mirror of
https://github.com/azaion/missions.git
synced 2026-06-21 09:51:07 +00:00
Oleksandr Bezdieniezhnykh
3398ec49a0
ci/woodpecker/push/build-arm Pipeline was successful
- Updated Azaion.Missions.csproj to exclude test sources from service compilation, preventing build failures due to test project dependencies. - Modified docker-compose.test.yml to preload the pg_stat_statements extension for testing and adjusted JWT refresh intervals for better test execution timing. - Enhanced Dockerfile to install wget for health checks and ensure proper initialization of the container. - Introduced a test-only endpoint for JWKS refresh to facilitate end-to-end testing without relying on the default refresh intervals. - Updated DTOs in ApiDtos.cs to reflect camelCase naming conventions for consistency with service responses. - Improved test cases to handle JWKS rotation and refresh scenarios effectively, ensuring robust validation of JWT handling. This commit lays the groundwork for more reliable and efficient testing of the Azaion.Missions project.
39 lines
1.7 KiB
C#
39 lines
1.7 KiB
C#
using System.Net.Http.Json;
|
|
using System.Text.Json;
|
|
|
|
namespace Azaion.Missions.E2E.Helpers;
|
|
|
|
/// <summary>
|
|
/// Invokes the missions service's test-only <c>POST /test/refresh-jwks</c>
|
|
/// endpoint, which forces the JWKS <see cref="Microsoft.IdentityModel.Protocols.ConfigurationManager{T}"/>
|
|
/// to re-fetch immediately. The endpoint is mapped only when
|
|
/// <c>ASPNETCORE_ENVIRONMENT=Test</c>; production deployments never expose it.
|
|
/// </summary>
|
|
/// <remarks>
|
|
/// Why this exists: Microsoft.IdentityModel.Tokens hard-pins the
|
|
/// <c>MinimumAutomaticRefreshInterval</c> floor to 5 minutes via a static
|
|
/// field. JWKS-rotation e2e scenarios (NFT-SEC-11, NFT-RES-07) cannot rely on
|
|
/// the proactive refresh path inside the 15-minute CI window. The signature-
|
|
/// failure refresh path the JwtBearer middleware exposes
|
|
/// (<c>RefreshOnIssuerKeyNotFound</c>) is bypassed because the service uses a
|
|
/// custom <c>IssuerSigningKeyResolver</c>. Hence: explicit refresh via this
|
|
/// hook, no test poisons later tests.
|
|
/// </remarks>
|
|
public static class JwksRefreshHelper
|
|
{
|
|
public static async Task<string[]> ForceRefreshAsync(HttpClient missions, CancellationToken cancel = default)
|
|
{
|
|
ArgumentNullException.ThrowIfNull(missions);
|
|
|
|
using var resp = await missions.PostAsync("/test/refresh-jwks", content: null, cancel)
|
|
.ConfigureAwait(false);
|
|
resp.EnsureSuccessStatusCode();
|
|
var body = await resp.Content.ReadFromJsonAsync<JsonElement>(cancel).ConfigureAwait(false);
|
|
var kids = body.GetProperty("kids");
|
|
var result = new string[kids.GetArrayLength()];
|
|
for (var i = 0; i < result.Length; i++)
|
|
result[i] = kids[i].GetString() ?? "";
|
|
return result;
|
|
}
|
|
}
|