azaion/admin
1
0
Fork 0
mirror of https://github.com/azaion/admin.git synced 2026-06-21 11:51:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
c7b297de83bc5aca7ec75c5658eacfbd28ad8743
admin/Azaion.Test/SecurityTest.cs
T
Oleksandr Bezdieniezhnykh 5e90512987 [AZ-197] Remove hardware ID binding from resource flow 
Sealed-Jetson + SaaS architecture eliminates the credential-reuse-across-
machines threat that motivated hardware fingerprint binding. The binding's
only remaining effect was a real production failure mode on legitimate
hardware events.

Production:
- Drop PUT /users/hardware/set and POST /resources/check.
- Simplify POST /resources/get/{dataFolder?} (no Hardware field).
- Remove CheckHardwareHash, UpdateHardware, Security.GetHWHash.
- GetApiEncryptionKey signature: (email, password) — no hardwareHash.
- Drop SetHWRequest DTO and Hardware property from GetResourceRequest.
- Remove HardwareIdMismatch (40) and BadHardware (45) ExceptionEnum
  entries; numeric codes left as a gap, not for reuse.

Wire-compat policy: drop entirely (no Loader; no in-flight legacy
clients). Stale callers will see 404s, which is the right loud failure.

Tombstones:
- User.Hardware DB column kept (nullable, unused) — separate cleanup
  ticket for the migration per workspace "no rename without confirmation".
- User.LastLogin is now never written by app code (only writer was inside
  the deleted CheckHardwareHash); flagged in batch_06_review for a future
  ticket.

Tests:
- Delete e2e HardwareBindingTests (165 lines) and Azaion.Test
  UserServiceTest (sole test was CheckHardwareHashTest).
- Drop Hardware payloads + /resources/check preconditions from e2e
  ResourceTests, SecurityTests, ResilienceTests; drop hardwareId arg
  from Azaion.Test SecurityTest.
- Add SecurityTests.Hardware_endpoints_are_removed_AZ_197 (AC-2 regression
  asserting both removed routes return 404).

Docs:
- architecture.md: System Context note, ADR-003 new key formula, ADR-004
  retired with rationale.
- diagrams/flows/flow_hardware_check.md: tombstoned.

Also archives the four batch-1+batch-2 task files into _docs/02_tasks/done/
(file moves were missed by the batch_05 commit).

Code review: PASS — see _docs/03_implementation/reviews/batch_06_review.md.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-13 04:46:39 +03:00

110 lines
5.0 KiB
C#
Raw Blame History

using System.Security.Cryptography;
using System.Text;
using Azaion.Common.Extensions;
using Azaion.Services;
using FluentAssertions;
using Newtonsoft.Json;
using Xunit;
namespace Azaion.Test;
public class SecurityTest
{
[Fact]
public async Task EncryptDecryptTest()
{
var testString = "Hello World Test dfvjkhsdbfvkljh sabdljsdafv asdvsad vsadfjv hbsadfkujv hgasdkvhgaksdjhvbsdv sdvsdjfhvb skdajfhb vskldfvhb lsdkfbv lsdb v" +
"sdlkfjv sdlkfvjb lsdkfjvb olsdfjvb l sdkfjvb lsdkf vblsdkfjbv lsdkfbvlksdjfbvlkdsjbfvlksdbv lksdjfbv lksdjbf vdsv sdf" +
"sdlkfjv sdlkfvjb lsdkfjvb olsdfjvb l sdkfjvb lsdkf vblsdkfjbv lsdkfbvlksdjfbvlkdsjbfvlksdbv lksdjfbv lksdjbf vdsv sdf" +
"sdlkfjv sdlkfvjb lsdkfjvb olsdfjvb l sdkfjvb lsdkf vblsdkfjbv lsdkfbvlksdjfbvlkdsjbfvlksdbv lksdjfbv lksdjbf vdsv sdf" +
"sdlkfjv sdlkfvjb lsdkfjvb olsdfjvb l sdkfjvb lsdkf vblsdkfjbv lsdkfbvlksdjfbvlkdsjbfvlksdbv lksdjfbv lksdjbf vdsv sdf" +
"sdlkfjv sdlkfvjb lsdkfjvb olsdfjvb l sdkfjvb lsdkf vblsdkfjbv lsdkfbvlksdjfbvlkdsjbfvlksdbv lksdjfbv lksdjbf vdsv sdf" +
"sdlkfjv sdlkfvjb lsdkfjvb olsdfjvb l sdkfjvb lsdkf vblsdkfjbv lsdkfbvlksdjfbvlkdsjbfvlksdbv lksdjfbv lksdjbf vdsv sdf" +
"sdlkfjv sdlkfvjb lsdkfjvb olsdfjvb l sdkfjvb lsdkf vblsdkfjbv lsdkfbvlksdjfbvlkdsjbfvlksdbv lksdjfbv lksdjbf vdsv sdf" +
"sdlkfjv sdlkfvjb lsdkfjvb olsdfjvb l sdkfjvb lsdkf vblsdkfjbv lsdkfbvlksdjfbvlkdsjbfvlksdbv lksdjfbv lksdjbf vdsv sdf" +
"sdlkfjv sdlkfvjb lsdkfjvb olsdfjvb l sdkfjvb lsdkf vblsdkfjbv lsdkfbvlksdjfbvlkdsjbfvlksdbv lksdjfbv lksdjbf vdsv sdf" +
"sdlkfjv sdlkfvjb lsdkfjvb olsdfjvb l sdkfjvb lsdkf vblsdkfjbv lsdkfbvlksdjfbvlkdsjbfvlksdbv lksdjfbv lksdjbf vdsv sdf" +
"sdlkfjv sdlkfvjb lsdkfjvb olsdfjvb l sdkfjvb lsdkf vblsdkfjbv lsdkfbvlksdjfbvlkdsjbfvlksdbv lksdjfbv lksdjbf vdsv sdf" +
" sakdhvb kasjdhbv kjasdhv kjhas";
var email = "user@azaion.com";
var password = "testpw";
var key = Security.GetApiEncryptionKey(email, password);
var encryptedStream = new MemoryStream();
await StringToStream(testString).EncryptTo(encryptedStream, key);
await using var decryptedStream = new MemoryStream();
await encryptedStream.DecryptTo(decryptedStream, key);
encryptedStream.Close();
var str = decryptedStream.ConvertToString();
str.Should().Be(testString);
}
[Fact]
public async Task EncryptDecryptLargeFileTest()
{
var username = "user@azaion.com";
var password = "testpw";
var key = Security.GetApiEncryptionKey(username, password);
var largeFilePath = "large.txt";
var largeFileDecryptedPath = "large_decrypted.txt";
var stream = await CreateLargeFile(largeFilePath);
stream.Seek(0, SeekOrigin.Begin);
var encryptedStream = new MemoryStream();
await stream.EncryptTo(encryptedStream, key);
encryptedStream.Seek(0, SeekOrigin.Begin);
File.Delete(largeFileDecryptedPath);
await using var decryptedStream = new FileStream(largeFileDecryptedPath, FileMode.OpenOrCreate, FileAccess.Write);
await encryptedStream.DecryptTo(decryptedStream, key);
encryptedStream.Close();
stream.Close();
decryptedStream.Close();
await CompareFiles(largeFilePath, largeFileDecryptedPath);
File.Delete(largeFilePath);
File.Delete(largeFileDecryptedPath);
}
private async Task CompareFiles(string largeFilePath, string largeFileDecryptedPath)
{
await using var stream1 = new FileStream(largeFilePath, FileMode.Open, FileAccess.Read);
await using var stream2 = new FileStream(largeFileDecryptedPath, FileMode.Open, FileAccess.Read);
var sha256Bytes1 = Encoding.UTF8.GetString(await SHA256.HashDataAsync(stream1));
var sha256Bytes2 = Encoding.UTF8.GetString(await SHA256.HashDataAsync(stream2));
sha256Bytes1.Should().Be(sha256Bytes2);
}
private async Task<Stream> CreateLargeFile(string largeTxtPath)
{
var max = 4000000;
File.Delete(largeTxtPath);
var stream = new FileStream(largeTxtPath, FileMode.OpenOrCreate, FileAccess.ReadWrite);
var numbersList = Enumerable.Range(1, max).Chunk(100000);
foreach (var numbers in numbersList)
{
var dict = numbers.ToDictionary(x => x, _ => DateTime.UtcNow);
var bytes = Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(dict, Formatting.Indented));
await stream.WriteAsync(bytes);
Console.WriteLine($"Writing numbers from {(numbers.FirstOrDefault()*100 / (double)max):F1} %");
}
await stream.FlushAsync();
return stream;
}
private static Stream StringToStream(string src)
{
var byteArray = Encoding.UTF8.GetBytes(src);
return new MemoryStream(byteArray);
}
}
Reference in New Issue View Git Blame Copy Permalink