backend/WorkClub.Tests.Integration/Infrastructure/TestAuthHandler.cs

using System.Security.Claims;
using System.Text.Encodings.Web;
using System.Text.Json;
using Microsoft.AspNetCore.Authentication;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;

namespace WorkClub.Tests.Integration.Infrastructure;

public class TestAuthHandler : AuthenticationHandler<AuthenticationSchemeOptions>
{
    public TestAuthHandler(
        IOptionsMonitor<AuthenticationSchemeOptions> options,
        ILoggerFactory logger,
        UrlEncoder encoder)
        : base(options, logger, encoder)
    {
    }

    protected override Task<AuthenticateResult> HandleAuthenticateAsync()
    {
        var clubsClaim = Context.Request.Headers["X-Test-Clubs"].ToString();
        var emailClaim = Context.Request.Headers["X-Test-Email"].ToString();
        var userIdClaim = Context.Request.Headers["X-Test-UserId"].ToString();

        var claims = new List<Claim>
        {
            new Claim(ClaimTypes.NameIdentifier, "test-user"),
            new Claim("sub", string.IsNullOrEmpty(userIdClaim) ? Guid.NewGuid().ToString() : userIdClaim),
            new Claim(ClaimTypes.Email, string.IsNullOrEmpty(emailClaim) ? "test@test.com" : emailClaim),
        };

        if (!string.IsNullOrEmpty(clubsClaim))
        {
            claims.Add(new Claim("clubs", clubsClaim));
        }

        var identity = new ClaimsIdentity(claims, "Test");
        var principal = new ClaimsPrincipal(identity);
        var ticket = new AuthenticationTicket(principal, "Test");

        return Task.FromResult(AuthenticateResult.Success(ticket));
    }
}
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware - Add EF Core migrations for initial schema (clubs, members, work_items, shifts, shift_signups) - Implement RLS policies with SET LOCAL for tenant isolation - Add Finbuckle multi-tenant middleware with ClaimStrategy + HeaderStrategy fallback - Create TenantValidationMiddleware to enforce JWT claims match X-Tenant-Id header - Add tenant-aware DB interceptors (SaveChangesTenantInterceptor, TenantDbConnectionInterceptor) - Configure AppDbContext with tenant scoping and RLS support - Add test infrastructure: CustomWebApplicationFactory, TestAuthHandler, DatabaseFixture - Write TDD integration tests for multi-tenant isolation and RLS enforcement - Add health check null safety for connection string Tasks: 7 (PostgreSQL schema + migrations + RLS), 8 (Finbuckle multi-tenancy + validation), 12 (test infrastructure) 2026-03-03 14:32:21 +01:00			`using System.Security.Claims;`
			`using System.Text.Encodings.Web;`
			`using System.Text.Json;`
			`using Microsoft.AspNetCore.Authentication;`
			`using Microsoft.Extensions.Logging;`
			`using Microsoft.Extensions.Options;`

			`namespace WorkClub.Tests.Integration.Infrastructure;`

			`public class TestAuthHandler : AuthenticationHandler<AuthenticationSchemeOptions>`
			`{`
			`public TestAuthHandler(`
			`IOptionsMonitor<AuthenticationSchemeOptions> options,`
			`ILoggerFactory logger,`
			`UrlEncoder encoder)`
			`: base(options, logger, encoder)`
			`{`
			`}`

			`protected override Task<AuthenticateResult> HandleAuthenticateAsync()`
			`{`
			`var clubsClaim = Context.Request.Headers["X-Test-Clubs"].ToString();`
			`var emailClaim = Context.Request.Headers["X-Test-Email"].ToString();`
feat(shifts): add Shift CRUD API with sign-up/cancel and capacity management - ShiftService with 7 methods: list, detail, create, update, delete, signup, cancel - 5 DTOs: ShiftListDto, ShiftDetailDto, CreateShiftRequest, UpdateShiftRequest, ShiftSignupDto - Minimal API endpoints: GET /api/shifts, GET /api/shifts/{id}, POST, PUT, DELETE, POST /signup, DELETE /signup - Capacity validation: sign-up rejected when full → 409 Conflict - Past shift blocking: cannot sign up for past shifts → 422 Unprocessable - Duplicate signup prevention: check existing before create → 409 Conflict - Concurrency: 2-attempt retry loop for last-slot race conditions - Authorization: POST/PUT (Manager+), DELETE (Admin), signup/cancel (Member+) - Test infrastructure: Added X-Test-UserId header support for member ID injection - 13 TDD integration tests: CRUD, sign-up, capacity, past shift, concurrency - Build: 0 errors (6 BouncyCastle warnings expected) Task 15 complete. Wave 3: 3/5 tasks done. 2026-03-03 19:30:23 +01:00			`var userIdClaim = Context.Request.Headers["X-Test-UserId"].ToString();`
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware - Add EF Core migrations for initial schema (clubs, members, work_items, shifts, shift_signups) - Implement RLS policies with SET LOCAL for tenant isolation - Add Finbuckle multi-tenant middleware with ClaimStrategy + HeaderStrategy fallback - Create TenantValidationMiddleware to enforce JWT claims match X-Tenant-Id header - Add tenant-aware DB interceptors (SaveChangesTenantInterceptor, TenantDbConnectionInterceptor) - Configure AppDbContext with tenant scoping and RLS support - Add test infrastructure: CustomWebApplicationFactory, TestAuthHandler, DatabaseFixture - Write TDD integration tests for multi-tenant isolation and RLS enforcement - Add health check null safety for connection string Tasks: 7 (PostgreSQL schema + migrations + RLS), 8 (Finbuckle multi-tenancy + validation), 12 (test infrastructure) 2026-03-03 14:32:21 +01:00
			`var claims = new List<Claim>`
			`{`
			`new Claim(ClaimTypes.NameIdentifier, "test-user"),`
feat(shifts): add Shift CRUD API with sign-up/cancel and capacity management - ShiftService with 7 methods: list, detail, create, update, delete, signup, cancel - 5 DTOs: ShiftListDto, ShiftDetailDto, CreateShiftRequest, UpdateShiftRequest, ShiftSignupDto - Minimal API endpoints: GET /api/shifts, GET /api/shifts/{id}, POST, PUT, DELETE, POST /signup, DELETE /signup - Capacity validation: sign-up rejected when full → 409 Conflict - Past shift blocking: cannot sign up for past shifts → 422 Unprocessable - Duplicate signup prevention: check existing before create → 409 Conflict - Concurrency: 2-attempt retry loop for last-slot race conditions - Authorization: POST/PUT (Manager+), DELETE (Admin), signup/cancel (Member+) - Test infrastructure: Added X-Test-UserId header support for member ID injection - 13 TDD integration tests: CRUD, sign-up, capacity, past shift, concurrency - Build: 0 errors (6 BouncyCastle warnings expected) Task 15 complete. Wave 3: 3/5 tasks done. 2026-03-03 19:30:23 +01:00			`new Claim("sub", string.IsNullOrEmpty(userIdClaim) ? Guid.NewGuid().ToString() : userIdClaim),`
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware - Add EF Core migrations for initial schema (clubs, members, work_items, shifts, shift_signups) - Implement RLS policies with SET LOCAL for tenant isolation - Add Finbuckle multi-tenant middleware with ClaimStrategy + HeaderStrategy fallback - Create TenantValidationMiddleware to enforce JWT claims match X-Tenant-Id header - Add tenant-aware DB interceptors (SaveChangesTenantInterceptor, TenantDbConnectionInterceptor) - Configure AppDbContext with tenant scoping and RLS support - Add test infrastructure: CustomWebApplicationFactory, TestAuthHandler, DatabaseFixture - Write TDD integration tests for multi-tenant isolation and RLS enforcement - Add health check null safety for connection string Tasks: 7 (PostgreSQL schema + migrations + RLS), 8 (Finbuckle multi-tenancy + validation), 12 (test infrastructure) 2026-03-03 14:32:21 +01:00			`new Claim(ClaimTypes.Email, string.IsNullOrEmpty(emailClaim) ? "test@test.com" : emailClaim),`
			`};`

			`if (!string.IsNullOrEmpty(clubsClaim))`
			`{`
			`claims.Add(new Claim("clubs", clubsClaim));`
			`}`

			`var identity = new ClaimsIdentity(claims, "Test");`
			`var principal = new ClaimsPrincipal(identity);`
			`var ticket = new AuthenticationTicket(principal, "Test");`

			`return Task.FromResult(AuthenticateResult.Success(ticket));`
			`}`
			`}`