Adding more tests

Author: mathewc

src/WebJobs.Script.WebHost/Filters/AuthorizationLevelAttribute.cs

@@ -12,7 +12,7 @@ namespace WebJobs.Script.WebHost.Filters
 {
     public class AuthorizationLevelAttribute : AuthorizationFilterAttribute
     {
-        public const string MasterKeyHeaderName = "x-functions-key";
+        public const string FunctionsKeyHeaderName = "x-functions-key";
 
         public AuthorizationLevelAttribute(AuthorizationLevel level)
         {
@@ -42,14 +42,14 @@ public static bool IsAuthorized(HttpRequestMessage request, AuthorizationLevel l
             return requestLevel >= level;
         }
 
-        private static AuthorizationLevel GetAuthorizationLevel(HttpRequestMessage request, SecretManager secretManager, string functionName = null)
+        internal static AuthorizationLevel GetAuthorizationLevel(HttpRequestMessage request, SecretManager secretManager, string functionName = null)
         {
             // TODO: Add support for validating "EasyAuth" headers
 
-            // first see if a key value is specified via headers or query string
+            // first see if a key value is specified via headers or query string (header takes precidence)
             IEnumerable<string> values;
             string keyValue = null;
-            if (request.Headers.TryGetValues(MasterKeyHeaderName, out values))
+            if (request.Headers.TryGetValues(FunctionsKeyHeaderName, out values))
             {
                 keyValue = values.FirstOrDefault();
             }

src/WebJobs.Script.WebHost/Properties/AssemblyInfo.cs

@@ -33,3 +33,5 @@
 // by using the '*' as shown below:
 [assembly: AssemblyVersion("1.0.0.0")]
 [assembly: AssemblyFileVersion("1.0.0.0")]
+
+[assembly: InternalsVisibleTo("WebJobs.Script.Tests")]

test/WebJobs.Script.Tests/AuthorizationLevelAttributeTests.cs

@@ -1,4 +1,5 @@
-using System.Net;
+using System;
+using System.Net;
 using System.Net.Http;
 using System.Web.Http;
 using System.Web.Http.Controllers;
@@ -14,8 +15,12 @@ namespace WebJobs.Script.Tests
     public class AuthorizationLevelAttributeTests
     {
         private readonly string TestMasterKeyValue = "abc123";
+        private readonly string TestFunctionKeyValue = "def456";
+        private readonly string TestHostFunctionKeyValue = "xyz789";
         private HttpActionContext _actionContext;
         private HostSecrets _hostSecrets;
+        private FunctionSecrets _functionSecrets;
+        private Mock<SecretManager> _mockSecretManager;
 
         public AuthorizationLevelAttributeTests()
         {
@@ -26,13 +31,19 @@ public AuthorizationLevelAttributeTests()
             controllerContext.Configuration = httpConfig;
             Mock<IDependencyResolver> mockDependencyResolver = new Mock<IDependencyResolver>(MockBehavior.Strict);
             httpConfig.DependencyResolver = mockDependencyResolver.Object;
-            Mock<SecretManager> mockSecretManager = new Mock<SecretManager>(MockBehavior.Strict);
+            _mockSecretManager = new Mock<SecretManager>(MockBehavior.Strict);
             _hostSecrets = new HostSecrets
             {
-                MasterKey = TestMasterKeyValue
+                MasterKey = TestMasterKeyValue,
+                FunctionKey = TestHostFunctionKeyValue
             };
-            mockSecretManager.Setup(p => p.GetHostSecrets()).Returns(_hostSecrets);
-            mockDependencyResolver.Setup(p => p.GetService(typeof(SecretManager))).Returns(mockSecretManager.Object);
+            _mockSecretManager.Setup(p => p.GetHostSecrets()).Returns(_hostSecrets);
+            _functionSecrets = new FunctionSecrets
+            {
+                Key = TestFunctionKeyValue
+            };
+            _mockSecretManager.Setup(p => p.GetFunctionSecrets(It.IsAny<string>())).Returns(_functionSecrets);
+            mockDependencyResolver.Setup(p => p.GetService(typeof(SecretManager))).Returns(_mockSecretManager.Object);
         }
 
         [Fact]
@@ -41,7 +52,7 @@ public void OnAuthorization_AdminLevel_ValidHeader_Succeeds()
             AuthorizationLevelAttribute attribute = new AuthorizationLevelAttribute(AuthorizationLevel.Admin);
 
             HttpRequestMessage request = new HttpRequestMessage();
-            request.Headers.Add(AuthorizationLevelAttribute.MasterKeyHeaderName, "abc123");
+            request.Headers.Add(AuthorizationLevelAttribute.FunctionsKeyHeaderName, "abc123");
             _actionContext.ControllerContext.Request = request;
 
             attribute.OnAuthorization(_actionContext);
@@ -60,7 +71,7 @@ public void OnAuthorization_AdminLevel_InvalidHeader_ReturnsUnauthorized(string
             HttpRequestMessage request = new HttpRequestMessage();
             if (headerValue != null)
             {
-                request.Headers.Add(AuthorizationLevelAttribute.MasterKeyHeaderName, headerValue);
+                request.Headers.Add(AuthorizationLevelAttribute.FunctionsKeyHeaderName, headerValue);
             }
             _actionContext.ControllerContext.Request = request;
 
@@ -77,7 +88,7 @@ public void OnAuthorization_AdminLevel_NoMasterKeySet_ReturnsUnauthorized()
             _hostSecrets.MasterKey = null;
 
             HttpRequestMessage request = new HttpRequestMessage();
-            request.Headers.Add(AuthorizationLevelAttribute.MasterKeyHeaderName, TestMasterKeyValue);
+            request.Headers.Add(AuthorizationLevelAttribute.FunctionsKeyHeaderName, TestMasterKeyValue);
             _actionContext.ControllerContext.Request = request;
 
             attribute.OnAuthorization(_actionContext);
@@ -97,5 +108,80 @@ public void OnAuthorization_AnonymousLevel_Succeeds()
 
             Assert.Null(_actionContext.Response);
         }
+
+        [Fact]
+        public void GetAuthorizationLevel_ValidKeyHeader_MasterKey_ReturnsAdmin()
+        {
+            HttpRequestMessage request = new HttpRequestMessage();
+            request.Headers.Add(AuthorizationLevelAttribute.FunctionsKeyHeaderName, TestMasterKeyValue);
+
+            AuthorizationLevel level = AuthorizationLevelAttribute.GetAuthorizationLevel(request, _mockSecretManager.Object);
+
+            Assert.Equal(AuthorizationLevel.Admin, level);
+        }
+
+        [Fact]
+        public void GetAuthorizationLevel_ValidKeyHeader_FunctionKey_ReturnsFunction()
+        {
+            // first verify the host level function key works
+            HttpRequestMessage request = new HttpRequestMessage();
+            request.Headers.Add(AuthorizationLevelAttribute.FunctionsKeyHeaderName, TestHostFunctionKeyValue);
+            AuthorizationLevel level = AuthorizationLevelAttribute.GetAuthorizationLevel(request, _mockSecretManager.Object);
+            Assert.Equal(AuthorizationLevel.Function, level);
+
+            // test function specific key
+            request = new HttpRequestMessage();
+            request.Headers.Add(AuthorizationLevelAttribute.FunctionsKeyHeaderName, TestFunctionKeyValue);
+            level = AuthorizationLevelAttribute.GetAuthorizationLevel(request, _mockSecretManager.Object, functionName: "TestFunction");
+            Assert.Equal(AuthorizationLevel.Function, level);
+        }
+
+        [Fact]
+        public void GetAuthorizationLevel_InvalidKeyHeader_ReturnsAnonymous()
+        {
+            HttpRequestMessage request = new HttpRequestMessage();
+            request.Headers.Add(AuthorizationLevelAttribute.FunctionsKeyHeaderName, "invalid");
+
+            AuthorizationLevel level = AuthorizationLevelAttribute.GetAuthorizationLevel(request, _mockSecretManager.Object);
+
+            Assert.Equal(AuthorizationLevel.Anonymous, level);
+        }
+
+        [Fact]
+        public void GetAuthorizationLevel_ValidKeyQueryParam_MasterKey_ReturnsAdmin()
+        {
+            Uri uri = new Uri(string.Format("http://functions/api/foo?key={0}", TestMasterKeyValue));
+            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, uri);
+
+            AuthorizationLevel level = AuthorizationLevelAttribute.GetAuthorizationLevel(request, _mockSecretManager.Object);
+
+            Assert.Equal(AuthorizationLevel.Admin, level);
+        }
+
+        [Fact]
+        public void GetAuthorizationLevel_ValidKeyQueryParam_FunctionKey_ReturnsFunction()
+        {
+            // first try host level function key
+            Uri uri = new Uri(string.Format("http://functions/api/foo?key={0}", TestHostFunctionKeyValue));
+            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, uri);
+            AuthorizationLevel level = AuthorizationLevelAttribute.GetAuthorizationLevel(request, _mockSecretManager.Object, functionName: "TestFunction");
+            Assert.Equal(AuthorizationLevel.Function, level);
+
+            uri = new Uri(string.Format("http://functions/api/foo?key={0}", TestFunctionKeyValue));
+            request = new HttpRequestMessage(HttpMethod.Get, uri);
+            level = AuthorizationLevelAttribute.GetAuthorizationLevel(request, _mockSecretManager.Object, functionName: "TestFunction");
+            Assert.Equal(AuthorizationLevel.Function, level);
+        }
+
+        [Fact]
+        public void GetAuthorizationLevel_InvalidKeyQueryParam_ReturnsAnonymous()
+        {
+            Uri uri = new Uri(string.Format("http://functions/api/foo?key={0}", "invalid"));
+            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, uri);
+
+            AuthorizationLevel level = AuthorizationLevelAttribute.GetAuthorizationLevel(request, _mockSecretManager.Object);
+
+            Assert.Equal(AuthorizationLevel.Anonymous, level);
+        }
     }
 }