mirror of
https://github.com/azaion/satellite-provider.git
synced 2026-06-21 13:51:14 +00:00
Oleksandr Bezdieniezhnykh
96cd3c4495
Adds Microsoft.AspNetCore.Authentication.JwtBearer 8.0.21 and the SatelliteProvider.Api.Authentication.AddSatelliteJwt extension that validates HS256 tokens against a shared JWT_SECRET (>=32 bytes, fail fast at startup). Every minimal-API endpoint now carries .RequireAuthorization(); the middleware chain is UseExceptionHandler -> UseHttpsRedirection -> UseCors -> UseAuthentication -> UseAuthorization -> endpoints. Swagger UI gets a Bearer security definition so the Authorize button works. Test infrastructure: JwtTokenFactory (unit) and JwtTestHelpers (integration) mint deterministic tokens against the same secret; the integration test runner attaches a default Bearer token to its shared HttpClient so existing tests continue to exercise protected endpoints. JwtIntegrationTests adds AC-1..AC-4 and AC-7 (Swagger advertises Bearer) end-to-end; AuthenticationServiceCollectionExtensionsTests covers AC-5 (missing/empty/short secret fail-fast) plus env-var precedence; JwtTokenFactoryTests covers AC-6 (claims pass through the JwtSecurityTokenHandler.ValidateToken path JwtBearer uses). docker-compose and scripts/run-tests.sh now propagate JWT_SECRET to the api and integration-tests containers, with a >=32-byte guard. .env.example documents the required keys; .env stays gitignored. Code review verdict: PASS_WITH_WARNINGS (2 Low findings surfaced in _docs/03_implementation/reviews/batch_01_cycle2_review.md). Cross-component coordination: gps-denied-onboard and the mission planner UI must attach Bearer tokens before this lands in dev. Co-authored-by: Cursor <cursoragent@cursor.com>
147 lines
6.5 KiB
C#
147 lines
6.5 KiB
C#
using System.Net;
|
|
using System.Net.Http.Headers;
|
|
|
|
namespace SatelliteProvider.IntegrationTests;
|
|
|
|
public static class JwtIntegrationTests
|
|
{
|
|
private const string ProtectedTilesPath = "/api/satellite/tiles/latlon?Latitude=47.461747&Longitude=37.647063&ZoomLevel=18";
|
|
private const string ProtectedRegionPath = "/api/satellite/region/00000000-0000-0000-0000-000000000000";
|
|
|
|
public static async Task RunAll(string apiUrl, string secret)
|
|
{
|
|
RouteTestHelpers.PrintTestHeader("Test: JWT auth baseline (AZ-487)");
|
|
|
|
await AnonymousRequest_To_AnyEndpoint_Returns401(apiUrl);
|
|
await ExpiredToken_Returns401(apiUrl, secret);
|
|
await InvalidSignature_Returns401(apiUrl, secret);
|
|
await ValidToken_Returns200_OnHealthyEndpoint(apiUrl, secret);
|
|
await SwaggerDocument_AdvertisesBearerSecurityScheme(apiUrl);
|
|
|
|
Console.WriteLine("✓ JWT integration tests: PASSED");
|
|
}
|
|
|
|
private static async Task AnonymousRequest_To_AnyEndpoint_Returns401(string apiUrl)
|
|
{
|
|
Console.WriteLine();
|
|
Console.WriteLine("AZ-487 AC-1: Anonymous request to a protected endpoint returns 401");
|
|
|
|
using var anon = new HttpClient { BaseAddress = new Uri(apiUrl), Timeout = TimeSpan.FromMinutes(1) };
|
|
var response = await anon.GetAsync(ProtectedTilesPath);
|
|
var status = (int)response.StatusCode;
|
|
|
|
if (status != 401)
|
|
{
|
|
throw new Exception($"Expected 401 for anonymous request, got {status}");
|
|
}
|
|
|
|
Console.WriteLine($" ✓ Anonymous request rejected with HTTP {status}");
|
|
}
|
|
|
|
private static async Task ExpiredToken_Returns401(string apiUrl, string secret)
|
|
{
|
|
Console.WriteLine();
|
|
Console.WriteLine("AZ-487 AC-2: Expired token returns 401");
|
|
|
|
using var client = new HttpClient { BaseAddress = new Uri(apiUrl), Timeout = TimeSpan.FromMinutes(1) };
|
|
var expired = JwtTestHelpers.MintExpiredToken(secret);
|
|
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", expired);
|
|
|
|
var response = await client.GetAsync(ProtectedTilesPath);
|
|
var status = (int)response.StatusCode;
|
|
|
|
if (status != 401)
|
|
{
|
|
throw new Exception($"Expected 401 for expired token, got {status}");
|
|
}
|
|
|
|
Console.WriteLine($" ✓ Expired token rejected with HTTP {status}");
|
|
}
|
|
|
|
private static async Task InvalidSignature_Returns401(string apiUrl, string secret)
|
|
{
|
|
Console.WriteLine();
|
|
Console.WriteLine("AZ-487 AC-3: Tampered signature returns 401");
|
|
|
|
using var client = new HttpClient { BaseAddress = new Uri(apiUrl), Timeout = TimeSpan.FromMinutes(1) };
|
|
var valid = JwtTestHelpers.MintValidToken(secret);
|
|
var tampered = JwtTestHelpers.TamperSignature(valid);
|
|
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tampered);
|
|
|
|
var response = await client.GetAsync(ProtectedRegionPath);
|
|
var status = (int)response.StatusCode;
|
|
|
|
if (status != 401)
|
|
{
|
|
throw new Exception($"Expected 401 for tampered signature, got {status}");
|
|
}
|
|
|
|
Console.WriteLine($" ✓ Tampered signature rejected with HTTP {status}");
|
|
}
|
|
|
|
private static async Task ValidToken_Returns200_OnHealthyEndpoint(string apiUrl, string secret)
|
|
{
|
|
Console.WriteLine();
|
|
Console.WriteLine("AZ-487 AC-4: Valid token reaches handler unchanged");
|
|
|
|
using var client = new HttpClient { BaseAddress = new Uri(apiUrl), Timeout = TimeSpan.FromMinutes(2) };
|
|
var valid = JwtTestHelpers.MintValidToken(secret);
|
|
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", valid);
|
|
|
|
var response = await client.GetAsync(ProtectedTilesPath);
|
|
var status = (int)response.StatusCode;
|
|
|
|
// The endpoint may legitimately return 200 (tile available) or a tile-download-related
|
|
// error; what we care about for AZ-487 is that the request reached the handler at all
|
|
// (i.e. NOT 401 / 403). Treat 200 as confirmation; treat anything other than 401/403 as
|
|
// "passed auth" — the handler decided the outcome.
|
|
if (status == 401 || status == 403)
|
|
{
|
|
var body = await response.Content.ReadAsStringAsync();
|
|
throw new Exception($"Expected valid-token request to bypass auth, got {status}. Body: {body}");
|
|
}
|
|
|
|
Console.WriteLine($" ✓ Valid-token request reached handler (HTTP {status})");
|
|
}
|
|
|
|
private static async Task SwaggerDocument_AdvertisesBearerSecurityScheme(string apiUrl)
|
|
{
|
|
// AC-7: Swagger UI accepts a Bearer token via the "Authorize" button. The button is
|
|
// rendered only when the OpenAPI document declares a `Bearer` security scheme — so the
|
|
// existence of that scheme in the document is the automatable signal for AC-7.
|
|
Console.WriteLine();
|
|
Console.WriteLine("AZ-487 AC-7: Swagger document advertises Bearer security scheme");
|
|
|
|
using var anon = new HttpClient { BaseAddress = new Uri(apiUrl), Timeout = TimeSpan.FromMinutes(1) };
|
|
var response = await anon.GetAsync("/swagger/v1/swagger.json");
|
|
if (!response.IsSuccessStatusCode)
|
|
{
|
|
throw new Exception($"Expected Swagger document to be reachable, got HTTP {(int)response.StatusCode}");
|
|
}
|
|
|
|
var body = await response.Content.ReadAsStringAsync();
|
|
using var doc = System.Text.Json.JsonDocument.Parse(body);
|
|
var root = doc.RootElement;
|
|
|
|
if (!root.TryGetProperty("components", out var components) ||
|
|
!components.TryGetProperty("securitySchemes", out var schemes) ||
|
|
!schemes.TryGetProperty("Bearer", out var bearer))
|
|
{
|
|
throw new Exception("Swagger document is missing `components.securitySchemes.Bearer`.");
|
|
}
|
|
|
|
var type = bearer.GetProperty("type").GetString();
|
|
var scheme = bearer.GetProperty("scheme").GetString();
|
|
var format = bearer.TryGetProperty("bearerFormat", out var bf) ? bf.GetString() : null;
|
|
|
|
if (!string.Equals(type, "http", StringComparison.OrdinalIgnoreCase) ||
|
|
!string.Equals(scheme, "bearer", StringComparison.OrdinalIgnoreCase) ||
|
|
!string.Equals(format, "JWT", StringComparison.OrdinalIgnoreCase))
|
|
{
|
|
throw new Exception($"Bearer scheme has wrong shape: type={type}, scheme={scheme}, bearerFormat={format}");
|
|
}
|
|
|
|
Console.WriteLine($" ✓ Swagger document declares Bearer (http, bearer, JWT)");
|
|
}
|
|
}
|