Add test case with expired token

mocsharp · mocsharp · commit 5da612500f40 · 2022-12-01T14:21:04.000-08:00
Signed-off-by: Victor Chang &lt;vicchang@nvidia.com&gt;
diff --git a/src/Authentication/Extensions/HttpContextExtension.cs b/src/Authentication/Extensions/HttpContextExtension.cs
@@ -46,7 +46,6 @@ public static List<string> GetValidEndpoints(this HttpContext httpcontext, List<
                 {
                     return claim.Endpoints!;
                 }
-
             }
 
             return new List<string>();
diff --git a/src/Authentication/Extensions/MonaiAuthenticationExtensions.cs b/src/Authentication/Extensions/MonaiAuthenticationExtensions.cs
@@ -17,7 +17,6 @@
 using System.Text;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
-using Microsoft.AspNetCore.Authorization;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
diff --git a/src/Authentication/Tests/EndpointAuthorizationMiddlewareTest.cs b/src/Authentication/Tests/EndpointAuthorizationMiddlewareTest.cs
@@ -109,6 +109,23 @@ public async Task GivenConfigurationFileWithOpenIdConfigured_WhenUserIsAuthentic
             Assert.Equal(HttpStatusCode.Forbidden, responseMessage.StatusCode);
         }
 
+        [Theory]
+        [InlineData("role-with-test")]
+        public async Task GivenConfigurationFileWithOpenIdConfigured_WhenUserProvidesAnExpiredToken_ExpectToDenyRequest(string role)
+        {
+            using var host = await new HostBuilder().ConfigureWebHost(SetupWebServer("test.auth.json")).StartAsync().ConfigureAwait(false);
+
+            var server = host.GetTestServer();
+            server.BaseAddress = new Uri("https://example.com/");
+
+            var token = MockJwtTokenHandler.GenerateJwtToken(role, -5);
+
+            var client = server.CreateClient();
+            client.DefaultRequestHeaders.Add("Authorization", $"{JwtBearerDefaults.AuthenticationScheme} {token}");
+            var responseMessage = await client.GetAsync("api/Test").ConfigureAwait(false);
+
+            Assert.Equal(HttpStatusCode.Unauthorized, responseMessage.StatusCode);
+        }
 
         private static Action<IWebHostBuilder> SetupWebServer(string configFile) => webBuilder =>
         {
diff --git a/src/Authentication/Tests/MockJwtTokenHandler.cs b/src/Authentication/Tests/MockJwtTokenHandler.cs
@@ -37,10 +37,10 @@ static MockJwtTokenHandler()
                 SigningCredentials = new SigningCredentials(SecurityKey, SecurityAlgorithms.HmacSha256Signature);
             }
 
-            public static string GenerateJwtToken(string role)
+            public static string GenerateJwtToken(string role, int expiresInMinutes = 5)
             {
                 var claims = new[] { new Claim("user_roles", role) };
-                return TokenHandler.WriteToken(new JwtSecurityToken(Issuer, "monai-app", claims, null, DateTime.UtcNow.AddMinutes(20), SigningCredentials));
+                return TokenHandler.WriteToken(new JwtSecurityToken(Issuer, "monai-app", claims, null, DateTime.UtcNow.AddMinutes(expiresInMinutes), SigningCredentials));
             }
         }
     }
diff --git a/src/Authentication/Tests/test.auth.json b/src/Authentication/Tests/test.auth.json
@@ -28,4 +28,4 @@
       }
     }
   }
-}
+}
diff --git a/src/Authentication/Tests/test.bypassd.json b/src/Authentication/Tests/test.bypassd.json
@@ -2,4 +2,4 @@
   "MonaiDeployAuthentication": {
     "BypassAuthentication": true
   }
-}
+}
diff --git a/src/Authentication/Tests/test.emptyopenid.json b/src/Authentication/Tests/test.emptyopenid.json
@@ -3,4 +3,4 @@
     "BypassAuthentication": false,
     "OpenId": {}
   }
-}
+}
diff --git a/src/Authentication/Tests/test.noauth.json b/src/Authentication/Tests/test.noauth.json
@@ -1,2 +1,2 @@
 ﻿{
-}
+}
diff --git a/src/Authentication/example.json b/src/Authentication/example.json
@@ -27,4 +27,4 @@
       }
     }
   }
-}
+}

Original file line number	Diff line number	Diff line change
`@@ -46,7 +46,6 @@ public static List<string> GetValidEndpoints(this HttpContext httpcontext, List<`
`46`	`46`	`{`
`47`	`47`	`return claim.Endpoints!;`
`48`	`48`	`}`
`49`		`-`
`50`	`49`	`}`
`51`	`50`
`52`	`51`	`return new List<string>();`
Original file line number	Diff line number	Diff line change
`@@ -37,10 +37,10 @@ static MockJwtTokenHandler()`
`37`	`37`	`SigningCredentials = new SigningCredentials(SecurityKey, SecurityAlgorithms.HmacSha256Signature);`
`38`	`38`	`}`
`39`	`39`
`40`		`- public static string GenerateJwtToken(string role)`
	`40`	`+ public static string GenerateJwtToken(string role, int expiresInMinutes = 5)`
`41`	`41`	`{`
`42`	`42`	`var claims = new[] { new Claim("user_roles", role) };`
`43`		`- return TokenHandler.WriteToken(new JwtSecurityToken(Issuer, "monai-app", claims, null, DateTime.UtcNow.AddMinutes(20), SigningCredentials));`
	`43`	`+ return TokenHandler.WriteToken(new JwtSecurityToken(Issuer, "monai-app", claims, null, DateTime.UtcNow.AddMinutes(expiresInMinutes), SigningCredentials));`
`44`	`44`	`}`
`45`	`45`	`}`
`46`	`46`	`}`
Original file line number	Diff line number	Diff line change
`@@ -28,4 +28,4 @@`
`28`	`28`	`}`
`29`	`29`	`}`
`30`	`30`	`}`
`31`		`-}`
	`31`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -2,4 +2,4 @@`
`2`	`2`	`"MonaiDeployAuthentication": {`
`3`	`3`	`"BypassAuthentication": true`
`4`	`4`	`}`
`5`		`-}`
	`5`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -3,4 +3,4 @@`
`3`	`3`	`"BypassAuthentication": false,`
`4`	`4`	`"OpenId": {}`
`5`	`5`	`}`
`6`		`-}`
	`6`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -27,4 +27,4 @@`
`27`	`27`	`}`
`28`	`28`	`}`
`29`	`29`	`}`
`30`		`-}`
	`30`	`+}`