using System.Globalization;
using Npgsql;
namespace Azaion.E2E.Helpers;
///
/// Thin wrapper around for tests that must inspect
/// or seed rows directly. Used by AZ-536 (password hash format) and AZ-537
/// (lockout state, audit_events) acceptance tests.
///
public sealed record SessionRow(
Guid Id,
Guid UserId,
Guid FamilyId,
DateTime IssuedAt,
DateTime ExpiresAt,
DateTime? RevokedAt,
string? RevokedReason,
Guid? ParentSessionId,
DateTime FamilyStartedAt);
public sealed class DbHelper
{
private readonly string _connectionString;
public DbHelper(string connectionString) => _connectionString = connectionString;
public async Task GetPasswordHash(string email, CancellationToken ct = default)
{
await using var conn = await OpenAsync(ct);
await using var cmd = new NpgsqlCommand(
"SELECT password_hash FROM public.users WHERE email = @e", conn);
cmd.Parameters.AddWithValue("e", email);
var raw = await cmd.ExecuteScalarAsync(ct);
return raw == null || raw is DBNull ? null : (string)raw;
}
public async Task<(int FailedLoginCount, DateTime? LockoutUntil)> GetLockoutState(string email, CancellationToken ct = default)
{
await using var conn = await OpenAsync(ct);
await using var cmd = new NpgsqlCommand(
"SELECT failed_login_count, lockout_until FROM public.users WHERE email = @e", conn);
cmd.Parameters.AddWithValue("e", email);
await using var rd = await cmd.ExecuteReaderAsync(ct);
if (!await rd.ReadAsync(ct))
throw new InvalidOperationException($"User {email} not found.");
var failed = rd.GetInt32(0);
DateTime? lockout = rd.IsDBNull(1) ? null : DateTime.SpecifyKind(rd.GetDateTime(1), DateTimeKind.Utc);
return (failed, lockout);
}
public async Task CountAuditEvents(string eventType, string email, CancellationToken ct = default)
{
await using var conn = await OpenAsync(ct);
await using var cmd = new NpgsqlCommand(
"SELECT COUNT(*) FROM public.audit_events WHERE event_type = @t AND email = @e", conn);
cmd.Parameters.AddWithValue("t", eventType);
cmd.Parameters.AddWithValue("e", email);
var raw = await cmd.ExecuteScalarAsync(ct);
return Convert.ToInt32(raw, CultureInfo.InvariantCulture);
}
///
/// Inject a user with a known legacy SHA-384 hash so the lazy-migration path can be
/// exercised end-to-end without going through the Argon2id-using registration API.
///
public async Task SeedLegacyShaUser(Guid id, string email, string sha384HashBase64, string role = "ResourceUploader", CancellationToken ct = default)
{
await using var conn = await OpenAsync(ct);
await using var cmd = new NpgsqlCommand(@"
INSERT INTO public.users (id, email, password_hash, role, created_at, is_enabled, failed_login_count)
VALUES (@id, @email, @hash, @role, now(), true, 0)
ON CONFLICT (email) DO UPDATE
SET password_hash = excluded.password_hash,
failed_login_count = 0,
lockout_until = NULL,
is_enabled = true", conn);
cmd.Parameters.AddWithValue("id", id);
cmd.Parameters.AddWithValue("email", email);
cmd.Parameters.AddWithValue("hash", sha384HashBase64);
cmd.Parameters.AddWithValue("role", role);
await cmd.ExecuteNonQueryAsync(ct);
}
public async Task DeleteUser(string email, CancellationToken ct = default)
{
await using var conn = await OpenAsync(ct);
await using var cmd = new NpgsqlCommand(
"DELETE FROM public.users WHERE email = @e", conn);
cmd.Parameters.AddWithValue("e", email);
await cmd.ExecuteNonQueryAsync(ct);
}
public async Task DeleteAuditEventsFor(string email, CancellationToken ct = default)
{
await using var conn = await OpenAsync(ct);
await using var cmd = new NpgsqlCommand(
"DELETE FROM public.audit_events WHERE email = @e", conn);
cmd.Parameters.AddWithValue("e", email);
await cmd.ExecuteNonQueryAsync(ct);
}
///
/// Force-set a lockout deadline so tests don't have to actually trip the threshold
/// 10 times to check expiry behavior (AZ-537 AC-5).
///
public async Task SetLockoutUntil(string email, DateTime? lockoutUntilUtc, int failedCount, CancellationToken ct = default)
{
await using var conn = await OpenAsync(ct);
await using var cmd = new NpgsqlCommand(@"
UPDATE public.users
SET lockout_until = @until,
failed_login_count = @count
WHERE email = @e", conn);
cmd.Parameters.AddWithValue("until",
(object?)(lockoutUntilUtc?.ToUniversalTime()) ?? DBNull.Value);
cmd.Parameters.AddWithValue("count", failedCount);
cmd.Parameters.AddWithValue("e", email);
await cmd.ExecuteNonQueryAsync(ct);
}
///
/// AZ-531 — looks up a session row by the refresh token's sha256 hash. Tests
/// hash the opaque token the same way RefreshTokenService does, then assert
/// on the persisted row.
///
public async Task GetSessionByHash(string refreshHashHex, CancellationToken ct = default)
{
await using var conn = await OpenAsync(ct);
await using var cmd = new NpgsqlCommand(@"
SELECT id, user_id, family_id, issued_at, expires_at, revoked_at,
revoked_reason, parent_session_id, family_started_at
FROM public.sessions
WHERE refresh_hash = @h", conn);
cmd.Parameters.AddWithValue("h", refreshHashHex);
await using var rd = await cmd.ExecuteReaderAsync(ct);
if (!await rd.ReadAsync(ct)) return null;
return new SessionRow(
Id: rd.GetGuid(0),
UserId: rd.GetGuid(1),
FamilyId: rd.GetGuid(2),
IssuedAt: DateTime.SpecifyKind(rd.GetDateTime(3), DateTimeKind.Utc),
ExpiresAt: DateTime.SpecifyKind(rd.GetDateTime(4), DateTimeKind.Utc),
RevokedAt: rd.IsDBNull(5) ? null : DateTime.SpecifyKind(rd.GetDateTime(5), DateTimeKind.Utc),
RevokedReason: rd.IsDBNull(6) ? null : rd.GetString(6),
ParentSessionId: rd.IsDBNull(7) ? null : rd.GetGuid(7),
FamilyStartedAt: DateTime.SpecifyKind(rd.GetDateTime(8), DateTimeKind.Utc));
}
public async Task CountActiveInFamily(Guid familyId, CancellationToken ct = default)
{
await using var conn = await OpenAsync(ct);
await using var cmd = new NpgsqlCommand(
"SELECT COUNT(*) FROM public.sessions WHERE family_id = @f AND revoked_at IS NULL", conn);
cmd.Parameters.AddWithValue("f", familyId);
return Convert.ToInt32(await cmd.ExecuteScalarAsync(ct), CultureInfo.InvariantCulture);
}
public async Task CountReuseRevokedInFamily(Guid familyId, CancellationToken ct = default)
{
await using var conn = await OpenAsync(ct);
await using var cmd = new NpgsqlCommand(
"SELECT COUNT(*) FROM public.sessions WHERE family_id = @f AND revoked_reason = 'reuse_detected'", conn);
cmd.Parameters.AddWithValue("f", familyId);
return Convert.ToInt32(await cmd.ExecuteScalarAsync(ct), CultureInfo.InvariantCulture);
}
///
/// AZ-531 AC-4 — backdate a family so the absolute-expiry check fires
/// without waiting 12 hours of wall-clock time.
///
public async Task BackdateFamily(Guid familyId, TimeSpan ageFromNow, CancellationToken ct = default)
{
await using var conn = await OpenAsync(ct);
await using var cmd = new NpgsqlCommand(@"
UPDATE public.sessions
SET family_started_at = now() - @age,
issued_at = now() - @age,
last_used_at = now() - @age
WHERE family_id = @f", conn);
cmd.Parameters.AddWithValue("age", ageFromNow);
cmd.Parameters.AddWithValue("f", familyId);
await cmd.ExecuteNonQueryAsync(ct);
}
public async Task DeleteSessionsFor(string email, CancellationToken ct = default)
{
await using var conn = await OpenAsync(ct);
await using var cmd = new NpgsqlCommand(@"
DELETE FROM public.sessions
WHERE user_id = (SELECT id FROM public.users WHERE email = @e)", conn);
cmd.Parameters.AddWithValue("e", email);
await cmd.ExecuteNonQueryAsync(ct);
}
///
/// AZ-535 — count active sessions for a user, optionally filtered to a session class.
///
public async Task CountActiveSessionsForUser(string email, string? sessionClass = null, CancellationToken ct = default)
{
await using var conn = await OpenAsync(ct);
var sql = @"
SELECT COUNT(*) FROM public.sessions
WHERE user_id = (SELECT id FROM public.users WHERE email = @e)
AND revoked_at IS NULL"
+ (sessionClass != null ? " AND class = @c" : "");
await using var cmd = new NpgsqlCommand(sql, conn);
cmd.Parameters.AddWithValue("e", email);
if (sessionClass != null) cmd.Parameters.AddWithValue("c", sessionClass);
return Convert.ToInt32(await cmd.ExecuteScalarAsync(ct), CultureInfo.InvariantCulture);
}
///
/// AZ-533 — count open mission sessions whose aircraft_id matches the given user.
///
public async Task CountOpenMissionsForAircraft(Guid aircraftId, CancellationToken ct = default)
{
await using var conn = await OpenAsync(ct);
await using var cmd = new NpgsqlCommand(@"
SELECT COUNT(*) FROM public.sessions
WHERE aircraft_id = @a AND class = 'mission' AND revoked_at IS NULL", conn);
cmd.Parameters.AddWithValue("a", aircraftId);
return Convert.ToInt32(await cmd.ExecuteScalarAsync(ct), CultureInfo.InvariantCulture);
}
///
/// AZ-535 — pluck the row's revocation columns for assertions on who/why/when.
///
public async Task<(DateTime? RevokedAt, string? Reason, Guid? RevokedBy)> GetRevocationInfo(Guid sessionId, CancellationToken ct = default)
{
await using var conn = await OpenAsync(ct);
await using var cmd = new NpgsqlCommand(
"SELECT revoked_at, revoked_reason, revoked_by_user_id FROM public.sessions WHERE id = @s", conn);
cmd.Parameters.AddWithValue("s", sessionId);
await using var rd = await cmd.ExecuteReaderAsync(ct);
if (!await rd.ReadAsync(ct))
throw new InvalidOperationException($"Session {sessionId} not found.");
return (
rd.IsDBNull(0) ? null : DateTime.SpecifyKind(rd.GetDateTime(0), DateTimeKind.Utc),
rd.IsDBNull(1) ? null : rd.GetString(1),
rd.IsDBNull(2) ? null : rd.GetGuid(2));
}
///
/// AZ-535 — promote a user to Service role so they can read /sessions/revoked.
///
public async Task PromoteToService(string email, CancellationToken ct = default)
{
await using var conn = await OpenAsync(ct);
await using var cmd = new NpgsqlCommand(
"UPDATE public.users SET role = 'Service' WHERE email = @e", conn);
cmd.Parameters.AddWithValue("e", email);
await cmd.ExecuteNonQueryAsync(ct);
}
public static string HashRefreshToken(string opaqueToken)
{
var bytes = System.Text.Encoding.ASCII.GetBytes(opaqueToken);
var digest = System.Security.Cryptography.SHA256.HashData(bytes);
return Convert.ToHexString(digest);
}
private async Task OpenAsync(CancellationToken ct)
{
var conn = new NpgsqlConnection(_connectionString);
await conn.OpenAsync(ct);
return conn;
}
}