satellite-provider/SatelliteProvider.Tests/CorsConfigurationValidatorTests.cs

using FluentAssertions;
using SatelliteProvider.Api;

namespace SatelliteProvider.Tests;

public class CorsConfigurationValidatorTests
{
    [Fact]
    public void EnsureSafeForEnvironment_ProductionWithEmptyOriginsAndNoOptIn_Throws_AC1()
    {
        // Arrange
        var allowedOrigins = Array.Empty<string>();

        // Act
        Action act = () => CorsConfigurationValidator.EnsureSafeForEnvironment(
            allowedOrigins, allowAnyOrigin: false, environmentName: "Production");

        // Assert
        act.Should().Throw<InvalidOperationException>()
            .WithMessage("*CorsConfig:AllowedOrigins*")
            .WithMessage("*CorsConfig:AllowAnyOrigin*");
    }

    [Theory]
    [InlineData("Development")]
    [InlineData("Staging")]
    [InlineData("Local")]
    public void EnsureSafeForEnvironment_NonProductionWithEmptyOrigins_DoesNotThrow_AC2(string environmentName)
    {
        // Arrange
        var allowedOrigins = Array.Empty<string>();

        // Act
        Action act = () => CorsConfigurationValidator.EnsureSafeForEnvironment(
            allowedOrigins, allowAnyOrigin: false, environmentName);

        // Assert
        act.Should().NotThrow();
    }

    [Fact]
    public void EnsureSafeForEnvironment_ProductionWithExplicitAllowAnyOrigin_DoesNotThrow_AC3()
    {
        // Arrange
        var allowedOrigins = Array.Empty<string>();

        // Act
        Action act = () => CorsConfigurationValidator.EnsureSafeForEnvironment(
            allowedOrigins, allowAnyOrigin: true, environmentName: "Production");

        // Assert
        act.Should().NotThrow();
    }

    [Fact]
    public void EnsureSafeForEnvironment_ProductionWithNonEmptyOrigins_DoesNotThrow()
    {
        // Arrange
        var allowedOrigins = new[] { "https://example.com" };

        // Act
        Action act = () => CorsConfigurationValidator.EnsureSafeForEnvironment(
            allowedOrigins, allowAnyOrigin: false, environmentName: "Production");

        // Assert
        act.Should().NotThrow();
    }

    [Fact]
    public void ShouldUsePermissivePolicy_NonEmptyOriginsAndNoOptIn_ReturnsFalse()
    {
        // Assert
        CorsConfigurationValidator.ShouldUsePermissivePolicy(
            new[] { "https://example.com" }, allowAnyOrigin: false).Should().BeFalse();
    }

    [Fact]
    public void ShouldUsePermissivePolicy_EmptyOriginsAndNoOptIn_ReturnsTrue()
    {
        // Assert
        CorsConfigurationValidator.ShouldUsePermissivePolicy(
            Array.Empty<string>(), allowAnyOrigin: false).Should().BeTrue();
    }

    [Fact]
    public void ShouldUsePermissivePolicy_ExplicitOptIn_ReturnsTrueRegardlessOfOrigins()
    {
        // Assert
        CorsConfigurationValidator.ShouldUsePermissivePolicy(
            new[] { "https://example.com" }, allowAnyOrigin: true).Should().BeTrue();
    }

    [Fact]
    public void ShouldWarnAboutPermissiveDefault_EmptyOriginsAndNoOptIn_ReturnsTrue()
    {
        // Assert
        CorsConfigurationValidator.ShouldWarnAboutPermissiveDefault(
            Array.Empty<string>(), allowAnyOrigin: false).Should().BeTrue();
    }

    [Fact]
    public void ShouldWarnAboutPermissiveDefault_ExplicitOptIn_ReturnsFalse()
    {
        // Assert
        CorsConfigurationValidator.ShouldWarnAboutPermissiveDefault(
            Array.Empty<string>(), allowAnyOrigin: true).Should().BeFalse();
    }
}