Skip to content

Commit fc1d1db

Browse files
wcabuswcabus
authored
Added configurable assertions (#12)
* Added two assertion delegates to assert (un)authorized results * Version bump
1 parent e675234 commit fc1d1db

File tree

7 files changed

+32
-14
lines changed

7 files changed

+32
-14
lines changed

src/JWTGuard.Template.csproj

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22

33
<PropertyGroup>
44
<PackageType>Template</PackageType>
5-
<PackageVersion>1.0.1</PackageVersion>
5+
<PackageVersion>1.1.0</PackageVersion>
66
<PackageId>JWTGuard.Template</PackageId>
77
<Title>JWT Guard Test Suite</Title>
88
<Authors>Wesley Cabus</Authors>

src/JWTGuard/TestSettings.cs

Lines changed: 19 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
using Duende.IdentityServer.Test;
22
using Microsoft.IdentityModel.Tokens;
3+
using Xunit;
34

45
namespace JWTGuard;
56

@@ -18,7 +19,8 @@ static TestSettings()
1819
// {
1920
// TargetUrl = "/your-api-target-endpoint",
2021
// DefaultAudience = "my-api",
21-
// AllowedAudiences = ["my-api"]
22+
// AllowedAudiences = ["my-api"],
23+
// AssertAuthorizedResponse = response => Assert.Equal(StatusCodes.Status204NoContent, (int)response.StatusCode)
2224
// };
2325
}
2426

@@ -83,6 +85,22 @@ public TestSettings()
8385
/// The default target API endpoint to test. Defaults to "/weatherforecast".
8486
/// </summary>
8587
public string TargetUrl { get; init; } = "/weatherforecast";
88+
89+
/// <summary>
90+
/// The default assertion to verify an authorized HTTP response was returned by the API.<br/>
91+
/// <br/>
92+
/// Defaults to verifying the API returned a <c>200 OK</c> status code.
93+
/// </summary>
94+
public Action<HttpResponseMessage> AssertAuthorizedResponse { get; init; } =
95+
response => Assert.Equal(StatusCodes.Status200OK, (int)response.StatusCode);
96+
97+
/// <summary>
98+
/// The default assertion to verify an unauthorized HTTP response was returned by the API.<br/>
99+
/// <br/>
100+
/// Defaults to verifying the API returned a <c>401 Unauthorized</c> status code.
101+
/// </summary>
102+
public Action<HttpResponseMessage> AssertUnauthorizedResponse { get; init; } =
103+
response => Assert.Equal(StatusCodes.Status401Unauthorized, (int)response.StatusCode);
86104

87105
/// <summary>
88106
/// The default test user. Defaults to a user with subject ID "1", username "alice", and password "password".

src/JWTGuard/Tests/AudienceTests.cs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ internal async Task Accessing_AuthorizedUrl_Is_Authorized_For_Allowed_Audiences(
3030
var response = await Client.GetAsync(TestSettings.CurrentTestSettings.TargetUrl);
3131

3232
// Assert
33-
Assert.NotEqual(HttpStatusCode.Unauthorized, response.StatusCode);
33+
TestSettings.CurrentTestSettings.AssertAuthorizedResponse(response);
3434
}
3535

3636
[Theory(DisplayName = "When a token uses disallowed values for the audience claim, the API should return a 401 Unauthorized response.")]
@@ -51,7 +51,7 @@ internal async Task Accessing_AuthorizedUrl_Is_Unauthorized_For_Disallowed_Audie
5151
var response = await Client.GetAsync(TestSettings.CurrentTestSettings.TargetUrl);
5252

5353
// Assert
54-
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
54+
TestSettings.CurrentTestSettings.AssertUnauthorizedResponse(response);
5555
}
5656

5757
private Task<string> GetJwtAsync(string audience)

src/JWTGuard/Tests/ExternalSignatureTests.cs

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ internal async Task Accessing_AuthorizedUrl_Is_Unauthorized_For_External_WebKey_
2626
var response = await Client.GetAsync(TestSettings.CurrentTestSettings.TargetUrl);
2727

2828
// Assert
29-
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
29+
TestSettings.CurrentTestSettings.AssertUnauthorizedResponse(response);
3030
}
3131

3232
[Fact(DisplayName = "When using an external JSON Web Key by specifying the 'jwk' claim in the token, the API should return a 401 Unauthorized response.")]
@@ -40,7 +40,7 @@ internal async Task Accessing_AuthorizedUrl_Is_Unauthorized_For_External_WebKey_
4040
var response = await Client.GetAsync(TestSettings.CurrentTestSettings.TargetUrl);
4141

4242
// Assert
43-
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
43+
TestSettings.CurrentTestSettings.AssertUnauthorizedResponse(response);
4444
}
4545

4646
[Fact(DisplayName = "When using an external certificate by specifying the 'x5u' claim in the token, the API should return a 401 Unauthorized response.")]
@@ -54,7 +54,7 @@ internal async Task Accessing_AuthorizedUrl_Is_Unauthorized_For_External_Certifi
5454
var response = await Client.GetAsync(TestSettings.CurrentTestSettings.TargetUrl);
5555

5656
// Assert
57-
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
57+
TestSettings.CurrentTestSettings.AssertUnauthorizedResponse(response);
5858
}
5959

6060
[Fact(DisplayName = "When using an external certificate by specifying the 'x5c' claim in the token, the API should return a 401 Unauthorized response.")]
@@ -68,7 +68,7 @@ internal async Task Accessing_AuthorizedUrl_Is_Unauthorized_For_External_Certifi
6868
var response = await Client.GetAsync(TestSettings.CurrentTestSettings.TargetUrl);
6969

7070
// Assert
71-
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
71+
TestSettings.CurrentTestSettings.AssertUnauthorizedResponse(response);
7272
}
7373

7474
private string GetJwt(ExternalSignatureTestCase testCase)

src/JWTGuard/Tests/IssuerTests.cs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ internal async Task Accessing_AuthorizedUrl_Is_Authorized_For_Allowed_Issuer(str
3030
var response = await Client.GetAsync(TestSettings.CurrentTestSettings.TargetUrl);
3131

3232
// Assert
33-
Assert.NotEqual(HttpStatusCode.Unauthorized, response.StatusCode);
33+
TestSettings.CurrentTestSettings.AssertAuthorizedResponse(response);
3434
}
3535

3636
[Theory(DisplayName = "When a token uses disallowed values for the issuer claim, the API should return a 401 Unauthorized response.")]
@@ -51,7 +51,7 @@ internal async Task Accessing_AuthorizedUrl_Is_Unauthorized_For_Disallowed_Issue
5151
var response = await Client.GetAsync(TestSettings.CurrentTestSettings.TargetUrl);
5252

5353
// Assert
54-
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
54+
TestSettings.CurrentTestSettings.AssertUnauthorizedResponse(response);
5555
}
5656

5757
private Task<string> GetJwtAsync(string issuer)

src/JWTGuard/Tests/JwtTypeTests.cs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ internal async Task Accessing_AuthorizedUrl_Is_Authorized_For_Valid_JWT_Types(st
3030
var response = await Client.GetAsync(TestSettings.CurrentTestSettings.TargetUrl);
3131

3232
// Assert
33-
Assert.NotEqual(HttpStatusCode.Unauthorized, response.StatusCode);
33+
TestSettings.CurrentTestSettings.AssertAuthorizedResponse(response);
3434
}
3535

3636
[Theory(DisplayName = "When a token uses an unexpected token type, the API should return a 401 Unauthorized response.")]
@@ -51,7 +51,7 @@ internal async Task Accessing_AuthorizedUrl_Is_Unauthorized_For_Invalid_JWT_Type
5151
var response = await Client.GetAsync(TestSettings.CurrentTestSettings.TargetUrl);
5252

5353
// Assert
54-
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
54+
TestSettings.CurrentTestSettings.AssertUnauthorizedResponse(response);
5555
}
5656

5757
private Task<string> GetJwtAsync(string tokenType)

src/JWTGuard/Tests/SignatureAlgorithmTests.cs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ internal async Task Accessing_AuthorizedUrl_Is_Authorized_For_Supported_Signatur
3030
var response = await Client.GetAsync(TestSettings.CurrentTestSettings.TargetUrl);
3131

3232
// Assert
33-
Assert.NotEqual(HttpStatusCode.Unauthorized, response.StatusCode);
33+
TestSettings.CurrentTestSettings.AssertAuthorizedResponse(response);
3434
}
3535

3636
[Theory(DisplayName = "When a token uses an unsupported signature algorithm, the API should return a 401 Unauthorized response.")]
@@ -51,7 +51,7 @@ internal async Task Accessing_AuthorizedUrl_Is_Unauthorized_For_Unsupported_Sign
5151
var response = await Client.GetAsync(TestSettings.CurrentTestSettings.TargetUrl);
5252

5353
// Assert
54-
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
54+
TestSettings.CurrentTestSettings.AssertUnauthorizedResponse(response);
5555
}
5656

5757
private Task<string> GetJwtAsync(string signatureAlgorithm)

0 commit comments

Comments
 (0)