Changes per code review and discussion

microsoft · Dec 13, 2018 · b163532 · b163532
1 parent 3fa99f8
commit b163532
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 81 deletions.
diff --git a/src/Microsoft.Health.Fhir.Web/DevelopmentIdentityProviderConfiguration.cs b/src/Microsoft.Health.Fhir.Web/DevelopmentIdentityProviderConfiguration.cs
@@ -9,7 +9,7 @@ namespace Microsoft.Health.Fhir.Web
 {
     public class DevelopmentIdentityProviderConfiguration
     {
-        public const string Audience = "fhir-api";
+        public static string Audience { get; set; } = "fhir-api";
 
         public bool Enabled { get; set; }
 

diff --git a/test/Microsoft.Health.Fhir.Tests.E2E/Common/AuthenticationScenarios.cs b/test/Microsoft.Health.Fhir.Tests.E2E/Common/AuthenticationScenarios.cs
diff --git a/test/Microsoft.Health.Fhir.Tests.E2E/Common/FhirClient.cs b/test/Microsoft.Health.Fhir.Tests.E2E/Common/FhirClient.cs
@@ -90,10 +90,10 @@ public async Task RunAsUser(TestUser user, TestApplication clientApplication)
             await SetupAuthenticationAsync(clientApplication, user);
         }
 
-        public async Task RunAsClientApplication(TestApplication clientApplication, AuthenticationScenarios scenario = AuthenticationScenarios.VALIDAUTH)
+        public async Task RunAsClientApplication(TestApplication clientApplication)
         {
             EnsureArg.IsNotNull(clientApplication, nameof(clientApplication));
-            await SetupAuthenticationAsync(clientApplication, null, scenario);
+            await SetupAuthenticationAsync(clientApplication, null);
         }
 
         public Task<FhirResponse<T>> CreateAsync<T>(T resource)
@@ -268,12 +268,10 @@ private async Task<FhirResponse<T>> CreateResponseAsync<T>(HttpResponseMessage r
                 string.IsNullOrWhiteSpace(content) ? null : (T)_deserialize(content));
         }
 
-        private async Task SetupAuthenticationAsync(TestApplication clientApplication, TestUser user = null, AuthenticationScenarios scnerio = AuthenticationScenarios.VALIDAUTH)
+        private async Task SetupAuthenticationAsync(TestApplication clientApplication, TestUser user = null)
         {
             await GetSecuritySettings("metadata");
 
-            ConfigureSecuritySettings(scnerio);
-
             if (SecuritySettings.SecurityEnabled)
             {
                 var tokenKey = $"{clientApplication.ClientId}:{(user == null ? string.Empty : user.UserId)}";
@@ -287,24 +285,6 @@ private async Task SetupAuthenticationAsync(TestApplication clientApplication, T
             }
         }
 
-        private void ConfigureSecuritySettings(AuthenticationScenarios authenticationscenario)
-        {
-            if (authenticationscenario == AuthenticationScenarios.NOAUTH)
-            {
-                SecuritySettings = (true, null, null);
-            }
-
-            if (authenticationscenario == AuthenticationScenarios.INVALIDAUTH)
-            {
-                SecuritySettings = (true, SecuritySettings.AuthorizeUrl, "invalidtoken");
-            }
-
-            if (authenticationscenario == AuthenticationScenarios.VALIDAUTHWRONGAUTHORITY)
-            {
-                SecuritySettings = (true, "invalidauthority", SecuritySettings.TokenUrl);
-            }
-        }
-
         private async Task<string> GetBearerToken(TestApplication clientApplication, TestUser user)
         {
             var formContent = new FormUrlEncodedContent(user == null ? GetAppSecuritySettings(clientApplication) : GetUserSecuritySettings(clientApplication, user));
@@ -317,10 +297,6 @@ private async Task<string> GetBearerToken(TestApplication clientApplication, Tes
             {
                 return tokenJson["access_token"].Value<string>();
             }
-            else if (tokenJson["error"] != null)
-            {
-                return null;
-            }
 
             return null;
         }

diff --git a/test/Microsoft.Health.Fhir.Tests.E2E/Rest/BasicAuthTests.cs b/test/Microsoft.Health.Fhir.Tests.E2E/Rest/BasicAuthTests.cs
@@ -24,6 +24,7 @@ public class BasicAuthTests : IClassFixture<HttpIntegrationTestFixture<Startup>>
     {
         private const string ForbiddenMessage = "Forbidden: Authorization failed.";
         private const string UnauthorizedMessage = "Unauthorized: Authentication failed.";
+        private const string Invalidtoken = "eyJhbGciOiJSUzI1NiIsImtpZCI6ImNmNWRmMGExNzY5ZWIzZTFkOGRiNWIxMGZiOWY3ZTk0IiwidHlwIjoiSldUIn0.eyJuYmYiOjE1NDQ2ODQ1NzEsImV4cCI6MTU0NDY4ODE3MSwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NDQzNDgiLCJhdWQiOlsiaHR0cHM6Ly9sb2NhbGhvc3Q6NDQzNDgvcmVzb3VyY2VzIiwiZmhpci1haSJdLCJjbGllbnRfaWQiOiJzZXJ2aWNlY2xpZW50Iiwicm9sZXMiOiJhZG1pbiIsImFwcGlkIjoic2VydmljZWNsaWVudCIsInNjb3BlIjpbImZoaXItYWkiXX0.SKSvy6Jxzwsv1ZSi0PO4Pdq6QDZ6mBJIRxUPgoPlz2JpiB6GMXu5u0n1IpS6zOXihGkGhegjtcqj-6TKE6Ou5uhQ0VTnmf-NxcYKFl48aDihcGem--qa2V8GC7na549Ctj1PLXoYUbovV4LB27Kj3X83sZVnWdHqg_G0AKo4xm7hr23VUvJ1D73lEcYaGd5K9GXHNgUrJO5v288y0uCXZ5ByNDJ-K6Xi7_68dLdshlIiHaeIBuC3rhchSf2hdglkQgOyo4g4gT_HfKjwdrrpGzepNXOPQEwtUs_o2uriXAd7FfbL_Q4ORiDWPXkmwBXqo7uUfg-2SnT3DApc3PuA0";
 
         public BasicAuthTests(HttpIntegrationTestFixture<Startup> fixture)
         {
@@ -105,23 +106,6 @@ async Task<FhirException> ExecuteAndValidateNotFoundStatus(Func<Task> action)
             }
         }
 
-        [Fact]
-        [Trait(Traits.Priority, Priority.One)]
-        public async Task WhenGettingAResource_GivenAUserWithReadPermissions_TheServerShouldReturnSuccess()
-        {
-            await Client.RunAsClientApplication(TestApplications.ServiceClient);
-            Observation createdResource = await Client.CreateAsync(Samples.GetDefaultObservation());
-
-            await Client.RunAsUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient);
-            FhirResponse<Observation> readResponse = await Client.ReadAsync<Observation>(ResourceType.Observation, createdResource.Id);
-
-            Observation readResource = readResponse.Resource;
-
-            Assert.Equal(createdResource.Id, readResource.Id);
-            Assert.Equal(createdResource.Meta.VersionId, readResource.Meta.VersionId);
-            Assert.Equal(createdResource.Meta.LastUpdated, readResource.Meta.LastUpdated);
-        }
-
         [Fact]
         [Trait(Traits.Priority, Priority.One)]
         public async Task WhenUpdatingAResource_GivenAUserWithUpdatePermissions_TheServerShouldReturnSuccess()
@@ -144,9 +128,9 @@ public async Task WhenUpdatingAResource_GivenAUserWithUpdatePermissions_TheServe
 
         [Fact]
         [Trait(Traits.Priority, Priority.One)]
-        public async Task WhenGettingAResource_GivenAUserWithNoAuthToken_TheServerShouldReturnUnAuthorized()
+        public async Task WhenGettingAResource_GivenAClientWithNoAuthToken_TheServerShouldReturnUnAuthorized()
         {
-            await Client.RunAsClientApplication(TestApplications.NativeClient, AuthenticationScenarios.NOAUTH);
+            await Client.RunAsClientApplication(TestApplications.InvalidClient);
 
             FhirException fhirException = await Assert.ThrowsAsync<FhirException>(async () => await Client.CreateAsync(Samples.GetDefaultObservation()));
             Assert.Equal(UnauthorizedMessage, fhirException.Message);
@@ -155,19 +139,38 @@ public async Task WhenGettingAResource_GivenAUserWithNoAuthToken_TheServerShould
 
         [Fact]
         [Trait(Traits.Priority, Priority.One)]
-        public async Task WhenGettingAResource_GivenAUserWithInvalidAuthToken_TheServerShouldReturnUnAuthorized()
+        public async Task WhenGettingAResource_GivenAClientWithInvalidAuthToken_TheServerShouldReturnUnAuthorized()
         {
-            await Client.RunAsClientApplication(TestApplications.InvalidClient, AuthenticationScenarios.INVALIDAUTH);
+            await Client.RunAsClientApplication(TestApplications.ServiceClient);
+            Client.HttpClient.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", Invalidtoken);
             FhirException fhirException = await Assert.ThrowsAsync<FhirException>(async () => await Client.CreateAsync(Samples.GetDefaultObservation()));
             Assert.Equal(UnauthorizedMessage, fhirException.Message);
             Assert.Equal(HttpStatusCode.Unauthorized, fhirException.StatusCode);
         }
 
         [Fact]
         [Trait(Traits.Priority, Priority.One)]
-        public async Task WhenGettingAResource_GivenAUserWithValidAuthTokenWrongAuthority_TheServerShouldReturnUnAuthorized()
+        public async Task WhenGettingAResource_GivenAUserWithReadPermissions_TheServerShouldReturnSuccess()
+        {
+            await Client.RunAsClientApplication(TestApplications.ServiceClient);
+            Observation createdResource = await Client.CreateAsync(Samples.GetDefaultObservation());
+
+            await Client.RunAsUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient);
+            FhirResponse<Observation> readResponse = await Client.ReadAsync<Observation>(ResourceType.Observation, createdResource.Id);
+
+            Observation readResource = readResponse.Resource;
+
+            Assert.Equal(createdResource.Id, readResource.Id);
+            Assert.Equal(createdResource.Meta.VersionId, readResource.Meta.VersionId);
+            Assert.Equal(createdResource.Meta.LastUpdated, readResource.Meta.LastUpdated);
+        }
+
+        [Fact]
+        [Trait(Traits.Priority, Priority.One)]
+        public async Task WhenGettingAResource_GivenAClientWithWrongAudienceAuthToken_TheServerShouldReturnUnAuthorized()
         {
-            await Client.RunAsClientApplication(TestApplications.NativeClient, AuthenticationScenarios.VALIDAUTHWRONGAUTHORITY);
+            DevelopmentIdentityProviderConfiguration.Audience = "fhir-ai";
+            await Client.RunAsClientApplication(TestApplications.NativeClient);
             FhirException fhirException = await Assert.ThrowsAsync<FhirException>(async () => await Client.CreateAsync(Samples.GetDefaultObservation()));
             Assert.Equal(UnauthorizedMessage, fhirException.Message);
             Assert.Equal(HttpStatusCode.Unauthorized, fhirException.StatusCode);