azaion/admin
1
0
Fork 0
mirror of https://github.com/azaion/admin.git synced 2026-06-21 09:41:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
491993f9c1e8d6cffcd08eb1ff575aad378f502f
admin/e2e/Azaion.E2E/Helpers/DbHelper.cs
T
Oleksandr Bezdieniezhnykh 491993f9c1
ci/woodpecker/push/01-test Pipeline failed
Details
ci/woodpecker/push/02-build-push unknown status
Details
[AZ-536] [AZ-537] [AZ-538] Argon2id, login rate limit + lockout, CORS https-only 
AZ-536 — replace unsalted SHA-384 password hashing with Argon2id (RFC 9106).
Stored as PHC string with 64 MiB / 3 iter / 1 lane defaults; legacy SHA-384
hashes detected by prefix and lazily re-hashed on next successful login.
Verify uses CryptographicOperations.FixedTimeEquals on both formats.

AZ-537 — add per-IP sliding window rate limit on /login (ASP.NET Core
RateLimiter, 10/60s default — production-tight) plus DB-backed per-account
limit (5/300s) and consecutive-failure lockout (10 / 15 min) on the users
row. Adds a generic audit_events table with INSERT/SELECT-only grants for
the app role so the per-account count is queryable and admins cannot erase
their own forensic trail. BusinessExceptionHandler maps AccountLocked to
423 and LoginRateLimited to 429, both with Retry-After.

AZ-538 — drop the http://admin.azaion.com origin from CORS, gate
UseHsts() + UseHttpsRedirection() to non-Development envs (1y / preload).

Test infra: Npgsql in the e2e project + a DbHelper for direct DB
inspection used by the AZ-536/537 ACs. appsettings.Development.json
raises PerIpPermitLimit to 1000 so the suite (~270 logins from one
container IP) doesn't false-trip the limiter.

Tests: 53 pass + 3 documented skips (per-IP rate limit needs distinct
client IPs; HSTS/HTTPS redirect need ASPNETCORE_ENVIRONMENT=Production).

Code review: PASS_WITH_WARNINGS — 0 Critical, 0 High, 1 Medium, 3 Low.
See _docs/03_implementation/reviews/batch_01_cycle2_review.md.

Closes AZ-530 epic batch 1 of 4.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-14 04:52:31 +03:00

118 lines
5.1 KiB
C#
Raw Blame History

using System.Globalization;
using Npgsql;
namespace Azaion.E2E.Helpers;
/// <summary>
/// Thin wrapper around <see cref="NpgsqlConnection"/> for tests that must inspect
/// or seed rows directly. Used by AZ-536 (password hash format) and AZ-537
/// (lockout state, audit_events) acceptance tests.
/// </summary>
public sealed class DbHelper
{
private readonly string _connectionString;
public DbHelper(string connectionString) => _connectionString = connectionString;
public async Task<string?> GetPasswordHash(string email, CancellationToken ct = default)
{
await using var conn = await OpenAsync(ct);
await using var cmd = new NpgsqlCommand(
"SELECT password_hash FROM public.users WHERE email = @e", conn);
cmd.Parameters.AddWithValue("e", email);
var raw = await cmd.ExecuteScalarAsync(ct);
return raw == null || raw is DBNull ? null : (string)raw;
}
public async Task<(int FailedLoginCount, DateTime? LockoutUntil)> GetLockoutState(string email, CancellationToken ct = default)
{
await using var conn = await OpenAsync(ct);
await using var cmd = new NpgsqlCommand(
"SELECT failed_login_count, lockout_until FROM public.users WHERE email = @e", conn);
cmd.Parameters.AddWithValue("e", email);
await using var rd = await cmd.ExecuteReaderAsync(ct);
if (!await rd.ReadAsync(ct))
throw new InvalidOperationException($"User {email} not found.");
var failed = rd.GetInt32(0);
DateTime? lockout = rd.IsDBNull(1) ? null : DateTime.SpecifyKind(rd.GetDateTime(1), DateTimeKind.Utc);
return (failed, lockout);
}
public async Task<int> CountAuditEvents(string eventType, string email, CancellationToken ct = default)
{
await using var conn = await OpenAsync(ct);
await using var cmd = new NpgsqlCommand(
"SELECT COUNT(*) FROM public.audit_events WHERE event_type = @t AND email = @e", conn);
cmd.Parameters.AddWithValue("t", eventType);
cmd.Parameters.AddWithValue("e", email);
var raw = await cmd.ExecuteScalarAsync(ct);
return Convert.ToInt32(raw, CultureInfo.InvariantCulture);
}
/// <summary>
/// Inject a user with a known legacy SHA-384 hash so the lazy-migration path can be
/// exercised end-to-end without going through the Argon2id-using registration API.
/// </summary>
public async Task SeedLegacyShaUser(Guid id, string email, string sha384HashBase64, string role = "ResourceUploader", CancellationToken ct = default)
{
await using var conn = await OpenAsync(ct);
await using var cmd = new NpgsqlCommand(@"
INSERT INTO public.users (id, email, password_hash, role, created_at, is_enabled, failed_login_count)
VALUES (@id, @email, @hash, @role, now(), true, 0)
ON CONFLICT (email) DO UPDATE
SET password_hash = excluded.password_hash,
failed_login_count = 0,
lockout_until = NULL,
is_enabled = true", conn);
cmd.Parameters.AddWithValue("id", id);
cmd.Parameters.AddWithValue("email", email);
cmd.Parameters.AddWithValue("hash", sha384HashBase64);
cmd.Parameters.AddWithValue("role", role);
await cmd.ExecuteNonQueryAsync(ct);
}
public async Task DeleteUser(string email, CancellationToken ct = default)
{
await using var conn = await OpenAsync(ct);
await using var cmd = new NpgsqlCommand(
"DELETE FROM public.users WHERE email = @e", conn);
cmd.Parameters.AddWithValue("e", email);
await cmd.ExecuteNonQueryAsync(ct);
}
public async Task DeleteAuditEventsFor(string email, CancellationToken ct = default)
{
await using var conn = await OpenAsync(ct);
await using var cmd = new NpgsqlCommand(
"DELETE FROM public.audit_events WHERE email = @e", conn);
cmd.Parameters.AddWithValue("e", email);
await cmd.ExecuteNonQueryAsync(ct);
}
/// <summary>
/// Force-set a lockout deadline so tests don't have to actually trip the threshold
/// 10 times to check expiry behavior (AZ-537 AC-5).
/// </summary>
public async Task SetLockoutUntil(string email, DateTime? lockoutUntilUtc, int failedCount, CancellationToken ct = default)
{
await using var conn = await OpenAsync(ct);
await using var cmd = new NpgsqlCommand(@"
UPDATE public.users
SET lockout_until = @until,
failed_login_count = @count
WHERE email = @e", conn);
cmd.Parameters.AddWithValue("until",
(object?)(lockoutUntilUtc?.ToUniversalTime()) ?? DBNull.Value);
cmd.Parameters.AddWithValue("count", failedCount);
cmd.Parameters.AddWithValue("e", email);
await cmd.ExecuteNonQueryAsync(ct);
}
private async Task<NpgsqlConnection> OpenAsync(CancellationToken ct)
{
var conn = new NpgsqlConnection(_connectionString);
await conn.OpenAsync(ct);
return conn;
}
}
Reference in New Issue View Git Blame Copy Permalink