|
| 1 | +using System.Security.Claims; |
| 2 | +using Microsoft.AspNetCore.Authentication.Cookies; |
| 3 | +using Microsoft.AspNetCore.Builder; |
| 4 | +using Microsoft.AspNetCore.Hosting; |
| 5 | +using Microsoft.AspNetCore.Http; |
| 6 | +using Microsoft.Extensions.DependencyInjection; |
| 7 | +using NpgsqlRest.Mcp; |
| 8 | + |
| 9 | +namespace NpgsqlRestTests.Setup; |
| 10 | + |
| 11 | +[CollectionDefinition("McpAuthRoleFixture")] |
| 12 | +public class McpAuthRoleFixtureCollection : ICollectionFixture<McpAuthRoleTestFixture> { } |
| 13 | + |
| 14 | +/// <summary> |
| 15 | +/// Fixture for MCP Layer-2 authorization (per-tool roles). Cookie auth is wired with a "/login-as" |
| 16 | +/// endpoint that signs in a principal carrying a single role claim. The MCP server runs with |
| 17 | +/// RequireAuthorization=false (anonymous discovery allowed) but the <c>tool_authorized</c> tool carries |
| 18 | +/// <c>@authorize admin</c>, so a wrong-role caller is rejected on tools/call with 403 insufficient_scope. |
| 19 | +/// </summary> |
| 20 | +public class McpAuthRoleTestFixture : IDisposable |
| 21 | +{ |
| 22 | + private readonly WebApplication _app; |
| 23 | + |
| 24 | + public string ServerAddress { get; } |
| 25 | + |
| 26 | + public McpAuthRoleTestFixture() |
| 27 | + { |
| 28 | + Database.Create(); |
| 29 | + var connectionString = Database.CreateAdditional("mcp_auth_role_test"); |
| 30 | + |
| 31 | + var builder = WebApplication.CreateBuilder(); |
| 32 | + builder.WebHost.UseUrls("http://127.0.0.1:0"); |
| 33 | + builder.Services.AddAuthentication().AddCookie(); |
| 34 | + _app = builder.Build(); |
| 35 | + |
| 36 | + // Sign the caller in with a single "role" claim taken from the query string. |
| 37 | + _app.MapGet("/login-as", (string role) => Results.SignIn(new ClaimsPrincipal(new ClaimsIdentity( |
| 38 | + claims: [new Claim("role", role)], |
| 39 | + authenticationType: CookieAuthenticationDefaults.AuthenticationScheme)))); |
| 40 | + |
| 41 | + _app.UseNpgsqlRest(new NpgsqlRestOptions(connectionString) |
| 42 | + { |
| 43 | + IncludeSchemas = ["mcp"], |
| 44 | + CommentsMode = CommentsMode.OnlyAnnotated, |
| 45 | + AuthenticationOptions = new() { DefaultRoleClaimType = "role" }, |
| 46 | + EndpointCreateHandlers = |
| 47 | + [ |
| 48 | + new Mcp(new McpOptions |
| 49 | + { |
| 50 | + Enabled = true, |
| 51 | + Authorization = new McpAuthorizationOptions |
| 52 | + { |
| 53 | + // Gate off — anonymous discovery is allowed; per-tool `authorize` still applies. |
| 54 | + RequireAuthorization = false, |
| 55 | + AuthorizationServers = ["https://as.example.com"], |
| 56 | + ScopesSupported = ["mcp.read"], |
| 57 | + } |
| 58 | + }) |
| 59 | + ] |
| 60 | + }); |
| 61 | + |
| 62 | + _app.StartAsync().GetAwaiter().GetResult(); |
| 63 | + ServerAddress = _app.Urls.First(); |
| 64 | + } |
| 65 | + |
| 66 | + public HttpClient CreateClient() |
| 67 | + { |
| 68 | + var handler = new HttpClientHandler { UseCookies = true, CookieContainer = new System.Net.CookieContainer() }; |
| 69 | + return new HttpClient(handler) { BaseAddress = new Uri(ServerAddress), Timeout = TimeSpan.FromMinutes(5) }; |
| 70 | + } |
| 71 | + |
| 72 | +#pragma warning disable CA1816 // Dispose methods should call SuppressFinalize |
| 73 | + public void Dispose() |
| 74 | +#pragma warning restore CA1816 // Dispose methods should call SuppressFinalize |
| 75 | + { |
| 76 | + _app.StopAsync().GetAwaiter().GetResult(); |
| 77 | + _app.DisposeAsync().GetAwaiter().GetResult(); |
| 78 | + } |
| 79 | +} |
0 commit comments