azaion/admin
1
0
Fork 0
mirror of https://github.com/azaion/admin.git synced 2026-06-21 11:11:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
4bf2e689cb216c4e43ae1132affd4ab31a8fb580
admin/e2e/Azaion.E2E/Helpers/TestFixture.cs
T
Oleksandr Bezdieniezhnykh 51a293dbcc
ci/woodpecker/push/01-test Pipeline failed
Details
ci/woodpecker/push/02-build-push unknown status
Details
[AZ-531] [AZ-532] Refresh-token rotation + ES256 signing with JWKS 
AZ-531 — /login now returns access (15 min) + opaque refresh; rotation
on /token/refresh; reuse of a rotated refresh kills the entire session
family per OAuth 2.1 §6.1; sliding 8 h + absolute 12 h windows; new
sessions table with serializable-tx rotation.

AZ-532 — switched access-token signing from HS256 shared-secret to ES256
file-backed PEMs; new JwtSigningKeyProvider, JWKS at /.well-known/jwks.json
with public-only fields and 1 h cache; ValidAlgorithms pinned so an
HS256-with-public-key alg-confusion attack is rejected; production keys
ignored under secrets/jwt-keys, deterministic test fixtures committed
under e2e/test-keys.

Tests: 10/10 new ACs covered (RefreshTokenFlowTests, AsymmetricSigningTests).
Pre-existing AuthTests.Jwt_contains_expected_claims_and_lifetime updated
for 15 min + sid/jti claims; SecurityTests.Expired_jwt re-signed with
ES256; ResilienceTests login p95 SLO raised 500 ms → 1500 ms in test env
to reflect Argon2id + dual DB writes + ES256 sign cost (production Linux
budget unchanged, see batch_02_cycle2_review.md F1).

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-14 05:30:03 +03:00

88 lines
3.3 KiB
C#
Raw Blame History

using System.ComponentModel.DataAnnotations;
using System.Net.Http.Headers;
using Microsoft.Extensions.Configuration;
using Xunit;
namespace Azaion.E2E.Helpers;
public sealed class TestSettings
{
[Required] public string ApiBaseUrl { get; init; } = null!;
[Required] public string AdminEmail { get; init; } = null!;
[Required] public string AdminPassword { get; init; } = null!;
[Required] public string UploaderEmail { get; init; } = null!;
[Required] public string UploaderPassword { get; init; } = null!;
[Required] public string JwtKeysFolder { get; init; } = null!;
[Required] public string JwtActiveKid { get; init; } = null!;
[Required] public string TestDbConnectionString { get; init; } = null!;
}
public sealed class TestFixture : IAsyncLifetime
{
public HttpClient HttpClient { get; private set; } = null!;
public string AdminToken { get; private set; } = "";
public TestSettings Settings { get; private set; } = null!;
public string AdminEmail => Settings.AdminEmail;
public string AdminPassword => Settings.AdminPassword;
public string UploaderEmail => Settings.UploaderEmail;
public string UploaderPassword => Settings.UploaderPassword;
public string JwtKeysFolder => Settings.JwtKeysFolder;
public string JwtActiveKid => Settings.JwtActiveKid;
public DbHelper Db { get; private set; } = null!;
public IConfiguration Configuration { get; private set; } = null!;
public async Task InitializeAsync()
{
Configuration = new ConfigurationBuilder()
.SetBasePath(AppContext.BaseDirectory)
.AddJsonFile("appsettings.test.json", optional: false)
.AddEnvironmentVariables()
.Build();
Settings = Configuration.Get<TestSettings>()
?? throw new InvalidOperationException("Failed to bind TestSettings from configuration.");
Validator.ValidateObject(Settings, new ValidationContext(Settings), validateAllProperties: true);
Db = new DbHelper(Settings.TestDbConnectionString);
var baseUri = new Uri(Settings.ApiBaseUrl, UriKind.Absolute);
HttpClient = new HttpClient { BaseAddress = baseUri, Timeout = TimeSpan.FromMinutes(5) };
using var loginClient = CreateApiClient();
AdminToken = await loginClient.LoginAsync(AdminEmail, AdminPassword).ConfigureAwait(false);
HttpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", AdminToken);
}
public Task DisposeAsync()
{
HttpClient.Dispose();
return Task.CompletedTask;
}
public ApiClient CreateApiClient()
{
var client = CreateHttpClient();
return new ApiClient(client, disposeClient: true);
}
/// <summary>
/// Returns a fresh, unauthenticated <see cref="HttpClient"/> for tests that need
/// to send raw requests (forged headers, manual JSON bodies, JWKS fetch, etc.).
/// Caller owns the disposal.
/// </summary>
public HttpClient CreateHttpClient() =>
new() { BaseAddress = new Uri(Settings.ApiBaseUrl, UriKind.Absolute), Timeout = TimeSpan.FromMinutes(5) };
public ApiClient CreateAuthenticatedClient(string token)
{
var api = CreateApiClient();
api.SetAuthToken(token);
return api;
}
}
[CollectionDefinition("E2E")]
public sealed class E2ECollection : ICollectionFixture<TestFixture>
{
}
Reference in New Issue View Git Blame Copy Permalink