From 8c6bc7665cf018d07e57e697f29c91d10379473c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Chalet?= Date: Fri, 16 Dec 2016 14:40:12 +0100 Subject: [PATCH] Introduce OpenIddictBuilder.SetIssuer() --- src/OpenIddict/OpenIddictExtensions.cs | 20 + .../OpenIddictBuilderTests.cs | 526 ------------------ .../OpenIddictExtensionsTests.cs | 40 +- 3 files changed, 55 insertions(+), 531 deletions(-) delete mode 100644 test/OpenIddict.Tests/OpenIddictBuilderTests.cs diff --git a/src/OpenIddict/OpenIddictExtensions.cs b/src/OpenIddict/OpenIddictExtensions.cs index 937f82ff..e6305361 100644 --- a/src/OpenIddict/OpenIddictExtensions.cs +++ b/src/OpenIddict/OpenIddictExtensions.cs @@ -694,6 +694,26 @@ namespace Microsoft.AspNetCore.Builder { return builder.Configure(options => options.RefreshTokenLifetime = lifetime); } + /// + /// Sets the issuer address, which is used as the base address + /// for the endpoint URIs returned from the discovery endpoint. + /// + /// The services builder used by OpenIddict to register new services. + /// The issuer address. + /// The . + public static OpenIddictBuilder SetIssuer( + [NotNull] this OpenIddictBuilder builder, [NotNull] Uri address) { + if (builder == null) { + throw new ArgumentNullException(nameof(builder)); + } + + if (address == null) { + throw new ArgumentNullException(nameof(address)); + } + + return builder.Configure(options => options.Issuer = address); + } + /// /// Configures OpenIddict to use a specific data protection provider /// instead of relying on the default instance provided by the DI container. diff --git a/test/OpenIddict.Tests/OpenIddictBuilderTests.cs b/test/OpenIddict.Tests/OpenIddictBuilderTests.cs deleted file mode 100644 index c3f17b50..00000000 --- a/test/OpenIddict.Tests/OpenIddictBuilderTests.cs +++ /dev/null @@ -1,526 +0,0 @@ -using System; -using System.IdentityModel.Tokens.Jwt; -using System.Reflection; -using AspNet.Security.OpenIdConnect.Primitives; -using Microsoft.AspNetCore.Builder; -using Microsoft.AspNetCore.DataProtection; -using Microsoft.AspNetCore.Http; -using Microsoft.Extensions.DependencyInjection; -using Microsoft.Extensions.Options; -using Microsoft.IdentityModel.Tokens; -using Moq; -using Xunit; - -namespace OpenIddict.Tests { - public class OpenIddictBuilderTests { - [Fact] - public void Configure_OptionsAreCorrectlyAmended() { - // Arrange - var services = new ServiceCollection(); - services.AddOptions(); - - var builder = new OpenIddictBuilder(services); - - // Act - builder.Configure(configuration => configuration.Description.DisplayName = "OpenIddict"); - - var provider = services.BuildServiceProvider(); - var options = provider.GetRequiredService>(); - - // Assert - Assert.Equal("OpenIddict", options.Value.Description.DisplayName); - } - - [Fact] - public void AddEphemeralSigningKey_SigningKeyIsCorrectlyAdded() { - // Arrange - var services = new ServiceCollection(); - services.AddOptions(); - - var builder = new OpenIddictBuilder(services); - - // Act - builder.AddEphemeralSigningKey(); - - var provider = services.BuildServiceProvider(); - var options = provider.GetRequiredService>(); - - // Assert - Assert.Equal(1, options.Value.SigningCredentials.Count); - } - - [Theory] - [InlineData(SecurityAlgorithms.RsaSha256Signature)] - [InlineData(SecurityAlgorithms.RsaSha384Signature)] - [InlineData(SecurityAlgorithms.RsaSha512Signature)] -#if SUPPORTS_ECDSA - [InlineData(SecurityAlgorithms.EcdsaSha256Signature)] - [InlineData(SecurityAlgorithms.EcdsaSha384Signature)] - [InlineData(SecurityAlgorithms.EcdsaSha512Signature)] -#endif - public void AddEphemeralSigningKey_SigningCredentialsUseSpecifiedAlgorithm(string algorithm) { - // Arrange - var services = new ServiceCollection(); - services.AddOptions(); - - var builder = new OpenIddictBuilder(services); - - // Act - builder.AddEphemeralSigningKey(algorithm); - - var provider = services.BuildServiceProvider(); - var options = provider.GetRequiredService>(); - var credentials = options.Value.SigningCredentials[0]; - - // Assert - Assert.Equal(algorithm, credentials.Algorithm); - } - - [Theory] - [InlineData(SecurityAlgorithms.HmacSha256Signature)] - [InlineData(SecurityAlgorithms.RsaSha256Signature)] -#if SUPPORTS_ECDSA - [InlineData(SecurityAlgorithms.EcdsaSha256Signature)] - [InlineData(SecurityAlgorithms.EcdsaSha384Signature)] - [InlineData(SecurityAlgorithms.EcdsaSha512Signature)] -#endif - public void AddSigningKey_SigningKeyIsCorrectlyAdded(string algorithm) { - // Arrange - var services = new ServiceCollection(); - services.AddOptions(); - - var builder = new OpenIddictBuilder(services); - - var factory = Mock.Of(mock => - mock.IsSupportedAlgorithm(algorithm, It.IsAny())); - - var key = Mock.Of(mock => mock.CryptoProviderFactory == factory); - - // Act - builder.AddSigningKey(key); - - var provider = services.BuildServiceProvider(); - var options = provider.GetRequiredService>(); - - // Assert - Assert.Same(key, options.Value.SigningCredentials[0].Key); - } - - [Fact] - public void AddSigningCertificate_SigningKeyIsCorrectlyAdded() { - // Arrange - var services = new ServiceCollection(); - services.AddOptions(); - - var builder = new OpenIddictBuilder(services); - - // Act - builder.AddSigningCertificate( - assembly: typeof(OpenIddictBuilderTests).GetTypeInfo().Assembly, - resource: "OpenIddict.Tests.Certificate.pfx", - password: "OpenIddict"); - - var provider = services.BuildServiceProvider(); - var options = provider.GetRequiredService>(); - - // Assert - Assert.IsType(typeof(X509SecurityKey), options.Value.SigningCredentials[0].Key); - } - - [Fact] - public void AllowAuthorizationCodeFlow_CodeFlowIsAddedToGrantTypes() { - // Arrange - var services = new ServiceCollection(); - services.AddOptions(); - - var builder = new OpenIddictBuilder(services); - - // Act - builder.AllowAuthorizationCodeFlow(); - - var provider = services.BuildServiceProvider(); - var options = provider.GetRequiredService>(); - - // Assert - Assert.Contains(OpenIdConnectConstants.GrantTypes.AuthorizationCode, options.Value.GrantTypes); - } - - [Fact] - public void AllowClientCredentialsFlow_ClientCredentialsFlowIsAddedToGrantTypes() { - // Arrange - var services = new ServiceCollection(); - services.AddOptions(); - - var builder = new OpenIddictBuilder(services); - - // Act - builder.AllowClientCredentialsFlow(); - - var provider = services.BuildServiceProvider(); - var options = provider.GetRequiredService>(); - - // Assert - Assert.Contains(OpenIdConnectConstants.GrantTypes.ClientCredentials, options.Value.GrantTypes); - } - - [Fact] - public void AllowCustomFlow_CustomFlowIsAddedToGrantTypes() { - // Arrange - var services = new ServiceCollection(); - services.AddOptions(); - - var builder = new OpenIddictBuilder(services); - - // Act - builder.AllowCustomFlow("urn:ietf:params:oauth:grant-type:custom_grant"); - - var provider = services.BuildServiceProvider(); - var options = provider.GetRequiredService>(); - - // Assert - Assert.Contains("urn:ietf:params:oauth:grant-type:custom_grant", options.Value.GrantTypes); - } - - [Fact] - public void AllowImplicitFlow_ImplicitFlowIsAddedToGrantTypes() { - // Arrange - var services = new ServiceCollection(); - services.AddOptions(); - - var builder = new OpenIddictBuilder(services); - - // Act - builder.AllowImplicitFlow(); - - var provider = services.BuildServiceProvider(); - var options = provider.GetRequiredService>(); - - // Assert - Assert.Contains(OpenIdConnectConstants.GrantTypes.Implicit, options.Value.GrantTypes); - } - - [Fact] - public void AllowPasswordFlow_PasswordFlowIsAddedToGrantTypes() { - // Arrange - var services = new ServiceCollection(); - services.AddOptions(); - - var builder = new OpenIddictBuilder(services); - - // Act - builder.AllowPasswordFlow(); - - var provider = services.BuildServiceProvider(); - var options = provider.GetRequiredService>(); - - // Assert - Assert.Contains(OpenIdConnectConstants.GrantTypes.Password, options.Value.GrantTypes); - } - - [Fact] - public void AllowRefreshTokenFlow_RefreshTokenFlowIsAddedToGrantTypes() { - // Arrange - var services = new ServiceCollection(); - services.AddOptions(); - - var builder = new OpenIddictBuilder(services); - - // Act - builder.AllowRefreshTokenFlow(); - - var provider = services.BuildServiceProvider(); - var options = provider.GetRequiredService>(); - - // Assert - Assert.Contains(OpenIdConnectConstants.GrantTypes.RefreshToken, options.Value.GrantTypes); - } - - [Fact] - public void DisableConfigurationEndpoint_ConfigurationEndpointIsDisabled() { - // Arrange - var services = new ServiceCollection(); - services.AddOptions(); - - var builder = new OpenIddictBuilder(services); - - // Act - builder.DisableConfigurationEndpoint(); - - var provider = services.BuildServiceProvider(); - var options = provider.GetRequiredService>(); - - // Assert - Assert.Equal(PathString.Empty, options.Value.ConfigurationEndpointPath); - } - - [Fact] - public void DisableCryptographyEndpoint_CryptographyEndpointIsDisabled() { - // Arrange - var services = new ServiceCollection(); - services.AddOptions(); - - var builder = new OpenIddictBuilder(services); - - // Act - builder.DisableCryptographyEndpoint(); - - var provider = services.BuildServiceProvider(); - var options = provider.GetRequiredService>(); - - // Assert - Assert.Equal(PathString.Empty, options.Value.CryptographyEndpointPath); - } - - [Fact] - public void EnableAuthorizationEndpoint_AuthorizationEndpointIsEnabled() { - // Arrange - var services = new ServiceCollection(); - services.AddOptions(); - - var builder = new OpenIddictBuilder(services); - - // Act - builder.EnableAuthorizationEndpoint("/endpoint-path"); - - var provider = services.BuildServiceProvider(); - var options = provider.GetRequiredService>(); - - // Assert - Assert.Equal("/endpoint-path", options.Value.AuthorizationEndpointPath); - } - - [Fact] - public void EnableIntrospectionEndpoint_IntrospectionEndpointIsEnabled() { - // Arrange - var services = new ServiceCollection(); - services.AddOptions(); - - var builder = new OpenIddictBuilder(services); - - // Act - builder.EnableIntrospectionEndpoint("/endpoint-path"); - - var provider = services.BuildServiceProvider(); - var options = provider.GetRequiredService>(); - - // Assert - Assert.Equal("/endpoint-path", options.Value.IntrospectionEndpointPath); - } - - [Fact] - public void EnableLogoutEndpoint_LogoutEndpointIsEnabled() { - // Arrange - var services = new ServiceCollection(); - services.AddOptions(); - - var builder = new OpenIddictBuilder(services); - - // Act - builder.EnableLogoutEndpoint("/endpoint-path"); - - var provider = services.BuildServiceProvider(); - var options = provider.GetRequiredService>(); - - // Assert - Assert.Equal("/endpoint-path", options.Value.LogoutEndpointPath); - } - - [Fact] - public void EnableRequestCaching_RequestCachingIsEnabled() { - // Arrange - var services = new ServiceCollection(); - services.AddOptions(); - - var builder = new OpenIddictBuilder(services); - - // Act - builder.EnableRequestCaching(); - - var provider = services.BuildServiceProvider(); - var options = provider.GetRequiredService>(); - - // Assert - Assert.True(options.Value.EnableRequestCaching); - } - - [Fact] - public void EnableRevocationEndpoint_RevocationEndpointIsEnabled() { - // Arrange - var services = new ServiceCollection(); - services.AddOptions(); - - var builder = new OpenIddictBuilder(services); - - // Act - builder.EnableRevocationEndpoint("/endpoint-path"); - - var provider = services.BuildServiceProvider(); - var options = provider.GetRequiredService>(); - - // Assert - Assert.Equal("/endpoint-path", options.Value.RevocationEndpointPath); - } - - [Fact] - public void EnableTokenEndpoint_TokenEndpointIsEnabled() { - // Arrange - var services = new ServiceCollection(); - services.AddOptions(); - - var builder = new OpenIddictBuilder(services); - - // Act - builder.EnableTokenEndpoint("/endpoint-path"); - - var provider = services.BuildServiceProvider(); - var options = provider.GetRequiredService>(); - - // Assert - Assert.Equal("/endpoint-path", options.Value.TokenEndpointPath); - } - - [Fact] - public void EnableUserinfoEndpoint_UserinfoEndpointIsEnabled() { - // Arrange - var services = new ServiceCollection(); - services.AddOptions(); - - var builder = new OpenIddictBuilder(services); - - // Act - builder.EnableUserinfoEndpoint("/endpoint-path"); - - var provider = services.BuildServiceProvider(); - var options = provider.GetRequiredService>(); - - // Assert - Assert.Equal("/endpoint-path", options.Value.UserinfoEndpointPath); - } - - [Fact] - public void RequireClientIdentification_ClientIdentificationIsEnforced() { - // Arrange - var services = new ServiceCollection(); - services.AddOptions(); - - var builder = new OpenIddictBuilder(services); - - // Act - builder.RequireClientIdentification(); - - var provider = services.BuildServiceProvider(); - var options = provider.GetRequiredService>(); - - // Assert - Assert.True(options.Value.RequireClientIdentification); - } - - [Fact] - public void SetAccessTokenLifetime_DefaultAccessTokenLifetimeIsReplaced() { - // Arrange - var services = new ServiceCollection(); - services.AddOptions(); - - var builder = new OpenIddictBuilder(services); - - // Act - builder.SetAccessTokenLifetime(TimeSpan.FromMinutes(42)); - - var provider = services.BuildServiceProvider(); - var options = provider.GetRequiredService>(); - - // Assert - Assert.Equal(TimeSpan.FromMinutes(42), options.Value.AccessTokenLifetime); - } - - [Fact] - public void SetAuthorizationCodeLifetime_DefaultAuthorizationCodeLifetimeIsReplaced() { - // Arrange - var services = new ServiceCollection(); - services.AddOptions(); - - var builder = new OpenIddictBuilder(services); - - // Act - builder.SetAuthorizationCodeLifetime(TimeSpan.FromMinutes(42)); - - var provider = services.BuildServiceProvider(); - var options = provider.GetRequiredService>(); - - // Assert - Assert.Equal(TimeSpan.FromMinutes(42), options.Value.AuthorizationCodeLifetime); - } - - [Fact] - public void SetIdentityTokenLifetime_DefaultIdentityTokenLifetimeIsReplaced() { - // Arrange - var services = new ServiceCollection(); - services.AddOptions(); - - var builder = new OpenIddictBuilder(services); - - // Act - builder.SetIdentityTokenLifetime(TimeSpan.FromMinutes(42)); - - var provider = services.BuildServiceProvider(); - var options = provider.GetRequiredService>(); - - // Assert - Assert.Equal(TimeSpan.FromMinutes(42), options.Value.IdentityTokenLifetime); - } - - [Fact] - public void SetRefreshTokenLifetime_DefaultRefreshTokenLifetimeIsReplaced() { - // Arrange - var services = new ServiceCollection(); - services.AddOptions(); - - var builder = new OpenIddictBuilder(services); - - // Act - builder.SetRefreshTokenLifetime(TimeSpan.FromMinutes(42)); - - var provider = services.BuildServiceProvider(); - var options = provider.GetRequiredService>(); - - // Assert - Assert.Equal(TimeSpan.FromMinutes(42), options.Value.RefreshTokenLifetime); - } - - [Fact] - public void UseDataProtectionProvider_DefaultProviderIsReplaced() { - // Arrange - var services = new ServiceCollection(); - services.AddOptions(); - - var builder = new OpenIddictBuilder(services); - - // Act - builder.UseDataProtectionProvider(new EphemeralDataProtectionProvider()); - - var provider = services.BuildServiceProvider(); - var options = provider.GetRequiredService>(); - - // Assert - Assert.IsType(typeof(EphemeralDataProtectionProvider), options.Value.DataProtectionProvider); - } - - [Fact] - public void UseJsonWebTokens_AccessTokenHandlerIsCorrectlySet() { - // Arrange - var services = new ServiceCollection(); - services.AddOptions(); - - var builder = new OpenIddictBuilder(services); - - // Act - builder.UseJsonWebTokens(); - - var provider = services.BuildServiceProvider(); - var options = provider.GetRequiredService>(); - - // Assert - Assert.IsType(typeof(JwtSecurityTokenHandler), options.Value.AccessTokenHandler); - } - } -} diff --git a/test/OpenIddict.Tests/OpenIddictExtensionsTests.cs b/test/OpenIddict.Tests/OpenIddictExtensionsTests.cs index bf7dd4af..e5aa536a 100644 --- a/test/OpenIddict.Tests/OpenIddictExtensionsTests.cs +++ b/test/OpenIddict.Tests/OpenIddictExtensionsTests.cs @@ -67,7 +67,10 @@ namespace OpenIddict.Tests { var services = new ServiceCollection(); services.AddOpenIddict() - .AddEphemeralSigningKey(); + .AddSigningCertificate( + assembly: typeof(OpenIddictProviderTests).GetTypeInfo().Assembly, + resource: "OpenIddict.Tests.Certificate.pfx", + password: "OpenIddict"); var builder = new ApplicationBuilder(services.BuildServiceProvider()); @@ -85,7 +88,10 @@ namespace OpenIddict.Tests { var services = new ServiceCollection(); services.AddOpenIddict() - .AddEphemeralSigningKey() + .AddSigningCertificate( + assembly: typeof(OpenIddictProviderTests).GetTypeInfo().Assembly, + resource: "OpenIddict.Tests.Certificate.pfx", + password: "OpenIddict") .Configure(options => options.GrantTypes.Add(flow)) .Configure(options => options.AuthorizationEndpointPath = PathString.Empty); @@ -108,7 +114,10 @@ namespace OpenIddict.Tests { var services = new ServiceCollection(); services.AddOpenIddict() - .AddEphemeralSigningKey() + .AddSigningCertificate( + assembly: typeof(OpenIddictProviderTests).GetTypeInfo().Assembly, + resource: "OpenIddict.Tests.Certificate.pfx", + password: "OpenIddict") .EnableAuthorizationEndpoint("/connect/authorize") .Configure(options => options.GrantTypes.Add(flow)) .Configure(options => options.TokenEndpointPath = PathString.Empty); @@ -146,7 +155,10 @@ namespace OpenIddict.Tests { var services = new ServiceCollection(); services.AddOpenIddict() - .AddEphemeralSigningKey() + .AddSigningCertificate( + assembly: typeof(OpenIddictProviderTests).GetTypeInfo().Assembly, + resource: "OpenIddict.Tests.Certificate.pfx", + password: "OpenIddict") .AllowImplicitFlow() .EnableAuthorizationEndpoint("/connect/authorize"); @@ -246,7 +258,7 @@ namespace OpenIddict.Tests { // Act builder.AddSigningCertificate( - assembly: typeof(OpenIddictBuilderTests).GetTypeInfo().Assembly, + assembly: typeof(OpenIddictExtensionsTests).GetTypeInfo().Assembly, resource: "OpenIddict.Tests.Certificate.pfx", password: "OpenIddict"); @@ -617,6 +629,24 @@ namespace OpenIddict.Tests { Assert.Equal(TimeSpan.FromMinutes(42), options.Value.RefreshTokenLifetime); } + [Fact] + public void SetIssuer_AddressIsReplaced() { + // Arrange + var services = new ServiceCollection(); + services.AddOptions(); + + var builder = new OpenIddictBuilder(services); + + // Act + builder.SetIssuer(new Uri("http://www.fabrikam.com/")); + + var provider = services.BuildServiceProvider(); + var options = provider.GetRequiredService>(); + + // Assert + Assert.Equal(new Uri("http://www.fabrikam.com/"), options.Value.Issuer); + } + [Fact] public void UseDataProtectionProvider_DefaultProviderIsReplaced() { // Arrange