Permalink
Browse files

work on providing a generic authentication process for OpenRasta

Basic authentication is supported
Removed the old Digest authentication but code still there as having issues with building subprojects
  • Loading branch information...
1 parent 418d388 commit 25ee8bfbf610cea17626a9e7dfede565f662d7bb @scottlittlewood scottlittlewood committed Sep 8, 2010
Showing with 929 additions and 70 deletions.
  1. +0 −3 src/core/OpenRasta.Tests.Integration/Binding/CustomSurrogates.cs
  2. +3 −1 src/core/OpenRasta.Tests.Integration/OpenRasta.Tests.Integration.csproj
  3. +111 −0 src/core/OpenRasta.Tests.Unit/Authentication/Basic/BasicAuthenticationScheme_Specification.cs
  4. +16 −14 src/core/OpenRasta.Tests.Unit/OpenRasta.Tests.Unit.csproj
  5. +109 −0 src/core/OpenRasta.Tests.Unit/Pipeline/Contributors/AuthenticationChallenger_Specification.cs
  6. +160 −0 src/core/OpenRasta.Tests.Unit/Pipeline/Contributors/Authentication_Specification.cs
  7. 0 .../OpenRasta.Tests.Unit/{Web → }/Pipeline/Contributors/HandlerMethodFiltersInvoker_Specification.cs
  8. 0 src/core/OpenRasta.Tests.Unit/{Web → }/Pipeline/Contributors/HandlerMethodInvoker_Specification.cs
  9. 0 ...sta.Tests.Unit/{Web → }/Pipeline/Contributors/HandlerMethodrequestEntityResolver_Specification.cs
  10. 0 src/core/OpenRasta.Tests.Unit/{Web → }/Pipeline/Contributors/HandlerResolver_Specification.cs
  11. 0 src/core/OpenRasta.Tests.Unit/{Web → }/Pipeline/Contributors/HttpMethodOverrider_Specification.cs
  12. 0 .../OpenRasta.Tests.Unit/{Web → }/Pipeline/Contributors/InvalidRequestEntityRemover_Specification.cs
  13. 0 ...OpenRasta.Tests.Unit/{Web → }/Pipeline/Contributors/OperationCreationContributor_Specification.cs
  14. 0 src/core/OpenRasta.Tests.Unit/{Web → }/Pipeline/Contributors/OperationProcessors_Specification.cs
  15. 0 src/core/OpenRasta.Tests.Unit/{Web → }/Pipeline/Contributors/RequestEntityReader_Specification.cs
  16. 0 src/core/OpenRasta.Tests.Unit/{Web → }/Pipeline/Contributors/ResourceTypeResolver_Specification.cs
  17. 0 .../OpenRasta.Tests.Unit/{Web → }/Pipeline/Contributors/ResponseEntityCodecResolver_Specification.cs
  18. 0 src/core/OpenRasta.Tests.Unit/{Web → }/Pipeline/Contributors/ResponseEntityWriter_Specification.cs
  19. 0 ...core/OpenRasta.Tests.Unit/{Web → }/Pipeline/Contributors/UriDecoratorsController_Specification.cs
  20. 0 src/core/OpenRasta.Tests.Unit/{Web → }/Pipeline/DigestCredentialsReader_Specification.cs
  21. 0 src/core/OpenRasta.Tests.Unit/{Web → }/Pipeline/PipelineRunner_Specification.cs
  22. +6 −24 src/core/OpenRasta.Tests.Unit/openrasta_context.cs
  23. +26 −0 src/core/OpenRasta/Authentication/AuthenticationResult.cs
  24. +18 −0 src/core/OpenRasta/Authentication/Basic/BasicAuthRequestHeader.cs
  25. +55 −0 src/core/OpenRasta/Authentication/Basic/BasicAuthenticationScheme.cs
  26. +8 −0 src/core/OpenRasta/Authentication/Basic/IBasicAuthenticator.cs
  27. +156 −0 src/core/OpenRasta/Authentication/Digest/DigestAuthRequestHeader.cs
  28. +34 −0 src/core/OpenRasta/Authentication/Digest/DigestAuthenticationScheme.cs
  29. +8 −0 src/core/OpenRasta/Authentication/Digest/IDigestAuthenticator.cs
  30. +13 −0 src/core/OpenRasta/Authentication/IAuthenticationScheme.cs
  31. +2 −1 src/core/OpenRasta/Configuration/DefaultDependencyRegistrar.cs
  32. +22 −5 src/core/OpenRasta/OpenRasta.csproj
  33. +41 −0 src/core/OpenRasta/Pipeline/Contributors/AuthenticationChallengerContributor.cs
  34. +91 −0 src/core/OpenRasta/Pipeline/Contributors/AuthenticationContributor.cs
  35. +5 −0 src/core/OpenRasta/Pipeline/KnownStages.cs
  36. +0 −21 src/core/OpenRasta/Security/RequiresAuthenticationAttribute.cs
  37. +27 −0 src/core/OpenRasta/Security/RequiresAuthenticationInterceptor.cs
  38. +17 −0 src/core/OpenRasta/StringExtensions.cs
  39. +1 −1 src/openbastard/OpenBastard/OpenBastard.csproj
@@ -1,7 +1,6 @@
using System;
using System.Net;
using System.Text;
-using DigestAuthentication_Specification;
using NUnit.Framework;
using OpenRasta.Configuration;
using OpenRasta.Configuration.Fluent;
@@ -47,8 +46,6 @@ public surrogates_context()
{
ConfigureServer(() =>
{
- DependencyManager.GetService<IDependencyResolver>()
- .AddDependency<IAuthenticationProvider, FakeAuthProvider>();
ResourceSpace.Has.ResourcesOfType<Customer>()
.AtUri("/customer/{id}")
@@ -73,7 +73,6 @@
<Compile Include="Regressions\78.cs" />
<Compile Include="Regressions\96.cs" />
<Compile Include="Regressions\135.cs" />
- <Compile Include="Security\DigestAuthentication_Specification.cs" />
<Compile Include="server_context.cs" />
<Compile Include="Stubs\Customer.cs" />
<Compile Include="Stubs\CustomerHandler.cs" />
@@ -99,6 +98,9 @@
<Name>OpenRasta.Testing</Name>
</ProjectReference>
</ItemGroup>
+ <ItemGroup>
+ <Folder Include="Security\" />
+ </ItemGroup>
<Import Project="..\..\..\build\defaults.targets" />
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
<!-- To modify your build process, add your task inside one of the targets below and uncomment it.
@@ -0,0 +1,111 @@
+using Moq;
+using NUnit.Framework;
+using OpenRasta.Authentication;
+using OpenRasta.Authentication.Basic;
+using OpenRasta.Hosting.InMemory;
+using OpenRasta.Testing;
+
+namespace BasicAuthenticationScheme_Specification
+{
+ [TestFixture]
+ public class BasicAuthenticationScheme_Specification
+ {
+ Mock<IBasicAuthenticator> _mockAuthenticator;
+ InMemoryRequest _request;
+ BasicAuthenticationScheme _basicScheme;
+
+ [SetUp]
+ public void BeforeEachTest()
+ {
+ _mockAuthenticator = new Mock<IBasicAuthenticator>();
+ _request = new InMemoryRequest();
+ _basicScheme = new BasicAuthenticationScheme(_mockAuthenticator.Object);
+ }
+
+ [TearDown]
+ public void AfterEachTest()
+ {
+ _mockAuthenticator.VerifyAll();
+ }
+
+ [Test]
+ public void Given_AValidBasicAuthHeader_When_TheRequestIsAuthenticated_Then_TheResult_IsSuccess_And_UsernameIsSet_And_RolesAreSet()
+ {
+ // given
+ string validAuthString = "Basic U2F1c2FnZTphbmQgbWFzaA==";
+ string username = "Sausage";
+ string password = "and mash";
+
+ string[] userRoles = new[] { "Admin", "Manager", "Developer" };
+
+ _request.Headers["Authorization"] = validAuthString;
+
+ _mockAuthenticator
+ .Expect(auth => auth.Authenticate(It.Is<BasicAuthRequestHeader>(h => h.Username == username && h.Password == password)))
+ .Returns(new AuthenticationResult.Success(username, userRoles));
+
+ // when
+ var result = _basicScheme.Authenticate(_request);
+
+ // then
+ result.ShouldBeOfType<AuthenticationResult.Success>();
+ var success = result as AuthenticationResult.Success;
+
+ success.Username.ShouldBe(username);
+ success.Roles.ShouldHaveSameElementsAs(userRoles);
+ }
+
+ [Test]
+ public void Given_AMalformedBasicAuthHeader_When_TheRequestIsAuthenticated_Then_TheResult_IsMalformed()
+ {
+ // given
+ string malformedAuthString = "Basic notAValidBase64String!!!";
+ _request.Headers["Authorization"] = malformedAuthString;
+
+ // when
+ var result = _basicScheme.Authenticate(_request);
+
+ // then
+ result.ShouldBeOfType<AuthenticationResult.MalformedCredentials>();
+ }
+
+ [Test]
+ public void Given_ABasicAuthenticatorReturnsFailed_When_TheRequestIsAuthenticated_Then_TheResult_IsFailed()
+ {
+ // given
+ string authString = "Basic U2F1c2FnZTphbmQgbWFzaA==";
+ string username = "Sausage";
+ string password = "and mash";
+ _request.Headers["Authorization"] = authString;
+
+ _mockAuthenticator
+ .Expect(auth => auth.Authenticate(It.Is<BasicAuthRequestHeader>(h => h.Username == username && h.Password == password)))
+ .Returns(new AuthenticationResult.Failed());
+
+ // when
+ var result = _basicScheme.Authenticate(_request);
+
+ // then
+ result.ShouldBeOfType<AuthenticationResult.Failed>();
+ }
+
+ [Test]
+ public void Given_ABasicAuthenticatorWithARealm_When_ChallengingAResponse_Then_TheResponseHasAWWWAuthenticateHeader()
+ {
+ // given
+ string realm = "Lex Luthors Palace";
+ var response = new InMemoryResponse();
+
+ _mockAuthenticator
+ .ExpectGet(auth => auth.Realm)
+ .Returns(realm);
+
+ // when
+ _basicScheme.Challenge(response);
+
+ // then
+ var expectedChallengeHeader = string.Format("Basic realm=\"{0}\"", realm);
+ response.Headers.ShouldContain("WWW-Authenticate", expectedChallengeHeader);
+ }
+ }
+}
@@ -61,6 +61,7 @@
<Compile Include="..\..\CommonInfo.cs">
<Link>Properties\CommonInfo.cs</Link>
</Compile>
+ <Compile Include="Authentication\Basic\BasicAuthenticationScheme_Specification.cs" />
<Compile Include="Binding\DefaultBinderLocator_Specification.cs" />
<Compile Include="Binding\KeyedValuesBinder_Specification.cs" />
<Compile Include="Codecs\ApplicationOctetStreamCodec_Specification.cs" />
@@ -109,6 +110,8 @@
<Compile Include="OperationModel\MethodBased\MethodBasedOperation_Specification.cs" />
<Compile Include="OperationModel\MethodBased\TypeExclusionFilter_Specification.cs" />
<Compile Include="OperationModel\OperationHydration_Spec.cs" />
+ <Compile Include="Pipeline\Contributors\AuthenticationChallenger_Specification.cs" />
+ <Compile Include="Pipeline\Contributors\Authentication_Specification.cs" />
<Compile Include="Security\RequiresAuthenticationInterceptor_Specification.cs" />
<Compile Include="Security\RequiresRoleInterceptor_Specification.cs" />
<Compile Include="TypeSystem\Members_Specification.cs" />
@@ -149,20 +152,19 @@
<Compile Include="Web\Markup\TextArea_Specification.cs" />
<Compile Include="Web\Markup\TextNode_Specification.cs" />
<Compile Include="Web\Markup\XhtmlDOM_Specification.cs" />
- <Compile Include="Web\Pipeline\Contributors\HandlerMethodFiltersInvoker_Specification.cs" />
- <Compile Include="Web\Pipeline\Contributors\OperationCreationContributor_Specification.cs" />
- <Compile Include="Web\Pipeline\Contributors\OperationProcessors_Specification.cs" />
- <Compile Include="Web\Pipeline\Contributors\ResponseEntityWriter_Specification.cs" />
- <Compile Include="Web\Pipeline\Contributors\ResponseEntityCodecResolver_Specification.cs" />
- <Compile Include="Web\Pipeline\Contributors\HandlerMethodInvoker_Specification.cs" />
- <Compile Include="Web\Pipeline\Contributors\RequestEntityReader_Specification.cs" />
- <Compile Include="Web\Pipeline\Contributors\InvalidRequestEntityRemover_Specification.cs" />
- <Compile Include="Web\Pipeline\Contributors\HandlerResolver_Specification.cs" />
- <Compile Include="Web\Pipeline\Contributors\HttpMethodOverrider_Specification.cs" />
- <Compile Include="Web\Pipeline\Contributors\ResourceTypeResolver_Specification.cs" />
- <Compile Include="Web\Pipeline\Contributors\UriDecoratorsController_Specification.cs" />
- <Compile Include="Web\Pipeline\DigestCredentialsReader_Specification.cs" />
- <Compile Include="Web\Pipeline\PipelineRunner_Specification.cs" />
+ <Compile Include="Pipeline\Contributors\HandlerMethodFiltersInvoker_Specification.cs" />
+ <Compile Include="Pipeline\Contributors\OperationCreationContributor_Specification.cs" />
+ <Compile Include="Pipeline\Contributors\OperationProcessors_Specification.cs" />
+ <Compile Include="Pipeline\Contributors\ResponseEntityWriter_Specification.cs" />
+ <Compile Include="Pipeline\Contributors\ResponseEntityCodecResolver_Specification.cs" />
+ <Compile Include="Pipeline\Contributors\HandlerMethodInvoker_Specification.cs" />
+ <Compile Include="Pipeline\Contributors\RequestEntityReader_Specification.cs" />
+ <Compile Include="Pipeline\Contributors\InvalidRequestEntityRemover_Specification.cs" />
+ <Compile Include="Pipeline\Contributors\HandlerResolver_Specification.cs" />
+ <Compile Include="Pipeline\Contributors\HttpMethodOverrider_Specification.cs" />
+ <Compile Include="Pipeline\Contributors\ResourceTypeResolver_Specification.cs" />
+ <Compile Include="Pipeline\Contributors\UriDecoratorsController_Specification.cs" />
+ <Compile Include="Pipeline\PipelineRunner_Specification.cs" />
<Compile Include="UriTemplate_Specification.cs" />
<Compile Include="Web\Reflection_Specification.cs" />
<Compile Include="Web\TemplatedUriResolver_Specification.cs" />
@@ -0,0 +1,109 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using Moq;
+using NUnit.Framework;
+using OpenRasta.Authentication;
+using OpenRasta.DI;
+using OpenRasta.Pipeline;
+using OpenRasta.Pipeline.Contributors;
+using OpenRasta.Testing;
+using OpenRasta.Tests;
+using OpenRasta.Web;
+
+namespace given_an_authentication_contributor
+{
+ public abstract class given_an_authentication_contributor : openrasta_context
+ {
+ protected override void SetUp()
+ {
+ base.SetUp();
+ given_pipeline_contributor<AuthenticationChallengerContributor>();
+ }
+ }
+
+ public class when_the_pipeline_is_notified_IOperationExecution : given_an_authentication_contributor
+ {
+ [Test]
+ public void then_authentication_challenger_is_invoked()
+ {
+ // given
+
+ // when
+ when_sending_notification<KnownStages.IOperationExecution>();
+
+ // then
+ IsContributorExecuted.ShouldBeTrue();
+ }
+ }
+
+ public class when_the_pipeline_is_notified_IResponseCoding : given_an_authentication_contributor
+ {
+ [Test]
+ public void then_authentication_challenger_is_invoked()
+ {
+ // given
+
+ // when
+ when_sending_notification<KnownStages.IResponseCoding>();
+
+ // then
+ IsContributorExecuted.ShouldBeTrue();
+ }
+ }
+
+ namespace _and_scheme
+ {
+
+ public abstract class _and_scheme : given_an_authentication_contributor
+ {
+ protected Mock<IAuthenticationScheme> mockScheme = new Mock<IAuthenticationScheme>();
+
+ protected override void SetUp()
+ {
+ base.SetUp();
+ given_dependency(mockScheme.Object);
+ given_pipeline_contributor<AuthenticationChallengerContributor>();
+ }
+ }
+
+ public class when_the_context_is_unauthorized : _and_scheme
+ {
+ [Test]
+ public void then_the_authentication_scheme_is_challenged()
+ {
+ // given
+ Context.OperationResult = new OperationResult.Unauthorized();
+
+ // when
+ when_sending_notification<KnownStages.IOperationExecution>();
+
+ // then
+ mockScheme.Verify(s => s.Challenge(Context.Response));
+ }
+ }
+
+ public class when_the_context_is_ok : given_an_authentication_contributor
+ {
+ [Test]
+ public void then_the_authentication_scheme_is_not_challenged()
+ {
+ // given
+ var mockScheme = new Mock<IAuthenticationScheme>(MockBehavior.Strict);
+
+ given_dependency(mockScheme.Object);
+
+ Context.OperationResult = new OperationResult.OK();
+
+ // when
+ when_sending_notification<KnownStages.IOperationExecution>();
+
+ // then
+ mockScheme.VerifyAll();
+ }
+ }
+ }
+}
+
+
Oops, something went wrong.

0 comments on commit 25ee8bf

Please sign in to comment.