feat(audit): ScadaBridge IAuditActorAccessor + wire audit Actor from Auth principal at authenticated emit sites (Phase 3)

tests/ZB.MOM.WW.ScadaBridge.Security.Tests/HttpAuditActorAccessorTests.cs

@@ -0,0 +1,114 @@
+using System.Security.Claims;
+using Microsoft.AspNetCore.Http;
+using ZB.MOM.WW.Auth.AspNetCore;
+using ZB.MOM.WW.ScadaBridge.Security;
+
+namespace ZB.MOM.WW.ScadaBridge.Security.Tests;
+
+/// <summary>
+/// Phase 3 (wire audit Actor from the Auth principal): unit tests for
+/// <see cref="HttpAuditActorAccessor"/>. The accessor resolves the audit
+/// <c>Actor</c> from the authenticated principal on the ambient
+/// <see cref="IHttpContextAccessor.HttpContext"/> — the canonical username claim
+/// with an <see cref="System.Security.Principal.IIdentity.Name"/> fallback — and
+/// returns <c>null</c> whenever there is no authenticated interactive user, so the
+/// caller keeps its existing actor/fallback rather than echoing an unauthenticated
+/// principal.
+/// </summary>
+public class HttpAuditActorAccessorTests
+{
+    /// <summary>
+    /// Minimal <see cref="IHttpContextAccessor"/> test double returning a fixed
+    /// (possibly null) <see cref="HttpContext"/>.
+    /// </summary>
+    private sealed class StubHttpContextAccessor : IHttpContextAccessor
+    {
+        public HttpContext? HttpContext { get; set; }
+    }
+
+    private static HttpContext AuthenticatedContext(params Claim[] claims)
+    {
+        var ctx = new DefaultHttpContext
+        {
+            User = new ClaimsPrincipal(new ClaimsIdentity(claims, authenticationType: "TestAuth")),
+        };
+        return ctx;
+    }
+
+    [Fact]
+    public void CurrentActor_Authenticated_ReturnsUsernameClaim()
+    {
+        var ctx = AuthenticatedContext(
+            new Claim(JwtTokenService.UsernameClaimType, "alice"),
+            // A different Identity.Name proves the username claim is preferred.
+            new Claim(ClaimTypes.Name, "Alice Liddell"));
+        var accessor = new HttpAuditActorAccessor(
+            new StubHttpContextAccessor { HttpContext = ctx });
+
+        Assert.Equal("alice", accessor.CurrentActor);
+    }
+
+    [Fact]
+    public void CurrentActor_Authenticated_NoUsernameClaim_FallsBackToIdentityName()
+    {
+        // No canonical username claim; Identity.Name (pinned to ZbClaimTypes.Name)
+        // is the documented fallback. DefaultHttpContext maps the ClaimTypes.Name
+        // claim onto Identity.Name.
+        var ctx = AuthenticatedContext(new Claim(ClaimTypes.Name, "bob"));
+        var accessor = new HttpAuditActorAccessor(
+            new StubHttpContextAccessor { HttpContext = ctx });
+
+        Assert.Equal("bob", accessor.CurrentActor);
+    }
+
+    [Fact]
+    public void CurrentActor_Authenticated_PrefersUsernameOverZbName()
+    {
+        // Both the canonical username and the canonical name claim present — the
+        // username claim wins.
+        var ctx = AuthenticatedContext(
+            new Claim(JwtTokenService.UsernameClaimType, "svc-user"),
+            new Claim(ZbClaimTypes.Name, "Service User"));
+        var accessor = new HttpAuditActorAccessor(
+            new StubHttpContextAccessor { HttpContext = ctx });
+
+        Assert.Equal("svc-user", accessor.CurrentActor);
+    }
+
+    [Fact]
+    public void CurrentActor_Unauthenticated_ReturnsNull()
+    {
+        // An anonymous identity (no authenticationType) is NOT authenticated —
+        // never echo it back as an actor even if a name claim is somehow present.
+        var ctx = new DefaultHttpContext
+        {
+            User = new ClaimsPrincipal(
+                new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, "ghost") })),
+        };
+        var accessor = new HttpAuditActorAccessor(
+            new StubHttpContextAccessor { HttpContext = ctx });
+
+        Assert.Null(accessor.CurrentActor);
+    }
+
+    [Fact]
+    public void CurrentActor_NoAmbientHttpContext_ReturnsNull()
+    {
+        var accessor = new HttpAuditActorAccessor(
+            new StubHttpContextAccessor { HttpContext = null });
+
+        Assert.Null(accessor.CurrentActor);
+    }
+
+    [Fact]
+    public void CurrentActor_AuthenticatedButNoUsableName_ReturnsNull()
+    {
+        // Authenticated identity carrying only an unrelated claim (no username,
+        // no name) — there is nothing usable to record, so fall back to null.
+        var ctx = AuthenticatedContext(new Claim(ZbClaimTypes.Role, "Administrator"));
+        var accessor = new HttpAuditActorAccessor(
+            new StubHttpContextAccessor { HttpContext = ctx });
+
+        Assert.Null(accessor.CurrentActor);
+    }
+}

tests/ZB.MOM.WW.ScadaBridge.Security.Tests/ZB.MOM.WW.ScadaBridge.Security.Tests.csproj

@@ -8,14 +8,19 @@
     <IsPackable>false</IsPackable>
   </PropertyGroup>
 
+  <ItemGroup>
+    <!-- HttpAuditActorAccessorTests construct DefaultHttpContext + an
+         IHttpContextAccessor stub to drive the principal-to-actor seam. -->
+    <FrameworkReference Include="Microsoft.AspNetCore.App" />
+  </ItemGroup>
+
   <ItemGroup>
     <PackageReference Include="coverlet.collector" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" />
-    <PackageReference Include="Microsoft.Extensions.DependencyInjection" />
-    <PackageReference Include="Microsoft.Extensions.Logging" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" />
-    <PackageReference Include="Microsoft.Extensions.Options" />
-    <PackageReference Include="Microsoft.AspNetCore.Authorization" />
+    <!-- Microsoft.Extensions.* and Microsoft.AspNetCore.Authorization are provided
+         by the Microsoft.AspNetCore.App shared framework referenced above (added so
+         HttpAuditActorAccessorTests can build DefaultHttpContext), so they are no
+         longer listed as PackageReferences here (NU1510). -->
     <PackageReference Include="Microsoft.NET.Test.Sdk" />
     <PackageReference Include="xunit" />
     <PackageReference Include="xunit.runner.visualstudio" />