mirror of
https://github.com/nsnail/Ocelot.git
synced 2025-05-01 20:42:51 +08:00
57580afa74
* Fixed Format Issue for Kubernetes ServiceDiscoveryProvider * Fixes broken links (#858) * Fix link to issue 262 * Fixes broken link to issue 340 * Fixed broken link to issue 340 (#857) * Update information for Okta Authorization (#853) * +dynamic claim variables (#855) incl. tests * IOcelotPipelineBuilder.Use(): Return IOcelotPipelineBuilder (#875) Fixes ThreeMammals/Ocelot#685 * Fix UpstreamHost checking when reroutes duplicate validation (#864) * Format json in reame (#877) Format json file in AdministrationApi ReadMe * kubernetes use in cluster (#882) * refactor :kubernetes use in cluster * feat:delete KubeClient * add more flexible method to config ocelot pipeline (#880) * update k8s doc & samples (#885) * refactor :kubernetes use in cluster * feat:delete KubeClient * feat : update k8s doc & samples * Update kubernetes.rst * Fix/issue666 (#889) * cache key now can generate from query string for request with Get Methods and request content for requests with post methods * MD5Helper Added. OutputCacheMiddleware now can generate cache key using method, url and content * unit test created for CacheKeyGenerator * CacheKeyGenerator Registered in OcelotBuilder as singletone * Fix issue #890 IDefinedAggregator can't handle error codes from downstream requests (#892) * Release/13.2.0 (#834) * Fix formatting in getting started page (#752) * updated release docs (#745) * Update README.md (#756) Fixed typo "Ocleot" * Fixed typo there => their (#763) * Some Typo fixes (#765) * Typo algorythm => algorithm (#764) * Typo querystring => query string (#766) * Typo usual => usually (#767) * Typos (#768) * kubernetes provider (#772) * feat: Kubernetes ServiceDiscoveryProvider * 编写k8s测试例子 * feat:fix kube config * feat: remove port * feat : complete the k8s test * feat : add kubeserviceDiscovery test * feat : add kube provider unittest * feat :add kubetnetes docs how to use ocelot with kubetnetes docs * keep the configuration as simple as possible, no qos, no cache * fix: use http * add PollingKubeServiceDiscovery * feat : refactor logger * feat : add pollkube docs * feat:Remove unnecessary code * feat : code-block json * fix issue #661 for Advanced aggregations (#704) * Add Advanced Aggregation Feature * fix overwrite error * distinct data for better performance * remove constructor parameter * fix tests issue * fix tests * fix tests issue * Add UnitTest and AcceptanceTest * fix responseKeys typo * Update SimpleJsonResponseAggregator.cs * change port * Fix code example for SSL Errors (#780) DangerousAcceptAnyServerCertificateValidator has to be set to "true" to disable certification validation, not "false". * Changed wording for ease of reading (#776) Just some wording changes for clarification. * Ignore response content if null (fix #785) (#786) * fix bug #791 (#795) * Update loadbalancer.rst (#796) * UriBuilder - remove leading question mark #747 (#794) * Update qualityofservice.rst (#801) Tiny typo * K8s package (#804) * feat: Kubernetes ServiceDiscoveryProvider * 编写k8s测试例子 * feat:fix kube config * feat: remove port * feat : complete the k8s test * feat : add kubeserviceDiscovery test * feat : add kube provider unittest * feat :add kubetnetes docs how to use ocelot with kubetnetes docs * keep the configuration as simple as possible, no qos, no cache * fix: use http * add PollingKubeServiceDiscovery * feat : refactor logger * feat : add pollkube docs * feat:Remove unnecessary code * feat : code-block json * feat: publish package Ocelot.Provider.Kubernetes * Okta integration (#807) Okta integration * update cliamsParser (#798) * update cliamsParser * update using * IOcelotBuilder opens the IMvcCoreBuilder property for easy customization (#790) * IOcelotBuilder opens the IMvcCoreBuilder property for easy customization * Adjustment code * nuget package (#809) * feat: Kubernetes ServiceDiscoveryProvider * 编写k8s测试例子 * feat:fix kube config * feat: remove port * feat : complete the k8s test * feat : add kubeserviceDiscovery test * feat : add kube provider unittest * feat :add kubetnetes docs how to use ocelot with kubetnetes docs * keep the configuration as simple as possible, no qos, no cache * fix: use http * add PollingKubeServiceDiscovery * feat : refactor logger * feat : add pollkube docs * feat:Remove unnecessary code * feat : code-block json * feat: publish package Ocelot.Provider.Kubernetes * feat : nuget package * fix: Namesapce Spelling wrong * fix:Namesapce Spelling Wrong * Fix: errors when using rate limiting (#811) * Fix: errors when using rate limiting Add: QuotaExceededError class for requesting too much Add: QuotaExceededError error code Add: Add an error when limit is reached Reflact: Extract GetResponseMessage method for getting default or configured response message for requ * Fix: modify check_we_have_considered_all_errors_in_these_tests for adding a new OcelotErrorCode * added missing COPY csproj files (#821) * Add note on In-Process hosting (#816) When using ASP.NET Core 2.2 with In-Process hosting in IIS it's important to use .UseIIS() instead of .UseIISIntegration(). * Fix bug: (#810) If the registered Consul node is unexpectedly down and not restarted immediately, other services should continue to find the registered service. * Fixed Dockerfile (missing Kubernetes) * Revert "Fix bug: (#810)" (#823) This reverts commit 19c80afb05290fac3a144f652cd663c8b513a559. * remove duplicate `IHttpRequester` register (#819) * remove duplicate `IHttpRequester` register * reserve the first * fix HttpRequesterMiddleware does not call next bug (#830) call next so that we can do something with the response, such as add some custom header etc... * Removed Packing to fix issues, will be sorted out after create a nuget package on Nuget.Org (#831) * Allows access to unpass node (#825) * Fix bug: If the registered Consul node is unexpectedly down and not restarted immediately, other services should continue to find the registered service. * fix bug: If the registered Consul node is unexpectedly down and not restarted immediately, other services should continue to find the registered service. * Updated FluentValidations Nuget Package (#833) * Removed Warnings * Make the full DownstreamContext available to user defined aggregators This allows error codes to be handled
147 lines
5.1 KiB
C#
147 lines
5.1 KiB
C#
using System.Collections.Generic;
|
|
using System.Security.Claims;
|
|
using Ocelot.Authorisation;
|
|
using Ocelot.Configuration;
|
|
using Ocelot.DownstreamRouteFinder.UrlMatcher;
|
|
using Ocelot.Responses;
|
|
using Ocelot.Values;
|
|
|
|
using Shouldly;
|
|
using TestStack.BDDfy;
|
|
using Xunit;
|
|
|
|
namespace Ocelot.UnitTests.Authorization
|
|
{
|
|
using Ocelot.Infrastructure.Claims.Parser;
|
|
|
|
public class ClaimsAuthoriserTests
|
|
{
|
|
private readonly ClaimsAuthoriser _claimsAuthoriser;
|
|
private ClaimsPrincipal _claimsPrincipal;
|
|
private Dictionary<string, string> _requirement;
|
|
private List<PlaceholderNameAndValue> _urlPathPlaceholderNameAndValues;
|
|
private Response<bool> _result;
|
|
|
|
public ClaimsAuthoriserTests()
|
|
{
|
|
_claimsAuthoriser = new ClaimsAuthoriser(new ClaimsParser());
|
|
}
|
|
|
|
[Fact]
|
|
public void should_authorise_user()
|
|
{
|
|
this.Given(x => x.GivenAClaimsPrincipal(new ClaimsPrincipal(new ClaimsIdentity(new List<Claim>
|
|
{
|
|
new Claim("UserType", "registered"),
|
|
}))))
|
|
.And(x => x.GivenARouteClaimsRequirement(new Dictionary<string, string>
|
|
{
|
|
{"UserType", "registered"}
|
|
}))
|
|
.When(x => x.WhenICallTheAuthoriser())
|
|
.Then(x => x.ThenTheUserIsAuthorised())
|
|
.BDDfy();
|
|
}
|
|
|
|
[Fact]
|
|
public void should_authorize_dynamic_user()
|
|
{
|
|
this.Given(x => x.GivenAClaimsPrincipal(new ClaimsPrincipal(new ClaimsIdentity(new List<Claim>
|
|
{
|
|
new Claim("userid", "14"),
|
|
}))))
|
|
.And(x => x.GivenARouteClaimsRequirement(new Dictionary<string, string>
|
|
{
|
|
{"userid", "{userId}"}
|
|
}))
|
|
.And(x => x.GivenAPlaceHolderNameAndValueList(new List<PlaceholderNameAndValue>
|
|
{
|
|
new PlaceholderNameAndValue("{userId}", "14")
|
|
}))
|
|
.When(x => x.WhenICallTheAuthoriser())
|
|
.Then(x => x.ThenTheUserIsAuthorised())
|
|
.BDDfy();
|
|
}
|
|
|
|
[Fact]
|
|
public void should_not_authorize_dynamic_user()
|
|
{
|
|
this.Given(x => x.GivenAClaimsPrincipal(new ClaimsPrincipal(new ClaimsIdentity(new List<Claim>
|
|
{
|
|
new Claim("userid", "15"),
|
|
}))))
|
|
.And(x => x.GivenARouteClaimsRequirement(new Dictionary<string, string>
|
|
{
|
|
{"userid", "{userId}"}
|
|
}))
|
|
.And(x => x.GivenAPlaceHolderNameAndValueList(new List<PlaceholderNameAndValue>
|
|
{
|
|
new PlaceholderNameAndValue("{userId}", "14")
|
|
}))
|
|
.When(x => x.WhenICallTheAuthoriser())
|
|
.Then(x => x.ThenTheUserIsntAuthorised())
|
|
.BDDfy();
|
|
}
|
|
|
|
[Fact]
|
|
public void should_authorise_user_multiple_claims_of_same_type()
|
|
{
|
|
this.Given(x => x.GivenAClaimsPrincipal(new ClaimsPrincipal(new ClaimsIdentity(new List<Claim>
|
|
{
|
|
new Claim("UserType", "guest"),
|
|
new Claim("UserType", "registered"),
|
|
}))))
|
|
.And(x => x.GivenARouteClaimsRequirement(new Dictionary<string, string>
|
|
{
|
|
{"UserType", "registered"}
|
|
}))
|
|
.When(x => x.WhenICallTheAuthoriser())
|
|
.Then(x => x.ThenTheUserIsAuthorised())
|
|
.BDDfy();
|
|
}
|
|
|
|
[Fact]
|
|
public void should_not_authorise_user()
|
|
{
|
|
this.Given(x => x.GivenAClaimsPrincipal(new ClaimsPrincipal(new ClaimsIdentity(new List<Claim>()))))
|
|
.And(x => x.GivenARouteClaimsRequirement(new Dictionary<string, string>
|
|
{
|
|
{ "UserType", "registered" }
|
|
}))
|
|
.When(x => x.WhenICallTheAuthoriser())
|
|
.Then(x => x.ThenTheUserIsntAuthorised())
|
|
.BDDfy();
|
|
}
|
|
|
|
private void GivenAClaimsPrincipal(ClaimsPrincipal claimsPrincipal)
|
|
{
|
|
_claimsPrincipal = claimsPrincipal;
|
|
}
|
|
|
|
private void GivenARouteClaimsRequirement(Dictionary<string, string> requirement)
|
|
{
|
|
_requirement = requirement;
|
|
}
|
|
|
|
private void GivenAPlaceHolderNameAndValueList(List<PlaceholderNameAndValue> urlPathPlaceholderNameAndValues)
|
|
{
|
|
_urlPathPlaceholderNameAndValues = urlPathPlaceholderNameAndValues;
|
|
}
|
|
|
|
private void WhenICallTheAuthoriser()
|
|
{
|
|
_result = _claimsAuthoriser.Authorise(_claimsPrincipal, _requirement, _urlPathPlaceholderNameAndValues);
|
|
}
|
|
|
|
private void ThenTheUserIsAuthorised()
|
|
{
|
|
_result.Data.ShouldBe(true);
|
|
}
|
|
|
|
private void ThenTheUserIsntAuthorised()
|
|
{
|
|
_result.Data.ShouldBe(false);
|
|
}
|
|
}
|
|
}
|