Removing ping endpoint and expanding host/status endpoint

Author: mathewc

src/WebJobs.Script.WebHost/Controllers/AdminController.cs

@@ -86,29 +86,35 @@ public FunctionStatus GetFunctionStatus(string name)
 
         [HttpGet]
         [Route("admin/host/status")]
+        [AllowAnonymous]
         public HostStatus GetHostStatus()
         {
-            HostStatus status = new HostStatus
-            {
-                Id = _scriptHostManager.Instance?.ScriptConfig.HostConfig.HostId
-            };
+            var status = new HostStatus();
 
-            var lastError = _scriptHostManager.LastError;
-            if (lastError != null)
+            // based on the authorization level we determine
+            // the additional level of detail to return
+            var authorizationLevel = Request.GetAuthorizationLevel();
+            if (authorizationLevel == AuthorizationLevel.Admin)
             {
-                status.Errors = new Collection<string>();
-                status.Errors.Add(Utility.FlattenException(lastError));
-            }
+                status.State = _scriptHostManager.State.ToString();
+                status.Version = ScriptHost.Version;
+                status.Id = _scriptHostManager.Instance?.ScriptConfig.HostConfig.HostId;
 
-            return status;
-        }
+                var lastError = _scriptHostManager.LastError;
+                if (lastError != null)
+                {
+                    status.Errors = new Collection<string>();
+                    status.Errors.Add(Utility.FlattenException(lastError));
+                }
 
-        [HttpPost]
-        [Route("admin/host/ping")]
-        [AllowAnonymous]
-        public HttpResponseMessage Ping()
-        {
-            return new HttpResponseMessage(HttpStatusCode.OK);
+                return status;
+            }
+            else
+            {
+                // for Anonymous requests, we don't return any
+                // detailed info
+                return status;
+            }
         }
 
         [HttpPost]

src/WebJobs.Script.WebHost/Filters/AuthorizationLevelAttribute.cs

@@ -32,35 +32,28 @@ public async override Task OnAuthorizationAsync(HttpActionContext actionContext,
                 throw new ArgumentNullException("actionContext");
             }
 
-            if (SkipAuthorization(actionContext))
-            {
-                return;
-            }
-
-            ISecretManager secretManager = actionContext.ControllerContext.Configuration.DependencyResolver.GetService<ISecretManager>();
+            // determine the authorization level for the function and set it
+            // as a request property
+            var secretManager = actionContext.ControllerContext.Configuration.DependencyResolver.GetService<ISecretManager>();
             var settings = actionContext.ControllerContext.Configuration.DependencyResolver.GetService<WebHostSettings>();
+            var requestAuthorizationLevel = await GetAuthorizationLevelAsync(actionContext.Request, secretManager);
+            actionContext.Request.Properties[ScriptConstants.AzureFunctionsHttpRequestAuthorizationLevel] = requestAuthorizationLevel;
 
-            if (!settings.IsAuthDisabled && !await IsAuthorizedAsync(actionContext.Request, Level, secretManager))
+            if (settings.IsAuthDisabled || 
+                SkipAuthorization(actionContext) ||
+                Level == AuthorizationLevel.Anonymous)
             {
-                actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
+                return;
             }
-        }
 
-        public static async Task<bool> IsAuthorizedAsync(HttpRequestMessage request, AuthorizationLevel level, ISecretManager secretManager, string functionName = null)
-        {
-            if (level == AuthorizationLevel.Anonymous)
+            if (requestAuthorizationLevel < Level)
             {
-                return true;
+                actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
             }
-
-            AuthorizationLevel requestLevel = await GetAuthorizationLevelAsync(request, secretManager, functionName);
-            return requestLevel >= level;
         }
 
         internal static async Task<AuthorizationLevel> GetAuthorizationLevelAsync(HttpRequestMessage request, ISecretManager secretManager, string functionName = null)
         {
-            // TODO: Add support for validating "EasyAuth" headers
-
             // first see if a key value is specified via headers or query string (header takes precedence)
             IEnumerable<string> values;
             string keyValue = null;

src/WebJobs.Script.WebHost/Models/HostStatus.cs

@@ -9,17 +9,18 @@ namespace Microsoft.Azure.WebJobs.Script.WebHost.Models
 {
     public class HostStatus
     {
-        public HostStatus()
-        {
-            Version = ScriptHost.Version;
-        }
-
         /// <summary>
         /// Gets or sets the host id.
         /// </summary>
         [JsonProperty(PropertyName = "id", DefaultValueHandling = DefaultValueHandling.Ignore)]
         public string Id { get; set; }
 
+        /// <summary>
+        /// Gets or sets the current status of the host.
+        /// </summary>
+        [JsonProperty(PropertyName = "state", DefaultValueHandling = DefaultValueHandling.Ignore)]
+        public string State { get; set; }
+
         /// <summary>
         /// Gets or sets the host version.
         /// </summary>

src/WebJobs.Script/Extensions/HttpRequestMessageExtensions.cs

@@ -10,6 +10,21 @@ namespace Microsoft.Azure.WebJobs.Script
 {
     public static class HttpRequestMessageExtensions
     {
+        public static AuthorizationLevel GetAuthorizationLevel(this HttpRequestMessage request)
+        {
+            return request.GetRequestPropertyOrDefault<AuthorizationLevel>(ScriptConstants.AzureFunctionsHttpRequestAuthorizationLevel);
+        }
+
+        public static TValue GetRequestPropertyOrDefault<TValue>(this HttpRequestMessage request, string key)
+        {
+            object value = null;
+            if (request.Properties.TryGetValue(key, out value))
+            {
+                return (TValue)value;
+            }
+            return default(TValue);
+        }
+
         public static IDictionary<string, string> GetQueryParameterDictionary(this HttpRequestMessage request)
         {
             var keyValuePairs = request.GetQueryNameValuePairs();

src/WebJobs.Script/ScriptConstants.cs

@@ -11,6 +11,7 @@ public static class ScriptConstants
         public const string AzureFunctionsWebHookDataKey = "MS_AzureFunctionsWebHookData";
         public const string AzureFunctionsHttpResponseKey = "MS_AzureFunctionsHttpResponse";
         public const string AzureFunctionsHttpRouteDataKey = "MS_AzureFunctionsHttpRouteData";
+        public const string AzureFunctionsHttpRequestAuthorizationLevel = "MS_AzureFunctionsAuthorizationLevel";
 
         public const string TracePropertyPrimaryHostKey = "MS_PrimaryHost";
         public const string TracePropertyFunctionNameKey = "MS_FunctionName";

test/WebJobs.Script.Tests.Integration/SamplesEndToEndTests.cs

@@ -907,16 +907,7 @@ public async Task ServiceBusTopicTrigger_ManualInvoke_Succeeds()
         }
 
         [Fact]
-        public async Task HostPing_Succeeds()
-        {
-            string uri = "admin/host/ping";
-            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, uri);
-            HttpResponseMessage response = await this._fixture.HttpClient.SendAsync(request);
-            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
-        }
-
-        [Fact]
-        public async Task HostStatus_Succeeds()
+        public async Task HostStatus_AdminLevel_Succeeds()
         {
             string uri = "admin/host/status";
             HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, uri);
@@ -948,28 +939,38 @@ public async Task HostStatus_Succeeds()
             Assert.Equal(expectedVersion, node.Value);
             node = doc.Descendants(XName.Get("Id", ns)).Single();
             Assert.Equal(expectedId, node.Value);
+            node = doc.Descendants(XName.Get("State", ns)).Single();
+            Assert.True(node.Value == "Running" || node.Value == "Created");
 
             node = doc.Descendants(XName.Get("Errors", ns)).Single();
             Assert.True(node.IsEmpty);
         }
 
         [Fact]
-        public async Task HostStatus_FunctionLevelRequest_Fails()
+        public async Task HostStatus_FunctionLevelRequest_Succeeds()
         {
             string uri = "admin/host/status";
             var request = new HttpRequestMessage(HttpMethod.Get, uri);
             request.Headers.Add("x-functions-key", "zlnu496ve212kk1p84ncrtdvmtpembduqp25ajjc");
             var response = await this._fixture.HttpClient.SendAsync(request);
-            Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+
+            string json = await response.Content.ReadAsStringAsync();
+            JObject obj = JObject.Parse(json);
+            Assert.Equal(0, obj.Properties().Count());
         }
 
         [Fact]
-        public async Task HostStatus_AnonymousLevelRequest_Fails()
+        public async Task HostStatus_AnonymousLevelRequest_Succeeds()
         {
             string uri = "admin/host/status";
             var request = new HttpRequestMessage(HttpMethod.Get, uri);
             var response = await this._fixture.HttpClient.SendAsync(request);
-            Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+
+            string json = await response.Content.ReadAsStringAsync();
+            JObject obj = JObject.Parse(json);
+            Assert.Equal(0, obj.Properties().Count());
         }
 
         private async Task<HttpResponseMessage> GetHostStatusAsync()