fix(central-ui): resolve CentralUI-002/003/004 — site-scope enforcement, per-circuit console capture, cached auth state

2026-05-16 19:33:09 -04:00
parent 5a08b04535
commit 87f14c190a
17 changed files with 693 additions and 40 deletions
--- a/tests/ScadaLink.CentralUI.Tests/Auth/CookieAuthenticationStateProviderTests.cs
+++ b/tests/ScadaLink.CentralUI.Tests/Auth/CookieAuthenticationStateProviderTests.cs
@@ -0,0 +1,79 @@
+using System.Security.Claims;
+using Microsoft.AspNetCore.Http;
+using ScadaLink.CentralUI.Auth;
+
+namespace ScadaLink.CentralUI.Tests.Auth;
+
+/// <summary>
+/// Regression tests for CentralUI-004. The provider used to read
+/// <see cref="IHttpContextAccessor.HttpContext"/> on every call; once the Blazor
+/// circuit is established that context is gone, so later re-evaluations saw an
+/// unauthenticated principal. The provider must snapshot the principal once at
+/// construction (during the initial HTTP request) and serve it for the circuit.
+/// </summary>
+public class CookieAuthenticationStateProviderTests
+{
+    private static ClaimsPrincipal AuthenticatedUser(string name)
+    {
+        var identity = new ClaimsIdentity(
+            new[] { new Claim(ClaimTypes.Name, name) },
+            authenticationType: "TestCookie");
+        return new ClaimsPrincipal(identity);
+    }
+
+    [Fact]
+    public async Task GetAuthenticationStateAsync_ReturnsAuthenticatedUser_WhenHttpContextPresent()
+    {
+        var accessor = new HttpContextAccessor
+        {
+            HttpContext = new DefaultHttpContext { User = AuthenticatedUser("alice") }
+        };
+
+        var provider = new CookieAuthenticationStateProvider(accessor);
+        var state = await provider.GetAuthenticationStateAsync();
+
+        Assert.True(state.User.Identity?.IsAuthenticated);
+        Assert.Equal("alice", state.User.Identity?.Name);
+    }
+
+    [Fact]
+    public async Task GetAuthenticationStateAsync_StillReturnsUser_AfterHttpContextIsGone()
+    {
+        // The circuit is built during the HTTP request: HttpContext is valid then.
+        var accessor = new HttpContextAccessor
+        {
+            HttpContext = new DefaultHttpContext { User = AuthenticatedUser("bob") }
+        };
+        var provider = new CookieAuthenticationStateProvider(accessor);
+
+        // After the request completes, IHttpContextAccessor.HttpContext is null for
+        // the life of the long-lived SignalR circuit.
+        accessor.HttpContext = null;
+
+        var state = await provider.GetAuthenticationStateAsync();
+
+        // The pre-fix implementation returned an anonymous principal here.
+        Assert.True(state.User.Identity?.IsAuthenticated);
+        Assert.Equal("bob", state.User.Identity?.Name);
+    }
+
+    [Fact]
+    public async Task GetAuthenticationStateAsync_IsStableAcrossCalls_IgnoringStaleForeignContext()
+    {
+        var accessor = new HttpContextAccessor
+        {
+            HttpContext = new DefaultHttpContext { User = AuthenticatedUser("carol") }
+        };
+        var provider = new CookieAuthenticationStateProvider(accessor);
+
+        // A stale/foreign context leaking through the AsyncLocal accessor must NOT
+        // change what this circuit's provider reports.
+        accessor.HttpContext = new DefaultHttpContext { User = AuthenticatedUser("intruder") };
+
+        var first = await provider.GetAuthenticationStateAsync();
+        var second = await provider.GetAuthenticationStateAsync();
+
+        Assert.Equal("carol", first.User.Identity?.Name);
+        Assert.Equal("carol", second.User.Identity?.Name);
+    }
+}
--- a/tests/ScadaLink.CentralUI.Tests/Auth/SiteScopeServiceTests.cs
+++ b/tests/ScadaLink.CentralUI.Tests/Auth/SiteScopeServiceTests.cs
@@ -0,0 +1,93 @@
+using System.Security.Claims;
+using Microsoft.AspNetCore.Components.Authorization;
+using ScadaLink.CentralUI.Auth;
+using ScadaLink.Commons.Entities.Sites;
+using ScadaLink.Security;
+
+namespace ScadaLink.CentralUI.Tests.Auth;
+
+/// <summary>
+/// Regression tests for CentralUI-002. Site-scoped Deployment permissions are
+/// written as <c>SiteId</c> claims at login but were never read — Deployment
+/// pages listed and acted on every site. <see cref="SiteScopeService"/> is the
+/// shared helper that reads those claims; these tests pin its behaviour.
+/// </summary>
+public class SiteScopeServiceTests
+{
+    private sealed class StubAuthStateProvider : AuthenticationStateProvider
+    {
+        private readonly ClaimsPrincipal _user;
+        public StubAuthStateProvider(ClaimsPrincipal user) => _user = user;
+        public override Task<AuthenticationState> GetAuthenticationStateAsync()
+            => Task.FromResult(new AuthenticationState(_user));
+    }
+
+    private static SiteScopeService ForUser(params Claim[] claims)
+    {
+        var identity = new ClaimsIdentity(claims, authenticationType: "TestCookie");
+        return new SiteScopeService(new StubAuthStateProvider(new ClaimsPrincipal(identity)));
+    }
+
+    private static Claim Role(string role) => new(JwtTokenService.RoleClaimType, role);
+    private static Claim SiteClaim(int id) => new(JwtTokenService.SiteIdClaimType, id.ToString());
+
+    private static List<Site> Sites(params int[] ids)
+        => ids.Select(id => new Site($"Site{id}", $"SITE-{id}") { Id = id }).ToList();
+
+    [Fact]
+    public async Task DeploymentUserWithNoSiteClaims_IsSystemWide()
+    {
+        var svc = ForUser(Role("Deployment"));
+
+        Assert.True(await svc.IsSystemWideAsync());
+        Assert.Empty(await svc.PermittedSiteIdsAsync());
+    }
+
+    [Fact]
+    public async Task SystemWideUser_FilterSites_ReturnsAllSites()
+    {
+        var svc = ForUser(Role("Deployment"));
+
+        var filtered = await svc.FilterSitesAsync(Sites(1, 2, 3));
+
+        Assert.Equal(new[] { 1, 2, 3 }, filtered.Select(s => s.Id));
+    }
+
+    [Fact]
+    public async Task ScopedUser_FilterSites_ReturnsOnlyPermittedSites()
+    {
+        // Regression: a Deployment user scoped to sites 1 and 3 must NOT see site 2.
+        var svc = ForUser(Role("Deployment"), SiteClaim(1), SiteClaim(3));
+
+        var filtered = await svc.FilterSitesAsync(Sites(1, 2, 3, 4));
+
+        Assert.Equal(new[] { 1, 3 }, filtered.Select(s => s.Id).OrderBy(x => x));
+    }
+
+    [Fact]
+    public async Task ScopedUser_IsSiteAllowed_OnlyForGrantedSites()
+    {
+        var svc = ForUser(Role("Deployment"), SiteClaim(5));
+
+        Assert.True(await svc.IsSiteAllowedAsync(5));
+        Assert.False(await svc.IsSiteAllowedAsync(6));
+    }
+
+    [Fact]
+    public async Task ScopedUser_IsNotSystemWide_AndReportsItsPermittedIds()
+    {
+        var svc = ForUser(Role("Deployment"), SiteClaim(7), SiteClaim(9));
+
+        Assert.False(await svc.IsSystemWideAsync());
+        Assert.Equal(new[] { 7, 9 }, (await svc.PermittedSiteIdsAsync()).OrderBy(x => x));
+    }
+
+    [Fact]
+    public async Task SystemWideUser_IsSiteAllowed_ForAnySite()
+    {
+        var svc = ForUser(Role("Deployment"));
+
+        Assert.True(await svc.IsSiteAllowedAsync(1));
+        Assert.True(await svc.IsSiteAllowedAsync(999));
+    }
+}