dohertj2/mxaccessgw
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(dashboard): Blazor LoginCard page reusing the hardened /login endpoint

Browse Source
This commit is contained in:
Joseph Doherty
2026-06-03 03:56:51 -04:00
parent 70d959bd9b
commit 73e54e252d
4 changed files with 63 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/ZB.MOM.WW.MxGateway.Tests/Gateway/GatewayApplicationTests.cs
+18 -2
View File
@@ -86,8 +86,14 @@ public sealed class GatewayApplicationTests
Assert.Contains(endpoints, endpoint => endpoint.RoutePattern.RawText == "/workers");
Assert.Contains(endpoints, endpoint => endpoint.RoutePattern.RawText == "/events");
Assert.Contains(endpoints, endpoint => endpoint.RoutePattern.RawText == "/settings");
// GET /login is now served by the [AllowAnonymous] Blazor <Login> component
// (Components/Pages/Login.razor → @page "/login"), not a named minimal-API
// endpoint. The form still POSTs to the minimal-API DashboardLoginPost endpoint.
Assert.Contains(endpoints, endpoint => endpoint.RoutePattern.RawText == "/login"
&& endpoint.Metadata.GetMetadata<Microsoft.AspNetCore.Components.Endpoints.ComponentTypeMetadata>() is not null);
Assert.Contains(endpoints, endpoint =>
endpoint.Metadata.GetMetadata<IEndpointNameMetadata>()?.EndpointName == "DashboardLogin");
endpoint.Metadata.GetMetadata<IEndpointNameMetadata>()?.EndpointName == "DashboardLoginPost");
Assert.Contains(endpoints, endpoint =>
endpoint.Metadata.GetMetadata<IEndpointNameMetadata>()?.EndpointName == "DashboardLogout");
}
@@ -100,7 +106,7 @@ public sealed class GatewayApplicationTests
IReadOnlyList<RouteEndpoint> endpoints = GetRouteEndpoints(app);
string[] anonymousEndpointNames =
["DashboardLogin", "DashboardLoginPost", "DashboardLogout", "DashboardLogoutGet", "DashboardAccessDenied"];
["DashboardLoginPost", "DashboardLogout", "DashboardLogoutGet", "DashboardAccessDenied"];
foreach (string endpointName in anonymousEndpointNames)
{
RouteEndpoint endpoint = Assert.Single(
@@ -109,6 +115,16 @@ public sealed class GatewayApplicationTests
Assert.NotNull(endpoint.Metadata.GetMetadata<IAllowAnonymous>());
}
// GET /login is the [AllowAnonymous] Blazor <Login> component route. Its
// [AllowAnonymous] attribute overrides the RequireAuthorization(ViewerPolicy)
// that MapRazorComponents<App>() applies, so the LoginPath="/login" redirect
// resolves for unauthenticated users instead of looping the cookie challenge.
RouteEndpoint loginComponent = Assert.Single(
endpoints,
candidate => candidate.RoutePattern.RawText == "/login"
&& candidate.Metadata.GetMetadata<Microsoft.AspNetCore.Components.Endpoints.ComponentTypeMetadata>() is not null);
Assert.NotNull(loginComponent.Metadata.GetMetadata<IAllowAnonymous>());
}
/// <summary>Verifies that dashboard Razor component routes require the dashboard viewer policy.</summary>