diff --git a/src/Ocelot/Authentication/Middleware/AuthenticationMiddleware.cs b/src/Ocelot/Authentication/Middleware/AuthenticationMiddleware.cs index 3209c3dca..2b9e74d45 100644 --- a/src/Ocelot/Authentication/Middleware/AuthenticationMiddleware.cs +++ b/src/Ocelot/Authentication/Middleware/AuthenticationMiddleware.cs @@ -3,8 +3,6 @@ using Ocelot.Configuration; using Ocelot.Logging; using Ocelot.Middleware; -using System.Runtime.Remoting.Contexts; -using System.Threading.Tasks; namespace Ocelot.Authentication.Middleware { @@ -38,7 +36,7 @@ public async Task Invoke(HttpContext httpContext) if (result.Principal?.Identity == null) { - await ChallengeAsync(httpContext, downstreamRoute); + await ChallengeAsync(httpContext, downstreamRoute, result); SetUnauthenticatedError(httpContext, path, null); return; } @@ -52,7 +50,7 @@ public async Task Invoke(HttpContext httpContext) return; } - await ChallengeAsync(httpContext, downstreamRoute); + await ChallengeAsync(httpContext, downstreamRoute, result); SetUnauthenticatedError(httpContext, path, httpContext.User.Identity.Name); } @@ -63,10 +61,10 @@ private void SetUnauthenticatedError(HttpContext httpContext, string path, strin httpContext.Items.SetError(error); } - private async Task ChallengeAsync(HttpContext context, DownstreamRoute route) + private async Task ChallengeAsync(HttpContext context, DownstreamRoute route, AuthenticateResult status) { // Perform a challenge. This populates the WWW-Authenticate header on the response - await context.ChallengeAsync(route.AuthenticationOptions.AuthenticationProviderKey); + await context.ChallengeAsync(route.AuthenticationOptions.AuthenticationProviderKey); // TODO Read failed scheme from auth result // Since the response gets re-created down the pipeline, we store the challenge in the Items, so we can re-apply it when sending the response if (context.Response.Headers.TryGetValue("WWW-Authenticate", out var authenticateHeader)) diff --git a/src/Ocelot/Responder/HttpContextResponder.cs b/src/Ocelot/Responder/HttpContextResponder.cs index 3e15c4f1c..d9cc9e986 100644 --- a/src/Ocelot/Responder/HttpContextResponder.cs +++ b/src/Ocelot/Responder/HttpContextResponder.cs @@ -3,7 +3,6 @@ using Microsoft.Extensions.Primitives; using Ocelot.Headers; using Ocelot.Middleware; -using System.Runtime.Remoting.Messaging; namespace Ocelot.Responder; @@ -79,9 +78,7 @@ public async Task SetErrorResponseOnContext(HttpContext context, DownstreamRespo } public void SetAuthChallengeOnContext(HttpContext context, string challenge) - { - AddHeaderIfDoesntExist(context, new Header("WWW-Authenticate", new[] { challenge })); - } + => AddHeaderIfDoesntExist(context, new Header("WWW-Authenticate", new[] { challenge })); private static void SetStatusCode(HttpContext context, int statusCode) { diff --git a/test/Ocelot.AcceptanceTests/Authentication/AuthenticationTests.cs b/test/Ocelot.AcceptanceTests/Authentication/AuthenticationTests.cs index 9e06a076d..aa6262f31 100644 --- a/test/Ocelot.AcceptanceTests/Authentication/AuthenticationTests.cs +++ b/test/Ocelot.AcceptanceTests/Authentication/AuthenticationTests.cs @@ -2,8 +2,8 @@ using IdentityServer4.Models; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Http; -using Ocelot.Configuration.File; -using System.Net.Http; +using Microsoft.Extensions.DependencyInjection; +using Ocelot.DependencyInjection; namespace Ocelot.AcceptanceTests.Authentication { @@ -129,48 +129,20 @@ public void Should_return_www_authenticate_header_on_401() .And(x => ThenTheResponseShouldContainAuthChallenge()) .BDDfy(); } - - public void GivenOcelotIsRunningWithJwtAuth(string authenticationProviderKey) + private void GivenOcelotIsRunningWithJwtAuth(string authenticationProviderKey) { - var builder = new ConfigurationBuilder() - .SetBasePath(Directory.GetCurrentDirectory()) - .AddJsonFile("appsettings.json", optional: true, reloadOnChange: false) - .AddJsonFile("ocelot.json", false, false) - .AddEnvironmentVariables(); - - var configuration = builder.Build(); - _webHostBuilder = new WebHostBuilder(); - _webHostBuilder.ConfigureServices(s => + GivenOcelotIsRunningWithServices(WithJwtBearer); + void WithJwtBearer(IServiceCollection s) { - s.AddSingleton(_webHostBuilder); - }); - - _ocelotServer = new TestServer(_webHostBuilder - .UseConfiguration(configuration) - .ConfigureServices(s => - { - s.AddAuthentication().AddJwtBearer(authenticationProviderKey, options => - { - }); - s.AddOcelot(configuration); - }) - .ConfigureLogging(l => - { - l.AddConsole(); - l.AddDebug(); - }) - .Configure(a => - { - a.UseOcelot().Wait(); - })); - - _ocelotClient = _ocelotServer.CreateClient(); + s.AddAuthentication().AddJwtBearer(authenticationProviderKey, options => { }); + s.AddOcelot(); + } } - public void GivenIHaveNoTokenForMyRequest() + private void GivenIHaveNoTokenForMyRequest() { _ocelotClient.DefaultRequestHeaders.Authorization = null; } - public void ThenTheResponseShouldContainAuthChallenge() + private void ThenTheResponseShouldContainAuthChallenge() { _response.Headers.TryGetValues("WWW-Authenticate", out var headerValue).ShouldBeTrue(); headerValue.ShouldNotBeEmpty();