UDT-002: Logout + Refresh Token con rotación y chain revocation #3
@@ -1,5 +1,6 @@
|
|||||||
using Dapper;
|
using Dapper;
|
||||||
using Microsoft.Data.SqlClient;
|
using Microsoft.Data.SqlClient;
|
||||||
|
using Respawn;
|
||||||
using SIGCM2.Domain.Entities;
|
using SIGCM2.Domain.Entities;
|
||||||
using SIGCM2.Infrastructure.Persistence;
|
using SIGCM2.Infrastructure.Persistence;
|
||||||
|
|
||||||
@@ -7,30 +8,35 @@ namespace SIGCM2.Application.Tests.Infrastructure;
|
|||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Integration tests for RefreshTokenRepository against SIGCM2_Test.
|
/// Integration tests for RefreshTokenRepository against SIGCM2_Test.
|
||||||
/// Each test resets to a clean state using a transaction rollback pattern.
|
/// Uses Respawn to reset the DB between test classes; the repository opens its own
|
||||||
|
/// connections so transaction-scoped isolation would block on FK locks.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
[Collection("SqlIntegration")]
|
[Collection("Database")]
|
||||||
public class RefreshTokenRepositoryTests : IAsyncLifetime
|
public class RefreshTokenRepositoryTests : IAsyncLifetime
|
||||||
{
|
{
|
||||||
private const string ConnectionString =
|
private const string ConnectionString =
|
||||||
"Server=TECNICA3;Database=SIGCM2_Test;User Id=desarrollo;Password=desarrollo2026;TrustServerCertificate=True;";
|
"Server=TECNICA3;Database=SIGCM2_Test;User Id=desarrollo;Password=desarrollo2026;TrustServerCertificate=True;";
|
||||||
|
|
||||||
private SqlConnection _connection = null!;
|
private SqlConnection _connection = null!;
|
||||||
private SqlTransaction _transaction = null!;
|
private Respawner _respawner = null!;
|
||||||
private RefreshTokenRepository _repository = null!;
|
private RefreshTokenRepository _repository = null!;
|
||||||
|
private int _testUserId;
|
||||||
|
|
||||||
public async Task InitializeAsync()
|
public async Task InitializeAsync()
|
||||||
{
|
{
|
||||||
_connection = new SqlConnection(ConnectionString);
|
_connection = new SqlConnection(ConnectionString);
|
||||||
await _connection.OpenAsync();
|
await _connection.OpenAsync();
|
||||||
_transaction = (SqlTransaction)await _connection.BeginTransactionAsync();
|
|
||||||
|
|
||||||
// Seed a test user for FK requirements
|
_respawner = await Respawner.CreateAsync(_connection, new RespawnerOptions
|
||||||
await _connection.ExecuteAsync("""
|
{
|
||||||
IF NOT EXISTS (SELECT 1 FROM dbo.Usuario WHERE Username = 'test_rt_user')
|
DbAdapter = DbAdapter.SqlServer
|
||||||
INSERT INTO dbo.Usuario (Username, PasswordHash, Nombre, Apellido, Rol, PermisosJson, Activo)
|
});
|
||||||
VALUES ('test_rt_user', '$2a$12$testhash', 'Test', 'User', 'admin', '["*"]', 1);
|
|
||||||
""", transaction: _transaction);
|
await _respawner.ResetAsync(_connection);
|
||||||
|
await SeedTestUserAsync();
|
||||||
|
|
||||||
|
_testUserId = await _connection.QuerySingleAsync<int>(
|
||||||
|
"SELECT Id FROM dbo.Usuario WHERE Username = 'test_rt_user'");
|
||||||
|
|
||||||
var factory = new SqlConnectionFactory(ConnectionString);
|
var factory = new SqlConnectionFactory(ConnectionString);
|
||||||
_repository = new RefreshTokenRepository(factory);
|
_repository = new RefreshTokenRepository(factory);
|
||||||
@@ -38,16 +44,19 @@ public class RefreshTokenRepositoryTests : IAsyncLifetime
|
|||||||
|
|
||||||
public async Task DisposeAsync()
|
public async Task DisposeAsync()
|
||||||
{
|
{
|
||||||
// Rollback transaction to clean up all test data
|
await _respawner.ResetAsync(_connection);
|
||||||
await _transaction.RollbackAsync();
|
await _connection.CloseAsync();
|
||||||
await _connection.DisposeAsync();
|
await _connection.DisposeAsync();
|
||||||
}
|
}
|
||||||
|
|
||||||
private static int GetTestUserId(SqlConnection conn, SqlTransaction tx)
|
private async Task SeedTestUserAsync()
|
||||||
{
|
{
|
||||||
return conn.QuerySingle<int>(
|
await _connection.ExecuteAsync("""
|
||||||
"SELECT Id FROM dbo.Usuario WHERE Username = 'test_rt_user'",
|
SET QUOTED_IDENTIFIER ON;
|
||||||
transaction: tx);
|
IF NOT EXISTS (SELECT 1 FROM dbo.Usuario WHERE Username = 'test_rt_user')
|
||||||
|
INSERT INTO dbo.Usuario (Username, PasswordHash, Nombre, Apellido, Rol, PermisosJson, Activo)
|
||||||
|
VALUES ('test_rt_user', '$2a$12$testhash', 'Test', 'User', 'admin', '["*"]', 1);
|
||||||
|
""");
|
||||||
}
|
}
|
||||||
|
|
||||||
private static RefreshToken BuildToken(int usuarioId, string hash = "test_hash_abc123xyz", bool expired = false)
|
private static RefreshToken BuildToken(int usuarioId, string hash = "test_hash_abc123xyz", bool expired = false)
|
||||||
@@ -60,8 +69,7 @@ public class RefreshTokenRepositoryTests : IAsyncLifetime
|
|||||||
[Fact]
|
[Fact]
|
||||||
public async Task AddAsync_PersistsAndReturnsId()
|
public async Task AddAsync_PersistsAndReturnsId()
|
||||||
{
|
{
|
||||||
var userId = GetTestUserId(_connection, _transaction);
|
var token = BuildToken(_testUserId, "unique_hash_persist_" + Guid.NewGuid().ToString("N")[..8]);
|
||||||
var token = BuildToken(userId, "unique_hash_persist_" + Guid.NewGuid().ToString("N")[..8]);
|
|
||||||
|
|
||||||
var id = await _repository.AddAsync(token);
|
var id = await _repository.AddAsync(token);
|
||||||
|
|
||||||
@@ -71,29 +79,26 @@ public class RefreshTokenRepositoryTests : IAsyncLifetime
|
|||||||
[Fact]
|
[Fact]
|
||||||
public async Task AddAsync_DuplicateHash_Throws()
|
public async Task AddAsync_DuplicateHash_Throws()
|
||||||
{
|
{
|
||||||
var userId = GetTestUserId(_connection, _transaction);
|
|
||||||
var hash = "duplicate_hash_" + Guid.NewGuid().ToString("N")[..8];
|
var hash = "duplicate_hash_" + Guid.NewGuid().ToString("N")[..8];
|
||||||
var token1 = BuildToken(userId, hash);
|
var token1 = BuildToken(_testUserId, hash);
|
||||||
var token2 = BuildToken(userId, hash);
|
var token2 = BuildToken(_testUserId, hash);
|
||||||
|
|
||||||
await _repository.AddAsync(token1);
|
await _repository.AddAsync(token1);
|
||||||
|
|
||||||
// Duplicate hash must violate UQ_RefreshToken_TokenHash
|
|
||||||
await Assert.ThrowsAnyAsync<Exception>(() => _repository.AddAsync(token2));
|
await Assert.ThrowsAnyAsync<Exception>(() => _repository.AddAsync(token2));
|
||||||
}
|
}
|
||||||
|
|
||||||
[Fact]
|
[Fact]
|
||||||
public async Task GetByHashAsync_RoundTripsAllFields()
|
public async Task GetByHashAsync_RoundTripsAllFields()
|
||||||
{
|
{
|
||||||
var userId = GetTestUserId(_connection, _transaction);
|
|
||||||
var hash = "roundtrip_hash_" + Guid.NewGuid().ToString("N")[..8];
|
var hash = "roundtrip_hash_" + Guid.NewGuid().ToString("N")[..8];
|
||||||
var token = BuildToken(userId, hash);
|
var token = BuildToken(_testUserId, hash);
|
||||||
|
|
||||||
await _repository.AddAsync(token);
|
await _repository.AddAsync(token);
|
||||||
var retrieved = await _repository.GetByHashAsync(hash);
|
var retrieved = await _repository.GetByHashAsync(hash);
|
||||||
|
|
||||||
Assert.NotNull(retrieved);
|
Assert.NotNull(retrieved);
|
||||||
Assert.Equal(userId, retrieved.UsuarioId);
|
Assert.Equal(_testUserId, retrieved.UsuarioId);
|
||||||
Assert.Equal(hash, retrieved.TokenHash);
|
Assert.Equal(hash, retrieved.TokenHash);
|
||||||
Assert.Equal(token.FamilyId, retrieved.FamilyId);
|
Assert.Equal(token.FamilyId, retrieved.FamilyId);
|
||||||
Assert.Null(retrieved.RevokedAt);
|
Assert.Null(retrieved.RevokedAt);
|
||||||
@@ -110,9 +115,8 @@ public class RefreshTokenRepositoryTests : IAsyncLifetime
|
|||||||
[Fact]
|
[Fact]
|
||||||
public async Task RevokeAsync_SetsRevokedAtAndReplacedById()
|
public async Task RevokeAsync_SetsRevokedAtAndReplacedById()
|
||||||
{
|
{
|
||||||
var userId = GetTestUserId(_connection, _transaction);
|
|
||||||
var hash = "revoke_test_" + Guid.NewGuid().ToString("N")[..8];
|
var hash = "revoke_test_" + Guid.NewGuid().ToString("N")[..8];
|
||||||
var token = BuildToken(userId, hash);
|
var token = BuildToken(_testUserId, hash);
|
||||||
|
|
||||||
var id = await _repository.AddAsync(token);
|
var id = await _repository.AddAsync(token);
|
||||||
var revokedAt = DateTime.UtcNow;
|
var revokedAt = DateTime.UtcNow;
|
||||||
@@ -127,17 +131,15 @@ public class RefreshTokenRepositoryTests : IAsyncLifetime
|
|||||||
[Fact]
|
[Fact]
|
||||||
public async Task RevokeFamilyAsync_OnlyAffectsMatchingFamily()
|
public async Task RevokeFamilyAsync_OnlyAffectsMatchingFamily()
|
||||||
{
|
{
|
||||||
var userId = GetTestUserId(_connection, _transaction);
|
|
||||||
var hash1 = "family_a_" + Guid.NewGuid().ToString("N")[..8];
|
var hash1 = "family_a_" + Guid.NewGuid().ToString("N")[..8];
|
||||||
var hash2 = "family_b_" + Guid.NewGuid().ToString("N")[..8];
|
var hash2 = "family_b_" + Guid.NewGuid().ToString("N")[..8];
|
||||||
|
|
||||||
var tokenA = BuildToken(userId, hash1);
|
var tokenA = BuildToken(_testUserId, hash1);
|
||||||
var tokenB = BuildToken(userId, hash2);
|
var tokenB = BuildToken(_testUserId, hash2);
|
||||||
|
|
||||||
await _repository.AddAsync(tokenA);
|
await _repository.AddAsync(tokenA);
|
||||||
await _repository.AddAsync(tokenB);
|
await _repository.AddAsync(tokenB);
|
||||||
|
|
||||||
// Revoke only family A
|
|
||||||
var count = await _repository.RevokeFamilyAsync(tokenA.FamilyId, DateTime.UtcNow);
|
var count = await _repository.RevokeFamilyAsync(tokenA.FamilyId, DateTime.UtcNow);
|
||||||
|
|
||||||
Assert.Equal(1, count);
|
Assert.Equal(1, count);
|
||||||
@@ -145,32 +147,28 @@ public class RefreshTokenRepositoryTests : IAsyncLifetime
|
|||||||
var retrievedA = await _repository.GetByHashAsync(hash1);
|
var retrievedA = await _repository.GetByHashAsync(hash1);
|
||||||
var retrievedB = await _repository.GetByHashAsync(hash2);
|
var retrievedB = await _repository.GetByHashAsync(hash2);
|
||||||
|
|
||||||
Assert.NotNull(retrievedA?.RevokedAt); // A is revoked
|
Assert.NotNull(retrievedA?.RevokedAt);
|
||||||
Assert.Null(retrievedB?.RevokedAt); // B is untouched
|
Assert.Null(retrievedB?.RevokedAt);
|
||||||
}
|
}
|
||||||
|
|
||||||
[Fact]
|
[Fact]
|
||||||
public async Task RevokeAllActiveForUserAsync_DoesNotTouchAlreadyRevoked()
|
public async Task RevokeAllActiveForUserAsync_DoesNotTouchAlreadyRevoked()
|
||||||
{
|
{
|
||||||
var userId = GetTestUserId(_connection, _transaction);
|
|
||||||
var hash1 = "user_active_" + Guid.NewGuid().ToString("N")[..8];
|
var hash1 = "user_active_" + Guid.NewGuid().ToString("N")[..8];
|
||||||
var hash2 = "user_revoked_" + Guid.NewGuid().ToString("N")[..8];
|
var hash2 = "user_revoked_" + Guid.NewGuid().ToString("N")[..8];
|
||||||
|
|
||||||
var tokenActive = BuildToken(userId, hash1);
|
var tokenActive = BuildToken(_testUserId, hash1);
|
||||||
var tokenAlreadyRevoked = BuildToken(userId, hash2);
|
var tokenAlreadyRevoked = BuildToken(_testUserId, hash2);
|
||||||
|
|
||||||
var idActive = await _repository.AddAsync(tokenActive);
|
var idActive = await _repository.AddAsync(tokenActive);
|
||||||
var idRevoked = await _repository.AddAsync(tokenAlreadyRevoked);
|
var idRevoked = await _repository.AddAsync(tokenAlreadyRevoked);
|
||||||
await _repository.RevokeAsync(idRevoked, null, DateTime.UtcNow.AddMinutes(-5));
|
await _repository.RevokeAsync(idRevoked, null, DateTime.UtcNow.AddMinutes(-5));
|
||||||
|
|
||||||
var count = await _repository.RevokeAllActiveForUserAsync(userId, DateTime.UtcNow);
|
var count = await _repository.RevokeAllActiveForUserAsync(_testUserId, DateTime.UtcNow);
|
||||||
|
|
||||||
Assert.Equal(1, count); // only the active one was revoked
|
Assert.Equal(1, count);
|
||||||
|
|
||||||
var retrievedActive = await _repository.GetByHashAsync(hash1);
|
var retrievedActive = await _repository.GetByHashAsync(hash1);
|
||||||
Assert.NotNull(retrievedActive?.RevokedAt);
|
Assert.NotNull(retrievedActive?.RevokedAt);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
[CollectionDefinition("SqlIntegration")]
|
|
||||||
public class SqlIntegrationCollection : ICollectionFixture<object> { }
|
|
||||||
|
|||||||
Reference in New Issue
Block a user