From 9e479ce675ab20a11743b739c48c4882fa4c0207 Mon Sep 17 00:00:00 2001 From: Joseph Doherty Date: Fri, 29 May 2026 08:01:26 -0400 Subject: [PATCH] test(security): fix Logout_clears_the_cookie MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Two pre-existing test bugs surfaced by the auth-alignment branch: - Test wanted the 204/JSON contract but never sent Accept: application/json — endpoint correctly returned 302 (form POST). - Cookie-name assertion still used OtOpcUa.Auth= (now ZB.MOM.WW.OtOpcUa.Auth= since the Task 1 default change). Endpoint behavior is intentional and untouched. --- .../AuthEndpointsIntegrationTests.cs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/Server/ZB.MOM.WW.OtOpcUa.Security.Tests/AuthEndpointsIntegrationTests.cs b/tests/Server/ZB.MOM.WW.OtOpcUa.Security.Tests/AuthEndpointsIntegrationTests.cs index d3312771..59d893de 100644 --- a/tests/Server/ZB.MOM.WW.OtOpcUa.Security.Tests/AuthEndpointsIntegrationTests.cs +++ b/tests/Server/ZB.MOM.WW.OtOpcUa.Security.Tests/AuthEndpointsIntegrationTests.cs @@ -184,12 +184,13 @@ public sealed class AuthEndpointsIntegrationTests : IAsyncLifetime loginResponse.EnsureSuccessStatusCode(); var logoutReq = new HttpRequestMessage(HttpMethod.Post, "/auth/logout"); + logoutReq.Headers.Accept.ParseAdd("application/json"); AttachCookies(logoutReq, loginResponse); var response = await client.SendAsync(logoutReq, Ct); response.StatusCode.ShouldBe(HttpStatusCode.NoContent); response.Headers.GetValues("Set-Cookie") - .ShouldContain(c => c.StartsWith("OtOpcUa.Auth=") && c.Contains("expires=", StringComparison.OrdinalIgnoreCase)); + .ShouldContain(c => c.StartsWith("ZB.MOM.WW.OtOpcUa.Auth=") && c.Contains("expires=", StringComparison.OrdinalIgnoreCase)); } /// Anonymous browser GET of a protected route redirects to /login with a ReturnUrl.