTests
using IdentityServer4.Models;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Primitives;
using Ocelot.Configuration.File;
using System;
using System.Collections.Generic;
using System.IO;
using System.Net;
using System.Security.Claims;
using TestStack.BDDfy;
using Xunit;
namespace Ocelot.AcceptanceTests
{ {
using IdentityServer4.Test; using IdentityServer4.Test;
using Shouldly; using Shouldly;
using IdentityServer4.AccessTokenValidation;
using IdentityServer4.Models;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Primitives;
using Ocelot.Configuration.File;
using System;
using System.Collections.Generic;
using System.IO;
using System.Net;
using System.Security.Claims;
using TestStack.BDDfy;
using Xunit;
public class ClaimsToQueryStringForwardingTests : IDisposable public class ClaimsToQueryStringForwardingTests : IDisposable
{ {
@ -54,8 +53,8 @@ namespace Ocelot.AcceptanceTests
Claims = new List<Claim> Claims = new List<Claim>
{ {
new Claim("CustomerId", "123"), new Claim("CustomerId", "123"),
new Claim("LocationId", "1") new Claim("LocationId", "1"),
} },
}; };
int port = RandomPortFinder.GetRandomPort(); int port = RandomPortFinder.GetRandomPort();
@ -73,7 +72,7 @@ namespace Ocelot.AcceptanceTests
{ {
Host = "localhost", Host = "localhost",
Port = port, Port = port,
} },
}, },
DownstreamScheme = "http", DownstreamScheme = "http",
UpstreamPathTemplate = "/", UpstreamPathTemplate = "/",
@ -83,7 +82,7 @@ namespace Ocelot.AcceptanceTests
AuthenticationProviderKey = "Test", AuthenticationProviderKey = "Test",
AllowedScopes = new List<string> AllowedScopes = new List<string>
{ {
"openid", "offline_access", "api" "openid", "offline_access", "api",
}, },
}, },
AddQueriesToRequest = AddQueriesToRequest =
@ -91,10 +90,10 @@ namespace Ocelot.AcceptanceTests
{"CustomerId", "Claims[CustomerId] > value"}, {"CustomerId", "Claims[CustomerId] > value"},
{"LocationId", "Claims[LocationId] > value"}, {"LocationId", "Claims[LocationId] > value"},
{"UserType", "Claims[sub] > value[0] > |"}, {"UserType", "Claims[sub] > value[0] > |"},
{"UserId", "Claims[sub] > value[1] > |"} {"UserId", "Claims[sub] > value[1] > |"},
} },
} },
} },
}; };
this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", AccessTokenType.Jwt, user)) this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", AccessTokenType.Jwt, user))
@ -120,8 +119,8 @@ namespace Ocelot.AcceptanceTests
Claims = new List<Claim> Claims = new List<Claim>
{ {
new Claim("CustomerId", "123"), new Claim("CustomerId", "123"),
new Claim("LocationId", "1") new Claim("LocationId", "1"),
} },
}; };
int port = RandomPortFinder.GetRandomPort(); int port = RandomPortFinder.GetRandomPort();
@ -139,7 +138,7 @@ namespace Ocelot.AcceptanceTests
{ {
Host = "localhost", Host = "localhost",
Port = port, Port = port,
} },
}, },
DownstreamScheme = "http", DownstreamScheme = "http",
UpstreamPathTemplate = "/", UpstreamPathTemplate = "/",
@ -149,7 +148,7 @@ namespace Ocelot.AcceptanceTests
AuthenticationProviderKey = "Test", AuthenticationProviderKey = "Test",
AllowedScopes = new List<string> AllowedScopes = new List<string>
{ {
"openid", "offline_access", "api" "openid", "offline_access", "api",
}, },
}, },
AddQueriesToRequest = AddQueriesToRequest =
@ -157,10 +156,10 @@ namespace Ocelot.AcceptanceTests
{"CustomerId", "Claims[CustomerId] > value"}, {"CustomerId", "Claims[CustomerId] > value"},
{"LocationId", "Claims[LocationId] > value"}, {"LocationId", "Claims[LocationId] > value"},
{"UserType", "Claims[sub] > value[0] > |"}, {"UserType", "Claims[sub] > value[0] > |"},
{"UserId", "Claims[sub] > value[1] > |"} {"UserId", "Claims[sub] > value[1] > |"},
} },
} },
} },
}; };
this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", AccessTokenType.Jwt, user)) this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", AccessTokenType.Jwt, user))
@ -230,6 +229,13 @@ namespace Ocelot.AcceptanceTests
services.AddLogging(); services.AddLogging();
services.AddIdentityServer() services.AddIdentityServer()
.AddDeveloperSigningCredential() .AddDeveloperSigningCredential()
.AddInMemoryApiScopes(new List<ApiScope>
{
new ApiScope(apiName, "test"),
new ApiScope("openid", "test"),
new ApiScope("offline_access", "test"),
new ApiScope("api.readOnly", "test"),
})
.AddInMemoryApiResources(new List<ApiResource> .AddInMemoryApiResources(new List<ApiResource>
{ {
new ApiResource new ApiResource
@ -238,24 +244,24 @@ namespace Ocelot.AcceptanceTests
Description = "My API", Description = "My API",
Enabled = true, Enabled = true,
DisplayName = "test", DisplayName = "test",
Scopes = new List<Scope>() Scopes = new List<string>()
{ {
new Scope("api"), "api",
new Scope("openid"), "openid",
new Scope("offline_access") "offline_access",
}, },
ApiSecrets = new List<Secret>() ApiSecrets = new List<Secret>()
{ {
new Secret new Secret
{ {
Value = "secret".Sha256() Value = "secret".Sha256(),
} },
}, },
UserClaims = new List<string>() UserClaims = new List<string>()
{ {
"CustomerId", "LocationId", "UserType", "UserId" "CustomerId", "LocationId", "UserType", "UserId",
} },
} },
}) })
.AddInMemoryClients(new List<Client> .AddInMemoryClients(new List<Client>
{ {
@ -267,12 +273,12 @@ namespace Ocelot.AcceptanceTests
AllowedScopes = new List<string> { apiName, "openid", "offline_access" }, AllowedScopes = new List<string> { apiName, "openid", "offline_access" },
AccessTokenType = tokenType, AccessTokenType = tokenType,
Enabled = true, Enabled = true,
RequireClientSecret = false RequireClientSecret = false,
} },
}) })
.AddTestUsers(new List<TestUser> .AddTestUsers(new List<TestUser>
{ {
user user,
}); });
}) })
.Configure(app => .Configure(app =>

2
test/Ocelot.AcceptanceTests/Ocelot.AcceptanceTests.csproj
View File

@ -64,7 +64,7 @@
<PackageReference Include="xunit" Version="2.4.1" /> <PackageReference Include="xunit" Version="2.4.1" />
<PackageReference Include="Butterfly.Client.AspNetCore" Version="0.0.8" /> <PackageReference Include="Butterfly.Client.AspNetCore" Version="0.0.8" />
<PackageReference Include="IdentityServer4.AccessTokenValidation" Version="3.0.1" /> <PackageReference Include="IdentityServer4.AccessTokenValidation" Version="3.0.1" />
<PackageReference Include="IdentityServer4" Version="3.1.1" /> <PackageReference Include="IdentityServer4" Version="4.1.1" />
<PackageReference Include="Consul" Version="1.6.1.1" /> <PackageReference Include="Consul" Version="1.6.1.1" />
<PackageReference Include="CacheManager.Microsoft.Extensions.Logging" Version="2.0.0-beta-1629" /> <PackageReference Include="CacheManager.Microsoft.Extensions.Logging" Version="2.0.0-beta-1629" />
<PackageReference Include="CacheManager.Serialization.Json" Version="2.0.0-beta-1629" /> <PackageReference Include="CacheManager.Serialization.Json" Version="2.0.0-beta-1629" />

4
test/Ocelot.AcceptanceTests/Steps.cs
View File

@ -814,7 +814,7 @@ namespace Ocelot.AcceptanceTests
new KeyValuePair<string, string>("scope", "api"), new KeyValuePair<string, string>("scope", "api"),
new KeyValuePair<string, string>("username", "test"), new KeyValuePair<string, string>("username", "test"),
new KeyValuePair<string, string>("password", "test"), new KeyValuePair<string, string>("password", "test"),
new KeyValuePair<string, string>("grant_type", "password") new KeyValuePair<string, string>("grant_type", "password"),
}; };
var content = new FormUrlEncodedContent(formData); var content = new FormUrlEncodedContent(formData);
@ -837,7 +837,7 @@ namespace Ocelot.AcceptanceTests
new KeyValuePair<string, string>("scope", "api.readOnly"), new KeyValuePair<string, string>("scope", "api.readOnly"),
new KeyValuePair<string, string>("username", "test"), new KeyValuePair<string, string>("username", "test"),
new KeyValuePair<string, string>("password", "test"), new KeyValuePair<string, string>("password", "test"),
new KeyValuePair<string, string>("grant_type", "password") new KeyValuePair<string, string>("grant_type", "password"),
}; };
var content = new FormUrlEncodedContent(formData); var content = new FormUrlEncodedContent(formData);

103
test/Ocelot.IntegrationTests/AdministrationTests.cs
View File

@ -23,6 +23,8 @@ using System.Net.Http.Headers;
using TestStack.BDDfy; using TestStack.BDDfy;
using Ocelot.Configuration.ChangeTracking; using Ocelot.Configuration.ChangeTracking;
using Xunit; using Xunit;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.IdentityModel.Tokens;
namespace Ocelot.IntegrationTests namespace Ocelot.IntegrationTests
{ {
@ -61,6 +63,7 @@ namespace Ocelot.IntegrationTests
.BDDfy(); .BDDfy();
} }
//this seems to be be answer https://github.com/IdentityServer/IdentityServer4/issues/4914
[Fact] [Fact]
public void should_return_response_200_with_call_re_routes_controller() public void should_return_response_200_with_call_re_routes_controller()
{ {
@ -86,8 +89,8 @@ namespace Ocelot.IntegrationTests
{ {
GlobalConfiguration = new FileGlobalConfiguration GlobalConfiguration = new FileGlobalConfiguration
{ {
BaseUrl = _ocelotBaseUrl BaseUrl = _ocelotBaseUrl,
} },
}; };
this.Given(x => GivenThereIsAConfiguration(configuration)) this.Given(x => GivenThereIsAConfiguration(configuration))
@ -126,7 +129,7 @@ namespace Ocelot.IntegrationTests
{ {
Scheme = "https", Scheme = "https",
Host = "127.0.0.1", Host = "127.0.0.1",
} },
}, },
Routes = new List<FileRoute>() Routes = new List<FileRoute>()
{ {
@ -138,7 +141,7 @@ namespace Ocelot.IntegrationTests
{ {
Host = "localhost", Host = "localhost",
Port = 80, Port = 80,
} },
}, },
DownstreamScheme = "https", DownstreamScheme = "https",
DownstreamPathTemplate = "/", DownstreamPathTemplate = "/",
@ -147,8 +150,8 @@ namespace Ocelot.IntegrationTests
FileCacheOptions = new FileCacheOptions FileCacheOptions = new FileCacheOptions
{ {
TtlSeconds = 10, TtlSeconds = 10,
Region = "Geoff" Region = "Geoff",
} },
}, },
new FileRoute() new FileRoute()
{ {
@ -158,7 +161,7 @@ namespace Ocelot.IntegrationTests
{ {
Host = "localhost", Host = "localhost",
Port = 80, Port = 80,
} },
}, },
DownstreamScheme = "https", DownstreamScheme = "https",
DownstreamPathTemplate = "/", DownstreamPathTemplate = "/",
@ -167,10 +170,10 @@ namespace Ocelot.IntegrationTests
FileCacheOptions = new FileCacheOptions FileCacheOptions = new FileCacheOptions
{ {
TtlSeconds = 10, TtlSeconds = 10,
Region = "Dave" Region = "Dave",
} },
} },
} },
}; };
this.Given(x => GivenThereIsAConfiguration(configuration)) this.Given(x => GivenThereIsAConfiguration(configuration))
@ -201,12 +204,12 @@ namespace Ocelot.IntegrationTests
{ {
Host = "localhost", Host = "localhost",
Port = 80, Port = 80,
} },
}, },
DownstreamScheme = "https", DownstreamScheme = "https",
DownstreamPathTemplate = "/", DownstreamPathTemplate = "/",
UpstreamHttpMethod = new List<string> { "get" }, UpstreamHttpMethod = new List<string> { "get" },
UpstreamPathTemplate = "/" UpstreamPathTemplate = "/",
}, },
new FileRoute() new FileRoute()
{ {
@ -216,13 +219,13 @@ namespace Ocelot.IntegrationTests
{ {
Host = "localhost", Host = "localhost",
Port = 80, Port = 80,
} },
}, },
DownstreamScheme = "https", DownstreamScheme = "https",
DownstreamPathTemplate = "/", DownstreamPathTemplate = "/",
UpstreamHttpMethod = new List<string> { "get" }, UpstreamHttpMethod = new List<string> { "get" },
UpstreamPathTemplate = "/test" UpstreamPathTemplate = "/test",
} },
}, },
}; };
@ -241,12 +244,12 @@ namespace Ocelot.IntegrationTests
{ {
Host = "localhost", Host = "localhost",
Port = 80, Port = 80,
} },
}, },
DownstreamScheme = "http", DownstreamScheme = "http",
DownstreamPathTemplate = "/geoffrey", DownstreamPathTemplate = "/geoffrey",
UpstreamHttpMethod = new List<string> { "get" }, UpstreamHttpMethod = new List<string> { "get" },
UpstreamPathTemplate = "/" UpstreamPathTemplate = "/",
}, },
new FileRoute() new FileRoute()
{ {
@ -256,14 +259,14 @@ namespace Ocelot.IntegrationTests
{ {
Host = "123.123.123", Host = "123.123.123",
Port = 443, Port = 443,
} },
}, },
DownstreamScheme = "https", DownstreamScheme = "https",
DownstreamPathTemplate = "/blooper/{productId}", DownstreamPathTemplate = "/blooper/{productId}",
UpstreamHttpMethod = new List<string> { "post" }, UpstreamHttpMethod = new List<string> { "post" },
UpstreamPathTemplate = "/test" UpstreamPathTemplate = "/test",
} },
} },
}; };
this.Given(x => GivenThereIsAConfiguration(initialConfiguration)) this.Given(x => GivenThereIsAConfiguration(initialConfiguration))
@ -356,14 +359,14 @@ namespace Ocelot.IntegrationTests
{ {
Host = "localhost", Host = "localhost",
Port = fooPort, Port = fooPort,
} },
}, },
DownstreamScheme = "http", DownstreamScheme = "http",
DownstreamPathTemplate = "/foo", DownstreamPathTemplate = "/foo",
UpstreamHttpMethod = new List<string> { "get" }, UpstreamHttpMethod = new List<string> { "get" },
UpstreamPathTemplate = "/foo" UpstreamPathTemplate = "/foo",
} },
} },
}; };
var updatedConfiguration = new FileConfiguration var updatedConfiguration = new FileConfiguration
@ -381,14 +384,14 @@ namespace Ocelot.IntegrationTests
{ {
Host = "localhost", Host = "localhost",
Port = barPort, Port = barPort,
} },
}, },
DownstreamScheme = "http", DownstreamScheme = "http",
DownstreamPathTemplate = "/bar", DownstreamPathTemplate = "/bar",
UpstreamHttpMethod = new List<string> { "get" }, UpstreamHttpMethod = new List<string> { "get" },
UpstreamPathTemplate = "/foo" UpstreamPathTemplate = "/foo",
} },
} },
}; };
this.Given(x => GivenThereIsAConfiguration(initialConfiguration)) this.Given(x => GivenThereIsAConfiguration(initialConfiguration))
@ -430,7 +433,7 @@ namespace Ocelot.IntegrationTests
{ {
Host = "localhost", Host = "localhost",
Port = 80, Port = 80,
} },
}, },
DownstreamScheme = "https", DownstreamScheme = "https",
DownstreamPathTemplate = "/", DownstreamPathTemplate = "/",
@ -438,8 +441,8 @@ namespace Ocelot.IntegrationTests
UpstreamPathTemplate = "/", UpstreamPathTemplate = "/",
FileCacheOptions = new FileCacheOptions FileCacheOptions = new FileCacheOptions
{ {
TtlSeconds = 10 TtlSeconds = 10,
} },
}, },
new FileRoute() new FileRoute()
{ {
@ -449,7 +452,7 @@ namespace Ocelot.IntegrationTests
{ {
Host = "localhost", Host = "localhost",
Port = 80, Port = 80,
} },
}, },
DownstreamScheme = "https", DownstreamScheme = "https",
DownstreamPathTemplate = "/", DownstreamPathTemplate = "/",
@ -457,10 +460,10 @@ namespace Ocelot.IntegrationTests
UpstreamPathTemplate = "/test", UpstreamPathTemplate = "/test",
FileCacheOptions = new FileCacheOptions FileCacheOptions = new FileCacheOptions
{ {
TtlSeconds = 10 TtlSeconds = 10,
} },
} },
} },
}; };
var regionToClear = "gettest"; var regionToClear = "gettest";
@ -481,13 +484,14 @@ namespace Ocelot.IntegrationTests
var identityServerRootUrl = "http://localhost:5123"; var identityServerRootUrl = "http://localhost:5123";
Action<IdentityServerAuthenticationOptions> options = o => Action<JwtBearerOptions> options = o =>
{ {
o.Authority = identityServerRootUrl; o.Authority = identityServerRootUrl;
o.ApiName = "api";
o.RequireHttpsMetadata = false; o.RequireHttpsMetadata = false;
o.SupportedTokens = SupportedTokens.Both; o.TokenValidationParameters = new TokenValidationParameters
o.ApiSecret = "secret"; {
ValidateAudience = false,
};
}; };
this.Given(x => GivenThereIsAConfiguration(configuration)) this.Given(x => GivenThereIsAConfiguration(configuration))
@ -509,7 +513,7 @@ namespace Ocelot.IntegrationTests
new KeyValuePair<string, string>("scope", "api"), new KeyValuePair<string, string>("scope", "api"),
new KeyValuePair<string, string>("username", "test"), new KeyValuePair<string, string>("username", "test"),
new KeyValuePair<string, string>("password", "test"), new KeyValuePair<string, string>("password", "test"),
new KeyValuePair<string, string>("grant_type", "password") new KeyValuePair<string, string>("grant_type", "password"),
}; };
var content = new FormUrlEncodedContent(formData); var content = new FormUrlEncodedContent(formData);
@ -535,6 +539,7 @@ namespace Ocelot.IntegrationTests
services.AddLogging(); services.AddLogging();
services.AddIdentityServer() services.AddIdentityServer()
.AddDeveloperSigningCredential() .AddDeveloperSigningCredential()
.AddInMemoryApiScopes(new List<ApiScope> { new ApiScope(apiName) })
.AddInMemoryApiResources(new List<ApiResource> .AddInMemoryApiResources(new List<ApiResource>
{ {
new ApiResource new ApiResource
@ -543,9 +548,9 @@ namespace Ocelot.IntegrationTests
Description = apiName, Description = apiName,
Enabled = true, Enabled = true,
DisplayName = apiName, DisplayName = apiName,
Scopes = new List<Scope>() Scopes = new List<string>()
{ {
new Scope(apiName), apiName,
}, },
}, },
}) })
@ -558,7 +563,7 @@ namespace Ocelot.IntegrationTests
ClientSecrets = new List<Secret> { new Secret("secret".Sha256()) }, ClientSecrets = new List<Secret> { new Secret("secret".Sha256()) },
AllowedScopes = new List<string> { apiName }, AllowedScopes = new List<string> { apiName },
AccessTokenType = AccessTokenType.Jwt, AccessTokenType = AccessTokenType.Jwt,
Enabled = true Enabled = true,
}, },
}) })
.AddTestUsers(new List<TestUser> .AddTestUsers(new List<TestUser>
@ -567,7 +572,7 @@ namespace Ocelot.IntegrationTests
{ {
Username = "test", Username = "test",
Password = "test", Password = "test",
SubjectId = "1231231" SubjectId = "1231231",
}, },
}); });
}) })
@ -695,7 +700,7 @@ namespace Ocelot.IntegrationTests
new KeyValuePair<string, string>("client_id", "admin"), new KeyValuePair<string, string>("client_id", "admin"),
new KeyValuePair<string, string>("client_secret", "secret"), new KeyValuePair<string, string>("client_secret", "secret"),
new KeyValuePair<string, string>("scope", "admin"), new KeyValuePair<string, string>("scope", "admin"),
new KeyValuePair<string, string>("grant_type", "client_credentials") new KeyValuePair<string, string>("grant_type", "client_credentials"),
}; };
var content = new FormUrlEncodedContent(formData); var content = new FormUrlEncodedContent(formData);
@ -708,7 +713,7 @@ namespace Ocelot.IntegrationTests
response.EnsureSuccessStatusCode(); response.EnsureSuccessStatusCode();
} }
private void GivenOcelotIsRunningWithIdentityServerSettings(Action<IdentityServerAuthenticationOptions> configOptions) private void GivenOcelotIsRunningWithIdentityServerSettings(Action<JwtBearerOptions> configOptions)
{ {
_webHostBuilder = Host.CreateDefaultBuilder() _webHostBuilder = Host.CreateDefaultBuilder()
.ConfigureWebHost(webBuilder => .ConfigureWebHost(webBuilder =>

2
test/Ocelot.IntegrationTests/Ocelot.IntegrationTests.csproj
View File

@ -52,7 +52,7 @@
<PackageReference Include="TestStack.BDDfy" Version="4.3.2" /> <PackageReference Include="TestStack.BDDfy" Version="4.3.2" />
<PackageReference Include="Microsoft.Data.SQLite" Version="5.0.0" /> <PackageReference Include="Microsoft.Data.SQLite" Version="5.0.0" />
<PackageReference Include="IdentityServer4.AccessTokenValidation" Version="3.0.1" /> <PackageReference Include="IdentityServer4.AccessTokenValidation" Version="3.0.1" />
<PackageReference Include="IdentityServer4" Version="3.1.1" /> <PackageReference Include="IdentityServer4" Version="4.1.1" />
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<PackageReference Update="Microsoft.SourceLink.GitHub" Version="1.0.0" /> <PackageReference Update="Microsoft.SourceLink.GitHub" Version="1.0.0" />

5
test/Ocelot.UnitTests/Administration/OcelotAdministrationBuilderTests.cs
View File

@ -1,6 +1,7 @@
namespace Ocelot.UnitTests.Administration namespace Ocelot.UnitTests.Administration
{ {
using IdentityServer4.AccessTokenValidation; using IdentityServer4.AccessTokenValidation;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.DependencyInjection;
@ -44,7 +45,7 @@ namespace Ocelot.UnitTests.Administration
[Fact] [Fact]
public void should_set_up_administration_with_identity_server_options() public void should_set_up_administration_with_identity_server_options()
{ {
Action<IdentityServerAuthenticationOptions> options = o => { }; Action<JwtBearerOptions> options = o => { };
this.Given(x => WhenISetUpOcelotServices()) this.Given(x => WhenISetUpOcelotServices())
.When(x => WhenISetUpAdministration(options)) .When(x => WhenISetUpAdministration(options))
@ -69,7 +70,7 @@ namespace Ocelot.UnitTests.Administration
_ocelotBuilder.AddAdministration("/administration", "secret"); _ocelotBuilder.AddAdministration("/administration", "secret");
} }
private void WhenISetUpAdministration(Action<IdentityServerAuthenticationOptions> options) private void WhenISetUpAdministration(Action<JwtBearerOptions> options)
{ {
_ocelotBuilder.AddAdministration("/administration", options); _ocelotBuilder.AddAdministration("/administration", options);
} }

2
test/Ocelot.UnitTests/Ocelot.UnitTests.csproj
View File

@ -72,7 +72,7 @@
<PackageReference Include="xunit" Version="2.4.1" /> <PackageReference Include="xunit" Version="2.4.1" />
<PackageReference Include="Butterfly.Client.AspNetCore" Version="0.0.8" /> <PackageReference Include="Butterfly.Client.AspNetCore" Version="0.0.8" />
<PackageReference Include="IdentityServer4.AccessTokenValidation" Version="3.0.1" /> <PackageReference Include="IdentityServer4.AccessTokenValidation" Version="3.0.1" />
<PackageReference Include="IdentityServer4" Version="3.1.1" /> <PackageReference Include="IdentityServer4" Version="4.1.1" />
<PackageReference Include="Steeltoe.Discovery.ClientCore" Version="3.0.1" /> <PackageReference Include="Steeltoe.Discovery.ClientCore" Version="3.0.1" />
<PackageReference Include="Consul" Version="1.6.1.1" /> <PackageReference Include="Consul" Version="1.6.1.1" />
<PackageReference Include="CacheManager.Core" Version="2.0.0-beta-1629" /> <PackageReference Include="CacheManager.Core" Version="2.0.0-beta-1629" />