dohertj2/scadalink-design
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e8df71ea644739192d60c7597100600152d43ce9
scadalink-design/tests/ScadaLink.InboundAPI.Tests/ApiKeyValidatorTests.cs
Joseph Doherty b659978764 Phase 8: Production readiness — failover tests, security hardening, sandboxing, deployment docs 
- WP-1-3: Central/site failover + dual-node recovery tests (17 tests)
- WP-4: Performance testing framework for target scale (7 tests)
- WP-5: Security hardening (LDAPS, JWT key length, no secrets in logs) (11 tests)
- WP-6: Script sandboxing adversarial tests (28 tests, all forbidden APIs)
- WP-7: Recovery drill test scaffolds (5 tests)
- WP-8: Observability validation (structured logs, correlation IDs, metrics) (6 tests)
- WP-9: Message contract compatibility (forward/backward compat) (18 tests)
- WP-10: Deployment packaging (installation guide, production checklist, topology)
- WP-11: Operational runbooks (failover, troubleshooting, maintenance)
92 new tests, all passing. Zero warnings.
2026-03-16 22:12:31 -04:00

102 lines
3.5 KiB
C#
Raw Blame History

using NSubstitute;
using ScadaLink.Commons.Entities.InboundApi;
using ScadaLink.Commons.Interfaces.Repositories;
namespace ScadaLink.InboundAPI.Tests;
/// <summary>
/// WP-1: Tests for API key validation — X-API-Key header, enabled/disabled keys,
/// method approval.
/// </summary>
public class ApiKeyValidatorTests
{
private readonly IInboundApiRepository _repository = Substitute.For<IInboundApiRepository>();
private readonly ApiKeyValidator _validator;
public ApiKeyValidatorTests()
{
_validator = new ApiKeyValidator(_repository);
}
[Fact]
public async Task MissingApiKey_Returns401()
{
var result = await _validator.ValidateAsync(null, "testMethod");
Assert.False(result.IsValid);
Assert.Equal(401, result.StatusCode);
}
[Fact]
public async Task EmptyApiKey_Returns401()
{
var result = await _validator.ValidateAsync("", "testMethod");
Assert.False(result.IsValid);
Assert.Equal(401, result.StatusCode);
}
[Fact]
public async Task InvalidApiKey_Returns401()
{
_repository.GetApiKeyByValueAsync("bad-key").Returns((ApiKey?)null);
var result = await _validator.ValidateAsync("bad-key", "testMethod");
Assert.False(result.IsValid);
Assert.Equal(401, result.StatusCode);
}
[Fact]
public async Task DisabledApiKey_Returns401()
{
var key = new ApiKey("test", "valid-key") { Id = 1, IsEnabled = false };
_repository.GetApiKeyByValueAsync("valid-key").Returns(key);
var result = await _validator.ValidateAsync("valid-key", "testMethod");
Assert.False(result.IsValid);
Assert.Equal(401, result.StatusCode);
}
[Fact]
public async Task ValidKey_MethodNotFound_Returns400()
{
var key = new ApiKey("test", "valid-key") { Id = 1, IsEnabled = true };
_repository.GetApiKeyByValueAsync("valid-key").Returns(key);
_repository.GetMethodByNameAsync("nonExistent").Returns((ApiMethod?)null);
var result = await _validator.ValidateAsync("valid-key", "nonExistent");
Assert.False(result.IsValid);
Assert.Equal(400, result.StatusCode);
}
[Fact]
public async Task ValidKey_NotApprovedForMethod_Returns403()
{
var key = new ApiKey("test", "valid-key") { Id = 1, IsEnabled = true };
var method = new ApiMethod("testMethod", "return 1;") { Id = 10 };
_repository.GetApiKeyByValueAsync("valid-key").Returns(key);
_repository.GetMethodByNameAsync("testMethod").Returns(method);
_repository.GetApprovedKeysForMethodAsync(10).Returns(new List<ApiKey>());
var result = await _validator.ValidateAsync("valid-key", "testMethod");
Assert.False(result.IsValid);
Assert.Equal(403, result.StatusCode);
}
[Fact]
public async Task ValidKey_ApprovedForMethod_ReturnsValid()
{
var key = new ApiKey("test", "valid-key") { Id = 1, IsEnabled = true };
var method = new ApiMethod("testMethod", "return 1;") { Id = 10 };
_repository.GetApiKeyByValueAsync("valid-key").Returns(key);
_repository.GetMethodByNameAsync("testMethod").Returns(method);
_repository.GetApprovedKeysForMethodAsync(10).Returns(new List<ApiKey> { key });
var result = await _validator.ValidateAsync("valid-key", "testMethod");
Assert.True(result.IsValid);
Assert.Equal(200, result.StatusCode);
Assert.Equal(key, result.ApiKey);
Assert.Equal(method, result.Method);
}
}
Reference in New Issue View Git Blame Copy Permalink