Add XML documentation across gateway, worker, and .NET client

2026-04-30 11:49:58 -04:00
parent 4731ab535c
commit eed1e88a37
269 changed files with 4555 additions and 13 deletions
@@ -7,8 +7,14 @@ using MxGateway.Server.Security.Authorization;

 namespace MxGateway.Tests.Gateway.Dashboard;

+/// <summary>
+/// Tests for dashboard authentication using API keys.
+/// </summary>
 public sealed class DashboardAuthenticatorTests
 {
+    /// <summary>
+    /// Verifies an admin-scoped key produces a valid cookie principal.
+    /// </summary>
    [Fact]
    public async Task AuthenticateAsync_AdminKey_ReturnsCookiePrincipal()
    {
@@ -29,6 +35,9 @@ public sealed class DashboardAuthenticatorTests
        Assert.Equal("Bearer mxgw_operator01_super-secret", verifier.LastAuthorizationHeader);
    }

+    /// <summary>
+    /// Verifies a non-admin key fails authentication without exposing the API key.
+    /// </summary>
    [Fact]
    public async Task AuthenticateAsync_NonAdminKey_ReturnsFailureWithoutRawApiKey()
    {
@@ -44,6 +53,9 @@ public sealed class DashboardAuthenticatorTests
        Assert.DoesNotContain("super-secret", result.FailureMessage, StringComparison.Ordinal);
    }

+    /// <summary>
+    /// Verifies that when admin scope is not required, any authenticated key is accepted.
+    /// </summary>
    [Fact]
    public async Task AuthenticateAsync_RequireAdminScopeFalse_AllowsAuthenticatedKey()
    {
@@ -59,6 +71,9 @@ public sealed class DashboardAuthenticatorTests
        Assert.NotNull(result.Principal);
    }

+    /// <summary>
+    /// Verifies an invalid key returns a generic failure message.
+    /// </summary>
    [Fact]
    public async Task AuthenticateAsync_InvalidKey_ReturnsGenericFailure()
    {
@@ -97,10 +112,17 @@ public sealed class DashboardAuthenticatorTests
            Scopes: new HashSet<string>(scopes, StringComparer.Ordinal)));
    }

+    /// <summary>
+    /// Test implementation that records the authorization header for verification.
+    /// </summary>
    private sealed class FakeApiKeyVerifier(ApiKeyVerificationResult result) : IApiKeyVerifier
    {
+        /// <summary>
+        /// The authorization header that was last verified.
+        /// </summary>
        public string? LastAuthorizationHeader { get; private set; }

+        /// <inheritdoc />
        public Task<ApiKeyVerificationResult> VerifyAsync(
            string? authorizationHeader,
            CancellationToken cancellationToken)