Merge pull request #706 from PathfinderHonorManager/develop

Fixed swagger authz issues

Author: brian-cummings

.github/workflows/dependabot_automerge.yml

@@ -12,7 +12,7 @@ jobs:
     steps:
       - name: Dependabot metadata
         id: metadata
-        uses: dependabot/fetch-metadata@v2.4.0
+        uses: dependabot/fetch-metadata@v2.5.0
         with:
           github-token: "${{ secrets.GITHUB_TOKEN }}"
       - name: Enable auto-merge for Dependabot PRs

AGENTS.md

@@ -0,0 +1,35 @@
+# Repository Guidelines
+
+## Project Structure & Module Organization
+- `PathfinderHonorManager/` hosts the ASP.NET Core API. Key areas: `Controllers/`, `Service/`, `DataAccess/`, `Model/`, `Dto/`, `Validators/`, `Healthcheck/`, `Migrations/`, `Swagger/`, `Mapping/`, and `Converters/`.
+- `PathfinderHonorManager.Tests/` contains NUnit tests plus test helpers and seeders.
+- `PathfinderHonorManager/Pathfinder-DB/` stores database SQL scripts.
+- Configuration lives in `PathfinderHonorManager/appsettings.json`, `PathfinderHonorManager/appsettings.Development.json`, and `PathfinderHonorManager/Properties/launchSettings.json`.
+
+## Build, Test, and Development Commands
+- `dotnet build PathfinderHonorManager.sln` builds the solution.
+- `dotnet run --project PathfinderHonorManager` runs the API locally.
+- `dotnet test PathfinderHonorManager.Tests/PathfinderHonorManager.Tests.csproj` runs the test suite.
+- `dotnet ef migrations add DescriptiveMigrationName --project PathfinderHonorManager` creates a migration.
+- `dotnet ef database update --project PathfinderHonorManager` applies migrations (see `EF_MIGRATIONS_README.md` for baseline setup).
+
+## Coding Style & Naming Conventions
+- Follow C# conventions: 4-space indentation; PascalCase for types and public members; camelCase for locals and parameters.
+- Interfaces use the `I*` prefix (for example, `IHonorService`).
+- File/class naming mirrors feature type: `*Controller`, `*Service`, `*Validator`, `*Dto`.
+- Validators use FluentValidation and live in `PathfinderHonorManager/Validators`.
+
+## Testing Guidelines
+- NUnit is the primary framework; tests live in `PathfinderHonorManager.Tests` and use `[Test]`/`[TestCase]`.
+- Name test files and classes with a `*Tests` suffix (for example, `HonorsControllerTests.cs`).
+- Prefer in-memory EF providers or seeded helpers (`Helpers/DatabaseSeeder.cs`) for data setup.
+
+## Commit & Pull Request Guidelines
+- Recent commits use short, imperative sentence-case summaries (for example, "Fix SonarQube issues", "Add background worker...").
+- Keep commits focused on a single change set.
+- PRs should include: a clear description, testing notes/commands run, migration impacts (if any), and any required configuration or env var changes.
+
+## Configuration & Migrations
+- Required env vars include `PathfinderCS` and Auth0 settings (`Auth0:Domain`, `Auth0:Audience`, `Auth0:ClientId`).
+- The baseline migration is tracked in `PathfinderHonorManager/Migrations`; follow `EF_MIGRATIONS_README.md` for local setup and safe rollback steps.
+- Health endpoints are available at `/health`, `/health/ready`, and `/health/live`.

PathfinderHonorManager.Tests/Auth/HasScopeHandlerTests.cs

@@ -0,0 +1,74 @@
+using System;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authorization;
+using NUnit.Framework;
+using PathfinderHonorManager.Auth;
+
+namespace PathfinderHonorManager.Tests.Auth
+{
+    [TestFixture]
+    public class HasScopeHandlerTests
+    {
+        [Test]
+        public async Task HandleAsync_NoPermissionsClaim_DoesNotSucceed()
+        {
+            var requirement = new HasScopeRequirement("read:honors", "https://issuer/");
+            var user = new ClaimsPrincipal(new ClaimsIdentity());
+            var context = new AuthorizationHandlerContext(new[] { requirement }, user, null);
+            var handler = new HasScopeHandler();
+
+            await handler.HandleAsync(context);
+
+            Assert.That(context.HasSucceeded, Is.False);
+        }
+
+        [Test]
+        public async Task HandleAsync_PermissionsClaimWithMatchingScope_Succeeds()
+        {
+            var requirement = new HasScopeRequirement("read:honors", "https://issuer/");
+            var identity = new ClaimsIdentity(new[]
+            {
+                new Claim("permissions", "read:honors", ClaimValueTypes.String, "https://issuer/")
+            });
+            var user = new ClaimsPrincipal(identity);
+            var context = new AuthorizationHandlerContext(new[] { requirement }, user, null);
+            var handler = new HasScopeHandler();
+
+            await handler.HandleAsync(context);
+
+            Assert.That(context.HasSucceeded, Is.True);
+        }
+
+        [Test]
+        public async Task HandleAsync_PermissionsClaimWithWrongIssuer_DoesNotSucceed()
+        {
+            var requirement = new HasScopeRequirement("read:honors", "https://issuer/");
+            var identity = new ClaimsIdentity(new[]
+            {
+                new Claim("permissions", "read:honors", ClaimValueTypes.String, "https://other/")
+            });
+            var user = new ClaimsPrincipal(identity);
+            var context = new AuthorizationHandlerContext(new[] { requirement }, user, null);
+            var handler = new HasScopeHandler();
+
+            await handler.HandleAsync(context);
+
+            Assert.That(context.HasSucceeded, Is.False);
+        }
+
+        [Test]
+        public void Constructor_NullScope_Throws()
+        {
+            var ex = Assert.Throws<ArgumentNullException>(() => new HasScopeRequirement(null, "https://issuer/"));
+            Assert.That(ex!.ParamName, Is.EqualTo("scope"));
+        }
+
+        [Test]
+        public void Constructor_NullIssuer_Throws()
+        {
+            var ex = Assert.Throws<ArgumentNullException>(() => new HasScopeRequirement("read:honors", null));
+            Assert.That(ex!.ParamName, Is.EqualTo("issuer"));
+        }
+    }
+}

PathfinderHonorManager.Tests/Healthcheck/MigrationHealthCheckTests.cs

@@ -0,0 +1,54 @@
+using System.Threading;
+using System.Threading.Tasks;
+using Microsoft.Data.Sqlite;
+using Microsoft.EntityFrameworkCore;
+using NUnit.Framework;
+using PathfinderHonorManager.DataAccess;
+using PathfinderHonorManager.Healthcheck;
+
+namespace PathfinderHonorManager.Tests.Healthcheck
+{
+    [TestFixture]
+    public class MigrationHealthCheckTests
+    {
+        [Test]
+        public async Task CheckHealthAsync_PendingMigrations_ReturnsDegradedOrHealthy()
+        {
+            using var connection = new SqliteConnection("DataSource=:memory:");
+            connection.Open();
+
+            var options = new DbContextOptionsBuilder<PathfinderContext>()
+                .UseSqlite(connection)
+                .Options;
+
+            using var context = new PathfinderContext(options);
+            var healthCheck = new MigrationHealthCheck(context);
+
+            var result = await healthCheck.CheckHealthAsync(
+                new Microsoft.Extensions.Diagnostics.HealthChecks.HealthCheckContext(),
+                CancellationToken.None);
+
+            Assert.That(result.Status, Is.Not.EqualTo(
+                Microsoft.Extensions.Diagnostics.HealthChecks.HealthStatus.Unhealthy));
+        }
+
+        [Test]
+        public async Task CheckHealthAsync_DisposedContext_ReturnsUnhealthy()
+        {
+            var options = new DbContextOptionsBuilder<PathfinderContext>()
+                .UseSqlite("DataSource=:memory:")
+                .Options;
+
+            var context = new PathfinderContext(options);
+            context.Dispose();
+
+            var healthCheck = new MigrationHealthCheck(context);
+            var result = await healthCheck.CheckHealthAsync(
+                new Microsoft.Extensions.Diagnostics.HealthChecks.HealthCheckContext(),
+                CancellationToken.None);
+
+            Assert.That(result.Status, Is.EqualTo(
+                Microsoft.Extensions.Diagnostics.HealthChecks.HealthStatus.Unhealthy));
+        }
+    }
+}

PathfinderHonorManager.Tests/Integration/IntegrationTestWebAppFactory.cs

@@ -0,0 +1,109 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Mvc.Testing;
+using Microsoft.Data.Sqlite;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Storage;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.DependencyInjection.Extensions;
+using Microsoft.Extensions.Hosting;
+using PathfinderHonorManager;
+using PathfinderHonorManager.DataAccess;
+using PathfinderHonorManager.Service;
+
+namespace PathfinderHonorManager.Tests.Integration
+{
+    public class IntegrationTestWebAppFactory : WebApplicationFactory<Startup>
+    {
+        private readonly SqliteConnection _connection;
+
+        private readonly IReadOnlyCollection<string> _permissions;
+
+        public IntegrationTestWebAppFactory(IReadOnlyCollection<string> permissions = null)
+        {
+            _permissions = permissions ?? TestAuthHandler.DefaultPermissions;
+            _connection = new SqliteConnection("DataSource=:memory:");
+            _connection.Open();
+        }
+
+        protected override void ConfigureWebHost(IWebHostBuilder builder)
+        {
+            builder.ConfigureAppConfiguration((context, config) =>
+            {
+                var overrides = new Dictionary<string, string>
+                {
+                    ["Auth0:Domain"] = "test",
+                    ["Auth0:Audience"] = "test-audience",
+                    ["AzureAD:ApiScope"] = "test-scope",
+                    ["ConnectionStrings:PathfinderCS"] = "DataSource=:memory:"
+                };
+
+                config.AddInMemoryCollection(overrides);
+            });
+
+            builder.ConfigureServices(services =>
+            {
+                services.RemoveAll<DbContextOptions<PathfinderContext>>();
+                services.RemoveAll<DbContextOptions>();
+                services.RemoveAll<IDatabaseProvider>();
+                services.RemoveAll<IDbContextOptionsConfiguration<PathfinderContext>>();
+
+                RemoveHostedService<MigrationService>(services);
+                RemoveHostedService<AchievementSyncBackgroundService>(services);
+
+                services.AddDbContext<PathfinderContext>(options =>
+                {
+                    options.UseSqlite(_connection);
+                    options.ReplaceService<IModelCustomizer, TestModelCustomizer>();
+                    options.AddInterceptors(new TimestampSaveChangesInterceptor());
+                });
+
+                services.AddAuthentication(options =>
+                    {
+                        options.DefaultAuthenticateScheme = TestAuthHandler.SchemeName;
+                        options.DefaultChallengeScheme = TestAuthHandler.SchemeName;
+                    })
+                    .AddScheme<TestAuthOptions, TestAuthHandler>(
+                        TestAuthHandler.SchemeName,
+                        options => { options.Permissions = _permissions; });
+            });
+        }
+
+        public async Task InitializeAsync()
+        {
+            using var scope = Services.CreateScope();
+            var dbContext = scope.ServiceProvider.GetRequiredService<PathfinderContext>();
+            await dbContext.Database.EnsureCreatedAsync();
+        }
+
+        protected override void Dispose(bool disposing)
+        {
+            if (disposing)
+            {
+                _connection.Dispose();
+            }
+
+            base.Dispose(disposing);
+        }
+
+        private static void RemoveHostedService<TService>(IServiceCollection services)
+            where TService : class, IHostedService
+        {
+            var descriptors = services
+                .Where(descriptor =>
+                    descriptor.ServiceType == typeof(IHostedService) &&
+                    descriptor.ImplementationType == typeof(TService))
+                .ToList();
+
+            foreach (var descriptor in descriptors)
+            {
+                services.Remove(descriptor);
+            }
+        }
+    }
+}