Merge pull request #4 from fmichellonet/features/tests

Authorize on Type and AllowAnonymous

Author: fmichellonet

.github/workflows/ci.yml

@@ -20,9 +20,14 @@ jobs:
       uses: actions/setup-dotnet@v1
       with:
         dotnet-version: 3.1.404
-    - name: Build with dotnet
-      run: dotnet build --configuration Release
+    # restore dependencies  
+    - name: Install dependencies
+      run: dotnet restore
       working-directory: .\src
-    # - name: Test
-    #   run: dotnet test
-    #   working-directory: .\src
+    # build
+    - name: Build
+      run: dotnet build --no-restore --configuration Release
+      working-directory: .\src
+    - name: Test
+      run: dotnet test
+      working-directory: .\src

src/AzureFunctions.Extensions.OpenIDConnect.Tests/AzureFunctions.Extensions.OpenIDConnect.Tests.csproj

@@ -0,0 +1,18 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>netcoreapp3.1</TargetFramework>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="FluentAssertions" Version="5.10.3" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="16.8.3" />
+    <PackageReference Include="NUnit" Version="3.13.1" />
+    <PackageReference Include="NUnit3TestAdapter" Version="3.17.0" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\AzureFunctions.Extensions.OpenIDConnect\AzureFunctions.Extensions.OpenIDConnect.csproj" />
+  </ItemGroup>
+
+</Project>

src/AzureFunctions.Extensions.OpenIDConnect.Tests/RouteGuardianShould.cs

@@ -0,0 +1,150 @@
+using System.Threading.Tasks;
+using FluentAssertions;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Azure.WebJobs;
+using Microsoft.Azure.WebJobs.Extensions.Http;
+using Microsoft.Extensions.Logging;
+using NUnit.Framework;
+
+namespace AzureFunctions.Extensions.OpenIDConnect.Tests
+{
+    using System;
+    using System.Collections.Generic;
+
+    [TestFixture]
+    public class RouteGuardianShould
+    {
+        [Test]
+        public async Task Not_Authorize_When_Not_HttpTrigger()
+        {
+            // Arrange
+            var guardian = new RouteGuardian(() => new List<Type>{ typeof(Not_HttpTrigger) });
+
+            // Act
+            var result = await guardian.ShouldAuthorize("Not_HttpTrigger");
+
+            // Assert
+            result.Should().Be(false);
+        }
+
+        [Test]
+        public async Task Not_Authorize_When_No_Authorize_Attribute_On_Method_And_Type()
+        {
+            // Arrange
+            var guardian = new RouteGuardian(() => new List<Type> { typeof(No_Authorize_Attribute_On_Method_And_Type) });
+
+            // Act
+            var result = await guardian.ShouldAuthorize("No_Authorize_Attribute_On_Method_And_Type");
+
+            // Assert
+            result.Should().Be(false);
+        }
+
+        [Test]
+        public async Task Authorize_When_Authorize_Attribute_Is_On_Method()
+        {
+            // Arrange
+            var guardian = new RouteGuardian(() => new List<Type> { typeof(Authorize_Attribute_Is_On_Method) });
+
+            // Act
+            var result = await guardian.ShouldAuthorize("Authorize_Attribute_Is_On_Method");
+
+            // Assert
+            result.Should().Be(true);
+        }
+
+        [Test]
+        public async Task Authorize_When_Authorize_Attribute_Is_On_Class()
+        {
+            // Arrange
+            var guardian = new RouteGuardian(() => new List<Type> { typeof(Authorize_Attribute_Is_On_Class) });
+
+            // Act
+            var result = await guardian.ShouldAuthorize("Authorize_Attribute_Is_On_Class");
+
+            // Assert
+            result.Should().Be(true);
+        }
+
+        [Test]
+        public async Task NotAuthorize_When_Authorize_Attribute_Is_On_Class_But_AllowAnonimous_On_Method()
+        {
+            // Arrange
+            var guardian = new RouteGuardian(() => new List<Type> { typeof(Attribute_Is_On_Class_But_AllowAnonimous_On_Method) });
+
+            // Act
+            var result = await guardian.ShouldAuthorize("Attribute_Is_On_Class_But_AllowAnonimous_On_Method");
+
+            // Assert
+            result.Should().Be(false);
+        }
+
+
+
+        internal class Not_HttpTrigger
+        {
+            [Authorize]
+            [FunctionName("Not_HttpTrigger")]
+            public IActionResult Run(HttpRequest req, ILogger log)
+            {
+                var responseMessage = "Hello. This HTTP triggered function is protected.";
+
+                return new OkObjectResult(responseMessage);
+            }
+        }
+
+        internal class No_Authorize_Attribute_On_Method_And_Type
+        {
+            [FunctionName("No_Authorize_Attribute_On_Method_And_Type")]
+            public IActionResult Run(
+                [HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = null)] HttpRequest req, ILogger log)
+            {
+                var responseMessage = "Hello. This HTTP triggered function is protected.";
+
+                return new OkObjectResult(responseMessage);
+            }
+        }
+
+        internal class Authorize_Attribute_Is_On_Method
+        {
+            [Authorize]
+            [FunctionName("Authorize_Attribute_Is_On_Method")]
+            public IActionResult Run(
+                [HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = null)] HttpRequest req, ILogger log)
+            {
+                var responseMessage = "Hello. This HTTP triggered function is protected.";
+
+                return new OkObjectResult(responseMessage);
+            }
+        }
+
+        [Authorize]
+        internal class Authorize_Attribute_Is_On_Class
+        {
+            [FunctionName("Authorize_Attribute_Is_On_Class")]
+            public IActionResult Run(
+                [HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = null)] HttpRequest req, ILogger log)
+            {
+                var responseMessage = "Hello. This HTTP triggered function is protected.";
+
+                return new OkObjectResult(responseMessage);
+            }
+        }
+
+        [Authorize]
+        internal class Attribute_Is_On_Class_But_AllowAnonimous_On_Method
+        {
+            [AllowAnonymous]
+            [FunctionName("Attribute_Is_On_Class_But_AllowAnonimous_On_Method")]
+            public IActionResult Run(
+                [HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = null)] HttpRequest req, ILogger log)
+            {
+                var responseMessage = "Hello. This HTTP triggered function is protected.";
+
+                return new OkObjectResult(responseMessage);
+            }
+        }
+    }
+}

src/AzureFunctions.Extensions.OpenIDConnect.sln

@@ -3,7 +3,9 @@ Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio Version 16
 VisualStudioVersion = 16.0.30907.101
 MinimumVisualStudioVersion = 10.0.40219.1
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AzureFunctions.Extensions.OpenIDConnect", "AzureFunctions.Extensions.OpenIDConnect/AzureFunctions.Extensions.OpenIDConnect.csproj", "{72379104-48F7-4A31-9946-C36C573D4563}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AzureFunctions.Extensions.OpenIDConnect", "AzureFunctions.Extensions.OpenIDConnect\AzureFunctions.Extensions.OpenIDConnect.csproj", "{72379104-48F7-4A31-9946-C36C573D4563}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AzureFunctions.Extensions.OpenIDConnect.Tests", "AzureFunctions.Extensions.OpenIDConnect.Tests\AzureFunctions.Extensions.OpenIDConnect.Tests.csproj", "{09F7B354-FEB9-4A08-8292-234ACD7C679C}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
@@ -15,6 +17,10 @@ Global
 		{72379104-48F7-4A31-9946-C36C573D4563}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{72379104-48F7-4A31-9946-C36C573D4563}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{72379104-48F7-4A31-9946-C36C573D4563}.Release|Any CPU.Build.0 = Release|Any CPU
+		{09F7B354-FEB9-4A08-8292-234ACD7C679C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{09F7B354-FEB9-4A08-8292-234ACD7C679C}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{09F7B354-FEB9-4A08-8292-234ACD7C679C}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{09F7B354-FEB9-4A08-8292-234ACD7C679C}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE

src/AzureFunctions.Extensions.OpenIDConnect/Configuration/ConfigurationBuilder.cs

@@ -3,6 +3,8 @@
 
 namespace AzureFunctions.Extensions.OpenIDConnect.Configuration
 {
+    using System;
+    using System.Collections.Generic;
 
     public class ConfigurationBuilder
     {
@@ -15,6 +17,9 @@ public class ConfigurationBuilder
         internal ConfigurationBuilder(IServiceCollection services)
         {
             _services = services;
+
+            // defaulting
+            SetTypeCrawler(RouteGuardian.AppDomainTypeCrawler);
         }
 
         public void SetTokenValidation(string audience, string issuer)
@@ -43,5 +48,10 @@ private void SetConfigurationManagerSettings(ConfigurationManagerSettings settin
             _services.AddSingleton(settings);
             _hasConfigurationManagerSettings = true;
         }
+
+        public void SetTypeCrawler(Func<IEnumerable<Type>> functionTypeCrawler)
+        {
+            _services.AddSingleton<FunctionTypeCrawler>(() => functionTypeCrawler());
+        }
     }
 }

src/AzureFunctions.Extensions.OpenIDConnect/Configuration/ServicesConfigurationExtensions.cs

@@ -44,7 +44,7 @@ public static void AddOpenIDConnect(this IServiceCollection services, Action<Con
             services.AddSingleton<IJwtSecurityTokenHandlerWrapper, JwtSecurityTokenHandlerWrapper>();
             services.AddSingleton<IOpenIdConnectConfigurationManager, OpenIdConnectConfigurationManager>();
             services.AddSingleton<IAuthenticationService, AuthenticationService>();
-            services.AddSingleton<IRouteGuardian, RouteGuardian>();
+            services.AddSingleton<RouteGuardian>();
             services.AddSingleton<IFunctionFilter, AuthorizeFilter>();
         }
     }

src/AzureFunctions.Extensions.OpenIDConnect/RouteGuardian.cs

@@ -8,40 +8,45 @@
     using Microsoft.AspNetCore.Authorization;
     using Microsoft.Azure.WebJobs;
 
+
+    public delegate IEnumerable<Type> FunctionTypeCrawler();
+
     public class RouteGuardian : IRouteGuardian
     {
-
         private readonly Dictionary<string, AuthorizeAttribute> _routeProtection;
 
-        public RouteGuardian()
+        public static Func<IEnumerable<Type>> AppDomainTypeCrawler = () =>
         {
-            var types = AppDomain.CurrentDomain
-                                 .GetAssemblies()
-                                 .Where(a => !a.IsDynamic)
-                                 .SelectMany(x => x.GetTypes());
+            return AppDomain.CurrentDomain
+                            .GetAssemblies()
+                            .Where(a => !a.IsDynamic)
+                            .SelectMany(x => x.GetTypes());
+        };
 
+        public RouteGuardian(FunctionTypeCrawler typeCrawler)
+        {
+            bool IsAzureFunction(MethodInfo methodInfo) => methodInfo.GetCustomAttributes<FunctionNameAttribute>().Any();
+            bool IsHttpTrigger(MethodInfo methodInfo) => methodInfo.GetParameters().Any(paramInfo => paramInfo.GetCustomAttributes<HttpTriggerAttribute>().Any());
 
-            var httpTriggerMethods = types.SelectMany(type => type.GetMethods()
-                .Where(
-                    methodInfo => methodInfo.IsPublic && methodInfo.GetCustomAttributes<FunctionNameAttribute>().Any() &&
-                    methodInfo.GetParameters().Any(paramInfo => paramInfo.GetCustomAttributes<HttpTriggerAttribute>().Any())
-                )
-            );
+            var httpTriggerMethods = typeCrawler().SelectMany(type => type.GetMethods())
+                .Where(methodInfo => methodInfo.IsPublic && IsAzureFunction(methodInfo) && IsHttpTrigger(methodInfo));
 
             var infos = httpTriggerMethods.Select(methodInfo =>
             {
                 var httpTriggerAttribute = methodInfo.GetParameters()
-                                                     .SelectMany(paramInfo =>paramInfo.GetCustomAttributes<HttpTriggerAttribute>())
+                                                     .SelectMany(paramInfo => paramInfo.GetCustomAttributes<HttpTriggerAttribute>())
                                                      .First();
-                
-                var functionNameAttribute = methodInfo.GetCustomAttributes<FunctionNameAttribute>().First();
 
-                var authorizeAttribute = methodInfo.GetCustomAttributes<AuthorizeAttribute>().FirstOrDefault();
+                var functionNameAttribute = methodInfo.GetCustomAttributes<FunctionNameAttribute>().First();
 
+                var authorizeAttributeOnType = methodInfo.DeclaringType?.GetCustomAttributes<AuthorizeAttribute>().FirstOrDefault();
+                var authorizeAttributeOnMethod = methodInfo.GetCustomAttributes<AuthorizeAttribute>().FirstOrDefault();
+                var anonymousAttributeOnMethod = methodInfo.GetCustomAttributes<AllowAnonymousAttribute>().FirstOrDefault();
+                
                 return new AzureFunctionInfo
                 {
                     FunctionName = functionNameAttribute.Name,
-                    AuthorizeAttribute = authorizeAttribute,
+                    AuthorizeAttribute = anonymousAttributeOnMethod != null ? null : authorizeAttributeOnMethod ?? authorizeAttributeOnType,
                     Route = httpTriggerAttribute.Route
                 };
             });
@@ -62,4 +67,5 @@ private class AzureFunctionInfo
             public string Route { get; set; }
         }
     }
+    
 }