test(security): DL-2 review nits — assert IsAuthenticated + clarify handler flag gating

src/ZB.MOM.WW.ScadaBridge.Security/Auth/AutoLoginAuthenticationHandler.cs

@@ -17,6 +17,9 @@ namespace ZB.MOM.WW.ScadaBridge.Security.Auth;
 public sealed class AutoLoginAuthenticationHandler
     : AuthenticationHandler<AuthenticationSchemeOptions>, IAuthenticationSignInHandler
 {
+    // Only _opts.User is consumed here. The DisableLogin flag is gated at registration time
+    // (AddSecurity); if DisableLogin is false this handler is never registered, so it is
+    // never reached and the flag itself is irrelevant inside the handler.
     private readonly AuthDisableLoginOptions _opts;
     private readonly TimeProvider _clock;
 

tests/ZB.MOM.WW.ScadaBridge.Security.Tests/AutoLoginAuthenticationHandlerTests.cs

@@ -49,6 +49,7 @@ public class AutoLoginAuthenticationHandlerTests
 
         Assert.True(result.Succeeded);
         var p = result.Principal!;
+        Assert.True(p.Identity!.IsAuthenticated);  // first gate checked by [Authorize] + Blazor AuthenticationStateProvider
         Assert.Equal("multi-role", p.Identity!.Name);
         foreach (var role in Roles.All)
             Assert.True(p.IsInRole(role), $"expected role {role}");