Add mock entra and fix tests

ksstott · ksstott · commit a86193bfb4eb · 2025-03-25T17:28:17.000Z
diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
@@ -4,12 +4,17 @@ on:
     branches: [ main, master ]
   pull_request:
     branches: [ main, master ]
+  workflow_dispatch:
 jobs:
   spa-test:
     timeout-minutes: 60
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
+    - name: Install certutil (for https support)
+      run: |
+        sudo apt update
+        sudo apt install libnss3-tools -y
     - uses: actions/setup-node@v4
       with:
         node-version: lts/*
diff --git a/MockOidcApp.AppHost/Program.cs b/MockOidcApp.AppHost/Program.cs
@@ -1,13 +1,101 @@
+using System.Text.Json;
+
 var builder = DistributedApplication.CreateBuilder(args);
 
 var api = builder.AddProject<Projects.MockOidcApp_Api>("api")
     .WithExternalHttpEndpoints();
 
-builder.AddNpmApp("vite", "../MockOidcApp.Vite", "dev")
+var vite = builder.AddNpmApp("vite", "../MockOidcApp.Vite", "dev")
     .WithReference(api)
     .WithEnvironment("BROWSER", "none")
     .WithHttpEndpoint(env: "VITE_PORT", port: 5100)
     .WithExternalHttpEndpoints()
     .PublishAsDockerFile();
 
+if (builder.ExecutionContext.IsPublishMode == false)
+{
+    var clientId = Guid.NewGuid().ToString();
+    var tenantId = Guid.NewGuid().ToString();
+    var certPassword = Guid.NewGuid().ToString();
+    var certExportExe = builder.AddExecutable("cert-export-exe", "dotnet", ".", "dev-certs", "https", "-ep", "./dev-certificates/aspnetapp.pfx", "-p", certPassword, "--trust", "--verbose");
+
+    var mockEntra = builder.AddContainer("mock-entra", "ghcr.io/soluto/oidc-server-mock")
+        .WaitForCompletion(certExportExe)
+        .WithEnvironment("ASPNETCORE_Kestrel__Certificates__Default__Password", certPassword)
+        .WithEnvironment("ASPNETCORE_Kestrel__Certificates__Default__Path", "/https/aspnetapp.pfx")
+        .WithBindMount("./dev-certificates", "/https")
+        .WithEnvironment("ASPNETCORE_URLS", "https://+:443")
+        .WithHttpsEndpoint(targetPort: 443);
+
+    mockEntra
+        .WithEnvironment("ASPNET_SERVICES_OPTIONS_INLINE", System.Text.Json.JsonSerializer.Serialize(new { BasePath = $"/{tenantId}/v2.0" }))
+        .WithEnvironment(
+            "CLIENTS_CONFIGURATION_INLINE",
+            () => System.Text.Json.JsonSerializer.Serialize(new[]
+        {
+            new
+            {
+                ClientId = clientId,
+                ClientName = "Sample App",
+                AllowedGrantTypes = new [] { "authorization_code" },
+                RedirectUris = new [] { vite.GetEndpoint("http").Url },
+                PostLogoutRedirectUris = new [] { vite.GetEndpoint("http").Url },
+                AllowedScopes = new [] { "openid", "profile", $"api://{clientId}/access_as_user" },
+                AllowOfflineAccess = true,
+                RequireClientSecret = false,
+                AlwaysSendClientClaims = true,
+                Claims = new [] {
+                    new { Type = "aud", Value = $"api://{clientId}" },
+                    new { Type = "ver", Value = $"1.0" },
+                },
+                ClientClaimsPrefix = string.Empty,
+            }
+        }))
+        .WithEnvironment("USERS_CONFIGURATION_INLINE", () => System.Text.Json.JsonSerializer.Serialize(new[]
+        {
+            new
+            {
+                SubjectId = "1",
+                Username = "admin@test.com",
+                Password = "Password123",
+                Claims = new []
+                {
+                    new { Type = "name", Value = "Frank Gardner" },
+                    new { Type = "scp", Value = "access_as_user"},
+                }
+            }
+        }))
+        .WithEnvironment(
+                "SERVER_OPTIONS_INLINE",
+                () => JsonSerializer.Serialize(new
+                {
+                    Cors = new
+                    {
+                        CorsPaths = new[]
+                        {
+                            $"/{tenantId}/v2.0/.well-known/openid-configuration",
+                            $"/{tenantId}/v2.0/connect/token"
+                        }
+                    },
+                }))
+        .WithEnvironment(
+                "API_SCOPES_INLINE",
+                () => JsonSerializer.Serialize(new[]
+                {
+                    new
+                    {
+                        Name = $"api://{clientId}/access_as_user",
+                        UserClaims = new[]
+                        {
+                            "scp"
+                        }
+                    }
+                }));
+
+    api
+        .WithEnvironment("AzureAd__Instance", mockEntra.GetEndpoint("https"))
+        .WithEnvironment("AzureAd__ClientId", clientId)
+        .WithEnvironment("AzureAd__TenantId", tenantId);
+}
+
 builder.Build().Run();
diff --git a/MockOidcApp.AppHost/dev-certificates/.gitignore b/MockOidcApp.AppHost/dev-certificates/.gitignore
@@ -0,0 +1,2 @@
+*
+!.gitignore
diff --git a/MockOidcApp.SpaIntegrationTests/playwright.config.ts b/MockOidcApp.SpaIntegrationTests/playwright.config.ts
@@ -30,6 +30,7 @@ export default defineConfig({
 
     /* Collect trace when retrying the failed test. See https://playwright.dev/docs/trace-viewer */
     trace: 'retain-on-failure',
+    ignoreHTTPSErrors: true,
   },
 
   /* Configure projects for major browsers */
diff --git a/MockOidcApp.SpaIntegrationTests/tests/homepage.spec.ts b/MockOidcApp.SpaIntegrationTests/tests/homepage.spec.ts
@@ -14,7 +14,11 @@ describe('Homepage', () => {
     const button = await page.getByTestId("auth-button");
     await button.waitFor();
     await button.click();
-    throw new Error("Not implemented - How can we login with Entra credentials when the login page could change at any time?");
+    const loginButton = page.getByRole('button', { name: 'Login' });
+    await loginButton.waitFor();
+    await page.getByRole('textbox', { name: 'Username' }).fill("admin@test.com");
+    await page.getByRole('textbox', { name: 'Password' }).fill("Password123");
+    await loginButton.click();
 
     await expect(page.getByTestId("auth-button")).toHaveText("Logout");
     await expect(page.getByTestId("welcome-message")).toHaveText("Hello Frank Gardner");
diff --git a/MockOidcApp.Vite/src/LoginButton.tsx b/MockOidcApp.Vite/src/LoginButton.tsx
@@ -12,11 +12,11 @@ function LoginButton() {
           })
           .catch((error) => console.log(error));
   };
+  const account = instance.getActiveAccount();
   const handleLogout = () => {
-      instance.logoutRedirect();
+    instance.logoutRedirect({ idTokenHint: account?.idToken });
   };
 
-  const account = instance.getActiveAccount();
 
   return (
     <>
diff --git a/MockOidcApp.Vite/src/authConfig.ts b/MockOidcApp.Vite/src/authConfig.ts
@@ -13,6 +13,7 @@ import { Configuration } from '@azure/msal-browser';
         auth: {
             clientId: settings.auth.clientId,
             authority: settings.auth.authority,
+            knownAuthorities: [settings.auth.authority],
             redirectUri: window.location.origin,
             postLogoutRedirectUri: '/',
         },
