Client tests

Author: brunobritodev

CHANGELOG.md

@@ -1,4 +1,8 @@
-# v.1.2.1
+# v1.2.2
+
+Added ENV for Default User and Pass, to autofill Login Page. Specially made for Dev and Docker environments
+
+# v1.2.1
 
 Now the components is available through Docker Hub.
 * Generated docker install file to easy test

src/Backend/Jp.Domain.Core/Commands/Command.cs

@@ -1,10 +1,11 @@
 using System;
 using FluentValidation.Results;
 using Jp.Domain.Core.Events;
+using MediatR;
 
 namespace Jp.Domain.Core.Commands
 {
-    public abstract class Command : Message
+    public abstract class Command : Message, IRequest<bool>
     {
         public DateTime Timestamp { get; private set; }
         public ValidationResult ValidationResult { get; set; }

src/Backend/Jp.Domain/CommandHandlers/ClientCommandHandler.cs

@@ -1,6 +1,5 @@
 using IdentityServer4.EntityFramework.Entities;
 using IdentityServer4.EntityFramework.Mappers;
-using IdentityServer4.Models;
 using Jp.Domain.Commands.Client;
 using Jp.Domain.Core.Bus;
 using Jp.Domain.Core.Notifications;
@@ -17,15 +16,15 @@ namespace Jp.Domain.CommandHandlers
 {
     public class ClientCommandHandler : CommandHandler,
         IRequestHandler<RemoveClientCommand>,
-        IRequestHandler<UpdateClientCommand>,
+        IRequestHandler<UpdateClientCommand, bool>,
         IRequestHandler<RemoveClientSecretCommand>,
         IRequestHandler<SaveClientSecretCommand>,
         IRequestHandler<RemovePropertyCommand>,
         IRequestHandler<SaveClientPropertyCommand>,
         IRequestHandler<RemoveClientClaimCommand>,
         IRequestHandler<SaveClientClaimCommand>,
-        IRequestHandler<SaveClientCommand>,
-        IRequestHandler<CopyClientCommand>
+        IRequestHandler<SaveClientCommand, bool>,
+        IRequestHandler<CopyClientCommand, bool>
     {
         private readonly IClientRepository _clientRepository;
         private readonly IClientSecretRepository _clientSecretRepository;
@@ -69,19 +68,19 @@ public async Task Handle(RemoveClientCommand request, CancellationToken cancella
             }
         }
 
-        public async Task Handle(UpdateClientCommand request, CancellationToken cancellationToken)
+        public async Task<bool> Handle(UpdateClientCommand request, CancellationToken cancellationToken)
         {
             if (!request.IsValid())
             {
                 NotifyValidationErrors(request);
-                return;
+                return false;
             }
 
             var savedClient = await _clientRepository.GetClient(request.Client.ClientId);
             if (savedClient == null)
             {
                 await Bus.RaiseEvent(new DomainNotification("1", "Client not found"));
-                return;
+                return false;
             }
 
             var client = request.Client.ToEntity();
@@ -91,7 +90,9 @@ public async Task Handle(UpdateClientCommand request, CancellationToken cancella
             if (Commit())
             {
                 await Bus.RaiseEvent(new ClientUpdatedEvent(request));
+                return true;
             }
+            return false;
 
         }
 
@@ -275,19 +276,19 @@ public async Task Handle(SaveClientClaimCommand request, CancellationToken cance
             }
         }
 
-        public async Task Handle(SaveClientCommand request, CancellationToken cancellationToken)
+        public async Task<bool> Handle(SaveClientCommand request, CancellationToken cancellationToken)
         {
             if (!request.IsValid())
             {
                 NotifyValidationErrors(request);
-                return;
+                return false;
             }
 
             var savedClient = await _clientRepository.GetByClientId(request.Client.ClientId);
             if (savedClient != null)
             {
                 await Bus.RaiseEvent(new DomainNotification("1", "Client already exists"));
-                return;
+                return false;
             }
 
             var client = request.ToEntity();
@@ -297,24 +298,27 @@ public async Task Handle(SaveClientCommand request, CancellationToken cancellati
             if (Commit())
             {
                 await Bus.RaiseEvent(new NewClientEvent(request.Client.ClientId, request.ClientType, request.Client.ClientName));
+                return true;
             }
+
+            return false;
         }
 
-       
 
-        public async Task Handle(CopyClientCommand request, CancellationToken cancellationToken)
+
+        public async Task<bool> Handle(CopyClientCommand request, CancellationToken cancellationToken)
         {
             if (!request.IsValid())
             {
                 NotifyValidationErrors(request);
-                return;
+                return false;
             }
 
             var savedClient = await _clientRepository.GetByClientId(request.Client.ClientId);
             if (savedClient == null)
             {
                 await Bus.RaiseEvent(new DomainNotification("1", "Client not found"));
-                return;
+                return false;
             }
 
             var copyOf = savedClient.ToModel();
@@ -328,7 +332,10 @@ public async Task Handle(CopyClientCommand request, CancellationToken cancellati
             if (Commit())
             {
                 await Bus.RaiseEvent(new ClientClonedEvent(request.Client.ClientId, newClient.ClientId));
+                return true;
             }
+
+            return false;
         }
     }
 

src/Backend/Jp.Domain/Commands/Client/SaveClientCommand.cs

@@ -2,6 +2,7 @@
 using IdentityServer4.Models;
 using Jp.Domain.Validations.Client;
 using System;
+using MediatR;
 
 namespace Jp.Domain.Commands.Client
 {

src/Backend/Jp.Domain/Validations/Client/ClientValidations.cs

@@ -1,16 +1,54 @@
-using System;
 using FluentValidation;
+using IdentityServer4.Models;
 using Jp.Domain.Commands.Client;
+using System;
+using System.Collections.Generic;
+using System.Linq;
 
 namespace Jp.Domain.Validations.Client
 {
     public abstract class ClientValidation<T> : AbstractValidator<T> where T : ClientCommand
     {
         protected void ValidateGrantType()
         {
+            var message = string.Empty;
             RuleFor(c => c.Client.AllowedGrantTypes)
-                .NotEmpty();
+                .NotEmpty().WithMessage("At Least 1 grant type must be selected")
+                .Must(m => ValidateGrantCombination(m, out message)).WithMessage(message);
+
         }
+
+        private bool ValidateGrantCombination(ICollection<string> grantTypes, out string message)
+        {
+            message = "Grant types list cannot contain both {0} and {1}";
+
+            // would allow response_type downgrade attack from code to token
+            if (DisallowGrantTypeCombination(GrantType.Implicit, GrantType.AuthorizationCode, grantTypes))
+            {
+                message = string.Format(message, GrantType.Implicit, GrantType.AuthorizationCode);
+                return false;
+            }
+
+            if (DisallowGrantTypeCombination(GrantType.Implicit, GrantType.Hybrid, grantTypes))
+            {
+                message = string.Format(message, GrantType.Implicit, GrantType.Hybrid);
+                return false;
+            }
+
+            if (DisallowGrantTypeCombination(GrantType.AuthorizationCode, GrantType.Hybrid, grantTypes))
+            {
+                message = string.Format(message, GrantType.AuthorizationCode, GrantType.Hybrid);
+                return false;
+            }
+
+            return true;
+        }
+        private bool DisallowGrantTypeCombination(string value1, string value2, IEnumerable<string> grantTypes)
+        {
+            return grantTypes.Contains(value1, StringComparer.Ordinal) &&
+                   grantTypes.Contains(value2, StringComparer.Ordinal);
+        }
+
         protected void ValidateClientId()
         {
             RuleFor(c => c.Client.ClientId).NotEmpty().WithMessage("ClientId must be set");

src/Backend/Jp.Domain/Validations/Client/SaveClientCommandValidation.cs

@@ -8,6 +8,7 @@ public SaveClientCommandValidation()
         {
             ValidateClientId();
             ValidateClientName();
+
         }
     }
 }

src/Backend/Jp.Infra.CrossCutting.IoC/DomainCommandsBootStrapper.cs

@@ -51,15 +51,15 @@ public static void RegisterServices(IServiceCollection services)
              * Client commands
              */
             services.AddScoped<IRequestHandler<RemoveClientCommand>, ClientCommandHandler>();
-            services.AddScoped<IRequestHandler<UpdateClientCommand>, ClientCommandHandler>();
+            services.AddScoped<IRequestHandler<UpdateClientCommand, bool>, ClientCommandHandler>();
             services.AddScoped<IRequestHandler<RemoveClientSecretCommand>, ClientCommandHandler>();
             services.AddScoped<IRequestHandler<SaveClientSecretCommand>, ClientCommandHandler>();
             services.AddScoped<IRequestHandler<RemovePropertyCommand>, ClientCommandHandler>();
             services.AddScoped<IRequestHandler<SaveClientPropertyCommand>, ClientCommandHandler>();
             services.AddScoped<IRequestHandler<RemoveClientClaimCommand>, ClientCommandHandler>();
             services.AddScoped<IRequestHandler<SaveClientClaimCommand>, ClientCommandHandler>();
-            services.AddScoped<IRequestHandler<SaveClientCommand>, ClientCommandHandler>();
-            services.AddScoped<IRequestHandler<CopyClientCommand>, ClientCommandHandler>();
+            services.AddScoped<IRequestHandler<SaveClientCommand, bool>, ClientCommandHandler>();
+            services.AddScoped<IRequestHandler<CopyClientCommand, bool>, ClientCommandHandler>();
 
             /*
              * Regiser commands

src/Frontend/Jp.AdminUI/package-lock.json

@@ -19,7 +19,9 @@
             "environmentVariables": {
                 "ASPNETCORE_URLS": "http://localhost:5000;https://localhost:5001",
                 "ASPNETCORE_ENVIRONMENT": "Development",
-                "APPINSIGHTS_INSTRUMENTATIONKEY": "205fabcd-09ee-46f5-bb74-95780fc873da"
+                "APPINSIGHTS_INSTRUMENTATIONKEY": "205fabcd-09ee-46f5-bb74-95780fc873da",
+                "DEFAULT_USER": "bruno",
+                "DEFAULT_PASS": "Pa$$word123"
             },
             "applicationUrl": "http://localhost:5000;https://localhost:5001"
         }

src/Frontend/Jp.UI.SSO/Properties/launchSettings.json

@@ -24,15 +24,15 @@
                                             <i class="icon-user"></i>
                                         </span>
                                     </div>
-                                    <input class="form-control" placeholder="Username" value="bruno" asp-for=Username autofocus>
+                                    <input class="form-control" placeholder="Username" value="@Environment.GetEnvironmentVariable("DEFAULT_USER")" asp-for=Username autofocus>
                                 </div>
                                 <div class="input-group mb-4">
                                     <div class="input-group-prepend">
                                         <span class="input-group-text">
                                             <i class="icon-lock"></i>
                                         </span>
                                     </div>
-                                    <input type="password" class="form-control" placeholder="Password" value="Pa$$word123" asp-for=Password autocomplete="off">
+                                    <input type="password" class="form-control" placeholder="Password" value="@Environment.GetEnvironmentVariable("DEFAULT_PASS")" asp-for=Password autocomplete="off">
                                 </div>
                                 @if (Model.AllowRememberLogin)
                                 {