azaion/admin
1
0
Fork 0
mirror of https://github.com/azaion/admin.git synced 2026-06-21 08:21:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
5e90512987fd16143357af24c1bc4d576f6c1ddc
admin/e2e/Azaion.E2E/Tests/ResilienceTests.cs
T
Oleksandr Bezdieniezhnykh 5e90512987 [AZ-197] Remove hardware ID binding from resource flow 
Sealed-Jetson + SaaS architecture eliminates the credential-reuse-across-
machines threat that motivated hardware fingerprint binding. The binding's
only remaining effect was a real production failure mode on legitimate
hardware events.

Production:
- Drop PUT /users/hardware/set and POST /resources/check.
- Simplify POST /resources/get/{dataFolder?} (no Hardware field).
- Remove CheckHardwareHash, UpdateHardware, Security.GetHWHash.
- GetApiEncryptionKey signature: (email, password) — no hardwareHash.
- Drop SetHWRequest DTO and Hardware property from GetResourceRequest.
- Remove HardwareIdMismatch (40) and BadHardware (45) ExceptionEnum
  entries; numeric codes left as a gap, not for reuse.

Wire-compat policy: drop entirely (no Loader; no in-flight legacy
clients). Stale callers will see 404s, which is the right loud failure.

Tombstones:
- User.Hardware DB column kept (nullable, unused) — separate cleanup
  ticket for the migration per workspace "no rename without confirmation".
- User.LastLogin is now never written by app code (only writer was inside
  the deleted CheckHardwareHash); flagged in batch_06_review for a future
  ticket.

Tests:
- Delete e2e HardwareBindingTests (165 lines) and Azaion.Test
  UserServiceTest (sole test was CheckHardwareHashTest).
- Drop Hardware payloads + /resources/check preconditions from e2e
  ResourceTests, SecurityTests, ResilienceTests; drop hardwareId arg
  from Azaion.Test SecurityTest.
- Add SecurityTests.Hardware_endpoints_are_removed_AZ_197 (AC-2 regression
  asserting both removed routes return 404).

Docs:
- architecture.md: System Context note, ADR-003 new key formula, ADR-004
  retired with rationale.
- diagrams/flows/flow_hardware_check.md: tombstoned.

Also archives the four batch-1+batch-2 task files into _docs/02_tasks/done/
(file moves were missed by the batch_05 commit).

Code review: PASS — see _docs/03_implementation/reviews/batch_06_review.md.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-13 04:46:39 +03:00

164 lines
5.2 KiB
C#
Raw Blame History

using System.Diagnostics;
using System.Net;
using Azaion.E2E.Helpers;
using FluentAssertions;
using Xunit;
namespace Azaion.E2E.Tests;
[Collection("E2E")]
public sealed class ResilienceTests
{
private const string MalformedJwtUnsigned =
"eyJhbGciOiJub25lIn0.eyJ0ZXN0IjoiMSJ9.";
private readonly TestFixture _fixture;
public ResilienceTests(TestFixture fixture) => _fixture = fixture;
[Fact]
public async Task Malformed_authorization_headers_return_401_and_system_remains_operational()
{
// Arrange
var baseUrl = _fixture.Settings.ApiBaseUrl;
var headers = new[]
{
"Bearer invalidtoken123",
$"Bearer {MalformedJwtUnsigned}",
"NotBearer somevalue",
"Bearer "
};
using var http = new HttpClient { BaseAddress = new Uri(baseUrl, UriKind.Absolute), Timeout = TimeSpan.FromMinutes(5) };
// Act
foreach (var h in headers)
{
using var request = new HttpRequestMessage(HttpMethod.Get, "/users/current");
request.Headers.TryAddWithoutValidation("Authorization", h);
using var response = await http.SendAsync(request);
// Assert
response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
}
// Arrange
using var client = _fixture.CreateApiClient();
// Act
var token = await client.LoginAsync(_fixture.AdminEmail, _fixture.AdminPassword);
// Assert
token.Should().NotBeNullOrWhiteSpace();
}
[Fact]
public async Task Login_p95_latency_under_500ms_after_warmup()
{
// Arrange
using var client = _fixture.CreateApiClient();
for (var i = 0; i < 5; i++)
{
using var w = await client.PostAsync("/login",
new { email = _fixture.UploaderEmail, password = _fixture.UploaderPassword });
w.EnsureSuccessStatusCode();
}
var samples = new List<double>(100);
// Act
for (var i = 0; i < 100; i++)
{
var sw = Stopwatch.StartNew();
using var resp = await client.PostAsync("/login",
new { email = _fixture.UploaderEmail, password = _fixture.UploaderPassword });
sw.Stop();
resp.EnsureSuccessStatusCode();
samples.Add(sw.Elapsed.TotalMilliseconds);
}
var sorted = samples.OrderBy(x => x).ToArray();
var p95Index = (int)Math.Ceiling(0.95 * sorted.Length) - 1;
if (p95Index < 0)
p95Index = 0;
var p95 = sorted[p95Index];
// Assert
p95.Should().BeLessThan(500);
}
[Fact]
[Trait("Category", "ResourceLimit")]
public async Task Max_file_upload_200_mb_accepted()
{
// Arrange
const string folder = "testfolder";
const string fileName = "max.bin";
var payload = new byte[200 * 1024 * 1024 - 4096];
try
{
using var adminClient = _fixture.CreateAuthenticatedClient(_fixture.AdminToken);
// Act
using var response = await adminClient.UploadFileAsync($"/resources/{folder}", payload, fileName);
// Assert
response.StatusCode.Should().Be(HttpStatusCode.OK);
}
finally
{
using var adminCleanup = _fixture.CreateAuthenticatedClient(_fixture.AdminToken);
using var clear = await adminCleanup.PostAsync($"/resources/clear/{folder}", new { });
clear.EnsureSuccessStatusCode();
}
}
[Fact]
[Trait("Category", "ResourceLimit")]
public async Task Over_max_upload_201_mb_rejected_or_connection_aborted()
{
// Arrange
const string folder = "testfolder";
const string fileName = "over.bin";
var payload = new byte[201 * 1024 * 1024];
using var adminClient = _fixture.CreateAuthenticatedClient(_fixture.AdminToken);
// Act
var outcome = await TryUploadAsync(adminClient, $"/resources/{folder}", payload, fileName);
// Assert
outcome.Acceptable.Should().BeTrue();
using (var adminCleanup = _fixture.CreateAuthenticatedClient(_fixture.AdminToken))
{
using var clear = await adminCleanup.PostAsync($"/resources/clear/{folder}", new { });
clear.EnsureSuccessStatusCode();
}
}
private static async Task<(bool Acceptable, HttpStatusCode? Status)> TryUploadAsync(
ApiClient adminClient, string url, byte[] payload, string fileName)
{
try
{
using var response = await adminClient.UploadFileAsync(url, payload, fileName);
if (response.StatusCode == HttpStatusCode.RequestEntityTooLarge)
return (true, response.StatusCode);
return (false, response.StatusCode);
}
catch (Exception ex) when (IsConnectionRelated(ex))
{
return (true, null);
}
}
private static bool IsConnectionRelated(Exception ex)
{
if (ex is HttpRequestException or TaskCanceledException or IOException)
return true;
return ex.InnerException is not null && IsConnectionRelated(ex.InnerException);
}
}
Reference in New Issue View Git Blame Copy Permalink