You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
178 lines
6.4 KiB
178 lines
6.4 KiB
using System;
|
|
using System.Linq;
|
|
using System.Security.Claims;
|
|
using System.Text.Encodings.Web;
|
|
using System.Threading.Tasks;
|
|
using AutoFixture;
|
|
using AutoFixture.AutoMoq;
|
|
using Jellyfin.Api.Auth;
|
|
using Jellyfin.Api.Constants;
|
|
using Jellyfin.Data.Entities;
|
|
using Jellyfin.Data.Enums;
|
|
using MediaBrowser.Controller.Entities;
|
|
using MediaBrowser.Controller.Net;
|
|
using Microsoft.AspNetCore.Authentication;
|
|
using Microsoft.AspNetCore.Http;
|
|
using Microsoft.Extensions.Logging;
|
|
using Microsoft.Extensions.Logging.Abstractions;
|
|
using Microsoft.Extensions.Options;
|
|
using Moq;
|
|
using Xunit;
|
|
|
|
namespace Jellyfin.Api.Tests.Auth
|
|
{
|
|
public class CustomAuthenticationHandlerTests
|
|
{
|
|
private readonly IFixture _fixture;
|
|
|
|
private readonly Mock<IAuthService> _jellyfinAuthServiceMock;
|
|
private readonly Mock<IOptionsMonitor<AuthenticationSchemeOptions>> _optionsMonitorMock;
|
|
private readonly Mock<ISystemClock> _clockMock;
|
|
private readonly Mock<IServiceProvider> _serviceProviderMock;
|
|
private readonly Mock<IAuthenticationService> _authenticationServiceMock;
|
|
private readonly UrlEncoder _urlEncoder;
|
|
private readonly HttpContext _context;
|
|
|
|
private readonly CustomAuthenticationHandler _sut;
|
|
private readonly AuthenticationScheme _scheme;
|
|
|
|
public CustomAuthenticationHandlerTests()
|
|
{
|
|
var fixtureCustomizations = new AutoMoqCustomization
|
|
{
|
|
ConfigureMembers = true
|
|
};
|
|
|
|
_fixture = new Fixture().Customize(fixtureCustomizations);
|
|
AllowFixtureCircularDependencies();
|
|
|
|
_jellyfinAuthServiceMock = _fixture.Freeze<Mock<IAuthService>>();
|
|
_optionsMonitorMock = _fixture.Freeze<Mock<IOptionsMonitor<AuthenticationSchemeOptions>>>();
|
|
_clockMock = _fixture.Freeze<Mock<ISystemClock>>();
|
|
_serviceProviderMock = _fixture.Freeze<Mock<IServiceProvider>>();
|
|
_authenticationServiceMock = _fixture.Freeze<Mock<IAuthenticationService>>();
|
|
_fixture.Register<ILoggerFactory>(() => new NullLoggerFactory());
|
|
|
|
_urlEncoder = UrlEncoder.Default;
|
|
|
|
_serviceProviderMock.Setup(s => s.GetService(typeof(IAuthenticationService)))
|
|
.Returns(_authenticationServiceMock.Object);
|
|
|
|
_optionsMonitorMock.Setup(o => o.Get(It.IsAny<string>()))
|
|
.Returns(new AuthenticationSchemeOptions
|
|
{
|
|
ForwardAuthenticate = null
|
|
});
|
|
|
|
_context = new DefaultHttpContext
|
|
{
|
|
RequestServices = _serviceProviderMock.Object
|
|
};
|
|
|
|
_scheme = new AuthenticationScheme(
|
|
_fixture.Create<string>(),
|
|
null,
|
|
typeof(CustomAuthenticationHandler));
|
|
|
|
_sut = _fixture.Create<CustomAuthenticationHandler>();
|
|
_sut.InitializeAsync(_scheme, _context).Wait();
|
|
}
|
|
|
|
[Fact]
|
|
public async Task HandleAuthenticateAsyncShouldFailWithNullUser()
|
|
{
|
|
_jellyfinAuthServiceMock.Setup(
|
|
a => a.Authenticate(
|
|
It.IsAny<HttpRequest>(),
|
|
It.IsAny<AuthenticatedAttribute>()))
|
|
.Returns((User?)null);
|
|
|
|
var authenticateResult = await _sut.AuthenticateAsync();
|
|
|
|
Assert.False(authenticateResult.Succeeded);
|
|
Assert.Equal("Invalid user", authenticateResult.Failure.Message);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task HandleAuthenticateAsyncShouldFailOnSecurityException()
|
|
{
|
|
var errorMessage = _fixture.Create<string>();
|
|
|
|
_jellyfinAuthServiceMock.Setup(
|
|
a => a.Authenticate(
|
|
It.IsAny<HttpRequest>(),
|
|
It.IsAny<AuthenticatedAttribute>()))
|
|
.Throws(new SecurityException(errorMessage));
|
|
|
|
var authenticateResult = await _sut.AuthenticateAsync();
|
|
|
|
Assert.False(authenticateResult.Succeeded);
|
|
Assert.Equal(errorMessage, authenticateResult.Failure.Message);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task HandleAuthenticateAsyncShouldSucceedWithUser()
|
|
{
|
|
SetupUser();
|
|
var authenticateResult = await _sut.AuthenticateAsync();
|
|
|
|
Assert.True(authenticateResult.Succeeded);
|
|
Assert.Null(authenticateResult.Failure);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task HandleAuthenticateAsyncShouldAssignNameClaim()
|
|
{
|
|
var user = SetupUser();
|
|
var authenticateResult = await _sut.AuthenticateAsync();
|
|
|
|
Assert.True(authenticateResult.Principal.HasClaim(ClaimTypes.Name, user.Username));
|
|
}
|
|
|
|
[Theory]
|
|
[InlineData(true)]
|
|
[InlineData(false)]
|
|
public async Task HandleAuthenticateAsyncShouldAssignRoleClaim(bool isAdmin)
|
|
{
|
|
var user = SetupUser(isAdmin);
|
|
var authenticateResult = await _sut.AuthenticateAsync();
|
|
|
|
var expectedRole = user.HasPermission(PermissionKind.IsAdministrator) ? UserRoles.Administrator : UserRoles.User;
|
|
Assert.True(authenticateResult.Principal.HasClaim(ClaimTypes.Role, expectedRole));
|
|
}
|
|
|
|
[Fact]
|
|
public async Task HandleAuthenticateAsyncShouldAssignTicketCorrectScheme()
|
|
{
|
|
SetupUser();
|
|
var authenticatedResult = await _sut.AuthenticateAsync();
|
|
|
|
Assert.Equal(_scheme.Name, authenticatedResult.Ticket.AuthenticationScheme);
|
|
}
|
|
|
|
private User SetupUser(bool isAdmin = false)
|
|
{
|
|
var user = _fixture.Create<User>();
|
|
user.SetPermission(PermissionKind.IsAdministrator, isAdmin);
|
|
|
|
_jellyfinAuthServiceMock.Setup(
|
|
a => a.Authenticate(
|
|
It.IsAny<HttpRequest>(),
|
|
It.IsAny<AuthenticatedAttribute>()))
|
|
.Returns(user);
|
|
|
|
return user;
|
|
}
|
|
|
|
private void AllowFixtureCircularDependencies()
|
|
{
|
|
// A circular dependency exists in the User entity around parent folders,
|
|
// this allows Autofixture to generate a User regardless, rather than throw
|
|
// an error.
|
|
_fixture.Behaviors.OfType<ThrowingRecursionBehavior>().ToList()
|
|
.ForEach(b => _fixture.Behaviors.Remove(b));
|
|
_fixture.Behaviors.Add(new OmitOnRecursionBehavior());
|
|
}
|
|
}
|
|
}
|