tests fixes and some product advisories tunes ups

2026-01-30 07:57:43 +02:00
parent 644887997c
commit 55744f6a39
345 changed files with 26290 additions and 2267 deletions
--- a/src/Notify/StellaOps.Notify.WebService/Program.cs
+++ b/src/Notify/StellaOps.Notify.WebService/Program.cs
@@ -84,6 +84,7 @@ builder.Host.UseSerilog((context, services, loggerConfiguration) =>
 });

 builder.Services.AddSingleton(TimeProvider.System);
+builder.Services.AddSingleton<StellaOps.Determinism.IGuidProvider, StellaOps.Determinism.SystemGuidProvider>();
 builder.Services.AddSingleton<ServiceStatus>();
 builder.Services.AddSingleton<NotifySchemaMigrationService>();

@@ -97,7 +98,7 @@ builder.Services.AddSingleton<INotifyPluginRegistry, NotifyPluginRegistry>();
 builder.Services.AddSingleton<INotifyChannelTestService, NotifyChannelTestService>();
 builder.Services.AddSingleton<INotifyChannelHealthService, NotifyChannelHealthService>();

-ConfigureAuthentication(builder, bootstrapOptions);
+ConfigureAuthentication(builder, bootstrapOptions, builder.Configuration);
 ConfigureRateLimiting(builder, bootstrapOptions);

 builder.Services.AddEndpointsApiExplorer();
@@ -125,9 +126,11 @@ app.TryRefreshStellaRouterEndpoints(notifyRouterOptions);

 await app.RunAsync();

-static void ConfigureAuthentication(WebApplicationBuilder builder, NotifyWebServiceOptions options)
+static void ConfigureAuthentication(WebApplicationBuilder builder, NotifyWebServiceOptions options, IConfiguration configuration)
 {
-    if (options.Authority.Enabled)
+    // Read enabled flag from configuration to support test overrides via UseSetting
+    var authorityEnabled = configuration.GetValue<bool?>("notify:authority:enabled") ?? options.Authority.Enabled;
+    if (authorityEnabled)
    {
        builder.Services.AddStellaOpsResourceServerAuthentication(
            builder.Configuration,
@@ -162,7 +165,9 @@ static void ConfigureAuthentication(WebApplicationBuilder builder, NotifyWebServ
    }
    else
    {
-        if (options.Authority.AllowAnonymousFallback)
+        // Read allowAnonymousFallback from configuration to support test overrides
+        var allowAnonymous = configuration.GetValue<bool?>("notify:authority:allowAnonymousFallback") ?? options.Authority.AllowAnonymousFallback;
+        if (allowAnonymous)
        {
            builder.Services.AddAuthentication(authOptions =>
            {
@@ -194,14 +199,19 @@ static void ConfigureAuthentication(WebApplicationBuilder builder, NotifyWebServ
                {
                    jwt.RequireHttpsMetadata = false;
                    jwt.IncludeErrorDetails = true;
+                    // Read JWT settings from configuration to support test overrides
+                    var issuer = configuration["notify:authority:issuer"] ?? options.Authority.Issuer;
+                    var audiencesList = configuration.GetSection("notify:authority:audiences").Get<string[]>() ?? options.Authority.Audiences.ToArray();
+                    var signingKey = configuration["notify:authority:developmentSigningKey"] ?? options.Authority.DevelopmentSigningKey!;
+
                    jwt.TokenValidationParameters = new TokenValidationParameters
                    {
                        ValidateIssuer = true,
-                        ValidIssuer = options.Authority.Issuer,
-                        ValidateAudience = options.Authority.Audiences.Count > 0,
-                        ValidAudiences = options.Authority.Audiences,
+                        ValidIssuer = issuer,
+                        ValidateAudience = audiencesList.Length > 0,
+                        ValidAudiences = audiencesList,
                        ValidateIssuerSigningKey = true,
-                        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(options.Authority.DevelopmentSigningKey!)),
+                        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(signingKey)),
                        ValidateLifetime = true,
                        ClockSkew = TimeSpan.FromSeconds(options.Authority.TokenClockSkewSeconds),
                        NameClaimType = ClaimTypes.Name
--- a/src/Notify/StellaOps.Notify.WebService/StellaOps.Notify.WebService.csproj
+++ b/src/Notify/StellaOps.Notify.WebService/StellaOps.Notify.WebService.csproj
@@ -9,8 +9,11 @@
  </PropertyGroup>

  <ItemGroup>
+    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" />
+    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" />
    <PackageReference Include="Serilog.AspNetCore" />
    <PackageReference Include="Serilog.Sinks.Console" />
+    <PackageReference Include="System.IdentityModel.Tokens.Jwt" />
    <PackageReference Include="YamlDotNet" />
  </ItemGroup>