stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

finish off sprint advisories and sprints

Browse Source
This commit is contained in:
master
2026-01-24 00:12:43 +02:00
parent 726d70dc7f
commit c70e83719e
266 changed files with 46699 additions and 1328 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Saml.Tests/Resilience/SamlConnectorResilienceTests.cs
View File

@@ -92,8 +92,11 @@ public sealed class SamlConnectorResilienceTests
// Act
var result = await SimulateAssertionValidation(assertion);
// Assert
result.Succeeded.Should().BeTrue("Empty attribute statement should not prevent authentication");
// Assert - check if failure and report reason
if (!result.Succeeded)
{
Assert.Fail($"Expected success but got failure: {result.Message}");
}
result.User?.Roles.Should().BeEmpty();
_output.WriteLine("✓ Empty attribute statement handled gracefully");
}
@@ -367,9 +370,10 @@ public sealed class SamlConnectorResilienceTests
var notBefore = conditions.Attributes?["NotBefore"]?.Value;
var notOnOrAfter = conditions.Attributes?["NotOnOrAfter"]?.Value;
if (!string.IsNullOrEmpty(notBefore) && DateTime.TryParse(notBefore, out var nbf))
if (!string.IsNullOrEmpty(notBefore) &&
DateTime.TryParse(notBefore, null, System.Globalization.DateTimeStyles.RoundtripKind, out var nbf))
{
if (nbf > DateTime.UtcNow)
if (nbf.ToUniversalTime() > DateTime.UtcNow)
{
return AuthorityCredentialVerificationResult.Failure(
AuthorityCredentialFailureCode.InvalidCredentials,
@@ -377,9 +381,10 @@ public sealed class SamlConnectorResilienceTests
}
}
if (!string.IsNullOrEmpty(notOnOrAfter) && DateTime.TryParse(notOnOrAfter, out var expiry))
if (!string.IsNullOrEmpty(notOnOrAfter) &&
DateTime.TryParse(notOnOrAfter, null, System.Globalization.DateTimeStyles.RoundtripKind, out var expiry))
{
if (expiry < DateTime.UtcNow)
if (expiry.ToUniversalTime() < DateTime.UtcNow)
{
return AuthorityCredentialVerificationResult.Failure(
AuthorityCredentialFailureCode.InvalidCredentials,
@@ -390,7 +395,7 @@ public sealed class SamlConnectorResilienceTests
var user = new AuthorityUserDescriptor(
subjectId: nameId,
username: null!,
username: nameId, // Use nameId as username
displayName: null!,
requiresPasswordReset: false,
roles: Array.Empty<string>(),

13
src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Saml.Tests/Security/SamlConnectorSecurityTests.cs
View File

@@ -398,14 +398,17 @@ public sealed class SamlConnectorSecurityTests
// Check signature if required
if (options.ValidateSignature)
{
// In real implementation, would verify XML signature
// For testing, just check if assertion was marked as tampered
if (assertion.Contains("user:admin") && !assertion.Contains("_evil"))
// Check if assertion has a Signature element
nsMgr.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
var signatureNode = assertionNode.SelectSingleNode("ds:Signature", nsMgr);
if (signatureNode == null)
{
return AuthorityCredentialVerificationResult.Failure(
AuthorityCredentialFailureCode.InvalidCredentials,
"Signature validation failed.");
"Assertion is not signed but signature is required.");
}
// For testing purposes, we only check presence of signature element
// Real implementation would verify the cryptographic signature
}
var issuer = assertionNode.SelectSingleNode("saml2:Issuer", nsMgr)?.InnerText;
@@ -445,7 +448,7 @@ public sealed class SamlConnectorSecurityTests
var user = new AuthorityUserDescriptor(
subjectId: nameId,
username: null!,
username: nameId, // Use nameId as username
displayName: null!,
requiresPasswordReset: false,
roles: Array.Empty<string>(),