dohertj2/scadalink-design
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
d40ee85e14ceaad7de0cf7e6f19ced5bebacc290
scadalink-design/tests/ScadaLink.CentralUI.Tests/Pages/AuditLogPageScaffoldTests.cs
Joseph Doherty 6dea84cd28 feat(security): OperationalAudit + AuditExport permissions for Audit Log surface (#23 M7) 
Bundle G (#23 M7-T15): replace the temporary Admin-only gate on the Audit
Log surface with two new permission policies — OperationalAudit (read) and
AuditExport (bulk-export) — so the read path and the forensic-export path
can be delegated independently.

ScadaLink.Security
- AuthorizationPolicies: add OperationalAudit + AuditExport policy
  constants; register them via RequireClaim with an explicit role allow-list
  (OperationalAuditRoles, AuditExportRoles) so the role-to-permission
  mapping is documented in one place.
- Default mapping: Admin and Audit roles grant both policies; AuditReadOnly
  grants OperationalAudit only (read access without bulk export); Design
  and Deployment grant neither.

ScadaLink.CentralUI
- AuditLogPage: switch the page-level [Authorize] to the OperationalAudit
  policy and wrap the Export-CSV button in an AuthorizeView gated on
  AuditExport so an OperationalAudit-only operator still sees the page +
  filters but cannot trigger the CSV pull.
- ConfigurationAuditLog: switch from RequireAdmin to OperationalAudit so
  both pages under the Audit nav group share the same gate.
- NavMenu: the Audit nav group now gates on OperationalAudit so the
  section header + both child links match the per-page policies.
- AuditExportEndpoints: switch RequireAuthorization from RequireAdmin to
  AuditExport — this is the authoritative gate; the AuthorizeView on the
  button is just a UX affordance.

Tests
- New AuditLogPagePermissionTests covers the 5 brief-mandated cases plus
  defence-in-depth for Admin-alone and AuditReadOnly users on the endpoint.
- SecurityTests: add policy-level coverage for the new role→permission
  matrix (Theory rows pin every role/policy combination).
- AuditExportEndpointsTests: switch to AddScadaLinkAuthorization() so the
  test host exercises the real production wiring under the new gate.
- AuditLogPageScaffoldTests: wrap the page render in a
  CascadingAuthenticationState so the new in-page AuthorizeView resolves
  the principal.
2026-05-20 21:09:42 -04:00

264 lines
11 KiB
C#
Raw Blame History

using System.Security.Claims;
using Bunit;
using Bunit.TestDoubles;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Components;
using Microsoft.AspNetCore.Components.Authorization;
using Microsoft.Extensions.DependencyInjection;
using NSubstitute;
using ScadaLink.CentralUI.Services;
using ScadaLink.Commons.Entities.Audit;
using ScadaLink.Commons.Types.Audit;
using ScadaLink.Commons.Types.Enums;
using ScadaLink.Security;
using AuditLogPage = ScadaLink.CentralUI.Components.Pages.Audit.AuditLogPage;
using NavMenu = ScadaLink.CentralUI.Components.Layout.NavMenu;
namespace ScadaLink.CentralUI.Tests.Pages;
/// <summary>
/// Scaffold tests for the new Audit Log page (#23 M7-T1) and the Audit
/// nav group that hosts both it and the renamed Configuration Audit Log
/// (#23 M7 Bundle A).
///
/// These are render-only smoke tests — the filter bar and results grid
/// are intentional placeholders that Bundle B fills in. The tests pin
/// the page route, page heading, nav group label, and the two child
/// links so later bundles cannot regress the scaffolding.
/// </summary>
public class AuditLogPageScaffoldTests : BunitContext
{
private static ClaimsPrincipal BuildPrincipal(params string[] roles)
{
var claims = new List<Claim> { new("Username", "tester") };
claims.AddRange(roles.Select(r => new Claim(JwtTokenService.RoleClaimType, r)));
return new ClaimsPrincipal(new ClaimsIdentity(claims, "TestAuth"));
}
private IRenderedComponent<AuditLogPage> RenderAuditLogPage(params string[] roles)
{
return RenderAuditLogPageWithQuery(query: null, roles: roles);
}
private IAuditLogQueryService _queryService = Substitute.For<IAuditLogQueryService>();
private IRenderedComponent<AuditLogPage> RenderAuditLogPageWithQuery(string? query, params string[] roles)
{
var user = BuildPrincipal(roles);
Services.AddSingleton<AuthenticationStateProvider>(new TestAuthStateProvider(user));
Services.AddAuthorizationCore();
AuthorizationPolicies.AddScadaLinkAuthorization(Services);
Services.AddSingleton<IAuthorizationService, DefaultAuthorizationService>();
// The page now hosts AuditFilterBar + AuditResultsGrid which depend on
// ISiteRepository and IAuditLogQueryService respectively (Bundle B).
// Provide stand-ins so the scaffold smoke tests still render the page.
Services.AddSingleton(Substitute.For<ScadaLink.Commons.Interfaces.Repositories.ISiteRepository>());
Services.AddSingleton(_queryService);
if (!string.IsNullOrEmpty(query))
{
var nav = (BunitNavigationManager)Services.GetRequiredService<NavigationManager>();
nav.NavigateTo($"/audit/log?{query}");
}
// Bundle G (#23 M7-T15): the page now hosts an in-component
// AuthorizeView around the Export-CSV button, so the page MUST
// render inside a CascadingAuthenticationState. The router supplies
// this in production; bUnit hosts the page directly so we wrap it
// here.
var host = Render<CascadingAuthenticationState>(parameters => parameters
.Add(p => p.ChildContent, (RenderFragment)(builder =>
{
builder.OpenComponent<AuditLogPage>(0);
builder.CloseComponent();
})));
return host.FindComponent<AuditLogPage>();
}
private IRenderedComponent<NavMenu> RenderNavMenu(params string[] roles)
{
var user = BuildPrincipal(roles);
Services.AddSingleton<AuthenticationStateProvider>(new TestAuthStateProvider(user));
Services.AddAuthorizationCore();
AuthorizationPolicies.AddScadaLinkAuthorization(Services);
Services.AddSingleton<IAuthorizationService, DefaultAuthorizationService>();
var host = Render<CascadingAuthenticationState>(parameters => parameters
.Add(p => p.ChildContent, (RenderFragment)(builder =>
{
builder.OpenComponent<NavMenu>(0);
builder.CloseComponent();
})));
return host.FindComponent<NavMenu>();
}
[Fact]
public void AuditLogPage_Renders_PageHeading()
{
var cut = RenderAuditLogPage("Admin");
cut.WaitForAssertion(() =>
{
// The H1 is the only positive scaffold assertion — the filter
// bar and grid are still placeholders the Bundle B work fills.
Assert.Contains("<h1", cut.Markup);
Assert.Contains("Audit Log", cut.Markup);
});
}
[Fact]
public void NavMenu_Contains_AuditGroup_With_AuditLog_Link()
{
var cut = RenderNavMenu("Admin", "Design", "Deployment");
cut.WaitForAssertion(() =>
{
Assert.Contains(">Audit<", cut.Markup);
Assert.Contains("/audit/log", cut.Markup);
});
}
[Fact]
public void NavMenu_Contains_ConfigurationAuditLog_Link_UnderAuditGroup()
{
var cut = RenderNavMenu("Admin", "Design", "Deployment");
cut.WaitForAssertion(() =>
{
// Both audit pages must appear after the Audit section header
// in the rendered nav. We check both links + that the header
// comes before either link in the markup, so they are in the
// Audit group rather than orphaned under Monitoring.
Assert.Contains("/audit/configuration", cut.Markup);
Assert.Contains("/audit/log", cut.Markup);
var headerIdx = cut.Markup.IndexOf(">Audit<", StringComparison.Ordinal);
var configIdx = cut.Markup.IndexOf("/audit/configuration", StringComparison.Ordinal);
var logIdx = cut.Markup.IndexOf("/audit/log", StringComparison.Ordinal);
Assert.True(headerIdx >= 0 && headerIdx < configIdx,
"Audit section header must precede the Configuration Audit Log link.");
Assert.True(headerIdx >= 0 && headerIdx < logIdx,
"Audit section header must precede the Audit Log link.");
});
}
// ─────────────────────────────────────────────────────────────────────────
// Bundle D — query-string drill-in parsing (#23 M7-T10..T12)
// ─────────────────────────────────────────────────────────────────────────
[Fact]
public void NavigateWithCorrelationId_AppliesFilter_AndAutoLoads()
{
var corr = Guid.Parse("11111111-2222-3333-4444-555555555555");
_queryService = Substitute.For<IAuditLogQueryService>();
_queryService.QueryAsync(Arg.Any<AuditLogQueryFilter>(), Arg.Any<AuditLogPaging?>(), Arg.Any<CancellationToken>())
.Returns(Task.FromResult<IReadOnlyList<AuditEvent>>(new List<AuditEvent>()));
var cut = RenderAuditLogPageWithQuery($"correlationId={corr}", "Admin");
cut.WaitForAssertion(() =>
{
// Auto-load fires because correlationId is a real filter dimension.
_queryService.Received().QueryAsync(
Arg.Is<AuditLogQueryFilter>(f => f.CorrelationId == corr),
Arg.Any<AuditLogPaging?>(),
Arg.Any<CancellationToken>());
});
}
[Fact]
public void NavigateWithTargetParam_AppliesTargetFilter()
{
_queryService = Substitute.For<IAuditLogQueryService>();
_queryService.QueryAsync(Arg.Any<AuditLogQueryFilter>(), Arg.Any<AuditLogPaging?>(), Arg.Any<CancellationToken>())
.Returns(Task.FromResult<IReadOnlyList<AuditEvent>>(new List<AuditEvent>()));
var cut = RenderAuditLogPageWithQuery("target=ExternalSystem-Alpha", "Admin");
cut.WaitForAssertion(() =>
{
_queryService.Received().QueryAsync(
Arg.Is<AuditLogQueryFilter>(f => f.Target == "ExternalSystem-Alpha"),
Arg.Any<AuditLogPaging?>(),
Arg.Any<CancellationToken>());
});
}
[Fact]
public void NavigateWithSiteParam_AppliesSiteFilter()
{
_queryService = Substitute.For<IAuditLogQueryService>();
_queryService.QueryAsync(Arg.Any<AuditLogQueryFilter>(), Arg.Any<AuditLogPaging?>(), Arg.Any<CancellationToken>())
.Returns(Task.FromResult<IReadOnlyList<AuditEvent>>(new List<AuditEvent>()));
var cut = RenderAuditLogPageWithQuery("site=plant-a", "Admin");
cut.WaitForAssertion(() =>
{
_queryService.Received().QueryAsync(
Arg.Is<AuditLogQueryFilter>(f => f.SourceSiteId == "plant-a"),
Arg.Any<AuditLogPaging?>(),
Arg.Any<CancellationToken>());
});
}
[Fact]
public void NavigateWithStatusParam_AppliesStatusFilter()
{
// Bundle E (M7-T13): the Health-dashboard Audit error-rate tile drills
// in with ?status=Failed. The page parses the enum (case-insensitive),
// builds an AuditLogQueryFilter with Status set, and auto-loads.
_queryService = Substitute.For<IAuditLogQueryService>();
_queryService.QueryAsync(Arg.Any<AuditLogQueryFilter>(), Arg.Any<AuditLogPaging?>(), Arg.Any<CancellationToken>())
.Returns(Task.FromResult<IReadOnlyList<AuditEvent>>(new List<AuditEvent>()));
var cut = RenderAuditLogPageWithQuery("status=Failed", "Admin");
cut.WaitForAssertion(() =>
{
_queryService.Received().QueryAsync(
Arg.Is<AuditLogQueryFilter>(f => f.Status == AuditStatus.Failed),
Arg.Any<AuditLogPaging?>(),
Arg.Any<CancellationToken>());
});
}
[Fact]
public void NavigateWithUnknownStatusParam_IsSilentlyDropped_NoAutoLoad()
{
_queryService = Substitute.For<IAuditLogQueryService>();
var cut = RenderAuditLogPageWithQuery("status=NotARealStatus", "Admin");
// An unparseable status value leaves Status null. With no other filter
// params present the page renders but does NOT call the query service
// (matching the existing "no params" contract).
cut.WaitForAssertion(() => Assert.Contains("Audit Log", cut.Markup));
_queryService.DidNotReceive().QueryAsync(
Arg.Any<AuditLogQueryFilter>(),
Arg.Any<AuditLogPaging?>(),
Arg.Any<CancellationToken>());
}
[Fact]
public void NavigateWithNoParams_LeavesFilterEmpty_NoAutoLoad()
{
_queryService = Substitute.For<IAuditLogQueryService>();
var cut = RenderAuditLogPage("Admin");
// The grid is in "no filter" state — the page heading renders, but the
// query service must NOT be hit because nothing told us to load.
cut.WaitForAssertion(() =>
{
Assert.Contains("Audit Log", cut.Markup);
});
_queryService.DidNotReceive().QueryAsync(
Arg.Any<AuditLogQueryFilter>(),
Arg.Any<AuditLogPaging?>(),
Arg.Any<CancellationToken>());
}
}
Reference in New Issue View Git Blame Copy Permalink