feat(auth): ScadaBridge full canonical claims (ZbClaimTypes role/scope) + ZbCookieDefaults, keep cookie name (Task 1.5)

2026-06-02 06:23:15 -04:00
parent afa55981d5
commit a0938f708b
25 changed files with 247 additions and 50 deletions
@@ -36,7 +36,7 @@ public class ApiKeyFormAuditDrillinTests : BunitContext

        var claims = new[]
        {
-            new Claim("Username", "admin"),
+            new Claim(JwtTokenService.UsernameClaimType, "admin"),
            new Claim(JwtTokenService.RoleClaimType, "Admin"),
        };
        var user = new ClaimsPrincipal(new ClaimsIdentity(claims, "TestAuth"));
@@ -26,7 +26,7 @@ public class ApiKeysListPageTests : BunitContext

        var claims = new[]
        {
-            new Claim("Username", "admin"),
+            new Claim(JwtTokenService.UsernameClaimType, "admin"),
            new Claim(JwtTokenService.RoleClaimType, "Admin"),
        };
        var user = new ClaimsPrincipal(new ClaimsIdentity(claims, "TestAuth"));
@@ -35,7 +35,7 @@ public class SiteFormAuditDrillinTests : BunitContext

        var claims = new[]
        {
-            new Claim("Username", "admin"),
+            new Claim(JwtTokenService.UsernameClaimType, "admin"),
            new Claim(JwtTokenService.RoleClaimType, "Admin"),
        };
        var user = new ClaimsPrincipal(new ClaimsIdentity(claims, "TestAuth"));
@@ -1,4 +1,5 @@
 using System.Security.Claims;
+using ZB.MOM.WW.ScadaBridge.Security;
 using System.Text.Json;
 using Bunit;
 using Microsoft.AspNetCore.Components;
@@ -28,7 +29,7 @@ public class DataConnectionFormTests : BunitContext
    {
        var claims = new[]
        {
-            new Claim("Username", "tester"),
+            new Claim(JwtTokenService.UsernameClaimType, "tester"),
            new Claim(ClaimTypes.Role, "Admin")
        };
        var user = new ClaimsPrincipal(new ClaimsIdentity(claims, "TestAuth"));
@@ -1,4 +1,5 @@
 using System.Security.Claims;
+using ZB.MOM.WW.ScadaBridge.Security;
 using Bunit;
 using Microsoft.AspNetCore.Components.Authorization;
 using Microsoft.Extensions.DependencyInjection;
@@ -35,7 +36,7 @@ public class DataConnectionsPageTests : BunitContext
    {
        var claims = new[]
        {
-            new Claim("Username", "tester"),
+            new Claim(JwtTokenService.UsernameClaimType, "tester"),
            new Claim(ClaimTypes.Role, "Admin")
        };
        var user = new ClaimsPrincipal(new ClaimsIdentity(claims, "TestAuth"));
@@ -53,7 +53,7 @@ public class InstanceConfigureAuditDrillinTests : BunitContext
        // Auth: a system-wide Deployment user so SiteScope grants everything.
        var claims = new[]
        {
-            new Claim("Username", "deployer"),
+            new Claim(JwtTokenService.UsernameClaimType, "deployer"),
            new Claim(JwtTokenService.RoleClaimType, "Deployment"),
        };
        var user = new ClaimsPrincipal(new ClaimsIdentity(claims, "TestAuth"));
@@ -27,7 +27,7 @@ public class ExternalSystemFormAuditDrillinTests : BunitContext

        var claims = new[]
        {
-            new Claim("Username", "tester"),
+            new Claim(JwtTokenService.UsernameClaimType, "tester"),
            new Claim(JwtTokenService.RoleClaimType, "Design"),
        };
        var user = new ClaimsPrincipal(new ClaimsIdentity(claims, "TestAuth"));
@@ -16,8 +16,9 @@ namespace ZB.MOM.WW.ScadaBridge.CentralUI.Tests.Layout;
 /// reveals a section's items and persists state to a cookie) and that the
 /// Notifications section's items are gated per-policy. The
 /// <c>AuthorizeView Policy=...</c> blocks evaluate the real policies, which
-/// require a claim of type <see cref="JwtTokenService.RoleClaimType"/> ("Role"),
-/// so the test principal carries claims of that exact type.
+/// require a claim of type <see cref="JwtTokenService.RoleClaimType"/> (the
+/// canonical <c>ZbClaimTypes.Role</c> framework URI), so the test principal
+/// carries claims of that exact type.
 /// </summary>
 public class NavMenuTests : BunitContext
 {
@@ -40,7 +41,7 @@ public class NavMenuTests : BunitContext
    /// </summary>
    private IRenderedComponent<NavMenu> RenderWithRoles(params string[] roles)
    {
-        var claims = new List<Claim> { new("Username", "tester") };
+        var claims = new List<Claim> { new(JwtTokenService.UsernameClaimType, "tester") };
        claims.AddRange(roles.Select(r => new Claim(JwtTokenService.RoleClaimType, r)));

        var user = new ClaimsPrincipal(new ClaimsIdentity(claims, "TestAuth"));
@@ -57,7 +57,7 @@ public class AuditLogPagePermissionTests : BunitContext

    private static ClaimsPrincipal BuildPrincipal(params string[] roles)
    {
-        var claims = new List<Claim> { new("Username", "tester") };
+        var claims = new List<Claim> { new(JwtTokenService.UsernameClaimType, "tester") };
        claims.AddRange(roles.Select(r => new Claim(JwtTokenService.RoleClaimType, r)));
        return new ClaimsPrincipal(new ClaimsIdentity(claims, "TestAuth"));
    }
@@ -39,7 +39,7 @@ public class AuditLogPageScaffoldTests : BunitContext

    private static ClaimsPrincipal BuildPrincipal(params string[] roles)
    {
-        var claims = new List<Claim> { new("Username", "tester") };
+        var claims = new List<Claim> { new(JwtTokenService.UsernameClaimType, "tester") };
        claims.AddRange(roles.Select(r => new Claim(JwtTokenService.RoleClaimType, r)));
        return new ClaimsPrincipal(new ClaimsIdentity(claims, "TestAuth"));
    }
@@ -28,7 +28,7 @@ public class ExecutionTreePageTests : BunitContext

    private static ClaimsPrincipal BuildPrincipal(params string[] roles)
    {
-        var claims = new List<Claim> { new("Username", "tester") };
+        var claims = new List<Claim> { new(JwtTokenService.UsernameClaimType, "tester") };
        claims.AddRange(roles.Select(r => new Claim(JwtTokenService.RoleClaimType, r)));
        return new ClaimsPrincipal(new ClaimsIdentity(claims, "TestAuth"));
    }
@@ -1,4 +1,5 @@
 using System.Security.Claims;
+using ZB.MOM.WW.ScadaBridge.Security;
 using Akka.Actor;
 using Bunit;
 using Microsoft.AspNetCore.Components.Authorization;
@@ -80,7 +81,7 @@ public class HealthPageTests : BunitContext

        var claims = new[]
        {
-            new Claim("Username", "tester"),
+            new Claim(JwtTokenService.UsernameClaimType, "tester"),
            new Claim(ClaimTypes.Role, "Admin"),
        };
        var user = new ClaimsPrincipal(new ClaimsIdentity(claims, "TestAuth"));
@@ -68,7 +68,7 @@ public class NotificationKpisPageTests : BunitContext

        var claims = new[]
        {
-            new Claim("Username", "tester"),
+            new Claim(JwtTokenService.UsernameClaimType, "tester"),
            new Claim(ClaimTypes.Role, "Deployment"),
        };
        var user = new ClaimsPrincipal(new ClaimsIdentity(claims, "TestAuth"));
@@ -1,4 +1,5 @@
 using System.Security.Claims;
+using ZB.MOM.WW.ScadaBridge.Security;
 using Bunit;
 using Microsoft.AspNetCore.Components.Authorization;
 using Microsoft.Extensions.DependencyInjection;
@@ -21,7 +22,7 @@ public class NotificationListsPageTests : BunitContext

        var claims = new[]
        {
-            new Claim("Username", "tester"),
+            new Claim(JwtTokenService.UsernameClaimType, "tester"),
            new Claim(ClaimTypes.Role, "Design"),
        };
        var user = new ClaimsPrincipal(new ClaimsIdentity(claims, "TestAuth"));
@@ -1,4 +1,5 @@
 using System.Security.Claims;
+using ZB.MOM.WW.ScadaBridge.Security;
 using Akka.Actor;
 using Bunit;
 using Microsoft.AspNetCore.Components.Authorization;
@@ -87,7 +88,7 @@ public class NotificationReportDetailModalTests : BunitContext

        var claims = new[]
        {
-            new Claim("Username", "tester"),
+            new Claim(JwtTokenService.UsernameClaimType, "tester"),
            new Claim(ClaimTypes.Role, "Deployment"),
        };
        var user = new ClaimsPrincipal(new ClaimsIdentity(claims, "TestAuth"));
@@ -73,7 +73,7 @@ public class NotificationReportPageTests : BunitContext

        var claims = new[]
        {
-            new Claim("Username", "tester"),
+            new Claim(JwtTokenService.UsernameClaimType, "tester"),
            new Claim(ClaimTypes.Role, "Deployment"),
        };
        var user = new ClaimsPrincipal(new ClaimsIdentity(claims, "TestAuth"));
@@ -1,4 +1,5 @@
 using System.Security.Claims;
+using ZB.MOM.WW.ScadaBridge.Security;
 using Akka.Actor;
 using Bunit;
 using Bunit.TestDoubles;
@@ -171,7 +172,7 @@ public sealed class QueryStringDrillInTests

            var claims = new[]
            {
-                new Claim("Username", "tester"),
+                new Claim(JwtTokenService.UsernameClaimType, "tester"),
                new Claim(ClaimTypes.Role, "Deployment"),
            };
            var user = new ClaimsPrincipal(new ClaimsIdentity(claims, "TestAuth"));
@@ -88,7 +88,7 @@ public class SiteCallsReportPageTests : BunitContext

        var claims = new[]
        {
-            new Claim("Username", "tester"),
+            new Claim(JwtTokenService.UsernameClaimType, "tester"),
            new Claim(ClaimTypes.Role, "Deployment"),
        };
        var user = new ClaimsPrincipal(new ClaimsIdentity(claims, "TestAuth"));
@@ -493,7 +493,7 @@ public class SiteCallsReportPageTests : BunitContext
        // Last AuthenticationStateProvider registration wins on resolution.
        var scopedUser = new ClaimsPrincipal(new ClaimsIdentity(new[]
        {
-            new Claim("Username", "scoped"),
+            new Claim(JwtTokenService.UsernameClaimType, "scoped"),
            new Claim(ClaimTypes.Role, "Deployment"),
            new Claim(JwtTokenService.SiteIdClaimType, "1"), // Plant A only
        }, "TestAuth"));
@@ -1,4 +1,5 @@
 using System.Security.Claims;
+using ZB.MOM.WW.ScadaBridge.Security;
 using Bunit;
 using Microsoft.AspNetCore.Components.Authorization;
 using Microsoft.Extensions.DependencyInjection;
@@ -19,7 +20,7 @@ public class SmtpConfigurationPageTests : BunitContext
    {
        var claims = new[]
        {
-            new Claim("Username", "tester"),
+            new Claim(JwtTokenService.UsernameClaimType, "tester"),
            new Claim(ClaimTypes.Role, "Admin"),
        };
        var user = new ClaimsPrincipal(new ClaimsIdentity(claims, "TestAuth"));
@@ -1,4 +1,5 @@
 using System.Security.Claims;
+using ZB.MOM.WW.ScadaBridge.Security;
 using Bunit;
 using Microsoft.AspNetCore.Components.Authorization;
 using Microsoft.Extensions.DependencyInjection;
@@ -50,7 +51,7 @@ public class TemplatesPageTests : BunitContext
        // GetCurrentUserAsync(); supply a stub so OnInitializedAsync doesn't crash.
        var claims = new[]
        {
-            new Claim("Username", "tester"),
+            new Claim(JwtTokenService.UsernameClaimType, "tester"),
            new Claim(ClaimTypes.Role, "Design")
        };
        var identity = new ClaimsIdentity(claims, "TestAuth");
@@ -1,4 +1,5 @@
 using System.Security.Claims;
+using ZB.MOM.WW.ScadaBridge.Security;
 using Bunit;
 using Microsoft.AspNetCore.Components.Authorization;
 using Microsoft.Extensions.DependencyInjection;
@@ -86,7 +87,7 @@ public class TopologyPageTests : BunitContext
    {
        var claims = new[]
        {
-            new Claim("Username", "tester"),
+            new Claim(JwtTokenService.UsernameClaimType, "tester"),
            new Claim(ClaimTypes.Role, "Deployment")
        };
        var user = new ClaimsPrincipal(new ClaimsIdentity(claims, "TestAuth"));
@@ -215,7 +216,7 @@ public class TopologyPageTests : BunitContext
        // permitted sites via SiteScopeService.
        var scopedUser = new ClaimsPrincipal(new ClaimsIdentity(new[]
        {
-            new Claim("Username", "scoped-tester"),
+            new Claim(JwtTokenService.UsernameClaimType, "scoped-tester"),
            new Claim(ZB.MOM.WW.ScadaBridge.Security.JwtTokenService.RoleClaimType, "Deployment"),
            // Permitted on site 1 only.
            new Claim(ZB.MOM.WW.ScadaBridge.Security.JwtTokenService.SiteIdClaimType, "1"),