using Microsoft.Extensions.Logging.Abstractions; using Microsoft.Extensions.Options; using MxGateway.Server.Configuration; using MxGateway.Server.Dashboard; namespace MxGateway.Tests.Gateway.Dashboard; public sealed class DashboardAuthenticatorTests { [Fact] public void EscapeLdapFilter_EscapesSpecialCharacters() { string escaped = DashboardAuthenticator.EscapeLdapFilter("a\\b*c(d)e\0f"); Assert.Equal("a\\5cb\\2ac\\28d\\29e\\00f", escaped); } [Theory] [InlineData("GwAdmin", true)] [InlineData("gwadmin", true)] [InlineData("ou=GwAdmin,ou=groups,dc=lmxopcua,dc=local", true)] [InlineData("OtherGroup", false)] public void IsMemberOfRequiredGroup_MatchesShortNameAndDistinguishedName( string requiredGroup, bool expected) { string[] groups = [ "ou=ReadOnly,ou=groups,dc=lmxopcua,dc=local", "ou=GwAdmin,ou=groups,dc=lmxopcua,dc=local" ]; bool result = DashboardAuthenticator.IsMemberOfRequiredGroup(groups, requiredGroup); Assert.Equal(expected, result); } [Fact] public void ExtractFirstRdnValue_ReturnsLeadingRdnValue() { string result = DashboardAuthenticator.ExtractFirstRdnValue( "CN=Gateway Admins,OU=Groups,DC=example,DC=com"); Assert.Equal("Gateway Admins", result); } [Fact] public async Task AuthenticateAsync_LdapDisabled_ReturnsFailureWithoutRawCredentials() { DashboardAuthenticator authenticator = CreateAuthenticator(new GatewayOptions { Ldap = new LdapOptions { Enabled = false, }, }); DashboardAuthenticationResult result = await authenticator.AuthenticateAsync( "admin", "admin123", CancellationToken.None); Assert.False(result.Succeeded); Assert.Null(result.Principal); Assert.DoesNotContain("admin123", result.FailureMessage, StringComparison.Ordinal); } private static DashboardAuthenticator CreateAuthenticator(GatewayOptions options) { return new DashboardAuthenticator( Options.Create(options), NullLogger.Instance); } }