tk/Ocelot
1
0
Fork 0
mirror of https://github.com/nsnail/Ocelot.git synced 2025-04-19 23:32:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

all packages upgraded and tests passing

Browse Source
This commit is contained in:
TomPallister 2020-12-01 11:06:49 +00:00
parent 17b0555f55
commit f62ed72dde
15 changed files with 1999 additions and 1943 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
docs/features/administration.rst
View File

@ -12,17 +12,20 @@ This will bring down everything needed by the admin API.
Providing your own IdentityServer
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All you need to do to hook into your own IdentityServer is add the following to your ConfigureServices method.
.. code-block:: csharp
public virtual void ConfigureServices(IServiceCollection services)
{
Action<IdentityServerAuthenticationOptions> options = o => {
// o.Authority = ;
// o.ApiName = ;
Action<JwtBearerOptions> options = o =>
{
o.Authority = identityServerRootUrl;
o.RequireHttpsMetadata = false;
o.TokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false,
};
// etc....
};

8
docs/features/authentication.rst
View File

@ -97,16 +97,14 @@ In order to use IdentityServer bearer tokens, register your IdentityServer servi
public void ConfigureServices(IServiceCollection services)
{
var authenticationProviderKey = "TestKey";
Action<IdentityServerAuthenticationOptions> options = o =>
Action<JwtBearerOptions> options = o =>
{
o.Authority = "https://whereyouridentityserverlives.com";
o.ApiName = "api";
o.SupportedTokens = SupportedTokens.Both;
o.ApiSecret = "secret";
// etc
};
services.AddAuthentication()
.AddIdentityServerAuthentication(authenticationProviderKey, options);
.AddJwtBearer(authenticationProviderKey, options);
services.AddOcelot();
}

2
src/Ocelot.Administration/Ocelot.Administration.csproj
View File

@ -31,7 +31,7 @@
<PrivateAssets>all</PrivateAssets>
</PackageReference>
<PackageReference Include="IdentityServer4.AccessTokenValidation" Version="3.0.1" />
<PackageReference Include="IdentityServer4" Version="3.1.1" />
<PackageReference Include="IdentityServer4" Version="4.1.1" />
</ItemGroup>
<ItemGroup>
<PackageReference Update="Microsoft.SourceLink.GitHub" Version="1.0.0" />

45
src/Ocelot.Administration/OcelotBuilderExtensions.cs
View File

@ -1,7 +1,6 @@
using Ocelot.DependencyInjection;
using IdentityServer4.AccessTokenValidation;
using IdentityServer4.Models;
using Microsoft.AspNetCore.Builder;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.DependencyInjection.Extensions;
@ -10,6 +9,9 @@ using System;
using System.Collections.Generic;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Cryptography.X509Certificates;
using System.Linq;
using Microsoft.IdentityModel.Tokens;
using Microsoft.AspNetCore.Authentication.JwtBearer;
namespace Ocelot.Administration
{
@ -18,6 +20,7 @@ namespace Ocelot.Administration
public static IOcelotAdministrationBuilder AddAdministration(this IOcelotBuilder builder, string path, string secret)
{
var administrationPath = new AdministrationPath(path);
builder.Services.AddSingleton<OcelotMiddlewareConfigurationDelegate>(IdentityServerMiddlewareConfigurationProvider.Get);
//add identity server for admin area
@ -32,7 +35,7 @@ namespace Ocelot.Administration
return new OcelotAdministrationBuilder(builder.Services, builder.Configuration);
}
public static IOcelotAdministrationBuilder AddAdministration(this IOcelotBuilder builder, string path, Action<IdentityServerAuthenticationOptions> configureOptions)
public static IOcelotAdministrationBuilder AddAdministration(this IOcelotBuilder builder, string path, Action<JwtBearerOptions> configureOptions)
{
var administrationPath = new AdministrationPath(path);
builder.Services.AddSingleton<OcelotMiddlewareConfigurationDelegate>(IdentityServerMiddlewareConfigurationProvider.Get);
@ -46,11 +49,11 @@ namespace Ocelot.Administration
return new OcelotAdministrationBuilder(builder.Services, builder.Configuration);
}
private static void AddIdentityServer(Action<IdentityServerAuthenticationOptions> configOptions, IOcelotBuilder builder)
private static void AddIdentityServer(Action<JwtBearerOptions> configOptions, IOcelotBuilder builder)
{
builder.Services
.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddIdentityServerAuthentication(configOptions);
.AddJwtBearer("Bearer", configOptions);
}
private static void AddIdentityServer(IIdentityServerConfiguration identityServerConfiguration, IAdministrationPath adminPath, IOcelotBuilder builder, IConfiguration configuration)
@ -60,7 +63,9 @@ namespace Ocelot.Administration
.AddIdentityServer(o =>
{
o.IssuerUri = "Ocelot";
o.EmitStaticAudienceClaim = true;
})
.AddInMemoryApiScopes(ApiScopes(identityServerConfiguration))
.AddInMemoryApiResources(Resources(identityServerConfiguration))
.AddInMemoryClients(Client(identityServerConfiguration));
@ -68,14 +73,17 @@ namespace Ocelot.Administration
var baseSchemeUrlAndPort = urlFinder.Find();
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
builder.Services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddIdentityServerAuthentication(o =>
builder.Services
.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddJwtBearer("Bearer", options =>
{
o.Authority = baseSchemeUrlAndPort + adminPath.Path;
o.ApiName = identityServerConfiguration.ApiName;
o.RequireHttpsMetadata = identityServerConfiguration.RequireHttps;
o.SupportedTokens = SupportedTokens.Both;
o.ApiSecret = identityServerConfiguration.ApiSecret;
options.Authority = baseSchemeUrlAndPort + adminPath.Path;
options.RequireHttpsMetadata = identityServerConfiguration.RequireHttps;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false,
};
});
//todo - refactor naming..
@ -91,6 +99,11 @@ namespace Ocelot.Administration
}
}
private static IEnumerable<ApiScope> ApiScopes(IIdentityServerConfiguration identityServerConfiguration)
{
return identityServerConfiguration.AllowedScopes.Select(s => new ApiScope(s));
}
private static List<ApiResource> Resources(IIdentityServerConfiguration identityServerConfiguration)
{
return new List<ApiResource>
@ -101,9 +114,9 @@ namespace Ocelot.Administration
{
new Secret
{
Value = identityServerConfiguration.ApiSecret.Sha256()
}
}
Value = identityServerConfiguration.ApiSecret.Sha256(),
},
},
},
};
}
@ -117,8 +130,8 @@ namespace Ocelot.Administration
ClientId = identityServerConfiguration.ApiName,
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets = new List<Secret> {new Secret(identityServerConfiguration.ApiSecret.Sha256())},
AllowedScopes = { identityServerConfiguration.ApiName }
}
AllowedScopes = identityServerConfiguration.AllowedScopes,
},
};
}
}

21
test/Ocelot.AcceptanceTests/AuthenticationTests.cs
View File

@ -278,6 +278,11 @@ namespace Ocelot.AcceptanceTests
services.AddLogging();
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryApiScopes(new List<ApiScope>
{
new ApiScope(apiName, "test"),
new ApiScope(api2Name, "test"),
})
.AddInMemoryApiResources(new List<ApiResource>
{
new ApiResource
@ -286,12 +291,12 @@ namespace Ocelot.AcceptanceTests
Description = "My API",
Enabled = true,
DisplayName = "test",
Scopes = new List<Scope>()
Scopes = new List<string>()
{
new Scope("api"),
new Scope("api.readOnly"),
new Scope("openid"),
new Scope("offline_access"),
"api",
"api.readOnly",
"openid",
"offline_access",
},
ApiSecrets = new List<Secret>()
{
@ -311,10 +316,10 @@ namespace Ocelot.AcceptanceTests
Description = "My second API",
Enabled = true,
DisplayName = "second test",
Scopes = new List<Scope>()
Scopes = new List<string>()
{
new Scope("api2"),
new Scope("api2.readOnly"),
"api2",
"api2.readOnly",
},
ApiSecrets = new List<Secret>()
{

119
test/Ocelot.AcceptanceTests/AuthorisationTests.cs
View File

@ -58,34 +58,34 @@ namespace Ocelot.AcceptanceTests
{
Host = "localhost",
Port = port,
}
},
},
DownstreamScheme = "http",
UpstreamPathTemplate = "/",
UpstreamHttpMethod = new List<string> { "Get" },
AuthenticationOptions = new FileAuthenticationOptions
{
AuthenticationProviderKey = "Test"
AuthenticationProviderKey = "Test",
},
AddHeadersToRequest =
{
{"CustomerId", "Claims[CustomerId] > value"},
{"LocationId", "Claims[LocationId] > value"},
{"UserType", "Claims[sub] > value[0] > |"},
{"UserId", "Claims[sub] > value[1] > |"}
{"UserId", "Claims[sub] > value[1] > |"},
},
AddClaimsToRequest =
{
{"CustomerId", "Claims[CustomerId] > value"},
{"UserType", "Claims[sub] > value[0] > |"},
{"UserId", "Claims[sub] > value[1] > |"}
{"UserId", "Claims[sub] > value[1] > |"},
},
RouteClaimsRequirement =
{
{"UserType", "registered"}
}
}
}
{"UserType", "registered"},
},
},
},
};
this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", AccessTokenType.Jwt))
@ -118,33 +118,33 @@ namespace Ocelot.AcceptanceTests
{
Host = "localhost",
Port = port,
}
},
},
DownstreamScheme = "http",
UpstreamPathTemplate = "/",
UpstreamHttpMethod = new List<string> { "Get" },
AuthenticationOptions = new FileAuthenticationOptions
{
AuthenticationProviderKey = "Test"
AuthenticationProviderKey = "Test",
},
AddHeadersToRequest =
{
{"CustomerId", "Claims[CustomerId] > value"},
{"LocationId", "Claims[LocationId] > value"},
{"UserType", "Claims[sub] > value[0] > |"},
{"UserId", "Claims[sub] > value[1] > |"}
{"UserId", "Claims[sub] > value[1] > |"},
},
AddClaimsToRequest =
{
{"CustomerId", "Claims[CustomerId] > value"},
{"UserId", "Claims[sub] > value[1] > |"}
{"UserId", "Claims[sub] > value[1] > |"},
},
RouteClaimsRequirement =
{
{"UserType", "registered"}
}
}
}
{"UserType", "registered"},
},
},
},
};
this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", AccessTokenType.Jwt))
@ -176,7 +176,7 @@ namespace Ocelot.AcceptanceTests
{
Host = "localhost",
Port = port,
}
},
},
DownstreamScheme = "http",
UpstreamPathTemplate = "/",
@ -186,8 +186,8 @@ namespace Ocelot.AcceptanceTests
AuthenticationProviderKey = "Test",
AllowedScopes = new List<string>{ "api", "api.readOnly", "openid", "offline_access" },
},
}
}
},
},
};
this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", AccessTokenType.Jwt))
@ -219,7 +219,7 @@ namespace Ocelot.AcceptanceTests
{
Host = "localhost",
Port = port,
}
},
},
DownstreamScheme = "http",
UpstreamPathTemplate = "/",
@ -229,8 +229,8 @@ namespace Ocelot.AcceptanceTests
AuthenticationProviderKey = "Test",
AllowedScopes = new List<string>{ "api", "openid", "offline_access" },
},
}
}
},
},
};
this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", AccessTokenType.Jwt))
@ -262,21 +262,21 @@ namespace Ocelot.AcceptanceTests
{
Host = "localhost",
Port = port,
}
},
},
DownstreamScheme = "http",
UpstreamPathTemplate = "/",
UpstreamHttpMethod = new List<string> { "Get" },
AuthenticationOptions = new FileAuthenticationOptions
{
AuthenticationProviderKey = "Test"
AuthenticationProviderKey = "Test",
},
RouteClaimsRequirement =
{
{"Role", "User"}
}
}
}
{"Role", "User"},
},
},
},
};
var users = new List<TestUser>
@ -289,9 +289,9 @@ namespace Ocelot.AcceptanceTests
Claims = new List<Claim>
{
new Claim("Role", "AdminUser"),
new Claim("Role", "User")
new Claim("Role", "User"),
},
},
}
};
this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", AccessTokenType.Jwt, users))
@ -328,6 +328,13 @@ namespace Ocelot.AcceptanceTests
services.AddLogging();
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryApiScopes(new List<ApiScope>
{
new ApiScope(apiName, "test"),
new ApiScope("openid", "test"),
new ApiScope("offline_access", "test"),
new ApiScope("api.readOnly", "test"),
})
.AddInMemoryApiResources(new List<ApiResource>
{
new ApiResource
@ -336,24 +343,24 @@ namespace Ocelot.AcceptanceTests
Description = "My API",
Enabled = true,
DisplayName = "test",
Scopes = new List<Scope>()
Scopes = new List<string>()
{
new Scope("api"),
new Scope("api.readOnly"),
new Scope("openid"),
new Scope("offline_access")
"api",
"api.readOnly",
"openid",
"offline_access",
},
ApiSecrets = new List<Secret>()
{
new Secret
{
Value = "secret".Sha256()
}
Value = "secret".Sha256(),
},
},
UserClaims = new List<string>()
{
"CustomerId", "LocationId", "UserType", "UserId"
}
"CustomerId", "LocationId", "UserType", "UserId",
},
},
})
.AddInMemoryClients(new List<Client>
@ -366,8 +373,8 @@ namespace Ocelot.AcceptanceTests
AllowedScopes = new List<string> { apiName, "api.readOnly", "openid", "offline_access" },
AccessTokenType = tokenType,
Enabled = true,
RequireClientSecret = false
}
RequireClientSecret = false,
},
})
.AddTestUsers(new List<TestUser>
{
@ -379,9 +386,9 @@ namespace Ocelot.AcceptanceTests
Claims = new List<Claim>
{
new Claim("CustomerId", "123"),
new Claim("LocationId", "321")
}
}
new Claim("LocationId", "321"),
},
},
});
})
.Configure(app =>
@ -408,6 +415,10 @@ namespace Ocelot.AcceptanceTests
services.AddLogging();
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryApiScopes(new List<ApiScope>
{
new ApiScope(apiName, "test"),
})
.AddInMemoryApiResources(new List<ApiResource>
{
new ApiResource
@ -416,24 +427,24 @@ namespace Ocelot.AcceptanceTests
Description = "My API",
Enabled = true,
DisplayName = "test",
Scopes = new List<Scope>()
Scopes = new List<string>()
{
new Scope("api"),
new Scope("api.readOnly"),
new Scope("openid"),
new Scope("offline_access"),
"api",
"api.readOnly",
"openid",
"offline_access",
},
ApiSecrets = new List<Secret>()
{
new Secret
{
Value = "secret".Sha256()
}
Value = "secret".Sha256(),
},
},
UserClaims = new List<string>()
{
"CustomerId", "LocationId", "UserType", "UserId", "Role"
}
"CustomerId", "LocationId", "UserType", "UserId", "Role",
},
},
})
.AddInMemoryClients(new List<Client>
@ -447,7 +458,7 @@ namespace Ocelot.AcceptanceTests
AccessTokenType = tokenType,
Enabled = true,
RequireClientSecret = false,
}
},
})
.AddTestUsers(users);
})

31
test/Ocelot.AcceptanceTests/ClaimsToDownstreamPathTests.cs
View File

@ -144,6 +144,13 @@ namespace Ocelot.AcceptanceTests
services.AddLogging();
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryApiScopes(new List<ApiScope>
{
new ApiScope(apiName, "test"),
new ApiScope("openid", "test"),
new ApiScope("offline_access", "test"),
new ApiScope("api.readOnly", "test"),
})
.AddInMemoryApiResources(new List<ApiResource>
{
new ApiResource
@ -152,24 +159,24 @@ namespace Ocelot.AcceptanceTests
Description = "My API",
Enabled = true,
DisplayName = "test",
Scopes = new List<Scope>()
Scopes = new List<string>()
{
new Scope("api"),
new Scope("openid"),
new Scope("offline_access")
"api",
"openid",
"offline_access",
},
ApiSecrets = new List<Secret>()
{
new Secret
{
Value = "secret".Sha256()
}
Value = "secret".Sha256(),
},
},
UserClaims = new List<string>()
{
"CustomerId", "LocationId", "UserType", "UserId"
}
}
"CustomerId", "LocationId", "UserType", "UserId",
},
},
})
.AddInMemoryClients(new List<Client>
{
@ -181,12 +188,12 @@ namespace Ocelot.AcceptanceTests
AllowedScopes = new List<string> { apiName, "openid", "offline_access" },
AccessTokenType = tokenType,
Enabled = true,
RequireClientSecret = false
}
RequireClientSecret = false,
},
})
.AddTestUsers(new List<TestUser>
{
user
user,
});
})
.Configure(app =>

47
test/Ocelot.AcceptanceTests/ClaimsToHeadersForwardingTests.cs
View File

@ -55,8 +55,8 @@ namespace Ocelot.AcceptanceTests
Claims = new List<Claim>
{
new Claim("CustomerId", "123"),
new Claim("LocationId", "1")
}
new Claim("LocationId", "1"),
},
};
int port = RandomPortFinder.GetRandomPort();
@ -74,7 +74,7 @@ namespace Ocelot.AcceptanceTests
{
Host = "localhost",
Port = port,
}
},
},
DownstreamScheme = "http",
UpstreamPathTemplate = "/",
@ -84,7 +84,7 @@ namespace Ocelot.AcceptanceTests
AuthenticationProviderKey = "Test",
AllowedScopes = new List<string>
{
"openid", "offline_access", "api"
"openid", "offline_access", "api",
},
},
AddHeadersToRequest =
@ -92,10 +92,10 @@ namespace Ocelot.AcceptanceTests
{"CustomerId", "Claims[CustomerId] > value"},
{"LocationId", "Claims[LocationId] > value"},
{"UserType", "Claims[sub] > value[0] > |"},
{"UserId", "Claims[sub] > value[1] > |"}
}
}
}
{"UserId", "Claims[sub] > value[1] > |"},
},
},
},
};
this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", AccessTokenType.Jwt, user))
@ -138,6 +138,13 @@ namespace Ocelot.AcceptanceTests
services.AddLogging();
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryApiScopes(new List<ApiScope>
{
new ApiScope(apiName, "test"),
new ApiScope("openid", "test"),
new ApiScope("offline_access", "test"),
new ApiScope("api.readOnly", "test"),
})
.AddInMemoryApiResources(new List<ApiResource>
{
new ApiResource
@ -146,24 +153,24 @@ namespace Ocelot.AcceptanceTests
Description = "My API",
Enabled = true,
DisplayName = "test",
Scopes = new List<Scope>()
Scopes = new List<string>()
{
new Scope("api"),
new Scope("openid"),
new Scope("offline_access")
"api",
"openid",
"offline_access",
},
ApiSecrets = new List<Secret>()
{
new Secret
{
Value = "secret".Sha256()
}
Value = "secret".Sha256(),
},
},
UserClaims = new List<string>()
{
"CustomerId", "LocationId", "UserType", "UserId"
}
}
"CustomerId", "LocationId", "UserType", "UserId",
},
},
})
.AddInMemoryClients(new List<Client>
{
@ -175,12 +182,12 @@ namespace Ocelot.AcceptanceTests
AllowedScopes = new List<string> { apiName, "openid", "offline_access" },
AccessTokenType = tokenType,
Enabled = true,
RequireClientSecret = false
}
RequireClientSecret = false,
},
})
.AddTestUsers(new List<TestUser>
{
user
user,
});
})
.Configure(app =>

74
test/Ocelot.AcceptanceTests/ClaimsToQueryStringForwardingTests.cs
View File

@ -1,4 +1,8 @@
using IdentityServer4.AccessTokenValidation;
namespace Ocelot.AcceptanceTests
{
using IdentityServer4.Test;
using Shouldly;
using IdentityServer4.AccessTokenValidation;
using IdentityServer4.Models;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
@ -14,11 +18,6 @@ using System.Security.Claims;
using TestStack.BDDfy;
using Xunit;
namespace Ocelot.AcceptanceTests
{
using IdentityServer4.Test;
using Shouldly;
public class ClaimsToQueryStringForwardingTests : IDisposable
{
private IWebHost _servicebuilder;
@ -54,8 +53,8 @@ namespace Ocelot.AcceptanceTests
Claims = new List<Claim>
{
new Claim("CustomerId", "123"),
new Claim("LocationId", "1")
}
new Claim("LocationId", "1"),
},
};
int port = RandomPortFinder.GetRandomPort();
@ -73,7 +72,7 @@ namespace Ocelot.AcceptanceTests
{
Host = "localhost",
Port = port,
}
},
},
DownstreamScheme = "http",
UpstreamPathTemplate = "/",
@ -83,7 +82,7 @@ namespace Ocelot.AcceptanceTests
AuthenticationProviderKey = "Test",
AllowedScopes = new List<string>
{
"openid", "offline_access", "api"
"openid", "offline_access", "api",
},
},
AddQueriesToRequest =
@ -91,10 +90,10 @@ namespace Ocelot.AcceptanceTests
{"CustomerId", "Claims[CustomerId] > value"},
{"LocationId", "Claims[LocationId] > value"},
{"UserType", "Claims[sub] > value[0] > |"},
{"UserId", "Claims[sub] > value[1] > |"}
}
}
}
{"UserId", "Claims[sub] > value[1] > |"},
},
},
},
};
this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", AccessTokenType.Jwt, user))
@ -120,8 +119,8 @@ namespace Ocelot.AcceptanceTests
Claims = new List<Claim>
{
new Claim("CustomerId", "123"),
new Claim("LocationId", "1")
}
new Claim("LocationId", "1"),
},
};
int port = RandomPortFinder.GetRandomPort();
@ -139,7 +138,7 @@ namespace Ocelot.AcceptanceTests
{
Host = "localhost",
Port = port,
}
},
},
DownstreamScheme = "http",
UpstreamPathTemplate = "/",
@ -149,7 +148,7 @@ namespace Ocelot.AcceptanceTests
AuthenticationProviderKey = "Test",
AllowedScopes = new List<string>
{
"openid", "offline_access", "api"
"openid", "offline_access", "api",
},
},
AddQueriesToRequest =
@ -157,10 +156,10 @@ namespace Ocelot.AcceptanceTests
{"CustomerId", "Claims[CustomerId] > value"},
{"LocationId", "Claims[LocationId] > value"},
{"UserType", "Claims[sub] > value[0] > |"},
{"UserId", "Claims[sub] > value[1] > |"}
}
}
}
{"UserId", "Claims[sub] > value[1] > |"},
},
},
},
};
this.Given(x => x.GivenThereIsAnIdentityServerOn(_identityServerRootUrl, "api", AccessTokenType.Jwt, user))
@ -230,6 +229,13 @@ namespace Ocelot.AcceptanceTests
services.AddLogging();
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryApiScopes(new List<ApiScope>
{
new ApiScope(apiName, "test"),
new ApiScope("openid", "test"),
new ApiScope("offline_access", "test"),
new ApiScope("api.readOnly", "test"),
})
.AddInMemoryApiResources(new List<ApiResource>
{
new ApiResource
@ -238,24 +244,24 @@ namespace Ocelot.AcceptanceTests
Description = "My API",
Enabled = true,
DisplayName = "test",
Scopes = new List<Scope>()
Scopes = new List<string>()
{
new Scope("api"),
new Scope("openid"),
new Scope("offline_access")
"api",
"openid",
"offline_access",
},
ApiSecrets = new List<Secret>()
{
new Secret
{
Value = "secret".Sha256()
}
Value = "secret".Sha256(),
},
},
UserClaims = new List<string>()
{
"CustomerId", "LocationId", "UserType", "UserId"
}
}
"CustomerId", "LocationId", "UserType", "UserId",
},
},
})
.AddInMemoryClients(new List<Client>
{
@ -267,12 +273,12 @@ namespace Ocelot.AcceptanceTests
AllowedScopes = new List<string> { apiName, "openid", "offline_access" },
AccessTokenType = tokenType,
Enabled = true,
RequireClientSecret = false
}
RequireClientSecret = false,
},
})
.AddTestUsers(new List<TestUser>
{
user
user,
});
})
.Configure(app =>

2
test/Ocelot.AcceptanceTests/Ocelot.AcceptanceTests.csproj
View File

@ -64,7 +64,7 @@
<PackageReference Include="xunit" Version="2.4.1" />
<PackageReference Include="Butterfly.Client.AspNetCore" Version="0.0.8" />
<PackageReference Include="IdentityServer4.AccessTokenValidation" Version="3.0.1" />
<PackageReference Include="IdentityServer4" Version="3.1.1" />
<PackageReference Include="IdentityServer4" Version="4.1.1" />
<PackageReference Include="Consul" Version="1.6.1.1" />
<PackageReference Include="CacheManager.Microsoft.Extensions.Logging" Version="2.0.0-beta-1629" />
<PackageReference Include="CacheManager.Serialization.Json" Version="2.0.0-beta-1629" />

4
test/Ocelot.AcceptanceTests/Steps.cs
View File

@ -814,7 +814,7 @@ namespace Ocelot.AcceptanceTests
new KeyValuePair<string, string>("scope", "api"),
new KeyValuePair<string, string>("username", "test"),
new KeyValuePair<string, string>("password", "test"),
new KeyValuePair<string, string>("grant_type", "password")
new KeyValuePair<string, string>("grant_type", "password"),
};
var content = new FormUrlEncodedContent(formData);
@ -837,7 +837,7 @@ namespace Ocelot.AcceptanceTests
new KeyValuePair<string, string>("scope", "api.readOnly"),
new KeyValuePair<string, string>("username", "test"),
new KeyValuePair<string, string>("password", "test"),
new KeyValuePair<string, string>("grant_type", "password")
new KeyValuePair<string, string>("grant_type", "password"),
};
var content = new FormUrlEncodedContent(formData);

103
test/Ocelot.IntegrationTests/AdministrationTests.cs
View File

@ -23,6 +23,8 @@ using System.Net.Http.Headers;
using TestStack.BDDfy;
using Ocelot.Configuration.ChangeTracking;
using Xunit;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.IdentityModel.Tokens;
namespace Ocelot.IntegrationTests
{
@ -61,6 +63,7 @@ namespace Ocelot.IntegrationTests
.BDDfy();
}
//this seems to be be answer https://github.com/IdentityServer/IdentityServer4/issues/4914
[Fact]
public void should_return_response_200_with_call_re_routes_controller()
{
@ -86,8 +89,8 @@ namespace Ocelot.IntegrationTests
{
GlobalConfiguration = new FileGlobalConfiguration
{
BaseUrl = _ocelotBaseUrl
}
BaseUrl = _ocelotBaseUrl,
},
};
this.Given(x => GivenThereIsAConfiguration(configuration))
@ -126,7 +129,7 @@ namespace Ocelot.IntegrationTests
{
Scheme = "https",
Host = "127.0.0.1",
}
},
},
Routes = new List<FileRoute>()
{
@ -138,7 +141,7 @@ namespace Ocelot.IntegrationTests
{
Host = "localhost",
Port = 80,
}
},
},
DownstreamScheme = "https",
DownstreamPathTemplate = "/",
@ -147,8 +150,8 @@ namespace Ocelot.IntegrationTests
FileCacheOptions = new FileCacheOptions
{
TtlSeconds = 10,
Region = "Geoff"
}
Region = "Geoff",
},
},
new FileRoute()
{
@ -158,7 +161,7 @@ namespace Ocelot.IntegrationTests
{
Host = "localhost",
Port = 80,
}
},
},
DownstreamScheme = "https",
DownstreamPathTemplate = "/",
@ -167,10 +170,10 @@ namespace Ocelot.IntegrationTests
FileCacheOptions = new FileCacheOptions
{
TtlSeconds = 10,
Region = "Dave"
}
}
}
Region = "Dave",
},
},
},
};
this.Given(x => GivenThereIsAConfiguration(configuration))
@ -201,12 +204,12 @@ namespace Ocelot.IntegrationTests
{
Host = "localhost",
Port = 80,
}
},
},
DownstreamScheme = "https",
DownstreamPathTemplate = "/",
UpstreamHttpMethod = new List<string> { "get" },
UpstreamPathTemplate = "/"
UpstreamPathTemplate = "/",
},
new FileRoute()
{
@ -216,13 +219,13 @@ namespace Ocelot.IntegrationTests
{
Host = "localhost",
Port = 80,
}
},
},
DownstreamScheme = "https",
DownstreamPathTemplate = "/",
UpstreamHttpMethod = new List<string> { "get" },
UpstreamPathTemplate = "/test"
}
UpstreamPathTemplate = "/test",
},
},
};
@ -241,12 +244,12 @@ namespace Ocelot.IntegrationTests
{
Host = "localhost",
Port = 80,
}
},
},
DownstreamScheme = "http",
DownstreamPathTemplate = "/geoffrey",
UpstreamHttpMethod = new List<string> { "get" },
UpstreamPathTemplate = "/"
UpstreamPathTemplate = "/",
},
new FileRoute()
{
@ -256,14 +259,14 @@ namespace Ocelot.IntegrationTests
{
Host = "123.123.123",
Port = 443,
}
},
},
DownstreamScheme = "https",
DownstreamPathTemplate = "/blooper/{productId}",
UpstreamHttpMethod = new List<string> { "post" },
UpstreamPathTemplate = "/test"
}
}
UpstreamPathTemplate = "/test",
},
},
};
this.Given(x => GivenThereIsAConfiguration(initialConfiguration))
@ -356,14 +359,14 @@ namespace Ocelot.IntegrationTests
{
Host = "localhost",
Port = fooPort,
}
},
},
DownstreamScheme = "http",
DownstreamPathTemplate = "/foo",
UpstreamHttpMethod = new List<string> { "get" },
UpstreamPathTemplate = "/foo"
}
}
UpstreamPathTemplate = "/foo",
},
},
};
var updatedConfiguration = new FileConfiguration
@ -381,14 +384,14 @@ namespace Ocelot.IntegrationTests
{
Host = "localhost",
Port = barPort,
}
},
},
DownstreamScheme = "http",
DownstreamPathTemplate = "/bar",
UpstreamHttpMethod = new List<string> { "get" },
UpstreamPathTemplate = "/foo"
}
}
UpstreamPathTemplate = "/foo",
},
},
};
this.Given(x => GivenThereIsAConfiguration(initialConfiguration))
@ -430,7 +433,7 @@ namespace Ocelot.IntegrationTests
{
Host = "localhost",
Port = 80,
}
},
},
DownstreamScheme = "https",
DownstreamPathTemplate = "/",
@ -438,8 +441,8 @@ namespace Ocelot.IntegrationTests
UpstreamPathTemplate = "/",
FileCacheOptions = new FileCacheOptions
{
TtlSeconds = 10
}
TtlSeconds = 10,
},
},
new FileRoute()
{
@ -449,7 +452,7 @@ namespace Ocelot.IntegrationTests
{
Host = "localhost",
Port = 80,
}
},
},
DownstreamScheme = "https",
DownstreamPathTemplate = "/",
@ -457,10 +460,10 @@ namespace Ocelot.IntegrationTests
UpstreamPathTemplate = "/test",
FileCacheOptions = new FileCacheOptions
{
TtlSeconds = 10
}
}
}
TtlSeconds = 10,
},
},
},
};
var regionToClear = "gettest";
@ -481,13 +484,14 @@ namespace Ocelot.IntegrationTests
var identityServerRootUrl = "http://localhost:5123";
Action<IdentityServerAuthenticationOptions> options = o =>
Action<JwtBearerOptions> options = o =>
{
o.Authority = identityServerRootUrl;
o.ApiName = "api";
o.RequireHttpsMetadata = false;
o.SupportedTokens = SupportedTokens.Both;
o.ApiSecret = "secret";
o.TokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false,
};
};
this.Given(x => GivenThereIsAConfiguration(configuration))
@ -509,7 +513,7 @@ namespace Ocelot.IntegrationTests
new KeyValuePair<string, string>("scope", "api"),
new KeyValuePair<string, string>("username", "test"),
new KeyValuePair<string, string>("password", "test"),
new KeyValuePair<string, string>("grant_type", "password")
new KeyValuePair<string, string>("grant_type", "password"),
};
var content = new FormUrlEncodedContent(formData);
@ -535,6 +539,7 @@ namespace Ocelot.IntegrationTests
services.AddLogging();
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryApiScopes(new List<ApiScope> { new ApiScope(apiName) })
.AddInMemoryApiResources(new List<ApiResource>
{
new ApiResource
@ -543,9 +548,9 @@ namespace Ocelot.IntegrationTests
Description = apiName,
Enabled = true,
DisplayName = apiName,
Scopes = new List<Scope>()
Scopes = new List<string>()
{
new Scope(apiName),
apiName,
},
},
})
@ -558,7 +563,7 @@ namespace Ocelot.IntegrationTests
ClientSecrets = new List<Secret> { new Secret("secret".Sha256()) },
AllowedScopes = new List<string> { apiName },
AccessTokenType = AccessTokenType.Jwt,
Enabled = true
Enabled = true,
},
})
.AddTestUsers(new List<TestUser>
@ -567,7 +572,7 @@ namespace Ocelot.IntegrationTests
{
Username = "test",
Password = "test",
SubjectId = "1231231"
SubjectId = "1231231",
},
});
})
@ -695,7 +700,7 @@ namespace Ocelot.IntegrationTests
new KeyValuePair<string, string>("client_id", "admin"),
new KeyValuePair<string, string>("client_secret", "secret"),
new KeyValuePair<string, string>("scope", "admin"),
new KeyValuePair<string, string>("grant_type", "client_credentials")
new KeyValuePair<string, string>("grant_type", "client_credentials"),
};
var content = new FormUrlEncodedContent(formData);
@ -708,7 +713,7 @@ namespace Ocelot.IntegrationTests
response.EnsureSuccessStatusCode();
}
private void GivenOcelotIsRunningWithIdentityServerSettings(Action<IdentityServerAuthenticationOptions> configOptions)
private void GivenOcelotIsRunningWithIdentityServerSettings(Action<JwtBearerOptions> configOptions)
{
_webHostBuilder = Host.CreateDefaultBuilder()
.ConfigureWebHost(webBuilder =>

2
test/Ocelot.IntegrationTests/Ocelot.IntegrationTests.csproj
View File

@ -52,7 +52,7 @@
<PackageReference Include="TestStack.BDDfy" Version="4.3.2" />
<PackageReference Include="Microsoft.Data.SQLite" Version="5.0.0" />
<PackageReference Include="IdentityServer4.AccessTokenValidation" Version="3.0.1" />
<PackageReference Include="IdentityServer4" Version="3.1.1" />
<PackageReference Include="IdentityServer4" Version="4.1.1" />
</ItemGroup>
<ItemGroup>
<PackageReference Update="Microsoft.SourceLink.GitHub" Version="1.0.0" />

5
test/Ocelot.UnitTests/Administration/OcelotAdministrationBuilderTests.cs
View File

@ -1,6 +1,7 @@
namespace Ocelot.UnitTests.Administration
{
using IdentityServer4.AccessTokenValidation;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
@ -44,7 +45,7 @@ namespace Ocelot.UnitTests.Administration
[Fact]
public void should_set_up_administration_with_identity_server_options()
{
Action<IdentityServerAuthenticationOptions> options = o => { };
Action<JwtBearerOptions> options = o => { };
this.Given(x => WhenISetUpOcelotServices())
.When(x => WhenISetUpAdministration(options))
@ -69,7 +70,7 @@ namespace Ocelot.UnitTests.Administration
_ocelotBuilder.AddAdministration("/administration", "secret");
}
private void WhenISetUpAdministration(Action<IdentityServerAuthenticationOptions> options)
private void WhenISetUpAdministration(Action<JwtBearerOptions> options)
{
_ocelotBuilder.AddAdministration("/administration", options);
}

2
test/Ocelot.UnitTests/Ocelot.UnitTests.csproj
View File

@ -72,7 +72,7 @@
<PackageReference Include="xunit" Version="2.4.1" />
<PackageReference Include="Butterfly.Client.AspNetCore" Version="0.0.8" />
<PackageReference Include="IdentityServer4.AccessTokenValidation" Version="3.0.1" />
<PackageReference Include="IdentityServer4" Version="3.1.1" />
<PackageReference Include="IdentityServer4" Version="4.1.1" />
<PackageReference Include="Steeltoe.Discovery.ClientCore" Version="3.0.1" />
<PackageReference Include="Consul" Version="1.6.1.1" />
<PackageReference Include="CacheManager.Core" Version="2.0.0-beta-1629" />