Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Oct 08 02:51
    dionfoster closed #77
  • Oct 08 02:51
    dionfoster commented #77
  • Oct 06 03:07
    Hawxy opened #96
  • Oct 01 17:26
    Samuel-Langlois-BimOne edited #95
  • Oct 01 17:25
    Samuel-Langlois-BimOne edited #95
  • Oct 01 15:59
    Samuel-Langlois-BimOne edited #95
  • Oct 01 15:58
    Samuel-Langlois-BimOne opened #95
  • Oct 01 14:00

    github-actions[bot] on v5.0.1

    (compare)

  • Oct 01 13:58

    jeremydmiller on master

    tweak to publish nuget action (compare)

  • Oct 01 13:47

    jeremydmiller on master

    strictly segregating sync v asy… (compare)

  • Oct 01 13:46
    jeremydmiller commented #89
  • Oct 01 13:35
    dependabot[bot] labeled #94
  • Oct 01 13:35
    dependabot[bot] labeled #94
  • Oct 01 13:35
    dependabot[bot] opened #94
  • Oct 01 13:35

    dependabot[bot] on npm_and_yarn

    Bump ansi-regex from 5.0.0 to 5… (compare)

  • Oct 01 13:35
    jeremydmiller closed #92
  • Oct 01 13:35
    jeremydmiller closed #93
  • Oct 01 13:35

    jeremydmiller on master

    Repeatable reads of the respons… better exceptions on JSON failu… (compare)

  • Oct 01 12:47
    jeremydmiller opened #93
  • Oct 01 12:46
    jeremydmiller labeled #92
Jeremy D. Miller
@jeremydmiller
The big driver is wanting helpers for testing APIs secured by JWTs post haste at my work
JT
@Hawxy
For JWT's we just have a fake JWT generator and override the JwtBearerOptions within the hostbuilder passed into the SystemUnderTest
 s.PostConfigure<JwtBearerOptions>(JwtBearerDefaults.AuthenticationScheme, options =>
                    {
                        options.TokenValidationParameters = new TokenValidationParameters
                        {
                            IssuerSigningKey = FakeJwtGenerator.SecurityKey,
                            ValidIssuer = FakeJwtGenerator.Issuer,
                            ValidAudience = FakeJwtGenerator.Audience
                        };
                    });
Although in our case our identity provider is Auth0, so I'm guessing there's some extra complexity when it comes to IdentityServer.
Jeremy D. Miller
@jeremydmiller
@Hawxy Do you run a parallel web app for the fake JWT generation, or do something else?
JT
@Hawxy
No need, it's just a static class that creates random security keys & signing credentials on each run, with a function that generates a token with the ability to set some claims the backend uses like user/tenant/scopes.
I'm overriding the token validation, so as long as the rest of the data on the token meets the authorization requirements we're all good.
Jeremy D. Miller
@jeremydmiller
So I'm gonna plead ignorance then, I thought that the bearer token authentication had to make a call to the OIDC server to validate the token -- and I typed that out before you wrote the last message
How are you overriding the token validation?
JT
@Hawxy
The PostConfigure call I posted above

My Startup.cs contains

            services.AddAuthentication(options =>
                {
                    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
                })
                .AddJwtBearer(options =>
                {
                    options.Authority = Configuration["Auth0:Domain"];
                    options.Audience = Configuration["Auth0:Audience"];
                })

PostConfigure runs after the bearer options were set, thereby wiping out the configuration and validating the token with the fake signing key instead of reaching out and getting the JWKs from Auth0.

Jeremy D. Miller
@jeremydmiller
Gotcha. I didn't catch that you were completely wiping out the TokenValidationParameters
JT
@Hawxy
Ah right, so I just ran some tests, the authority must still be a valid OIDC server that the middleware can fetch metadata from, despite not using it as part of the validation.
Jeremy D. Miller
@jeremydmiller
Okay, so I'm not crazy. I've been trying hard to disable the validation and it was still trying to call out.
Also, doing difficult exploratory coding while watching Peppa Pig with a sick 4yo hanging on your arm is not terribly effective.
The simple thing I haven't tried yet is just sticking a ClaimsPrincipal on the HttpContext first.
JT
@Hawxy
That's quite the combination haha
Jeremy D. Miller
@jeremydmiller
In the post configure, I added this to short circuit the callouts:
            // This will deactivate the callout to the OIDC server
            options.ConfigurationManager =
                new StaticConfigurationManager<OpenIdConnectConfiguration>(new OpenIdConnectConfiguration
                {

                });
JT
@Hawxy
Sweet, I assumed there'd be a way to do so.
Jeremy D. Miller
@jeremydmiller
And just adding the ClaimsPrincipal doesn't seem to work:(
JT
@Hawxy
Yeah that looks good. I believe I'd work for our scenario.
Jeremy D. Miller
@jeremydmiller
Just out of curiosity, does anyone still write web services that use Xml?
NRTs was already enabled at the assembly level as part of v4: https://github.com/JasperFx/alba/blob/master/src/Alba/Alba.csproj#L18
.NET 6 project templates will also ship it enabled by default going forward
JT
@Hawxy
It'd be good to get JasperFx/baseline#23 in, as it's a blocker for NRT accuracy within all of the dependents.
Jeremy D. Miller
@jeremydmiller
@Hawxy Baseline 3.2.1 has that. Sorry, I'd taken my eye off the ball on that one
JT
@Hawxy
No problem. I'll get weasel covered and make my way up the stack.
Jacob Krieg
@jkrieg
Hi. I'm using AlbaHost to test our endpoints, but I'm having some trouble with IScenarioResult's readers. I have content in the body, there's a content length, and a content-type of application/json. But the result's ReadAsJson comes back as null. When I force the response body into a stream reader I get the full body back.
ReadAsText also comes back empty.
Jacob Krieg
@jkrieg
For reference, this is on Alba v5.
Jeremy D. Miller
@jeremydmiller
On the response coming back? How is the body written in the real request? Is it a 200 response? You can see that there’s non-zero content in the Response body stream? ReadAsText() is just rewinding the Response body and pulling the string out. Are you completely sure there’s actually bytes written to the response body?
Jacob Krieg
@jkrieg
yes, the response coming back. 200, .Context.Response.Headers.ContentLength. Used StreamReader and got back a full JSON string. ReadAsText resulted in an empty string from the IScenarioResult. Of course, reading the bytes directly causes the stream to not be readable the second time though.
I was thinking there was something not set up correctly on our end.
Jacob Krieg
@jkrieg
ok, I have text from ReadAsText this time.
I think maybe I had kept the ReadAsJson in the code previously, and that stopped it from reading text.
Jeremy D. Miller
@jeremydmiller
Well, yeah, it’s not built to be reentrant like that, but maybe it really should be because duh. ;-)
Jacob Krieg
@jkrieg
I've narrowed it down to something specific to a model I'm using. I can ReadAsJson<object> and though it's obviously not going to give me what I want because object, it proves to be working. Thanks for responding.
Jeremy D. Miller
@jeremydmiller
That would fail if the JSON serialization fails. May need to fail more obviously
Jacob Krieg
@jkrieg
Solved the problem, Jeremy. We are in the midst of implementing NodaTime to our solution, and had a missing serialization setting to account for it. Thanks again.
Jeremy D. Miller
@jeremydmiller
Gotcha. That's happened before. So it's really a serialization issue, but Alba made it look like it was a content problem? I'm gonna call that an opportunity for improvement then. Thank you letting me know!
srollinet
@srollinet

Hi! I have the same issue with Alba v5 returning an empty result when using Scenario.

            var response = await Host.Scenario(x =>
            {
                x.Get.Url("/static/countries");
                x.StatusCodeShouldBeOk();
                x.ContentShouldContain("Mexico");
            });

            var output = response.ReadAsJson<List<CountryResponse>>(); // null
            var output2 = await Host.GetAsJson<List<CountryResponse>>("/static/countries"); // ok

Note, ContentShouldContain works as expected

Jeremy D. Miller
@jeremydmiller
@srollinet It's not rewinding the stream, I think it'll be an easy fix
Jeremy D. Miller
@jeremydmiller
Hey everybody, there's a new Alba v5.0.1 on Nuget just now. This is to resolve some issues with JSON serialization for #92 and #93. The response reading is now reentrant, meaning that you can do ReadAsJson()/ReadAsText() in any order as many times as you'd like. There's also more visibility into JSON serialization errors or empty content when trying to execute ReadAsJson() for easier to diagnose test failures
The next Alba release -- maybe next week -- will be to make sure it's good on .Net 6. I'd like to add a sample of using Alba with the new minimal APIs
JT
@Hawxy
Would it be possible to add extensions to remove or replace claims within a scenario?
We have a number of tests that rely on the ability to change the tenant ID or other token data mid-run.
Jeremy D. Miller
@jeremydmiller
@Hawxy Nothing today, it’s just additive. But also probably not a huge deal to change to give you better control over that. Sounds like a very helpful PR