docs: backfill XML documentation across 756 files

Adds <summary>, <param>, <typeparam>, and <inheritdoc/> tags to public members surfaced by commentchecker — resolves 5,847 of 5,869 issues (99.6%) across three /fixdocs passes.
2026-05-28 08:10:17 -04:00
parent f9fc7dd2e1
commit 64e3fbe035
756 changed files with 9876 additions and 96 deletions
@@ -31,6 +31,7 @@ public sealed class AuthEndpointsIntegrationTests : IAsyncLifetime

    private static CancellationToken Ct => TestContext.Current.CancellationToken;

+    /// <summary>Initializes the test host and server.</summary>
    public async ValueTask InitializeAsync()
    {
        var dbName = $"auth-int-tests-{Guid.NewGuid():N}";
@@ -71,6 +72,7 @@ public sealed class AuthEndpointsIntegrationTests : IAsyncLifetime
        _server = _host.GetTestServer();
    }

+    /// <summary>Disposes the test host and server.</summary>
    public async ValueTask DisposeAsync()
    {
        await _host.StopAsync(TestContext.Current.CancellationToken);
@@ -79,6 +81,7 @@ public sealed class AuthEndpointsIntegrationTests : IAsyncLifetime

    private HttpClient NewClient() => _server.CreateClient();

+    /// <summary>Tests that login with valid credentials returns 204 and sets cookie.</summary>
    [Fact]
    public async Task Login_with_valid_credentials_returns_204_and_sets_cookie()
    {
@@ -90,6 +93,7 @@ public sealed class AuthEndpointsIntegrationTests : IAsyncLifetime
        response.Headers.GetValues("Set-Cookie").ShouldContain(c => c.StartsWith("OtOpcUa.Auth="));
    }

+    /// <summary>Tests that login with invalid credentials returns 401.</summary>
    [Fact]
    public async Task Login_with_invalid_credentials_returns_401()
    {
@@ -100,6 +104,7 @@ public sealed class AuthEndpointsIntegrationTests : IAsyncLifetime
        response.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
    }

+    /// <summary>Tests that login when LDAP throws returns 503.</summary>
    [Fact]
    public async Task Login_when_ldap_throws_returns_503()
    {
@@ -110,6 +115,7 @@ public sealed class AuthEndpointsIntegrationTests : IAsyncLifetime
        response.StatusCode.ShouldBe(HttpStatusCode.ServiceUnavailable);
    }

+    /// <summary>Tests that ping anonymous returns 401.</summary>
    [Fact]
    public async Task Ping_anonymous_returns_401()
    {
@@ -119,6 +125,7 @@ public sealed class AuthEndpointsIntegrationTests : IAsyncLifetime
        response.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
    }

+    /// <summary>Tests that ping after cookie login returns 200.</summary>
    [Fact]
    public async Task Ping_after_cookie_login_returns_200()
    {
@@ -133,6 +140,7 @@ public sealed class AuthEndpointsIntegrationTests : IAsyncLifetime
        response.StatusCode.ShouldBe(HttpStatusCode.OK);
    }

+    /// <summary>Tests that token after cookie login returns jwt.</summary>
    [Fact]
    public async Task Token_after_cookie_login_returns_jwt()
    {
@@ -152,6 +160,7 @@ public sealed class AuthEndpointsIntegrationTests : IAsyncLifetime
        token!.Split('.').Length.ShouldBe(3);
    }

+    /// <summary>Tests that logout clears the cookie.</summary>
    [Fact]
    public async Task Logout_clears_the_cookie()
    {
@@ -180,6 +189,11 @@ public sealed class AuthEndpointsIntegrationTests : IAsyncLifetime

    private sealed class StubLdapAuthService : ILdapAuthService
    {
+        /// <summary>Authenticates a user asynchronously using the stub service.</summary>
+        /// <param name="username">The username to authenticate.</param>
+        /// <param name="password">The password to verify.</param>
+        /// <param name="ct">The cancellation token.</param>
+        /// <returns>The authentication result.</returns>
        public Task<LdapAuthResult> AuthenticateAsync(string username, string password, CancellationToken ct = default)
        {
            if (username == "ldap-down")
@@ -20,12 +20,14 @@ public sealed class JwtTokenServiceTests
            ExpiryMinutes = expiryMinutes,
        }), NullLogger<JwtTokenService>.Instance);

+    /// <summary>Verifies that a short signing key throws InvalidOperationException.</summary>
    [Fact]
    public void Short_signing_key_throws()
    {
        Should.Throw<InvalidOperationException>(() => NewService("too-short"));
    }

+    /// <summary>Verifies that issued tokens validate and preserve claims.</summary>
    [Fact]
    public void Issue_then_validate_roundtrips_claims()
    {
@@ -40,6 +42,7 @@ public sealed class JwtTokenServiceTests
            .Select(c => c.Value).ShouldBe(new[] { "ReadOnly", "AlarmAck" }, ignoreOrder: true);
    }

+    /// <summary>Verifies that tampered tokens are rejected during validation.</summary>
    [Fact]
    public void Tampered_token_is_rejected()
    {
@@ -55,6 +58,7 @@ public sealed class JwtTokenServiceTests
        principal.ShouldBeNull();
    }

+    /// <summary>Verifies that expired tokens are rejected during validation.</summary>
    [Fact]
    public void Expired_token_is_rejected()
    {
@@ -66,6 +70,7 @@ public sealed class JwtTokenServiceTests
        principal.ShouldBeNull();
    }

+    /// <summary>Verifies that tokens signed with a different key are rejected.</summary>
    [Fact]
    public void Cross_key_token_is_rejected()
    {
@@ -6,6 +6,9 @@ namespace ZB.MOM.WW.OtOpcUa.Security.Tests;

 public sealed class LdapHelperTests
 {
+    /// <summary>Verifies that LDAP filter special characters are properly escaped.</summary>
+    /// <param name="input">The input string.</param>
+    /// <param name="expected">The expected escaped output.</param>
    [Theory]
    [InlineData("joe", "joe")]
    [InlineData("jo*e", "jo\\2ae")]
@@ -17,6 +20,9 @@ public sealed class LdapHelperTests
        LdapAuthService.EscapeLdapFilter(input).ShouldBe(expected);
    }

+    /// <summary>Verifies that the first organizational unit segment is correctly extracted from a DN.</summary>
+    /// <param name="dn">The distinguished name.</param>
+    /// <param name="expected">The expected organizational unit value.</param>
    [Theory]
    [InlineData("cn=joe,ou=Admins,dc=lmxopcua,dc=local", "Admins")]
    [InlineData("cn=alice,dc=lmxopcua,dc=local", null)]
@@ -26,6 +32,9 @@ public sealed class LdapHelperTests
        LdapAuthService.ExtractOuSegment(dn).ShouldBe(expected);
    }

+    /// <summary>Verifies that the first RDN value is correctly extracted from various DN formats.</summary>
+    /// <param name="dn">The distinguished name.</param>
+    /// <param name="expected">The expected RDN value.</param>
    [Theory]
    [InlineData("cn=Admins,dc=lmxopcua,dc=local", "Admins")]
    [InlineData("cn=Admins", "Admins")]
@@ -6,6 +6,9 @@ namespace ZB.MOM.WW.OtOpcUa.Security.Tests;

 public sealed class RoleMapperTests
 {
+    /// <summary>
+    /// Verifies that empty mapping returns no roles.
+    /// </summary>
    [Fact]
    public void Empty_mapping_returns_empty()
    {
@@ -13,6 +16,9 @@ public sealed class RoleMapperTests
            .ShouldBeEmpty();
    }

+    /// <summary>
+    /// Verifies that RoleMapper maps a group to its corresponding role.
+    /// </summary>
    [Fact]
    public void Maps_group_to_role()
    {
@@ -22,6 +28,9 @@ public sealed class RoleMapperTests
            .ShouldBe(new[] { "FleetAdmin" });
    }

+    /// <summary>
+    /// Verifies that group matching is case-insensitive.
+    /// </summary>
    [Fact]
    public void Case_insensitive_group_match()
    {
@@ -34,6 +43,9 @@ public sealed class RoleMapperTests
            .ShouldBe(new[] { "FleetAdmin" });
    }

+    /// <summary>
+    /// Verifies that multiple groups are deduplicated to unique roles.
+    /// </summary>
    [Fact]
    public void Multiple_groups_dedup_roles()
    {