refactor: extract NATS.Server.Auth.Tests project

Move 50 auth/accounts/permissions/JWT/NKey test files from NATS.Server.Tests into a dedicated NATS.Server.Auth.Tests project. Update namespaces, replace private GetFreePort/ReadUntilAsync helpers with TestUtilities calls, replace Task.Delay with TaskCompletionSource in test doubles, and add InternalsVisibleTo. 690 tests pass.
2026-03-12 15:54:07 -04:00
parent 0c086522a4
commit 36b9dfa654
53 changed files with 138 additions and 185 deletions
--- a/tests/NATS.Server.Auth.Tests/AuthServiceTests.cs
+++ b/tests/NATS.Server.Auth.Tests/AuthServiceTests.cs
@@ -0,0 +1,172 @@
+using NATS.Server.Auth;
+using NATS.Server.Protocol;
+
+namespace NATS.Server.Auth.Tests;
+
+public class AuthServiceTests
+{
+    [Fact]
+    public void IsAuthRequired_false_when_no_auth_configured()
+    {
+        var service = AuthService.Build(new NatsOptions());
+        service.IsAuthRequired.ShouldBeFalse();
+    }
+
+    [Fact]
+    public void IsAuthRequired_true_when_token_configured()
+    {
+        var service = AuthService.Build(new NatsOptions { Authorization = "mytoken" });
+        service.IsAuthRequired.ShouldBeTrue();
+    }
+
+    [Fact]
+    public void IsAuthRequired_true_when_username_configured()
+    {
+        var service = AuthService.Build(new NatsOptions { Username = "admin", Password = "pass" });
+        service.IsAuthRequired.ShouldBeTrue();
+    }
+
+    [Fact]
+    public void IsAuthRequired_true_when_users_configured()
+    {
+        var opts = new NatsOptions
+        {
+            Users = [new User { Username = "alice", Password = "secret" }],
+        };
+        var service = AuthService.Build(opts);
+        service.IsAuthRequired.ShouldBeTrue();
+    }
+
+    [Fact]
+    public void IsAuthRequired_true_when_nkeys_configured()
+    {
+        var opts = new NatsOptions
+        {
+            NKeys = [new NKeyUser { Nkey = "UABC" }],
+        };
+        var service = AuthService.Build(opts);
+        service.IsAuthRequired.ShouldBeTrue();
+    }
+
+    [Fact]
+    public void Authenticate_succeeds_when_no_auth_required()
+    {
+        var service = AuthService.Build(new NatsOptions());
+        var ctx = new ClientAuthContext
+        {
+            Opts = new ClientOptions { Token = "anything" },
+            Nonce = [],
+        };
+
+        var result = service.Authenticate(ctx);
+        result.ShouldNotBeNull();
+    }
+
+    [Fact]
+    public void Authenticate_token_success()
+    {
+        var service = AuthService.Build(new NatsOptions { Authorization = "mytoken" });
+        var ctx = new ClientAuthContext
+        {
+            Opts = new ClientOptions { Token = "mytoken" },
+            Nonce = [],
+        };
+
+        var result = service.Authenticate(ctx);
+        result.ShouldNotBeNull();
+        result.Identity.ShouldBe("token");
+    }
+
+    [Fact]
+    public void Authenticate_token_failure()
+    {
+        var service = AuthService.Build(new NatsOptions { Authorization = "mytoken" });
+        var ctx = new ClientAuthContext
+        {
+            Opts = new ClientOptions { Token = "wrong" },
+            Nonce = [],
+        };
+
+        service.Authenticate(ctx).ShouldBeNull();
+    }
+
+    [Fact]
+    public void Authenticate_simple_user_password_success()
+    {
+        var service = AuthService.Build(new NatsOptions { Username = "admin", Password = "pass" });
+        var ctx = new ClientAuthContext
+        {
+            Opts = new ClientOptions { Username = "admin", Password = "pass" },
+            Nonce = [],
+        };
+
+        var result = service.Authenticate(ctx);
+        result.ShouldNotBeNull();
+        result.Identity.ShouldBe("admin");
+    }
+
+    [Fact]
+    public void Authenticate_multi_user_success()
+    {
+        var opts = new NatsOptions
+        {
+            Users = [
+                new User { Username = "alice", Password = "secret1" },
+                new User { Username = "bob", Password = "secret2" },
+            ],
+        };
+        var service = AuthService.Build(opts);
+        var ctx = new ClientAuthContext
+        {
+            Opts = new ClientOptions { Username = "bob", Password = "secret2" },
+            Nonce = [],
+        };
+
+        var result = service.Authenticate(ctx);
+        result.ShouldNotBeNull();
+        result.Identity.ShouldBe("bob");
+    }
+
+    [Fact]
+    public void NoAuthUser_fallback_when_no_creds()
+    {
+        var opts = new NatsOptions
+        {
+            Users = [
+                new User { Username = "default", Password = "unused" },
+            ],
+            NoAuthUser = "default",
+        };
+        var service = AuthService.Build(opts);
+        var ctx = new ClientAuthContext
+        {
+            Opts = new ClientOptions(),
+            Nonce = [],
+        };
+
+        var result = service.Authenticate(ctx);
+        result.ShouldNotBeNull();
+        result.Identity.ShouldBe("default");
+    }
+
+    [Fact]
+    public void NKeys_tried_before_users()
+    {
+        var opts = new NatsOptions
+        {
+            NKeys = [new NKeyUser { Nkey = "UABC" }],
+            Users = [new User { Username = "alice", Password = "secret" }],
+        };
+        var service = AuthService.Build(opts);
+
+        var ctx = new ClientAuthContext
+        {
+            Opts = new ClientOptions { Username = "alice", Password = "secret" },
+            Nonce = [],
+        };
+
+        var result = service.Authenticate(ctx);
+        result.ShouldNotBeNull();
+        result.Identity.ShouldBe("alice");
+    }
+}