dohertj2/ScadaBridge
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

test(sms): regression tests for code-review fixes

Browse Source 
Lock the behaviors changed by the review-fix commit + the security invariants:

- ManagementActorTests: UpdateSms/SmtpConfig now require Administrator (updated the
  existing success cases from Designer); + UpdateSmsConfig_WithDesignerRole_Returns
  Unauthorized and _WithEmptyAuthToken_PreservesExistingToken regression tests.
- SecretEncryptionTests: SmsConfiguration.AuthToken stored-encrypted round-trip +
  null round-trip (AccountSid stays plaintext) — guards ApplySecretColumnEncryption.
- ArtifactDiffTests: CompareSmsConfiguration New/Identical/Modified + the secret
  presence-only invariant (value never echoed, presence-flip shows <present> only).
- UpdateCommandContractTests: notification sms update core fields Required, --auth-token optional.
- NotificationListsPageTests: SMS recipient badge shows phone, not "Name <>".
- NotificationOutboxActorDispatchTests: SMS-typed notification routes to the SMS
  adapter (StubAdapter.Type made configurable), not the Email adapter.
- NotificationRecipientTests (new): ForEmail/ForSms + public-ctor invariants.
This commit is contained in:
Joseph Doherty
2026-06-19 15:09:47 -04:00
parent cd8e4872f6
commit a9393c8913
7 changed files with 312 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/ZB.MOM.WW.ScadaBridge.ConfigurationDatabase.Tests/SecretEncryptionTests.cs
+42
View File
@@ -114,6 +114,48 @@ public class SecretEncryptionTests : IDisposable
Assert.Null(loaded.Credentials);
}
[Fact]
public async Task SmsConfiguration_AuthToken_StoredEncrypted_RoundTrips()
{
// ConfigurationDatabase-NNN regression: the Twilio Auth Token is a secret and
// must be encrypted at rest exactly like SmtpConfiguration.Credentials. Guards
// against a future refactor dropping SmsConfiguration from ApplySecretColumnEncryption.
const string secret = "twilio-auth-token-do-not-leak";
var sms = new SmsConfiguration("AC0123456789", "+15550000000")
{
AuthToken = secret
};
_context.SmsConfigurations.Add(sms);
await _context.SaveChangesAsync();
_context.ChangeTracker.Clear();
var raw = await ReadRawColumnAsync("SmsConfigurations", "AuthToken", sms.Id);
Assert.NotNull(raw);
Assert.NotEqual(secret, raw);
Assert.DoesNotContain("twilio-auth-token-do-not-leak", raw);
var loaded = await _context.SmsConfigurations.SingleAsync(s => s.Id == sms.Id);
Assert.Equal(secret, loaded.AuthToken);
// AccountSid is NOT a secret (it also rides in the Twilio URL path) — stored verbatim.
var rawSid = await ReadRawColumnAsync("SmsConfigurations", "AccountSid", sms.Id);
Assert.Equal("AC0123456789", rawSid);
}
[Fact]
public async Task SmsConfiguration_NullAuthToken_RoundTripsAsNull()
{
var sms = new SmsConfiguration("AC0123456789", "+15550000000")
{
AuthToken = null
};
_context.SmsConfigurations.Add(sms);
await _context.SaveChangesAsync();
_context.ChangeTracker.Clear();
var loaded = await _context.SmsConfigurations.SingleAsync(s => s.Id == sms.Id);
Assert.Null(loaded.AuthToken);
}
private async Task<string?> ReadRawColumnAsync(string table, string column, int id)
{
var connection = _context.Database.GetDbConnection();