Joseph Doherty
b104760b3a
Standardize role string VALUES on the canonical vocabulary
(Administrator/Designer/Deployer/Viewer; Operator/Engineer unused here):
Admin -> Administrator
Design -> Designer
Deployment -> Deployer
Audit -> Administrator (COLLAPSE; accepted privilege escalation)
AuditReadOnly-> Viewer (COLLAPSE; keeps audit-read, no export)
SoD: OperationalAuditRoles = { Administrator, Viewer },
AuditExportRoles = { Administrator }
so Viewer reads the audit log + nav but cannot bulk-export, while
Administrator does both + holds the full admin surface (the documented,
accepted auditor/admin SoD collapse).
Atomic move across every enforcement site:
- Roles constants; AuthorizationPolicies (RequireClaim values + SoD arrays +
honest XML-doc); RoleMapper Deployer check.
- ManagementActor.GetRequiredRole switch + the hard-coded site-scope
admin-bypass (now Roles.Administrator at all 6 sites). Site-scoping logic
is otherwise unchanged.
- DebugStreamHub Administrator/Deployer gates (Deployer kept case-sensitive).
- CentralUI BrowseService/BindingTester Designer guards; LdapMappingForm
dropdown now offers canonical values (incl. Viewer).
- Config-DB seed (LdapGroupMappings Id 1-4) + EF migration CanonicalizeRoles:
Id-keyed UpdateData for seed rows + idempotent raw catch-all UPDATEs for
operator-added rows. Down is lossy on the collapse (documented in-file).
No pending model changes.
Tests reworked to the collapsed model across Security/CentralUI/
ManagementService/ConfigurationDatabase/Integration suites, incl. explicit
Viewer-reads-not-exports and former-Audit-now-Administrator-escalation cases.
CHANGELOG: BREAKING security note documenting the canonicalization + SoD
collapse.
366 lines
16 KiB
C#
366 lines
16 KiB
C#
using System.Security.Claims;
|
|
using Bunit;
|
|
using Bunit.TestDoubles;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Components;
|
|
using Microsoft.AspNetCore.Components.Authorization;
|
|
using Microsoft.Extensions.DependencyInjection;
|
|
using NSubstitute;
|
|
using ZB.MOM.WW.ScadaBridge.CentralUI.Services;
|
|
using ZB.MOM.WW.ScadaBridge.Commons.Entities.Audit;
|
|
using ZB.MOM.WW.ScadaBridge.Commons.Types.Audit;
|
|
using ZB.MOM.WW.ScadaBridge.Commons.Types.Enums;
|
|
using ZB.MOM.WW.ScadaBridge.Security;
|
|
using AuditLogPage = ZB.MOM.WW.ScadaBridge.CentralUI.Components.Pages.Audit.AuditLogPage;
|
|
using NavMenu = ZB.MOM.WW.ScadaBridge.CentralUI.Components.Layout.NavMenu;
|
|
|
|
namespace ZB.MOM.WW.ScadaBridge.CentralUI.Tests.Pages;
|
|
|
|
/// <summary>
|
|
/// Scaffold tests for the new Audit Log page (#23 M7-T1) and the Audit
|
|
/// nav group that hosts both it and the renamed Configuration Audit Log
|
|
/// (#23 M7 Bundle A).
|
|
///
|
|
/// These are render-only smoke tests — the filter bar and results grid
|
|
/// are intentional placeholders that Bundle B fills in. The tests pin
|
|
/// the page route, page heading, nav group label, and the two child
|
|
/// links so later bundles cannot regress the scaffolding.
|
|
/// </summary>
|
|
public class AuditLogPageScaffoldTests : BunitContext
|
|
{
|
|
public AuditLogPageScaffoldTests()
|
|
{
|
|
// The page hosts AuditResultsGrid, whose OnAfterRenderAsync wires the
|
|
// column resize/reorder UX via audit-grid.js (a sessionStorage load +
|
|
// an init call). Loose mode lets those unconfigured JS calls no-op so
|
|
// the page scaffold smoke tests need not configure browser interop.
|
|
JSInterop.Mode = JSRuntimeMode.Loose;
|
|
}
|
|
|
|
private static ClaimsPrincipal BuildPrincipal(params string[] roles)
|
|
{
|
|
var claims = new List<Claim> { new(JwtTokenService.UsernameClaimType, "tester") };
|
|
claims.AddRange(roles.Select(r => new Claim(JwtTokenService.RoleClaimType, r)));
|
|
return new ClaimsPrincipal(new ClaimsIdentity(claims, "TestAuth"));
|
|
}
|
|
|
|
private IRenderedComponent<AuditLogPage> RenderAuditLogPage(params string[] roles)
|
|
{
|
|
return RenderAuditLogPageWithQuery(query: null, roles: roles);
|
|
}
|
|
|
|
private IAuditLogQueryService _queryService = Substitute.For<IAuditLogQueryService>();
|
|
|
|
private IRenderedComponent<AuditLogPage> RenderAuditLogPageWithQuery(string? query, params string[] roles)
|
|
{
|
|
var user = BuildPrincipal(roles);
|
|
Services.AddSingleton<AuthenticationStateProvider>(new TestAuthStateProvider(user));
|
|
Services.AddAuthorizationCore();
|
|
AuthorizationPolicies.AddScadaBridgeAuthorization(Services);
|
|
Services.AddSingleton<IAuthorizationService, DefaultAuthorizationService>();
|
|
// The page now hosts AuditFilterBar + AuditResultsGrid which depend on
|
|
// ISiteRepository and IAuditLogQueryService respectively (Bundle B).
|
|
// Provide stand-ins so the scaffold smoke tests still render the page.
|
|
Services.AddSingleton(Substitute.For<ZB.MOM.WW.ScadaBridge.Commons.Interfaces.Repositories.ISiteRepository>());
|
|
Services.AddSingleton(_queryService);
|
|
|
|
if (!string.IsNullOrEmpty(query))
|
|
{
|
|
var nav = (BunitNavigationManager)Services.GetRequiredService<NavigationManager>();
|
|
nav.NavigateTo($"/audit/log?{query}");
|
|
}
|
|
|
|
// Bundle G (#23 M7-T15): the page now hosts an in-component
|
|
// AuthorizeView around the Export-CSV button, so the page MUST
|
|
// render inside a CascadingAuthenticationState. The router supplies
|
|
// this in production; bUnit hosts the page directly so we wrap it
|
|
// here.
|
|
var host = Render<CascadingAuthenticationState>(parameters => parameters
|
|
.Add(p => p.ChildContent, (RenderFragment)(builder =>
|
|
{
|
|
builder.OpenComponent<AuditLogPage>(0);
|
|
builder.CloseComponent();
|
|
})));
|
|
|
|
return host.FindComponent<AuditLogPage>();
|
|
}
|
|
|
|
private IRenderedComponent<NavMenu> RenderNavMenu(params string[] roles)
|
|
{
|
|
var user = BuildPrincipal(roles);
|
|
Services.AddSingleton<AuthenticationStateProvider>(new TestAuthStateProvider(user));
|
|
Services.AddAuthorizationCore();
|
|
AuthorizationPolicies.AddScadaBridgeAuthorization(Services);
|
|
Services.AddSingleton<IAuthorizationService, DefaultAuthorizationService>();
|
|
|
|
var host = Render<CascadingAuthenticationState>(parameters => parameters
|
|
.Add(p => p.ChildContent, (RenderFragment)(builder =>
|
|
{
|
|
builder.OpenComponent<NavMenu>(0);
|
|
builder.CloseComponent();
|
|
})));
|
|
|
|
return host.FindComponent<NavMenu>();
|
|
}
|
|
|
|
/// <summary>
|
|
/// Clicks the collapsible section header whose title matches, expanding it.
|
|
/// Nav sections are collapsed by default, so a section's items are only in
|
|
/// the DOM once expanded.
|
|
/// </summary>
|
|
private static void ExpandNavSection(IRenderedComponent<NavMenu> cut, string title)
|
|
{
|
|
var toggle = cut.FindAll("button.nav-section-toggle")
|
|
.Single(b => b.TextContent.Contains(title, StringComparison.Ordinal));
|
|
toggle.Click();
|
|
}
|
|
|
|
[Fact]
|
|
public void AuditLogPage_Renders_PageHeading()
|
|
{
|
|
var cut = RenderAuditLogPage("Administrator");
|
|
|
|
cut.WaitForAssertion(() =>
|
|
{
|
|
// The H1 is the only positive scaffold assertion — the filter
|
|
// bar and grid are still placeholders the Bundle B work fills.
|
|
Assert.Contains("<h1", cut.Markup);
|
|
Assert.Contains("Audit Log", cut.Markup);
|
|
});
|
|
}
|
|
|
|
[Fact]
|
|
public void NavMenu_Contains_AuditGroup_With_AuditLog_Link()
|
|
{
|
|
var cut = RenderNavMenu("Administrator", "Designer", "Deployer");
|
|
ExpandNavSection(cut, "Audit");
|
|
|
|
cut.WaitForAssertion(() =>
|
|
{
|
|
Assert.Contains(">Audit<", cut.Markup);
|
|
Assert.Contains("/audit/log", cut.Markup);
|
|
});
|
|
}
|
|
|
|
[Fact]
|
|
public void NavMenu_Contains_ConfigurationAuditLog_Link_UnderAuditGroup()
|
|
{
|
|
var cut = RenderNavMenu("Administrator", "Designer", "Deployer");
|
|
ExpandNavSection(cut, "Audit");
|
|
|
|
cut.WaitForAssertion(() =>
|
|
{
|
|
// Both audit pages must appear after the Audit section header
|
|
// in the rendered nav. We check both links + that the header
|
|
// comes before either link in the markup, so they are in the
|
|
// Audit group rather than orphaned under Monitoring.
|
|
Assert.Contains("/audit/configuration", cut.Markup);
|
|
Assert.Contains("/audit/log", cut.Markup);
|
|
var headerIdx = cut.Markup.IndexOf(">Audit<", StringComparison.Ordinal);
|
|
var configIdx = cut.Markup.IndexOf("/audit/configuration", StringComparison.Ordinal);
|
|
var logIdx = cut.Markup.IndexOf("/audit/log", StringComparison.Ordinal);
|
|
Assert.True(headerIdx >= 0 && headerIdx < configIdx,
|
|
"Audit section header must precede the Configuration Audit Log link.");
|
|
Assert.True(headerIdx >= 0 && headerIdx < logIdx,
|
|
"Audit section header must precede the Audit Log link.");
|
|
});
|
|
}
|
|
|
|
// ─────────────────────────────────────────────────────────────────────────
|
|
// Bundle D — query-string drill-in parsing (#23 M7-T10..T12)
|
|
// ─────────────────────────────────────────────────────────────────────────
|
|
|
|
[Fact]
|
|
public void NavigateWithCorrelationId_AppliesFilter_AndAutoLoads()
|
|
{
|
|
var corr = Guid.Parse("11111111-2222-3333-4444-555555555555");
|
|
_queryService = Substitute.For<IAuditLogQueryService>();
|
|
_queryService.QueryAsync(Arg.Any<AuditLogQueryFilter>(), Arg.Any<AuditLogPaging?>(), Arg.Any<CancellationToken>())
|
|
.Returns(Task.FromResult<IReadOnlyList<AuditEvent>>(new List<AuditEvent>()));
|
|
|
|
var cut = RenderAuditLogPageWithQuery($"correlationId={corr}", "Administrator");
|
|
|
|
cut.WaitForAssertion(() =>
|
|
{
|
|
// Auto-load fires because correlationId is a real filter dimension.
|
|
_queryService.Received().QueryAsync(
|
|
Arg.Is<AuditLogQueryFilter>(f => f.CorrelationId == corr),
|
|
Arg.Any<AuditLogPaging?>(),
|
|
Arg.Any<CancellationToken>());
|
|
});
|
|
}
|
|
|
|
[Fact]
|
|
public void NavigateWithExecutionIdParam_AppliesFilter_AndAutoLoads()
|
|
{
|
|
// The "View this execution" drill-in lands on /audit/log?executionId={id}.
|
|
// The page parses the Guid, builds an AuditLogQueryFilter with ExecutionId
|
|
// set, and auto-loads the grid.
|
|
var executionId = Guid.Parse("aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee");
|
|
_queryService = Substitute.For<IAuditLogQueryService>();
|
|
_queryService.QueryAsync(Arg.Any<AuditLogQueryFilter>(), Arg.Any<AuditLogPaging?>(), Arg.Any<CancellationToken>())
|
|
.Returns(Task.FromResult<IReadOnlyList<AuditEvent>>(new List<AuditEvent>()));
|
|
|
|
var cut = RenderAuditLogPageWithQuery($"executionId={executionId}", "Administrator");
|
|
|
|
cut.WaitForAssertion(() =>
|
|
{
|
|
_queryService.Received().QueryAsync(
|
|
Arg.Is<AuditLogQueryFilter>(f => f.ExecutionId == executionId),
|
|
Arg.Any<AuditLogPaging?>(),
|
|
Arg.Any<CancellationToken>());
|
|
});
|
|
}
|
|
|
|
[Fact]
|
|
public void NavigateWithUnparseableExecutionIdParam_IsSilentlyDropped_NoAutoLoad()
|
|
{
|
|
_queryService = Substitute.For<IAuditLogQueryService>();
|
|
|
|
var cut = RenderAuditLogPageWithQuery("executionId=not-a-guid", "Administrator");
|
|
|
|
// An unparseable executionId leaves ExecutionId null. With no other filter
|
|
// params present the page renders but does NOT call the query service.
|
|
cut.WaitForAssertion(() => Assert.Contains("Audit Log", cut.Markup));
|
|
_queryService.DidNotReceive().QueryAsync(
|
|
Arg.Any<AuditLogQueryFilter>(),
|
|
Arg.Any<AuditLogPaging?>(),
|
|
Arg.Any<CancellationToken>());
|
|
}
|
|
|
|
[Fact]
|
|
public void NavigateWithParentExecutionIdParam_AppliesFilter_AndAutoLoads()
|
|
{
|
|
// The "View parent execution" drill-in (and operator-crafted URLs) land on
|
|
// /audit/log?parentExecutionId={id}. The page parses the Guid, builds an
|
|
// AuditLogQueryFilter with ParentExecutionId set, and auto-loads the grid.
|
|
var parentExecutionId = Guid.Parse("aaaaaaaa-1111-2222-3333-bbbbbbbbbbbb");
|
|
_queryService = Substitute.For<IAuditLogQueryService>();
|
|
_queryService.QueryAsync(Arg.Any<AuditLogQueryFilter>(), Arg.Any<AuditLogPaging?>(), Arg.Any<CancellationToken>())
|
|
.Returns(Task.FromResult<IReadOnlyList<AuditEvent>>(new List<AuditEvent>()));
|
|
|
|
var cut = RenderAuditLogPageWithQuery($"parentExecutionId={parentExecutionId}", "Administrator");
|
|
|
|
cut.WaitForAssertion(() =>
|
|
{
|
|
_queryService.Received().QueryAsync(
|
|
Arg.Is<AuditLogQueryFilter>(f => f.ParentExecutionId == parentExecutionId),
|
|
Arg.Any<AuditLogPaging?>(),
|
|
Arg.Any<CancellationToken>());
|
|
});
|
|
}
|
|
|
|
[Fact]
|
|
public void NavigateWithUnparseableParentExecutionIdParam_IsSilentlyDropped_NoAutoLoad()
|
|
{
|
|
_queryService = Substitute.For<IAuditLogQueryService>();
|
|
|
|
var cut = RenderAuditLogPageWithQuery("parentExecutionId=not-a-guid", "Administrator");
|
|
|
|
// An unparseable parentExecutionId leaves ParentExecutionId null. With no
|
|
// other filter params present the page renders but does NOT call the query
|
|
// service.
|
|
cut.WaitForAssertion(() => Assert.Contains("Audit Log", cut.Markup));
|
|
_queryService.DidNotReceive().QueryAsync(
|
|
Arg.Any<AuditLogQueryFilter>(),
|
|
Arg.Any<AuditLogPaging?>(),
|
|
Arg.Any<CancellationToken>());
|
|
}
|
|
|
|
[Fact]
|
|
public void NavigateWithTargetParam_AppliesTargetFilter()
|
|
{
|
|
_queryService = Substitute.For<IAuditLogQueryService>();
|
|
_queryService.QueryAsync(Arg.Any<AuditLogQueryFilter>(), Arg.Any<AuditLogPaging?>(), Arg.Any<CancellationToken>())
|
|
.Returns(Task.FromResult<IReadOnlyList<AuditEvent>>(new List<AuditEvent>()));
|
|
|
|
var cut = RenderAuditLogPageWithQuery("target=ExternalSystem-Alpha", "Administrator");
|
|
|
|
cut.WaitForAssertion(() =>
|
|
{
|
|
_queryService.Received().QueryAsync(
|
|
Arg.Is<AuditLogQueryFilter>(f => f.Target == "ExternalSystem-Alpha"),
|
|
Arg.Any<AuditLogPaging?>(),
|
|
Arg.Any<CancellationToken>());
|
|
});
|
|
}
|
|
|
|
[Fact]
|
|
public void NavigateWithSiteParam_AppliesSiteFilter()
|
|
{
|
|
_queryService = Substitute.For<IAuditLogQueryService>();
|
|
_queryService.QueryAsync(Arg.Any<AuditLogQueryFilter>(), Arg.Any<AuditLogPaging?>(), Arg.Any<CancellationToken>())
|
|
.Returns(Task.FromResult<IReadOnlyList<AuditEvent>>(new List<AuditEvent>()));
|
|
|
|
var cut = RenderAuditLogPageWithQuery("site=plant-a", "Administrator");
|
|
|
|
cut.WaitForAssertion(() =>
|
|
{
|
|
_queryService.Received().QueryAsync(
|
|
Arg.Is<AuditLogQueryFilter>(f =>
|
|
f.SourceSiteIds != null && f.SourceSiteIds.Count == 1 && f.SourceSiteIds[0] == "plant-a"),
|
|
Arg.Any<AuditLogPaging?>(),
|
|
Arg.Any<CancellationToken>());
|
|
});
|
|
}
|
|
|
|
[Fact]
|
|
public void NavigateWithStatusParam_AppliesStatusFilter()
|
|
{
|
|
// Bundle E (M7-T13): the Health-dashboard Audit error-rate tile drills
|
|
// in with ?status=Failed. The page parses the enum (case-insensitive),
|
|
// builds an AuditLogQueryFilter with Status set, and auto-loads.
|
|
_queryService = Substitute.For<IAuditLogQueryService>();
|
|
_queryService.QueryAsync(Arg.Any<AuditLogQueryFilter>(), Arg.Any<AuditLogPaging?>(), Arg.Any<CancellationToken>())
|
|
.Returns(Task.FromResult<IReadOnlyList<AuditEvent>>(new List<AuditEvent>()));
|
|
|
|
var cut = RenderAuditLogPageWithQuery("status=Failed", "Administrator");
|
|
|
|
cut.WaitForAssertion(() =>
|
|
{
|
|
_queryService.Received().QueryAsync(
|
|
Arg.Is<AuditLogQueryFilter>(f =>
|
|
f.Statuses != null && f.Statuses.Count == 1 && f.Statuses[0] == AuditStatus.Failed),
|
|
Arg.Any<AuditLogPaging?>(),
|
|
Arg.Any<CancellationToken>());
|
|
});
|
|
}
|
|
|
|
[Fact]
|
|
public void NavigateWithUnknownStatusParam_IsSilentlyDropped_NoAutoLoad()
|
|
{
|
|
_queryService = Substitute.For<IAuditLogQueryService>();
|
|
|
|
var cut = RenderAuditLogPageWithQuery("status=NotARealStatus", "Administrator");
|
|
|
|
// An unparseable status value leaves Status null. With no other filter
|
|
// params present the page renders but does NOT call the query service
|
|
// (matching the existing "no params" contract).
|
|
cut.WaitForAssertion(() => Assert.Contains("Audit Log", cut.Markup));
|
|
_queryService.DidNotReceive().QueryAsync(
|
|
Arg.Any<AuditLogQueryFilter>(),
|
|
Arg.Any<AuditLogPaging?>(),
|
|
Arg.Any<CancellationToken>());
|
|
}
|
|
|
|
[Fact]
|
|
public void NavigateWithNoParams_LeavesFilterEmpty_NoAutoLoad()
|
|
{
|
|
_queryService = Substitute.For<IAuditLogQueryService>();
|
|
|
|
var cut = RenderAuditLogPage("Administrator");
|
|
|
|
// The grid is in "no filter" state — the page heading renders, but the
|
|
// query service must NOT be hit because nothing told us to load.
|
|
cut.WaitForAssertion(() =>
|
|
{
|
|
Assert.Contains("Audit Log", cut.Markup);
|
|
});
|
|
|
|
_queryService.DidNotReceive().QueryAsync(
|
|
Arg.Any<AuditLogQueryFilter>(),
|
|
Arg.Any<AuditLogPaging?>(),
|
|
Arg.Any<CancellationToken>());
|
|
}
|
|
}
|