removed idserver4 (ThreeMammals#547)

js8080 · Aug 14, 2018 · 0786614 · 0786614
1 parent edbe334
commit 0786614
Show file tree

Hide file tree

Showing 13 changed files with 150 additions and 1,187 deletions.
diff --git a/src/Ocelot/Authorisation/ScopesAuthoriser.cs b/src/Ocelot/Authorisation/ScopesAuthoriser.cs
@@ -1,47 +1,47 @@
-using IdentityModel;
-using Ocelot.Responses;
-using System.Collections.Generic;
-using System.Security.Claims;
-using System.Linq;
-
-namespace Ocelot.Authorisation
-{
-    using Infrastructure.Claims.Parser;
-
-    public class ScopesAuthoriser : IScopesAuthoriser
-    {
-        private readonly IClaimsParser _claimsParser;
-
-        public ScopesAuthoriser(IClaimsParser claimsParser)
-        {
-            _claimsParser = claimsParser;
-        }
-
-        public Response<bool> Authorise(ClaimsPrincipal claimsPrincipal, List<string> routeAllowedScopes)
-        {
-            if (routeAllowedScopes == null || routeAllowedScopes.Count == 0)
-            {
-                return new OkResponse<bool>(true);
-            }
-
-            var values = _claimsParser.GetValuesByClaimType(claimsPrincipal.Claims, JwtClaimTypes.Scope);
-
-            if (values.IsError)
-            {
-                return new ErrorResponse<bool>(values.Errors);
-            }
-
-            var userScopes = values.Data;
-
-            var matchesScopes = routeAllowedScopes.Intersect(userScopes).ToList();
-
-            if (matchesScopes.Count == 0)
-            {
-                return new ErrorResponse<bool>(
-                    new ScopeNotAuthorisedError($"no one user scope: '{string.Join(",", userScopes)}' match with some allowed scope: '{string.Join(",", routeAllowedScopes)}'"));
-            }
-
-            return new OkResponse<bool>(true);
-        }
-    }
-}
+using Ocelot.Responses;
+using System.Collections.Generic;
+using System.Security.Claims;
+using System.Linq;
+
+namespace Ocelot.Authorisation
+{
+    using Infrastructure.Claims.Parser;
+
+    public class ScopesAuthoriser : IScopesAuthoriser
+    {
+        private readonly IClaimsParser _claimsParser;
+        private readonly string _scope = "scope";
+
+        public ScopesAuthoriser(IClaimsParser claimsParser)
+        {
+            _claimsParser = claimsParser;
+        }
+
+        public Response<bool> Authorise(ClaimsPrincipal claimsPrincipal, List<string> routeAllowedScopes)
+        {
+            if (routeAllowedScopes == null || routeAllowedScopes.Count == 0)
+            {
+                return new OkResponse<bool>(true);
+            }
+
+            var values = _claimsParser.GetValuesByClaimType(claimsPrincipal.Claims, _scope);
+
+            if (values.IsError)
+            {
+                return new ErrorResponse<bool>(values.Errors);
+            }
+
+            var userScopes = values.Data;
+
+            var matchesScopes = routeAllowedScopes.Intersect(userScopes).ToList();
+
+            if (matchesScopes.Count == 0)
+            {
+                return new ErrorResponse<bool>(
+                    new ScopeNotAuthorisedError($"no one user scope: '{string.Join(",", userScopes)}' match with some allowed scope: '{string.Join(",", routeAllowedScopes)}'"));
+            }
+
+            return new OkResponse<bool>(true);
+        }
+    }
+}
diff --git a/src/Ocelot/DependencyInjection/IOcelotBuilder.cs b/src/Ocelot/DependencyInjection/IOcelotBuilder.cs
@@ -1,6 +1,5 @@
 using System;
 using System.Net.Http;
-using IdentityServer4.AccessTokenValidation;
 using Ocelot.Middleware.Multiplexer;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Configuration;
@@ -13,10 +12,6 @@ public interface IOcelotBuilder
 
         IConfiguration Configuration { get; }
 
-        IOcelotAdministrationBuilder AddAdministration(string path, string secret);
-
-        IOcelotAdministrationBuilder AddAdministration(string path, Action<IdentityServerAuthenticationOptions> configOptions);
-
         IOcelotBuilder AddDelegatingHandler<T>(bool global = false)
             where T : DelegatingHandler;
 

diff --git a/src/Ocelot/DependencyInjection/OcelotBuilder.cs b/src/Ocelot/DependencyInjection/OcelotBuilder.cs
@@ -1,6 +1,5 @@
 namespace Ocelot.DependencyInjection
 {
-    using IdentityServer4.Models;
     using Microsoft.AspNetCore.Http;
     using Microsoft.Extensions.Configuration;
     using Microsoft.Extensions.DependencyInjection;
@@ -31,10 +30,8 @@ namespace Ocelot.DependencyInjection
     using Ocelot.ServiceDiscovery;
     using System;
     using System.Collections.Generic;
-    using System.IdentityModel.Tokens.Jwt;
     using System.Reflection;
     using System.Security.Cryptography.X509Certificates;
-    using IdentityServer4.AccessTokenValidation;
     using Microsoft.AspNetCore.Builder;
     using Ocelot.Configuration;
     using Microsoft.Extensions.DependencyInjection.Extensions;
@@ -141,35 +138,6 @@ public OcelotBuilder(IServiceCollection services, IConfiguration configurationRo
             Services.TryAddSingleton<IFrameworkDescription, FrameworkDescription>();
         }
 
-        public IOcelotAdministrationBuilder AddAdministration(string path, string secret)
-        {
-            var administrationPath = new AdministrationPath(path);
-
-            //add identity server for admin area
-            var identityServerConfiguration = IdentityServerConfigurationCreator.GetIdentityServerConfiguration(secret);
-
-            if (identityServerConfiguration != null)
-            {
-                AddIdentityServer(identityServerConfiguration, administrationPath);
-            }
-
-            Services.AddSingleton<IAdministrationPath>(administrationPath);
-            return new OcelotAdministrationBuilder(Services, Configuration);
-        }
-
-        public IOcelotAdministrationBuilder AddAdministration(string path, Action<IdentityServerAuthenticationOptions> configureOptions)
-        {
-            var administrationPath = new AdministrationPath(path);
-
-            if (configureOptions != null)
-            {
-                AddIdentityServer(configureOptions);
-            }
-
-            Services.AddSingleton<IAdministrationPath>(administrationPath);
-            return new OcelotAdministrationBuilder(Services, Configuration);
-        }
-
         public IOcelotBuilder AddSingletonDefinedAggregator<T>() 
             where T : class, IDefinedAggregator
         {
@@ -202,88 +170,5 @@ public IOcelotBuilder AddDelegatingHandler<THandler>(bool global = false)
 
             return this;
         }
-
-        private void AddIdentityServer(Action<IdentityServerAuthenticationOptions> configOptions)
-        {
-            Services
-                .AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
-                .AddIdentityServerAuthentication(configOptions);
-        }
-
-        private void AddIdentityServer(IIdentityServerConfiguration identityServerConfiguration, IAdministrationPath adminPath) 
-        {
-            Services.TryAddSingleton<IIdentityServerConfiguration>(identityServerConfiguration);
-            var identityServerBuilder = Services
-                .AddIdentityServer(o => {
-                    o.IssuerUri = "Ocelot";
-                })
-                .AddInMemoryApiResources(Resources(identityServerConfiguration))
-                .AddInMemoryClients(Client(identityServerConfiguration));
-
-            var urlFinder = new BaseUrlFinder(Configuration);
-            var baseSchemeUrlAndPort = urlFinder.Find();
-            JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();            
-
-            Services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
-                .AddIdentityServerAuthentication(o =>
-                {
-                    o.Authority = baseSchemeUrlAndPort + adminPath.Path;
-                    o.ApiName = identityServerConfiguration.ApiName;
-                    o.RequireHttpsMetadata = identityServerConfiguration.RequireHttps;
-                    o.SupportedTokens = SupportedTokens.Both;
-                    o.ApiSecret = identityServerConfiguration.ApiSecret;
-                });
-
-                //todo - refactor naming..
-                if (string.IsNullOrEmpty(identityServerConfiguration.CredentialsSigningCertificateLocation) || string.IsNullOrEmpty(identityServerConfiguration.CredentialsSigningCertificatePassword))
-                {
-                    identityServerBuilder.AddDeveloperSigningCredential();
-                }
-                else
-                {
-                    //todo - refactor so calls method?
-                    var cert = new X509Certificate2(identityServerConfiguration.CredentialsSigningCertificateLocation, identityServerConfiguration.CredentialsSigningCertificatePassword);
-                    identityServerBuilder.AddSigningCredential(cert);
-                }
-        }
-
-        private List<ApiResource> Resources(IIdentityServerConfiguration identityServerConfiguration)
-        {
-            return new List<ApiResource>
-            {
-                new ApiResource(identityServerConfiguration.ApiName, identityServerConfiguration.ApiName)
-                {
-                    ApiSecrets = new List<Secret>
-                    {
-                        new Secret
-                        {
-                            Value = identityServerConfiguration.ApiSecret.Sha256()
-                        }
-                    }
-                },
-            };
-        }
-
-        private List<Client> Client(IIdentityServerConfiguration identityServerConfiguration) 
-        {
-            return new List<Client>
-            {
-                new Client
-                {
-                    ClientId = identityServerConfiguration.ApiName,
-                    AllowedGrantTypes = GrantTypes.ClientCredentials,
-                    ClientSecrets = new List<Secret> {new Secret(identityServerConfiguration.ApiSecret.Sha256())},
-                    AllowedScopes = { identityServerConfiguration.ApiName }
-                }
-            };
-        }
-
-        private static bool UsingEurekaServiceDiscoveryProvider(IConfiguration configurationRoot)
-        {
-            var type = configurationRoot.GetValue<string>("GlobalConfiguration:ServiceDiscoveryProvider:Type",
-                string.Empty);
-
-            return type.ToLower() == "eureka";
-        }
     }
 }
diff --git a/src/Ocelot/Middleware/OcelotMiddlewareExtensions.cs b/src/Ocelot/Middleware/OcelotMiddlewareExtensions.cs
@@ -37,8 +37,6 @@ public static async Task<IApplicationBuilder> UseOcelot(this IApplicationBuilder
         {
             var configuration = await CreateConfiguration(builder);
 
-            CreateAdministrationArea(builder, configuration);
-
             ConfigureDiagnosticListener(builder);
 
             return CreateOcelotPipeline(builder, pipelineConfiguration);
@@ -153,25 +151,6 @@ private static void ThrowToStopOcelotStarting(Response config)
             throw new Exception($"Unable to start Ocelot, errors are: {string.Join(",", config.Errors.Select(x => x.ToString()))}");
         }
 
-        private static void CreateAdministrationArea(IApplicationBuilder builder, IInternalConfiguration configuration)
-        {
-            if (!string.IsNullOrEmpty(configuration.AdministrationPath))
-            {
-                builder.Map(configuration.AdministrationPath, app =>
-                {
-                    //todo - hack so we know that we are using internal identity server
-                    var identityServerConfiguration = builder.ApplicationServices.GetService<IIdentityServerConfiguration>();
-                    if (identityServerConfiguration != null)
-                    {
-                        app.UseIdentityServer();
-                    }
-
-                    app.UseAuthentication();
-                    app.UseMvc();
-                });
-            }
-        }
-
         private static void ConfigureDiagnosticListener(IApplicationBuilder builder)
         {
             var env = builder.ApplicationServices.GetService<IHostingEnvironment>();

diff --git a/src/Ocelot/Ocelot.csproj b/src/Ocelot/Ocelot.csproj
@@ -27,7 +27,6 @@
   </PropertyGroup>
   <ItemGroup>
     <PackageReference Include="FluentValidation" Version="7.6.104" />
-    <PackageReference Include="IdentityServer4.AccessTokenValidation" Version="2.6.0" />
     <PackageReference Include="Microsoft.AspNetCore" Version="2.1.1" />
     <PackageReference Include="Microsoft.AspNetCore.Mvc" Version="2.1.1" />
     <PackageReference Include="Microsoft.AspNetCore.MiddlewareAnalysis" Version="2.1.1" />
@@ -47,6 +46,5 @@
     </PackageReference>
     <PackageReference Include="System.Text.RegularExpressions" Version="4.3.0" />
     <PackageReference Include="Polly" Version="6.0.1" />
-    <PackageReference Include="IdentityServer4" Version="2.2.0" />
   </ItemGroup>
 </Project>
diff --git a/test/Ocelot.AcceptanceTests/Ocelot.AcceptanceTests.csproj b/test/Ocelot.AcceptanceTests/Ocelot.AcceptanceTests.csproj
@@ -52,5 +52,7 @@
     <PackageReference Include="TestStack.BDDfy" Version="4.3.2" />
     <PackageReference Include="xunit" Version="2.3.1" />
     <PackageReference Include="Butterfly.Client.AspNetCore" Version="0.0.8" />
+    <PackageReference Include="IdentityServer4.AccessTokenValidation" Version="2.6.0" />
+    <PackageReference Include="IdentityServer4" Version="2.2.0" />
   </ItemGroup>
 </Project>