Adding anonymous host/ping API

Author: mathewc

src/WebJobs.Script.WebHost/Controllers/AdminController.cs

@@ -103,6 +103,14 @@ public HostStatus GetHostStatus()
             return status;
         }
 
+        [HttpPost]
+        [Route("admin/host/ping")]
+        [AllowAnonymous]
+        public HttpResponseMessage Ping()
+        {
+            return new HttpResponseMessage(HttpStatusCode.OK);
+        }
+
         [HttpPost]
         [Route("admin/host/debug")]
         public HttpResponseMessage LaunchDebugger()

src/WebJobs.Script.WebHost/Filters/AuthorizationLevelAttribute.cs

@@ -8,6 +8,7 @@
 using System.Net.Http;
 using System.Threading;
 using System.Threading.Tasks;
+using System.Web.Http;
 using System.Web.Http.Controllers;
 using System.Web.Http.Filters;
 
@@ -31,6 +32,11 @@ public async override Task OnAuthorizationAsync(HttpActionContext actionContext,
                 throw new ArgumentNullException("actionContext");
             }
 
+            if (SkipAuthorization(actionContext))
+            {
+                return;
+            }
+
             ISecretManager secretManager = actionContext.ControllerContext.Configuration.DependencyResolver.GetService<ISecretManager>();
             var settings = actionContext.ControllerContext.Configuration.DependencyResolver.GetService<WebHostSettings>();
 
@@ -99,5 +105,11 @@ internal static async Task<AuthorizationLevel> GetAuthorizationLevelAsync(HttpRe
 
             return AuthorizationLevel.Anonymous;
         }
+
+        internal static bool SkipAuthorization(HttpActionContext actionContext)
+        {
+            return actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Count > 0
+                || actionContext.ControllerContext.ControllerDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Count > 0;
+        }
     }
 }

src/WebJobs.Script.WebHost/GlobalSuppressions.cs

@@ -88,3 +88,4 @@
 [assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Scope = "member", Target = "Microsoft.Azure.WebJobs.Script.WebHost.WebScriptHostManager.#.ctor(Microsoft.Azure.WebJobs.Script.ScriptHostConfiguration,Microsoft.Azure.WebJobs.Script.WebHost.ISecretManagerFactory,Microsoft.Azure.WebJobs.Script.Config.ScriptSettingsManager,Microsoft.Azure.WebJobs.Script.WebHost.WebHostSettings,Microsoft.Azure.WebJobs.Script.IScriptHostFactory)")]
 [assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Performance", "CA1822:MarkMembersAsStatic", Scope = "member", Target = "Microsoft.Azure.WebJobs.Script.WebHost.Diagnostics.MetricsEventManager.#BeginEvent(System.String,System.String)")]
 [assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode", Scope = "member", Target = "Microsoft.Azure.WebJobs.Script.WebHost.Diagnostics.SystemMetricEvent.#DebugValue")]
+[assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Performance", "CA1822:MarkMembersAsStatic", Scope = "member", Target = "Microsoft.Azure.WebJobs.Script.WebHost.Controllers.AdminController.#Ping()")]

test/WebJobs.Script.Tests.Integration/SamplesEndToEndTests.cs

@@ -10,10 +10,8 @@
 using System.Net.Http.Headers;
 using System.Reflection;
 using System.Text;
-using System.Threading;
 using System.Threading.Tasks;
 using System.Web.Http;
-using System.Web.Http.Hosting;
 using System.Xml.Linq;
 using Microsoft.Azure.WebJobs.Host;
 using Microsoft.Azure.WebJobs.Script.Config;
@@ -22,15 +20,13 @@
 using Microsoft.Azure.WebJobs.Script.WebHost.Models;
 using Microsoft.ServiceBus;
 using Microsoft.ServiceBus.Messaging;
-using Microsoft.WebJobs.Script.Tests;
 using Microsoft.WindowsAzure.Storage;
 using Microsoft.WindowsAzure.Storage.Blob;
 using Microsoft.WindowsAzure.Storage.Queue;
 using Microsoft.WindowsAzure.Storage.Table;
 using Newtonsoft.Json;
 using Newtonsoft.Json.Linq;
 using Xunit;
-using static Microsoft.Azure.WebJobs.Script.Tests.FunctionGeneratorTests;
 
 namespace Microsoft.Azure.WebJobs.Script.Tests
 {
@@ -910,6 +906,15 @@ public async Task ServiceBusTopicTrigger_ManualInvoke_Succeeds()
             Assert.Equal(value, result.Trim());
         }
 
+        [Fact]
+        public async Task HostPing_Succeeds()
+        {
+            string uri = "admin/host/ping";
+            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, uri);
+            HttpResponseMessage response = await this._fixture.HttpClient.SendAsync(request);
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+        }
+
         [Fact]
         public async Task HostStatus_Succeeds()
         {

test/WebJobs.Script.Tests/Filters/AuthorizationLevelAttributeTests.cs

@@ -5,6 +5,7 @@
 using System.Collections.Generic;
 using System.Net;
 using System.Net.Http;
+using System.Reflection;
 using System.Threading;
 using System.Threading.Tasks;
 using System.Web.Http;
@@ -35,11 +36,9 @@ public class AuthorizationLevelAttributeTests
 
         public AuthorizationLevelAttributeTests()
         {
-            _actionContext = new HttpActionContext();
-            HttpControllerContext controllerContext = new HttpControllerContext();
-            _actionContext.ControllerContext = controllerContext;
-            HttpConfiguration httpConfig = new HttpConfiguration();
-            controllerContext.Configuration = httpConfig;
+            var httpConfig = new HttpConfiguration();
+            _actionContext = CreateActionContext(typeof(TestController).GetMethod("Get"), httpConfig);
+
             Mock<IDependencyResolver> mockDependencyResolver = new Mock<IDependencyResolver>(MockBehavior.Strict);
             httpConfig.DependencyResolver = mockDependencyResolver.Object;
             _mockSecretManager = new Mock<ISecretManager>(MockBehavior.Strict);
@@ -301,5 +300,69 @@ public async Task GetAuthorizationLevel_InvalidCodeQueryParam_ReturnsAnonymous()
 
             Assert.Equal(AuthorizationLevel.Anonymous, level);
         }
+
+        [Fact]
+        public static void SkipAuthorization_AllowAnonymous_MethodLevel_ReturnsTrue()
+        {
+            var actionContext = CreateActionContext(typeof(TestController).GetMethod("GetAnonymous"));
+            Assert.True(AuthorizationLevelAttribute.SkipAuthorization(actionContext));
+        }
+
+        [Fact]
+        public static void SkipAuthorization_AllowAnonymous_ClassLevel_ReturnsTrue()
+        {
+            var actionContext = CreateActionContext(typeof(AnonymousTestController).GetMethod("Get"));
+            Assert.True(AuthorizationLevelAttribute.SkipAuthorization(actionContext));
+
+            actionContext = CreateActionContext(typeof(AnonymousTestController).GetMethod("GetAnonymous"));
+            Assert.True(AuthorizationLevelAttribute.SkipAuthorization(actionContext));
+        }
+
+        [Fact]
+        public static void SkipAuthorization_AllowAnonymousNotSpecified_ReturnsFalse()
+        {
+            var actionContext = CreateActionContext(typeof(TestController).GetMethod("Get"));
+            Assert.False(AuthorizationLevelAttribute.SkipAuthorization(actionContext));
+        }
+
+        private static HttpActionContext CreateActionContext(MethodInfo action, HttpConfiguration config = null)
+        {
+            config = config ?? new HttpConfiguration();
+            var actionContext = new HttpActionContext();
+            var controllerDescriptor = new HttpControllerDescriptor(config, action.ReflectedType.Name, action.ReflectedType);
+            var controllerContext = new HttpControllerContext();
+            controllerContext.ControllerDescriptor = controllerDescriptor;
+            actionContext.ControllerContext = controllerContext;
+            var actionDescriptor = new ReflectedHttpActionDescriptor(controllerDescriptor, action);
+            actionContext.ActionDescriptor = actionDescriptor;
+            controllerContext.Configuration = config;
+
+            return actionContext;
+        }
+
+        public class TestController : ApiController
+        {
+            public void Get()
+            {
+            }
+
+            [AllowAnonymous]
+            public void GetAnonymous()
+            {
+            }
+        }
+
+        [AllowAnonymous]
+        public class AnonymousTestController : ApiController
+        {
+            public void Get()
+            {
+            }
+
+            [AllowAnonymous]
+            public void GetAnonymous()
+            {
+            }
+        }
     }
 }