natsdotnet/tests/NATS.Server.Tests/Auth/AuthServiceParityBatch4Tests.cs

using NATS.NKeys;
using NATS.Server.Auth;
using NATS.Server.Protocol;

namespace NATS.Server.Tests.Auth;

public class AuthServiceParityBatch4Tests
{
    [Fact]
    public void Build_assigns_global_account_to_orphan_users()
    {
        var service = AuthService.Build(new NatsOptions
        {
            Users = [new User { Username = "alice", Password = "secret" }],
        });

        var result = service.Authenticate(new ClientAuthContext
        {
            Opts = new ClientOptions { Username = "alice", Password = "secret" },
            Nonce = [],
        });

        result.ShouldNotBeNull();
        result.AccountName.ShouldBe(Account.GlobalAccountName);
    }

    [Fact]
    public void Build_assigns_global_account_to_orphan_nkeys()
    {
        using var kp = KeyPair.CreatePair(PrefixByte.User);
        var pub = kp.GetPublicKey();
        var nonce = "test-nonce"u8.ToArray();
        var sig = new byte[64];
        kp.Sign(nonce, sig);

        var service = AuthService.Build(new NatsOptions
        {
            NKeys = [new NKeyUser { Nkey = pub }],
        });

        var result = service.Authenticate(new ClientAuthContext
        {
            Opts = new ClientOptions
            {
                Nkey = pub,
                Sig = Convert.ToBase64String(sig),
            },
            Nonce = nonce,
        });

        result.ShouldNotBeNull();
        result.AccountName.ShouldBe(Account.GlobalAccountName);
    }

    [Fact]
    public void Build_validates_response_permissions_defaults_and_publish_allow()
    {
        var service = AuthService.Build(new NatsOptions
        {
            Users =
            [
                new User
                {
                    Username = "alice",
                    Password = "secret",
                    Permissions = new Permissions
                    {
                        Response = new ResponsePermission { MaxMsgs = 0, Expires = TimeSpan.Zero },
                    },
                },
            ],
        });

        var result = service.Authenticate(new ClientAuthContext
        {
            Opts = new ClientOptions { Username = "alice", Password = "secret" },
            Nonce = [],
        });

        result.ShouldNotBeNull();
        result.Permissions.ShouldNotBeNull();
        result.Permissions.Response.ShouldNotBeNull();
        result.Permissions.Response.MaxMsgs.ShouldBe(NatsProtocol.DefaultAllowResponseMaxMsgs);
        result.Permissions.Response.Expires.ShouldBe(NatsProtocol.DefaultAllowResponseExpiration);
        result.Permissions.Publish.ShouldNotBeNull();
        result.Permissions.Publish.Allow.ShouldNotBeNull();
        result.Permissions.Publish.Allow.Count.ShouldBe(0);
    }
}