Multi scheme test added

mihirdilip · mihirdilip · commit 9c7f58913ab8 · 2021-03-01T18:40:32.000Z
diff --git a/test/AspNetCore.Authentication.ApiKey.Tests/ApiKeyHandlerBaseTests.cs b/test/AspNetCore.Authentication.ApiKey.Tests/ApiKeyHandlerBaseTests.cs
@@ -2,9 +2,15 @@
 // Licensed under the MIT License. See LICENSE file in the project root for license information.
 
 using AspNetCore.Authentication.ApiKey.Tests.Infrastructure;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.Extensions.DependencyInjection;
 using System;
+using System.Collections.Generic;
+using System.Linq;
 using System.Net;
 using System.Net.Http;
+using System.Net.Http.Headers;
+using System.Security.Claims;
 using System.Text.Json;
 using System.Threading.Tasks;
 using Xunit;
@@ -389,11 +395,127 @@ public async Task HandleAuthenticate_OnAuthenticationSucceeded_result_not_null()
 			Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
 		}
 
-		#endregion // HandleAuthenticate
+        #endregion // HandleAuthenticate
 
-		private async Task<ClaimsPrincipalDto> DeserializeClaimsPrincipalAsync(HttpResponseMessage response)
+        #region Multi-Scheme
+
+        [Fact]
+        public async Task MultiScheme()
+        {
+            var keyName1 = "Key1";
+            var keyName2 = "Key2";
+            var keyName3 = "Key3";
+            var keyName4 = "Key4";
+            var claimProvider1 = new ClaimDto { Type = "Provider", Value = "1" };
+            var claimProvider2 = new ClaimDto { Type = "Provider", Value = "2" };
+            var claimRole = new ClaimDto(FakeApiKeys.FakeRoleClaim);
+			var schemes = new List<string> { "InHeader", "InHeaderWithProvider", "InAuthorizationHeader", "InQueryParams" };
+
+			using var server = TestServerBuilder.BuildTestServer(services =>
+            {
+                services.AddAuthentication("InHeader")
+                    .AddApiKeyInHeader("InHeader", options =>
+                    {
+                        options.Realm = TestServerBuilder.Realm;
+                        options.KeyName = keyName1;
+                        options.Events.OnValidateKey = context =>
+                        {
+                            context.Response.Headers.Add("X-Custom", "InHeader Scheme");
+                            context.ValidationSucceeded();
+                            return Task.CompletedTask;
+                        };
+                    })
+                    .AddApiKeyInHeader<FakeApiKeyProviderLocal_1>("InHeaderWithProvider", options =>
+                    {
+                        options.Realm = TestServerBuilder.Realm;
+                        options.KeyName = keyName2;
+                    })
+                    .AddApiKeyInAuthorizationHeader<FakeApiKeyProviderLocal_2>("InAuthorizationHeader", options =>
+                    {
+                        options.Realm = TestServerBuilder.Realm;
+                        options.KeyName = keyName3;
+                    })
+                    .AddApiKeyInQueryParams<FakeApiKeyProvider>("InQueryParams", options =>
+                    {
+                        options.Realm = TestServerBuilder.Realm;
+                        options.KeyName = keyName4;
+                    });
+
+#if !(NET461 || NETSTANDARD2_0 || NETCOREAPP2_1)
+				services.Configure<AuthorizationOptions>(options => options.FallbackPolicy = new AuthorizationPolicyBuilder(schemes.ToArray()).RequireAuthenticatedUser().Build());
+#endif
+			});
+
+            using var client = server.CreateClient();
+
+            using var request1 = new HttpRequestMessage(HttpMethod.Get, TestServerBuilder.ClaimsPrincipalUrl + "?scheme=" + schemes[0]);
+            request1.Headers.Add(keyName1, FakeApiKeys.FakeKey);
+            using var response1 = await client.SendAsync(request1);
+            Assert.True(response1.IsSuccessStatusCode);
+            Assert.Equal(HttpStatusCode.OK, response1.StatusCode);
+            var response1Principal = await DeserializeClaimsPrincipalAsync(response1);
+            Assert.Contains(response1.Headers, r => r.Key == "X-Custom" && r.Value.Any(v => v == "InHeader Scheme"));
+            Assert.DoesNotContain(response1Principal.Claims, c => c.Type == claimProvider1.Type && c.Value == claimProvider1.Value);
+            Assert.DoesNotContain(response1Principal.Claims, c => c.Type == claimProvider2.Type && c.Value == claimProvider2.Value);
+            Assert.DoesNotContain(response1Principal.Claims, c => c.Type == claimRole.Type && c.Value == claimRole.Value);
+
+
+            using var request2 = new HttpRequestMessage(HttpMethod.Get, TestServerBuilder.ClaimsPrincipalUrl + "?scheme=" + schemes[1]);
+            request2.Headers.Add(keyName2, FakeApiKeys.FakeKey);
+            using var response2 = await client.SendAsync(request2);
+            Assert.True(response2.IsSuccessStatusCode);
+            Assert.Equal(HttpStatusCode.OK, response2.StatusCode);
+            var response2Principal = await DeserializeClaimsPrincipalAsync(response2);
+            Assert.DoesNotContain(response2.Headers, r => r.Key == "X-Custom" && r.Value.Any(v => v == "InHeader Scheme"));
+            Assert.Contains(response2Principal.Claims, c => c.Type == claimProvider1.Type && c.Value == claimProvider1.Value);
+            Assert.DoesNotContain(response2Principal.Claims, c => c.Type == claimProvider2.Type && c.Value == claimProvider2.Value);
+            Assert.DoesNotContain(response2Principal.Claims, c => c.Type == claimRole.Type && c.Value == claimRole.Value);
+
+
+            using var request3 = new HttpRequestMessage(HttpMethod.Get, TestServerBuilder.ClaimsPrincipalUrl + "?scheme=" + schemes[2]);
+            request3.Headers.Authorization = new AuthenticationHeaderValue(keyName3, FakeApiKeys.FakeKey);
+            using var response3 = await client.SendAsync(request3);
+            Assert.True(response3.IsSuccessStatusCode);
+            Assert.Equal(HttpStatusCode.OK, response3.StatusCode);
+            var response3Principal = await DeserializeClaimsPrincipalAsync(response3);
+            Assert.DoesNotContain(response3.Headers, r => r.Key == "X-Custom" && r.Value.Any(v => v == "InHeader Scheme"));
+            Assert.DoesNotContain(response3Principal.Claims, c => c.Type == claimProvider1.Type && c.Value == claimProvider1.Value);
+            Assert.Contains(response3Principal.Claims, c => c.Type == claimProvider2.Type && c.Value == claimProvider2.Value);
+            Assert.DoesNotContain(response3Principal.Claims, c => c.Type == claimRole.Type && c.Value == claimRole.Value);
+
+
+            using var request4 = new HttpRequestMessage(HttpMethod.Get, $"{TestServerBuilder.ClaimsPrincipalUrl}?scheme={schemes[3]}&{keyName4}={FakeApiKeys.FakeKey}");
+            using var response4 = await client.SendAsync(request4);
+            Assert.True(response4.IsSuccessStatusCode);
+            Assert.Equal(HttpStatusCode.OK, response3.StatusCode);
+            var response4Principal = await DeserializeClaimsPrincipalAsync(response4);
+            Assert.DoesNotContain(response4.Headers, r => r.Key == "X-Custom" && r.Value.Any(v => v == "InHeader Scheme"));
+            Assert.DoesNotContain(response4Principal.Claims, c => c.Type == claimProvider1.Type && c.Value == claimProvider1.Value);
+            Assert.DoesNotContain(response4Principal.Claims, c => c.Type == claimProvider2.Type && c.Value == claimProvider2.Value);
+            Assert.Contains(response4Principal.Claims, c => c.Type == claimRole.Type && c.Value == claimRole.Value);
+        }
+
+        #endregion // Multi-Scheme
+
+        private async Task<ClaimsPrincipalDto> DeserializeClaimsPrincipalAsync(HttpResponseMessage response)
         {
 			return JsonSerializer.Deserialize<ClaimsPrincipalDto>(await response.Content.ReadAsStringAsync());
 		}
+
+        private class FakeApiKeyProviderLocal_1 : IApiKeyProvider
+        {
+            public Task<IApiKey> ProvideAsync(string key)
+            {
+				return Task.FromResult((IApiKey)new FakeApiKey(key, "Test", new List<Claim> { new Claim("Provider", "1") }));
+            }
+        }
+
+		private class FakeApiKeyProviderLocal_2 : IApiKeyProvider
+		{
+			public Task<IApiKey> ProvideAsync(string key)
+			{
+				return Task.FromResult((IApiKey)new FakeApiKey(key, "Test", new List<Claim> { new Claim("Provider", "2") }));
+			}
+		}
 	}
 }
diff --git a/test/AspNetCore.Authentication.ApiKey.Tests/AspNetCore.Authentication.ApiKey.Tests.csproj b/test/AspNetCore.Authentication.ApiKey.Tests/AspNetCore.Authentication.ApiKey.Tests.csproj
@@ -14,20 +14,20 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="16.8.3" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="16.9.1" />
     <PackageReference Include="xunit" Version="2.4.1" />
     <PackageReference Include="xunit.runner.visualstudio" Version="2.4.3">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
-    <PackageReference Include="coverlet.collector" Version="3.0.2">
+    <PackageReference Include="coverlet.collector" Version="3.0.3">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
   </ItemGroup>
 
   <ItemGroup Condition="'$(TargetFramework)' == 'net5.0'">
-    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="5.0.2" />
+    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="5.0.3" />
   </ItemGroup>
 
   <ItemGroup Condition="'$(TargetFramework)' == 'netcoreapp3.1'">
@@ -39,11 +39,15 @@
   </ItemGroup>
 
   <ItemGroup Condition="'$(TargetFramework)' == 'netcoreapp2.1'">
+    <PackageReference Include="Microsoft.AspNetCore.Authorization" Version="5.0.3" />
+    <PackageReference Include="Microsoft.AspNetCore.Mvc.Core" Version="2.2.5" />
     <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="2.2.0" />
     <PackageReference Include="Microsoft.Extensions.Hosting" Version="5.0.0" />
   </ItemGroup>
 
   <ItemGroup Condition="'$(TargetFramework)' == 'net461'">
+    <PackageReference Include="Microsoft.AspNetCore.Authorization" Version="5.0.3" />
+    <PackageReference Include="Microsoft.AspNetCore.Mvc.Core" Version="2.2.5" />
     <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="2.2.0" />
     <PackageReference Include="Microsoft.Extensions.Hosting" Version="5.0.0" />
   </ItemGroup>
diff --git a/test/AspNetCore.Authentication.ApiKey.Tests/Infrastructure/TestServerBuilder.cs b/test/AspNetCore.Authentication.ApiKey.Tests/Infrastructure/TestServerBuilder.cs
@@ -2,11 +2,15 @@
 // Licensed under the MIT License. See LICENSE file in the project root for license information.
 
 using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.Authorization;
 using Microsoft.AspNetCore.TestHost;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Primitives;
 using System;
 using System.Linq;
 using System.Text.Json;
@@ -122,7 +126,7 @@ internal static TestServer BuildTestServer(Action<IServiceCollection> configureS
 
 #if !(NET461 || NETSTANDARD2_0 || NETCOREAPP2_1)
                         services.AddRouting();
-                        services.AddAuthorization();
+                        services.AddAuthorization(options => options.FallbackPolicy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build());
 #endif
 
                         configureServices(services);
@@ -150,18 +154,18 @@ internal static TestServer BuildTestServer(Action<IServiceCollection> configureS
                                 endpoints.MapGet("/", async context =>
                                 {
                                     await context.Response.WriteAsync("Hello World!");
-                                }).RequireAuthorization();
+                                });
 
                                 endpoints.MapGet("/claims-principal", async context =>
                                 {
                                     context.Response.ContentType = "application/json";
                                     await context.Response.WriteAsync(JsonSerializer.Serialize(new ClaimsPrincipalDto(context.User)));
-                                }).RequireAuthorization();
+                                });
 
                                 endpoints.MapGet("/forbidden", async context =>
                                 {
                                     await context.ForbidAsync();
-                                }).RequireAuthorization();
+                                });
 
                                 endpoints.MapGet("/anonymous", async context =>
                                 {
@@ -184,10 +188,31 @@ internal static TestServer BuildTestServer(Action<IServiceCollection> configureS
                             {
                                 if (!context.User.Identity.IsAuthenticated)
                                 {
-                                    await context.ChallengeAsync();
-                                    return;
+                                    var scheme = StringValues.Empty;
+                                    context.Request.Query.TryGetValue("scheme", out scheme);
+
+                                    if (scheme.Any())
+                                    {
+                                        var result = await context.AuthenticateAsync(scheme);
+                                        if (result?.Principal != null)
+                                        {
+                                            context.User = result.Principal;
+                                        }
+                                        else
+                                        {
+                                            await context.ChallengeAsync(scheme);
+                                            return;
+                                        }
+                                    }
+                                    else
+                                    {
+                                        await context.ChallengeAsync();
+                                        return;
+                                    }
                                 }
 
+
+
                                 if (context.Request.Path == "/claims-principal")
                                 {
                                     context.Response.ContentType = "application/json";
