ThreeMammals#633 ignore OPTIONS requests on AuthenticationMiddleware (T…

…hreeMammals#634)
MingSN91 · Sep 24, 2018 · 54cdc74 · 54cdc74
1 parent 1e5a20c
commit 54cdc74
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 6 deletions.
diff --git a/src/Ocelot/Authentication/Middleware/AuthenticationMiddleware.cs b/src/Ocelot/Authentication/Middleware/AuthenticationMiddleware.cs
@@ -22,12 +22,12 @@ public AuthenticationMiddleware(OcelotRequestDelegate next,
 
         public async Task Invoke(DownstreamContext context)
         {
-            if (IsAuthenticatedRoute(context.DownstreamReRoute))
+            if (context.HttpContext.Request.Method.ToUpper() != "OPTIONS" && IsAuthenticatedRoute(context.DownstreamReRoute))
             {
                 Logger.LogInformation($"{context.HttpContext.Request.Path} is an authenticated route. {MiddlewareName} checking if client is authenticated");
-                
+
                 var result = await context.HttpContext.AuthenticateAsync(context.DownstreamReRoute.AuthenticationOptions.AuthenticationProviderKey);
-                
+
                 context.HttpContext.User = result.Principal;
 
                 if (context.HttpContext.User.Identity.IsAuthenticated)
@@ -41,7 +41,7 @@ public async Task Invoke(DownstreamContext context)
                         $"Request for authenticated route {context.HttpContext.Request.Path} by {context.HttpContext.User.Identity.Name} was unauthenticated");
 
                     Logger.LogWarning($"Client has NOT been authenticated for {context.HttpContext.Request.Path} and pipeline error set. {error}");
-                    
+
                     SetPipelineError(context, error);
                 }
             }

diff --git a/test/Ocelot.UnitTests/Authentication/AuthenticationMiddlewareTests.cs b/test/Ocelot.UnitTests/Authentication/AuthenticationMiddlewareTests.cs
@@ -46,6 +46,20 @@ public void should_call_next_middleware_if_route_is_not_authenticated()
                 .BDDfy();
         }
 
+        [Fact]
+        public void should_call_next_middleware_if_route_is_using_options_method()
+        {
+            this.Given(x => GivenTheDownStreamRouteIs(
+                    new DownstreamReRouteBuilder()
+                        .WithUpstreamHttpMethod(new List<string> { "Options" })
+                        .WithIsAuthenticated(true)
+                        .Build()))
+                .And(x => GivenTheRequestIsUsingOptionsMethod())
+                .When(x => WhenICallTheMiddleware())
+                .Then(x => ThenTheUserIsAuthenticated())
+                .BDDfy();
+        }
+
         private void WhenICallTheMiddleware()
         {
             _next = (context) => {
@@ -68,9 +82,14 @@ private void GivenTheTestServerPipelineIsConfigured()
             };
         }
 
+        private void GivenTheRequestIsUsingOptionsMethod()
+        {
+            _downstreamContext.HttpContext.Request.Method = "OPTIONS";
+        }
+
         private void ThenTheUserIsAuthenticated()
         {
-            var content = _downstreamContext.HttpContext.Response.Body.AsString(); 
+            var content = _downstreamContext.HttpContext.Response.Body.AsString();
             content.ShouldBe("The user is authenticated");
         }
 
@@ -84,7 +103,7 @@ public static class StreamExtensions
     {
         public static string AsString(this Stream stream)
         {
-            using(var reader = new StreamReader(stream))
+            using (var reader = new StreamReader(stream))
             {
                 string text = reader.ReadToEnd();
                 return text;