mirror of
https://github.com/azaion/satellite-provider.git
synced 2026-06-22 14:51:14 +00:00
[AZ-491] Cycle 3 batch 2: consolidate JWT test-mint helpers into TestSupport
AZ-491 (3 SP): eliminate the cycle-2 duplicate of JWT-minting logic that existed in both SatelliteProvider.Tests/TestUtilities/ JwtTokenFactory.cs (unit-side) and SatelliteProvider.IntegrationTests/ JwtTestHelpers.cs (integration-side), where the same Expires < NotBefore bug needed parallel fixes in commitsf64d0d7+11b7074. Option A chosen: new SatelliteProvider.TestSupport class library (no test framework) holds the canonical JwtTokenFactory.Create / CreateExpired / TamperSignature. Both Tests and IntegrationTests consume it via ProjectReference; production projects (Api, Common, DataAccess, Services.*) cannot depend on it. The notBefore-shift workaround is preserved with an inline regression-prevention comment back-referencing the cycle-2 fix commits. SatelliteProvider.IntegrationTests/JwtTestHelpers.cs is stripped to runner-only concerns: ResolveSecretOrThrow, AttachDefaultAuthorization, and the DefaultSubject = "integration-tests" constant. Call sites in Program.cs, JwtIntegrationTests.cs, and UavUploadTests.cs (10 sites) switched to JwtTokenFactory.* with JwtTestHelpers.DefaultSubject explicitly passed for the runner subject - behavior parity preserved. Dockerfile for IntegrationTests gets the new TestSupport csproj in its pre-restore COPY layer. Api Dockerfile unchanged (TestSupport is NOT a production dependency). A new code-review SKILL.md Phase 6 checklist row flags near-identical helper logic across test projects as a Medium / Maintainability finding with explicit cycle-2 retro back-reference, so this whole pattern stops at one occurrence. module-layout.md adds a TestSupport Shared/Cross-Cutting entry documenting the production-isolation invariant. tests_unit.md + tests_integration.md updated to describe the consolidated layout. sln updated. Test-suite gate (AC-2 + AC-3) deferred to Step 16 Final Test Run per implement-skill convention. Per-batch review verdict: PASS_WITH_WARNINGS with 1 Low (pre-existing 7.0.3 version pin preserved verbatim from cycle-2 IntegrationTests csproj for parity; not blocking; deferred bump). Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Oleksandr Bezdieniezhnykh
@@ -1,6 +1,7 @@
|
||||
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
|
||||
WORKDIR /src
|
||||
COPY ["SatelliteProvider.IntegrationTests/SatelliteProvider.IntegrationTests.csproj", "SatelliteProvider.IntegrationTests/"]
|
||||
COPY ["SatelliteProvider.TestSupport/SatelliteProvider.TestSupport.csproj", "SatelliteProvider.TestSupport/"]
|
||||
RUN dotnet restore "SatelliteProvider.IntegrationTests/SatelliteProvider.IntegrationTests.csproj"
|
||||
COPY . .
|
||||
WORKDIR "/src/SatelliteProvider.IntegrationTests"
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
using System.Net;
|
||||
using System.Net.Http.Headers;
|
||||
using SatelliteProvider.TestSupport;
|
||||
|
||||
namespace SatelliteProvider.IntegrationTests;
|
||||
|
||||
@@ -44,7 +45,7 @@ public static class JwtIntegrationTests
|
||||
Console.WriteLine("AZ-487 AC-2: Expired token returns 401");
|
||||
|
||||
using var client = new HttpClient { BaseAddress = new Uri(apiUrl), Timeout = TimeSpan.FromMinutes(1) };
|
||||
var expired = JwtTestHelpers.MintExpiredToken(secret);
|
||||
var expired = JwtTokenFactory.CreateExpired(secret, JwtTestHelpers.DefaultSubject);
|
||||
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", expired);
|
||||
|
||||
var response = await client.GetAsync(ProtectedTilesPath);
|
||||
@@ -64,8 +65,8 @@ public static class JwtIntegrationTests
|
||||
Console.WriteLine("AZ-487 AC-3: Tampered signature returns 401");
|
||||
|
||||
using var client = new HttpClient { BaseAddress = new Uri(apiUrl), Timeout = TimeSpan.FromMinutes(1) };
|
||||
var valid = JwtTestHelpers.MintValidToken(secret);
|
||||
var tampered = JwtTestHelpers.TamperSignature(valid);
|
||||
var valid = JwtTokenFactory.Create(secret, JwtTestHelpers.DefaultSubject);
|
||||
var tampered = JwtTokenFactory.TamperSignature(valid);
|
||||
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tampered);
|
||||
|
||||
var response = await client.GetAsync(ProtectedRegionPath);
|
||||
@@ -85,7 +86,7 @@ public static class JwtIntegrationTests
|
||||
Console.WriteLine("AZ-487 AC-4: Valid token reaches handler unchanged");
|
||||
|
||||
using var client = new HttpClient { BaseAddress = new Uri(apiUrl), Timeout = TimeSpan.FromMinutes(2) };
|
||||
var valid = JwtTestHelpers.MintValidToken(secret);
|
||||
var valid = JwtTokenFactory.Create(secret, JwtTestHelpers.DefaultSubject);
|
||||
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", valid);
|
||||
|
||||
var response = await client.GetAsync(ProtectedTilesPath);
|
||||
|
||||
@@ -1,8 +1,5 @@
|
||||
using System.IdentityModel.Tokens.Jwt;
|
||||
using System.Net.Http.Headers;
|
||||
using System.Security.Claims;
|
||||
using System.Text;
|
||||
using Microsoft.IdentityModel.Tokens;
|
||||
|
||||
namespace SatelliteProvider.IntegrationTests;
|
||||
|
||||
@@ -31,58 +28,6 @@ public static class JwtTestHelpers
|
||||
return secret;
|
||||
}
|
||||
|
||||
public static string MintValidToken(string secret, string subject = DefaultSubject, TimeSpan? lifetime = null, IEnumerable<Claim>? extraClaims = null)
|
||||
{
|
||||
ArgumentNullException.ThrowIfNull(secret);
|
||||
|
||||
var signingKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secret));
|
||||
var credentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256);
|
||||
|
||||
var now = DateTime.UtcNow;
|
||||
var expires = now.Add(lifetime ?? TimeSpan.FromHours(1));
|
||||
// JwtSecurityToken rejects Expires <= NotBefore. Shift NotBefore
|
||||
// behind Expires for the expired-token test fixture.
|
||||
var notBefore = expires <= now ? expires.AddMinutes(-5) : now;
|
||||
var claims = new List<Claim>
|
||||
{
|
||||
new(JwtRegisteredClaimNames.Sub, subject),
|
||||
new(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString("N"))
|
||||
};
|
||||
if (extraClaims is not null)
|
||||
{
|
||||
claims.AddRange(extraClaims);
|
||||
}
|
||||
|
||||
var token = new JwtSecurityToken(
|
||||
issuer: null,
|
||||
audience: null,
|
||||
claims: claims,
|
||||
notBefore: notBefore,
|
||||
expires: expires,
|
||||
signingCredentials: credentials);
|
||||
|
||||
return new JwtSecurityTokenHandler().WriteToken(token);
|
||||
}
|
||||
|
||||
public static string MintExpiredToken(string secret, string subject = DefaultSubject)
|
||||
{
|
||||
return MintValidToken(secret, subject, lifetime: TimeSpan.FromMinutes(-10));
|
||||
}
|
||||
|
||||
public static string TamperSignature(string token)
|
||||
{
|
||||
var parts = token.Split('.');
|
||||
if (parts.Length != 3)
|
||||
{
|
||||
throw new ArgumentException("JWT must have three dot-separated segments.", nameof(token));
|
||||
}
|
||||
|
||||
var signature = parts[2];
|
||||
var firstChar = signature[0];
|
||||
parts[2] = (firstChar == 'A' ? 'B' : 'A') + signature[1..];
|
||||
return string.Join('.', parts);
|
||||
}
|
||||
|
||||
public static void AttachDefaultAuthorization(HttpClient httpClient, string token)
|
||||
{
|
||||
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
|
||||
|
||||
@@ -1,3 +1,5 @@
|
||||
using SatelliteProvider.TestSupport;
|
||||
|
||||
namespace SatelliteProvider.IntegrationTests;
|
||||
|
||||
class Program
|
||||
@@ -42,7 +44,7 @@ class Program
|
||||
Timeout = TimeSpan.FromMinutes(15)
|
||||
};
|
||||
|
||||
var defaultToken = JwtTestHelpers.MintValidToken(jwtSecret);
|
||||
var defaultToken = JwtTokenFactory.Create(jwtSecret, JwtTestHelpers.DefaultSubject);
|
||||
JwtTestHelpers.AttachDefaultAuthorization(httpClient, defaultToken);
|
||||
|
||||
try
|
||||
|
||||
@@ -10,7 +10,10 @@
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Npgsql" Version="9.0.2" />
|
||||
<PackageReference Include="SixLabors.ImageSharp" Version="3.1.11" />
|
||||
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="7.0.3" />
|
||||
</ItemGroup>
|
||||
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="..\SatelliteProvider.TestSupport\SatelliteProvider.TestSupport.csproj" />
|
||||
</ItemGroup>
|
||||
|
||||
</Project>
|
||||
|
||||
@@ -4,6 +4,7 @@ using System.Net.Http.Json;
|
||||
using System.Security.Claims;
|
||||
using System.Text.Json;
|
||||
using Npgsql;
|
||||
using SatelliteProvider.TestSupport;
|
||||
using SixLabors.ImageSharp;
|
||||
using SixLabors.ImageSharp.Formats.Jpeg;
|
||||
using SixLabors.ImageSharp.PixelFormats;
|
||||
@@ -49,7 +50,7 @@ public static class UavUploadTests
|
||||
}
|
||||
};
|
||||
using var client = CreateClient(apiUrl);
|
||||
AttachToken(client, JwtTestHelpers.MintValidToken(secret, extraClaims: GpsClaim()));
|
||||
AttachToken(client, JwtTokenFactory.Create(secret, JwtTestHelpers.DefaultSubject, extraClaims: GpsClaim()));
|
||||
|
||||
// Act
|
||||
var response = await PostBatch(client, metadata, new[] { CreateValidJpeg() });
|
||||
@@ -83,7 +84,7 @@ public static class UavUploadTests
|
||||
items = coords.Select(c => new { latitude = c.Latitude, longitude = c.Longitude, tileZoom = 18, tileSizeMeters = 200.0, capturedAt = DateTime.UtcNow.ToString("o") }).ToArray()
|
||||
};
|
||||
using var client = CreateClient(apiUrl);
|
||||
AttachToken(client, JwtTestHelpers.MintValidToken(secret, extraClaims: GpsClaim()));
|
||||
AttachToken(client, JwtTokenFactory.Create(secret, JwtTestHelpers.DefaultSubject, extraClaims: GpsClaim()));
|
||||
|
||||
var good = CreateValidJpeg();
|
||||
var wrongDimensions = CreateValidJpeg(width: 512, height: 512);
|
||||
@@ -149,7 +150,7 @@ public static class UavUploadTests
|
||||
}
|
||||
};
|
||||
using var client = CreateClient(apiUrl);
|
||||
AttachToken(client, JwtTestHelpers.MintValidToken(secret, extraClaims: GpsClaim()));
|
||||
AttachToken(client, JwtTokenFactory.Create(secret, JwtTestHelpers.DefaultSubject, extraClaims: GpsClaim()));
|
||||
|
||||
// Act
|
||||
var response = await PostBatch(client, metadata, new[] { CreateValidJpeg() });
|
||||
@@ -173,7 +174,7 @@ public static class UavUploadTests
|
||||
// Arrange
|
||||
var coord = NextTestCoordinate();
|
||||
using var client = CreateClient(apiUrl);
|
||||
AttachToken(client, JwtTestHelpers.MintValidToken(secret, extraClaims: GpsClaim()));
|
||||
AttachToken(client, JwtTokenFactory.Create(secret, JwtTestHelpers.DefaultSubject, extraClaims: GpsClaim()));
|
||||
|
||||
var firstMetadata = new
|
||||
{
|
||||
@@ -241,7 +242,7 @@ public static class UavUploadTests
|
||||
|
||||
// Arrange
|
||||
using var client = CreateClient(apiUrl);
|
||||
AttachToken(client, JwtTestHelpers.MintValidToken(secret, extraClaims: new[] { new Claim(PermissionsClaimType, "FL") }));
|
||||
AttachToken(client, JwtTokenFactory.Create(secret, JwtTestHelpers.DefaultSubject, extraClaims: new[] { new Claim(PermissionsClaimType, "FL") }));
|
||||
var coord = NextTestCoordinate();
|
||||
var metadata = new
|
||||
{
|
||||
@@ -283,7 +284,7 @@ public static class UavUploadTests
|
||||
var placeholder = new byte[] { 0xFF, 0xD8, 0xFF, 0xD9 };
|
||||
var files = Enumerable.Range(0, oversize).Select(_ => placeholder).ToArray();
|
||||
using var client = CreateClient(apiUrl);
|
||||
AttachToken(client, JwtTestHelpers.MintValidToken(secret, extraClaims: GpsClaim()));
|
||||
AttachToken(client, JwtTokenFactory.Create(secret, JwtTestHelpers.DefaultSubject, extraClaims: GpsClaim()));
|
||||
|
||||
// Act
|
||||
var response = await PostBatch(client, metadata, files);
|
||||
|
||||
Reference in New Issue
Block a user