dmolinari/SIG-CM2.0
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2d2e90fa3cc7fbc2d2224ad7853fb9d93eda5c7b
SIG-CM2.0/tests/SIGCM2.Application.Tests/Usuarios/ChangeMyPasswordCommandHandlerTests.cs
dmolinari 26efb74c22 feat(audit): enchufar audit en handlers de Usuario — Closes #6 
7 command handlers del módulo Usuarios ahora auditan via IAuditLogger:

| Handler                                 | Action                  |
|-----------------------------------------|-------------------------|
| CreateUsuarioCommandHandler             | usuario.create          |
| UpdateUsuarioCommandHandler             | usuario.update          |
| DeactivateUsuarioCommandHandler         | usuario.deactivate      |
| ReactivateUsuarioCommandHandler         | usuario.reactivate      |
| ChangeMyPasswordCommandHandler          | usuario.password_change |
| ResetUsuarioPasswordCommandHandler      | usuario.password_reset  |
| UpdateUsuarioPermisosOverridesHandler   | usuario.permisos_update |

Patrón por handler (per design #D-1):
  using (var tx = new TransactionScope(Required, ReadCommitted, AsyncFlowEnabled))
  {
      await repo.UpdateAsync(...);
      await audit.LogAsync(...);
      tx.Complete();
  }
  // post-commit reads OUTSIDE the using block
  var updated = await repo.GetDetailAsync(...);

Metadata captured:
- usuario.create: after={username, nombre, apellido, email, rol} — NO password.
- usuario.update: {before, after} diff of editable fields.
- usuario.password_reset: {targetId} only — tempPassword is NEVER persisted to
  audit (returned to caller once, never stored).
- usuario.permisos_update: {before, after} of grant/deny override lists.

Key fix during implementation: initially used 'using var tx = ...' (bare
declaration). This kept the TransactionScope active for the rest of the method,
causing 'The current TransactionScope is already complete' when post-commit
reads (GetDetailAsync) tried to enlist. Solution: explicit 'using (var tx = ...)
{ ... }' block that disposes the scope before post-commit reads.

AuditContextMissingException surfaces from AuditLogger when IAuditContext
lacks ActorUserId — fail-closed per #REQ-AUD-4. In integration tests, the
middleware populates ActorUserId from the JWT sub of the authenticated admin.

Test updates: 6 existing unit test classes now inject IAuditLogger mock:
- CreateUsuarioCommandHandlerTests
- UpdateUsuarioCommandHandlerTests
- DeactivateUsuarioCommandHandlerTests
- ReactivateUsuarioCommandHandlerTests
- ChangeMyPasswordCommandHandlerTests
- ResetUsuarioPasswordCommandHandlerTests

Follow-up #6 ([Auditoría] Registrar admin creador en alta de usuarios) is
closed: CreateUsuarioCommandHandler now records ActorUserId = admin JWT sub
on every user creation. TODO comment removed.

Suite: 378/378 Application.Tests + 141/141 Api.Tests = 519/519 passing.

Closes #6
Refs: sdd/udt-010-auditoria-trazabilidad/{spec#REQ-UM-AUD, design, tasks#B7}
2026-04-16 13:49:44 -03:00

75 lines
3.1 KiB
C#
Raw Blame History

using NSubstitute;
using SIGCM2.Application.Abstractions.Persistence;
using SIGCM2.Application.Abstractions.Security;
using SIGCM2.Application.Audit;
using SIGCM2.Application.Usuarios.ChangeMyPassword;
using SIGCM2.Domain.Entities;
using SIGCM2.Domain.Exceptions;
namespace SIGCM2.Application.Tests.Usuarios;
public class ChangeMyPasswordCommandHandlerTests
{
private readonly IUsuarioRepository _repo = Substitute.For<IUsuarioRepository>();
private readonly IPasswordHasher _hasher = Substitute.For<IPasswordHasher>();
private readonly IRefreshTokenRepository _refreshRepo = Substitute.For<IRefreshTokenRepository>();
private readonly IAuditLogger _audit = Substitute.For<IAuditLogger>();
private readonly ChangeMyPasswordCommandHandler _handler;
public ChangeMyPasswordCommandHandlerTests()
{
_handler = new ChangeMyPasswordCommandHandler(_repo, _hasher, _audit);
}
private static Usuario MakeUser(int id = 1, bool mustChangePassword = false)
=> new(id, "user" + id, "$2a$12$oldhash", "Test", "User", null, "cajero", "[]", true,
mustChangePassword: mustChangePassword);
[Fact]
public async Task Handle_Happy_Path_Hashes_New_Password_Clears_MustChange()
{
var user = MakeUser(1, mustChangePassword: true);
_repo.GetByIdAsync(1, Arg.Any<CancellationToken>()).Returns(user);
_hasher.Verify("oldPass1!", "$2a$12$oldhash").Returns(true);
_hasher.Hash("newPass2!").Returns("$2a$12$newhash");
await _handler.Handle(new ChangeMyPasswordCommand(1, "oldPass1!", "newPass2!"));
await _repo.Received(1).UpdatePasswordAsync(1, "$2a$12$newhash", false, Arg.Any<CancellationToken>());
}
[Fact]
public async Task Handle_Throws_InvalidOldPasswordException_When_Wrong_Old()
{
var user = MakeUser(1);
_repo.GetByIdAsync(1, Arg.Any<CancellationToken>()).Returns(user);
_hasher.Verify(Arg.Any<string>(), Arg.Any<string>()).Returns(false);
await Assert.ThrowsAsync<InvalidOldPasswordException>(
() => _handler.Handle(new ChangeMyPasswordCommand(1, "wrongPass!", "newPass2!")));
}
[Fact]
public async Task Handle_Throws_UsuarioNotFoundException_When_Not_Found()
{
_repo.GetByIdAsync(9999, Arg.Any<CancellationToken>()).Returns((Usuario?)null);
await Assert.ThrowsAsync<UsuarioNotFoundException>(
() => _handler.Handle(new ChangeMyPasswordCommand(9999, "old", "new1234")));
}
[Fact]
public async Task Handle_Does_NOT_Revoke_Own_Refresh_Tokens()
{
var user = MakeUser(1);
_repo.GetByIdAsync(1, Arg.Any<CancellationToken>()).Returns(user);
_hasher.Verify(Arg.Any<string>(), Arg.Any<string>()).Returns(true);
_hasher.Hash(Arg.Any<string>()).Returns("$2a$12$newhash");
await _handler.Handle(new ChangeMyPasswordCommand(1, "oldPass1!", "newPass2!"));
// spec REQ-BCP-05: change password does NOT revoke own tokens
await _refreshRepo.DidNotReceive().RevokeAllActiveForUserAsync(Arg.Any<int>(), Arg.Any<DateTime>(), Arg.Any<CancellationToken>());
}
}
Reference in New Issue View Git Blame Copy Permalink