dcovington
/
Campaign_Tracker
1
0
Fork 0
Code Issues 4 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
20 Commits
2 Branches
17MB
Tree: 6ec1b34821
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6ec1b34821'
${ noResults }
Campaign_Tracker/Campaign_Tracker.Server.Tests/AuthEndpointTests.cs

108 lines
4.3KB
Raw Blame History 

  1. using System.IdentityModel.Tokens.Jwt;

  2. using System.Net;

  3. using System.Net.Http.Json;

  4. using System.Net.Http.Headers;

  5. using System.Security.Claims;

  6. using System.Text;

  7. using Campaign_Tracker.Server.Authentication;

  8. using Microsoft.AspNetCore.Mvc.Testing;

  9. using Microsoft.Extensions.DependencyInjection;

  10. using Microsoft.IdentityModel.Tokens;

  11. 

  12. namespace Campaign_Tracker.Server.Tests;

  13. 

  14. public class AuthEndpointTests : IClassFixture<WebApplicationFactory<Program>>

  15. {

  16.     private const string Issuer = "http://kci-app01.ntp.kentcommunications.com:8180/realms/KCI";

  17.     private const string ClientId = "canopy-web";

  18.     private const string SigningKey = "test-signing-key-with-at-least-32-characters";

  19. 

  20.     private readonly WebApplicationFactory<Program> _factory;

  21. 

  22.     public AuthEndpointTests(WebApplicationFactory<Program> factory)

  23.     {

  24.         Environment.SetEnvironmentVariable("Keycloak__Authority", Issuer);

  25.         Environment.SetEnvironmentVariable("Keycloak__ValidIssuer", Issuer);

  26.         Environment.SetEnvironmentVariable("Keycloak__PublicAuthority", Issuer);

  27.         Environment.SetEnvironmentVariable("Keycloak__ClientId", ClientId);

  28.         Environment.SetEnvironmentVariable("Keycloak__DisableHttpsMetadata", "true");

  29.         Environment.SetEnvironmentVariable("Keycloak__TestSigningKey", SigningKey);

  30. 

  31.         _factory = factory;

  32.     }

  33. 

  34.     [Fact]

  35.     public async Task SessionEndpoint_WithoutToken_ReturnsUnauthorized()

  36.     {

  37.         using var client = _factory.CreateClient();

  38. 

  39.         var response = await client.GetAsync("/api/auth/session");

  40. 

  41.         Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);

  42.     }

  43. 

  44.     [Fact]

  45.     public async Task SessionEndpoint_WithValidToken_ReturnsRoleWorkspaceAndAuditsSuccess()

  46.     {

  47.         using var client = _factory.CreateClient();

  48.         client.DefaultRequestHeaders.Authorization =

  49.             new AuthenticationHeaderValue("Bearer", CreateToken("daniel@example.test", "client-services"));

  50. 

  51.         var httpResponse = await client.GetAsync("/api/auth/session");

  52.         var auditStore = _factory.Services.GetRequiredService<IAuthenticationAuditStore>();

  53.         Assert.True(httpResponse.IsSuccessStatusCode, string.Join("; ", auditStore.Events.Select(audit => audit.Reason)));

  54. 

  55.         var response = await httpResponse.Content.ReadFromJsonAsync<AuthSessionResponse>();

  56. 

  57.         Assert.NotNull(response);

  58.         Assert.Equal("daniel@example.test", response.UserName);

  59.         Assert.Contains("client-services", response.Roles);

  60.         Assert.Equal("/workspace/client-services", response.WorkspacePath);

  61.         Assert.Contains(auditStore.Events, audit =>

  62.             audit.EventType == AuthenticationAuditEventType.Success &&

  63.             audit.Subject == "daniel@example.test");

  64.     }

  65. 

  66.     [Fact]

  67.     public async Task SessionEndpoint_WithInvalidToken_ReturnsUnauthorizedAndAuditsFailure()

  68.     {

  69.         using var client = _factory.CreateClient();

  70.         client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", "invalid.jwt.value");

  71. 

  72.         var response = await client.GetAsync("/api/auth/session");

  73.         var auditStore = _factory.Services.GetRequiredService<IAuthenticationAuditStore>();

  74. 

  75.         Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);

  76.         Assert.Contains(auditStore.Events, audit =>

  77.             audit.EventType == AuthenticationAuditEventType.Failure &&

  78.             audit.Reason.Contains("invalid", StringComparison.OrdinalIgnoreCase));

  79.     }

  80. 

  81.     private static string CreateToken(string subject, string role)

  82.     {

  83.         var credentials = new SigningCredentials(

  84.             new SymmetricSecurityKey(Encoding.UTF8.GetBytes(SigningKey)),

  85.             SecurityAlgorithms.HmacSha256);

  86.         var token = new JwtSecurityToken(

  87.             issuer: Issuer,

  88.             audience: ClientId,

  89.             claims:

  90.             [

  91.                 new Claim(JwtRegisteredClaimNames.Sub, subject),

  92.                 new Claim(ClaimTypes.Name, subject),

  93.                 new Claim(ClaimTypes.Role, role),

  94.             ],

  95.             expires: DateTime.UtcNow.AddMinutes(10),

  96.             signingCredentials: credentials);

  97. 

  98.         return new JwtSecurityTokenHandler().WriteToken(token);

  99.     }

  100. 

  101.     private sealed class AuthSessionResponse

  102.     {

  103.         public string UserName { get; init; } = string.Empty;

  104.         public string[] Roles { get; init; } = [];

  105.         public string WorkspacePath { get; init; } = string.Empty;

  106.     }

  107. }

Powered by TurnKey Linux.