Joseph Doherty
7b0b9c7365
Solution + 23 src projects + 26 test projects renamed; folders, csproj, namespaces, and ScadaLinkDbContext/ScadaBridgeDbContext class updated. ActorSystem "scadalink" → "scadabridge", Akka seed-node URLs migrated. SQL roles/logins, LDAP domains, CLI command name, and CLI config dir (~/.scadalink → ~/.scadabridge) also renamed. Build green; 5 Host.Tests fail awaiting SQL login rename in next commit. Pre-existing StaleTagMonitor timing flakes unchanged. Rename script committed at tools/rename-to-scadabridge.sh.
80 lines
3.1 KiB
C#
80 lines
3.1 KiB
C#
using System.Security.Claims;
|
|
using Microsoft.AspNetCore.Http;
|
|
using ZB.MOM.WW.ScadaBridge.CentralUI.Auth;
|
|
|
|
namespace ZB.MOM.WW.ScadaBridge.CentralUI.Tests.Auth;
|
|
|
|
/// <summary>
|
|
/// Regression tests for CentralUI-004. The provider used to read
|
|
/// <see cref="IHttpContextAccessor.HttpContext"/> on every call; once the Blazor
|
|
/// circuit is established that context is gone, so later re-evaluations saw an
|
|
/// unauthenticated principal. The provider must snapshot the principal once at
|
|
/// construction (during the initial HTTP request) and serve it for the circuit.
|
|
/// </summary>
|
|
public class CookieAuthenticationStateProviderTests
|
|
{
|
|
private static ClaimsPrincipal AuthenticatedUser(string name)
|
|
{
|
|
var identity = new ClaimsIdentity(
|
|
new[] { new Claim(ClaimTypes.Name, name) },
|
|
authenticationType: "TestCookie");
|
|
return new ClaimsPrincipal(identity);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task GetAuthenticationStateAsync_ReturnsAuthenticatedUser_WhenHttpContextPresent()
|
|
{
|
|
var accessor = new HttpContextAccessor
|
|
{
|
|
HttpContext = new DefaultHttpContext { User = AuthenticatedUser("alice") }
|
|
};
|
|
|
|
var provider = new CookieAuthenticationStateProvider(accessor);
|
|
var state = await provider.GetAuthenticationStateAsync();
|
|
|
|
Assert.True(state.User.Identity?.IsAuthenticated);
|
|
Assert.Equal("alice", state.User.Identity?.Name);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task GetAuthenticationStateAsync_StillReturnsUser_AfterHttpContextIsGone()
|
|
{
|
|
// The circuit is built during the HTTP request: HttpContext is valid then.
|
|
var accessor = new HttpContextAccessor
|
|
{
|
|
HttpContext = new DefaultHttpContext { User = AuthenticatedUser("bob") }
|
|
};
|
|
var provider = new CookieAuthenticationStateProvider(accessor);
|
|
|
|
// After the request completes, IHttpContextAccessor.HttpContext is null for
|
|
// the life of the long-lived SignalR circuit.
|
|
accessor.HttpContext = null;
|
|
|
|
var state = await provider.GetAuthenticationStateAsync();
|
|
|
|
// The pre-fix implementation returned an anonymous principal here.
|
|
Assert.True(state.User.Identity?.IsAuthenticated);
|
|
Assert.Equal("bob", state.User.Identity?.Name);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task GetAuthenticationStateAsync_IsStableAcrossCalls_IgnoringStaleForeignContext()
|
|
{
|
|
var accessor = new HttpContextAccessor
|
|
{
|
|
HttpContext = new DefaultHttpContext { User = AuthenticatedUser("carol") }
|
|
};
|
|
var provider = new CookieAuthenticationStateProvider(accessor);
|
|
|
|
// A stale/foreign context leaking through the AsyncLocal accessor must NOT
|
|
// change what this circuit's provider reports.
|
|
accessor.HttpContext = new DefaultHttpContext { User = AuthenticatedUser("intruder") };
|
|
|
|
var first = await provider.GetAuthenticationStateAsync();
|
|
var second = await provider.GetAuthenticationStateAsync();
|
|
|
|
Assert.Equal("carol", first.User.Identity?.Name);
|
|
Assert.Equal("carol", second.User.Identity?.Name);
|
|
}
|
|
}
|