[AZ-197] Remove hardware ID binding from resource flow

Sealed-Jetson + SaaS architecture eliminates the credential-reuse-across- machines threat that motivated hardware fingerprint binding. The binding's only remaining effect was a real production failure mode on legitimate hardware events. Production: - Drop PUT /users/hardware/set and POST /resources/check. - Simplify POST /resources/get/{dataFolder?} (no Hardware field). - Remove CheckHardwareHash, UpdateHardware, Security.GetHWHash. - GetApiEncryptionKey signature: (email, password) — no hardwareHash. - Drop SetHWRequest DTO and Hardware property from GetResourceRequest. - Remove HardwareIdMismatch (40) and BadHardware (45) ExceptionEnum entries; numeric codes left as a gap, not for reuse. Wire-compat policy: drop entirely (no Loader; no in-flight legacy clients). Stale callers will see 404s, which is the right loud failure. Tombstones: - User.Hardware DB column kept (nullable, unused) — separate cleanup ticket for the migration per workspace "no rename without confirmation". - User.LastLogin is now never written by app code (only writer was inside the deleted CheckHardwareHash); flagged in batch_06_review for a future ticket. Tests: - Delete e2e HardwareBindingTests (165 lines) and Azaion.Test UserServiceTest (sole test was CheckHardwareHashTest). - Drop Hardware payloads + /resources/check preconditions from e2e ResourceTests, SecurityTests, ResilienceTests; drop hardwareId arg from Azaion.Test SecurityTest. - Add SecurityTests.Hardware_endpoints_are_removed_AZ_197 (AC-2 regression asserting both removed routes return 404). Docs: - architecture.md: System Context note, ADR-003 new key formula, ADR-004 retired with rationale. - diagrams/flows/flow_hardware_check.md: tombstoned. Also archives the four batch-1+batch-2 task files into _docs/02_tasks/done/ (file moves were missed by the batch_05 commit). Code review: PASS — see _docs/03_implementation/reviews/batch_06_review.md. Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-22 16:41:09 +00:00 · 2026-05-13 04:46:39 +03:00
parent 5ca9ccab2c
commit 5e90512987
22 changed files with 359 additions and 490 deletions
@@ -1,7 +1,5 @@
 using System.Diagnostics;
 using System.Net;
-using System.Net.Http.Json;
-using System.Text.Json;
 using Azaion.E2E.Helpers;
 using FluentAssertions;
 using Xunit;
@@ -11,12 +9,6 @@ namespace Azaion.E2E.Tests;
 [Collection("E2E")]
 public sealed class ResilienceTests
 {
-    private static readonly JsonSerializerOptions ResponseJsonOptions = new()
-    {
-        PropertyNameCaseInsensitive = true
-    };
-
-    private const string TestUserPassword = "TestPass1234";
    private const string MalformedJwtUnsigned =
        "eyJhbGciOiJub25lIn0.eyJ0ZXN0IjoiMSJ9.";

@@ -60,64 +52,6 @@ public sealed class ResilienceTests
        token.Should().NotBeNullOrWhiteSpace();
    }

-    [Fact]
-    public async Task Concurrent_hardware_binding_same_hardware_has_no_500_and_state_consistent()
-    {
-        // Arrange
-        string? email = null;
-        var hardware =
-            $"CPU: ConcCPU. GPU: ConcGPU. Memory: 8192. DriveSerial: {Guid.NewGuid():N}.";
-
-        try
-        {
-            var candidateEmail = $"resilience-hw-{Guid.NewGuid()}@azaion.com";
-            using (var adminClient = _fixture.CreateAuthenticatedClient(_fixture.AdminToken))
-            {
-                using var createResp = await adminClient.PostAsync("/users",
-                    new { Email = candidateEmail, Password = TestUserPassword, Role = 10 });
-                createResp.EnsureSuccessStatusCode();
-            }
-
-            email = candidateEmail;
-
-            using var loginClient = _fixture.CreateApiClient();
-            var userToken = await loginClient.LoginAsync(email, TestUserPassword);
-            using var userClient = _fixture.CreateAuthenticatedClient(userToken);
-
-            // Act
-            var concurrentTasks = Enumerable.Range(0, 5)
-                .Select(_ => userClient.PostAsync("/resources/check", new { Hardware = hardware }))
-                .ToArray();
-            var concurrentResponses = await Task.WhenAll(concurrentTasks);
-
-            // Assert
-            foreach (var r in concurrentResponses)
-            {
-                using (r)
-                {
-                    r.StatusCode.Should().NotBe(HttpStatusCode.InternalServerError);
-                }
-            }
-
-            // Act
-            using var followUp = await userClient.PostAsync("/resources/check", new { Hardware = hardware });
-
-            // Assert
-            followUp.StatusCode.Should().Be(HttpStatusCode.OK);
-            var body = await followUp.Content.ReadFromJsonAsync<bool>(ResponseJsonOptions);
-            body.Should().BeTrue();
-        }
-        finally
-        {
-            if (email is not null)
-            {
-                using var adminCleanup = _fixture.CreateAuthenticatedClient(_fixture.AdminToken);
-                using var del = await adminCleanup.DeleteAsync($"/users/{Uri.EscapeDataString(email)}");
-                del.EnsureSuccessStatusCode();
-            }
-        }
-    }
-
    [Fact]
    public async Task Login_p95_latency_under_500ms_after_warmup()
    {