fix(notification-service): resolve NotificationService-010,011,012 — disconnect SMTP on failure, relocate exception type, OAuth2/token-cache test coverage

2026-05-16 22:24:03 -04:00
parent dab0056d1b
commit a9bd017c88
5 changed files with 328 additions and 18 deletions
--- a/tests/ScadaLink.NotificationService.Tests/NotificationDeliveryServiceTests.cs
+++ b/tests/ScadaLink.NotificationService.Tests/NotificationDeliveryServiceTests.cs
@@ -1,3 +1,4 @@
+using System.Text.Json;
 using MailKit;
 using MailKit.Net.Smtp;
 using Microsoft.Extensions.Logging.Abstractions;
@@ -407,6 +408,78 @@ public class NotificationDeliveryServiceTests
            storage, new StoreAndForwardOptions(), NullLogger<StoreAndForwardService>.Instance);
    }

+    // ── NotificationService-010: SMTP client is disconnected on the failure path ──
+
+    /// <summary>
+    /// An SMTP wrapper that records whether <see cref="DisconnectAsync"/> ran and
+    /// can be told to fail at a chosen stage of the delivery sequence.
+    /// </summary>
+    private sealed class DisconnectTrackingClient : ISmtpClientWrapper, IDisposable
+    {
+        private readonly Func<Exception>? _failOnSend;
+        private readonly Func<Exception>? _failOnAuthenticate;
+
+        public DisconnectTrackingClient(
+            Func<Exception>? failOnSend = null, Func<Exception>? failOnAuthenticate = null)
+        {
+            _failOnSend = failOnSend;
+            _failOnAuthenticate = failOnAuthenticate;
+        }
+
+        public bool Disconnected { get; private set; }
+        public bool Disposed { get; private set; }
+
+        public Task ConnectAsync(string host, int port, SmtpTlsMode tlsMode, int connectionTimeoutSeconds, CancellationToken cancellationToken = default)
+            => Task.CompletedTask;
+
+        public Task AuthenticateAsync(string authType, string? credentials, CancellationToken cancellationToken = default)
+            => _failOnAuthenticate != null ? Task.FromException(_failOnAuthenticate()) : Task.CompletedTask;
+
+        public Task SendAsync(string from, IEnumerable<string> bccRecipients, string subject, string body, CancellationToken cancellationToken = default)
+            => _failOnSend != null ? Task.FromException(_failOnSend()) : Task.CompletedTask;
+
+        public Task DisconnectAsync(CancellationToken cancellationToken = default)
+        {
+            Disconnected = true;
+            return Task.CompletedTask;
+        }
+
+        public void Dispose() => Disposed = true;
+    }
+
+    [Fact]
+    public async Task Send_TransientFailureDuringSend_StillDisconnectsClient()
+    {
+        // NS-010: DisconnectAsync used to run only on the success path inside the
+        // try block. A failure in SendAsync left the authenticated connection open
+        // (the SMTP QUIT was never issued), leaking server connection slots under
+        // sustained transient failures.
+        SetupHappyPath();
+        var tracking = new DisconnectTrackingClient(
+            failOnSend: () => new SmtpProtocolException("protocol error"));
+        var service = new NotificationDeliveryService(
+            _repository, () => tracking, NullLogger<NotificationDeliveryService>.Instance);
+
+        await service.SendAsync("ops-team", "Alert", "Body");
+
+        Assert.True(tracking.Disconnected, "DeliverAsync must disconnect the SMTP client even when the send fails");
+    }
+
+    [Fact]
+    public async Task Send_FailureDuringAuthenticate_StillDisconnectsClient()
+    {
+        // NS-010: an AuthenticateAsync failure must also tear the connection down.
+        SetupHappyPath();
+        var tracking = new DisconnectTrackingClient(
+            failOnAuthenticate: () => new SmtpProtocolException("auth handshake failed"));
+        var service = new NotificationDeliveryService(
+            _repository, () => tracking, NullLogger<NotificationDeliveryService>.Instance);
+
+        await service.SendAsync("ops-team", "Alert", "Body");
+
+        Assert.True(tracking.Disconnected, "DeliverAsync must disconnect the SMTP client even when authentication fails");
+    }
+
    // ── NotificationService-005: explicit TLS mode passed through to the wrapper ──

    /// <summary>An SMTP wrapper that records the TLS mode and timeout it was connected with.</summary>
@@ -642,4 +715,77 @@ public class NotificationDeliveryServiceTests
        Assert.False(result.Success);
        Assert.Contains("address", result.ErrorMessage, StringComparison.OrdinalIgnoreCase);
    }
+
+    // ── NotificationService-012: OAuth2 delivery path coverage ──
+
+    /// <summary>An SMTP wrapper that records the auth type and credentials it received.</summary>
+    private sealed class RecordingAuthClient : ISmtpClientWrapper
+    {
+        public string? AuthType { get; private set; }
+        public string? Credentials { get; private set; }
+        public Task ConnectAsync(string host, int port, SmtpTlsMode tlsMode, int connectionTimeoutSeconds, CancellationToken cancellationToken = default)
+            => Task.CompletedTask;
+        public Task AuthenticateAsync(string authType, string? credentials, CancellationToken cancellationToken = default)
+        {
+            AuthType = authType;
+            Credentials = credentials;
+            return Task.CompletedTask;
+        }
+        public Task SendAsync(string from, IEnumerable<string> bccRecipients, string subject, string body, CancellationToken cancellationToken = default)
+            => Task.CompletedTask;
+        public Task DisconnectAsync(CancellationToken cancellationToken = default) => Task.CompletedTask;
+    }
+
+    private static OAuth2TokenService CreateTokenService(string accessToken, int expiresIn = 3600)
+    {
+        var json = JsonSerializer.Serialize(new
+        {
+            access_token = accessToken,
+            expires_in = expiresIn,
+            token_type = "Bearer"
+        });
+        var factory = Substitute.For<IHttpClientFactory>();
+        factory.CreateClient(Arg.Any<string>())
+            .Returns(_ => new HttpClient(new StubHttpHandler(json)));
+        return new OAuth2TokenService(factory, NullLogger<OAuth2TokenService>.Instance);
+    }
+
+    private sealed class StubHttpHandler : HttpMessageHandler
+    {
+        private readonly string _json;
+        public StubHttpHandler(string json) => _json = json;
+        protected override Task<HttpResponseMessage> SendAsync(
+            HttpRequestMessage request, CancellationToken cancellationToken)
+            => Task.FromResult(new HttpResponseMessage(System.Net.HttpStatusCode.OK)
+            {
+                Content = new StringContent(_json)
+            });
+    }
+
+    [Fact]
+    public async Task Send_OAuth2Config_AuthenticatesWithResolvedAccessToken()
+    {
+        // NS-012: the OAuth2 delivery branch in DeliverAsync (token resolution during
+        // a send) was never exercised — every other test uses Basic Auth and a null
+        // token service. The credentials reaching the SMTP client must be the access
+        // token from OAuth2TokenService, not the raw tenant:client:secret triple.
+        var cfg = new SmtpConfiguration("smtp.office365.com", "oauth2", "noreply@example.com")
+        {
+            Id = 1, Port = 587, Credentials = "tenant1:client1:secret1", TlsMode = "starttls"
+        };
+        SetupHappyPathWithSmtp(cfg);
+
+        var recording = new RecordingAuthClient();
+        var service = new NotificationDeliveryService(
+            _repository,
+            () => recording,
+            NullLogger<NotificationDeliveryService>.Instance,
+            tokenService: CreateTokenService("oauth2-access-token-xyz"));
+
+        var result = await service.SendAsync("ops-team", "Alert", "Body");
+
+        Assert.True(result.Success);
+        Assert.Equal("oauth2", recording.AuthType);
+        Assert.Equal("oauth2-access-token-xyz", recording.Credentials);
+    }
 }