managedcode
diff --git a/‎ManagedCode.Orleans.Identity.Tests/AuthenticationIntegrationTests.cs‎
Lines changed: 1 addition & 0 deletions b/‎ManagedCode.Orleans.Identity.Tests/AuthenticationIntegrationTests.cs‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎ManagedCode.Orleans.Identity.Tests/Cookies/CookieAuthTests.cs‎
Lines changed: 175 additions & 0 deletions b/‎ManagedCode.Orleans.Identity.Tests/Cookies/CookieAuthTests.cs‎
Lines changed: 175 additions & 0 deletions
diff --git a/‎…ns.Identity.Tests/JwtGrainFilterTests.cs‎ ‎…dentity.Tests/Jwt/JwtGrainFilterTests.cs‎ManagedCode.Orleans.Identity.Tests/JwtGrainFilterTests.cs renamed to ManagedCode.Orleans.Identity.Tests/Jwt/JwtGrainFilterTests.cs
Lines changed: 3 additions & 5 deletions b/‎…ns.Identity.Tests/JwtGrainFilterTests.cs‎ ‎…dentity.Tests/Jwt/JwtGrainFilterTests.cs‎ManagedCode.Orleans.Identity.Tests/JwtGrainFilterTests.cs renamed to ManagedCode.Orleans.Identity.Tests/Jwt/JwtGrainFilterTests.cs
Lines changed: 3 additions & 5 deletions
diff --git a/‎…rleans.Identity.Tests/JwtSignalRTests.cs‎ ‎…ns.Identity.Tests/Jwt/JwtSignalRTests.cs‎ManagedCode.Orleans.Identity.Tests/JwtSignalRTests.cs renamed to ManagedCode.Orleans.Identity.Tests/Jwt/JwtSignalRTests.cs
Lines changed: 36 additions & 12 deletions b/‎…rleans.Identity.Tests/JwtSignalRTests.cs‎ ‎…ns.Identity.Tests/Jwt/JwtSignalRTests.cs‎ManagedCode.Orleans.Identity.Tests/JwtSignalRTests.cs renamed to ManagedCode.Orleans.Identity.Tests/Jwt/JwtSignalRTests.cs
Lines changed: 36 additions & 12 deletions
@@ -11,6 +11,7 @@
 using Shouldly;
 using Xunit;
 using Xunit.Abstractions;
+using LoginRequest = ManagedCode.Orleans.Identity.Tests.Cookies.LoginRequest;
 
 namespace ManagedCode.Orleans.Identity.Tests;
 
 
@@ -0,0 +1,175 @@
+using System.Net;
+using System.Net.Http.Json;
+using ManagedCode.Orleans.Identity.Tests.Cluster;
+using ManagedCode.Orleans.Identity.Tests.Constants;
+using Shouldly;
+using Xunit;
+using Xunit.Abstractions;
+
+namespace ManagedCode.Orleans.Identity.Tests.Cookies;
+
+[Collection(nameof(TestClusterApplication))]
+public class CookieAuthTests(TestClusterApplication testApp, ITestOutputHelper outputHelper)
+    : IClassFixture<TestClusterApplication>
+{
+    private readonly ITestOutputHelper _outputHelper = outputHelper;
+
+    #region Cookie Authentication - Basic Tests
+
+    [Fact]
+    public async Task CookieAuth_WhenUserAuthenticated_ShouldAccessProtectedEndpoint()
+    {
+        // Arrange
+        var client = testApp.CreateClient();
+        await LoginWithCookie(client, "testuser");
+
+        // Act
+        var response = await client.GetAsync(TestControllerRoutes.USER_CONTROLLER_DEFAULT_ROUTE);
+        var content = await response.Content.ReadAsStringAsync();
+
+        // Assert
+        response.IsSuccessStatusCode.ShouldBeTrue();
+        content.ShouldContain("Hello, testuser!");
+    }
+
+    [Fact]
+    public async Task CookieAuth_WhenUserNotAuthenticated_ShouldReturnUnauthorized()
+    {
+        // Arrange
+        var client = testApp.CreateClient();
+
+        // Act
+        var response = await client.GetAsync(TestControllerRoutes.USER_CONTROLLER_DEFAULT_ROUTE);
+
+        // Assert
+        response.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
+    }
+
+    #endregion
+
+    #region Cookie Authentication - Role-based Tests
+
+    [Fact]
+    public async Task CookieAuth_WhenUserIsAdmin_ShouldAccessAdminEndpoint()
+    {
+        // Arrange
+        var client = testApp.CreateClient();
+        await LoginWithCookie(client, "admin");
+
+        // Act
+        var response = await client.GetAsync(TestControllerRoutes.USER_CONTROLLER_BAN);
+        var content = await response.Content.ReadAsStringAsync();
+
+        // Assert
+        response.IsSuccessStatusCode.ShouldBeTrue();
+        content.ShouldContain("User admin is banned");
+    }
+
+    [Fact]
+    public async Task CookieAuth_WhenUserIsNotAdmin_ShouldReturnForbidden()
+    {
+        // Arrange
+        var client = testApp.CreateClient();
+        await LoginWithCookie(client, "user");
+
+        // Act
+        var response = await client.GetAsync(TestControllerRoutes.USER_CONTROLLER_BAN);
+
+        // Assert
+        response.StatusCode.ShouldBe(HttpStatusCode.Forbidden);
+    }
+
+    [Fact]
+    public async Task CookieAuth_WhenUserIsModerator_ShouldAccessModeratorEndpoint()
+    {
+        // Arrange
+        var client = testApp.CreateClient();
+        await LoginWithCookie(client, "moderator");
+
+        // Act
+        var response = await client.GetAsync(TestControllerRoutes.USER_CONTROLLER_MODIFY);
+        var content = await response.Content.ReadAsStringAsync();
+
+        // Assert
+        response.IsSuccessStatusCode.ShouldBeTrue();
+        content.ShouldContain("User moderator has been modified");
+    }
+
+    [Fact]
+    public async Task CookieAuth_WhenUserIsNotModerator_ShouldReturnForbidden()
+    {
+        // Arrange
+        var client = testApp.CreateClient();
+        await LoginWithCookie(client, "user");
+
+        // Act
+        var response = await client.GetAsync(TestControllerRoutes.USER_CONTROLLER_MODIFY);
+
+        // Assert
+        response.StatusCode.ShouldBe(HttpStatusCode.Forbidden);
+    }
+
+    #endregion
+
+    #region Cookie Authentication - Public Endpoint Tests
+
+    [Fact]
+    public async Task CookieAuth_WhenUserNotAuthenticated_ShouldAccessPublicEndpoint()
+    {
+        // Arrange
+        var client = testApp.CreateClient();
+
+        // Act
+        var response = await client.GetAsync(TestControllerRoutes.USER_CONTROLLER_PUBLIC_INFO);
+        var content = await response.Content.ReadAsStringAsync();
+
+        // Assert
+        response.IsSuccessStatusCode.ShouldBeTrue();
+        content.ShouldContain("This is public information");
+    }
+
+    #endregion
+
+    #region Cookie Authentication - Logout Tests
+
+    [Fact]
+    public async Task CookieAuth_WhenUserLogsOut_ShouldNotAccessProtectedEndpoint()
+    {
+        // Arrange
+        var client = testApp.CreateClient();
+        await LoginWithCookie(client, "testuser");
+
+        // Verify user is authenticated
+        var authResponse = await client.GetAsync(TestControllerRoutes.USER_CONTROLLER_DEFAULT_ROUTE);
+        authResponse.IsSuccessStatusCode.ShouldBeTrue();
+
+        // Act - Logout
+        var logoutResponse = await client.PostAsync("/auth/logout", null);
+        logoutResponse.IsSuccessStatusCode.ShouldBeTrue();
+
+        // Act - Try to access protected endpoint
+        var response = await client.GetAsync(TestControllerRoutes.USER_CONTROLLER_DEFAULT_ROUTE);
+
+        // Assert
+        response.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
+    }
+
+    #endregion
+
+    #region Helper Methods
+
+    private async Task LoginWithCookie(HttpClient client, string username)
+    {
+        var loginRequest = new LoginRequest { Username = username };
+        var response = await client.PostAsJsonAsync("/auth/login-cookie", loginRequest);
+        
+        response.IsSuccessStatusCode.ShouldBeTrue();
+    }
+
+    #endregion
+}
+
+public class LoginRequest
+{
+    public string Username { get; set; } = string.Empty;
+} 
@@ -1,18 +1,16 @@
 using System.Net;
 using System.Net.Http.Headers;
 using System.Net.Http.Json;
-using System.Text;
-using System.Text.Json;
-using Shouldly;
 using ManagedCode.Orleans.Identity.Tests.Cluster;
 using ManagedCode.Orleans.Identity.Tests.Constants;
 using ManagedCode.Orleans.Identity.Tests.TestApp.Controllers;
 using ManagedCode.Orleans.Identity.Tests.TestApp.Services;
-using Microsoft.Extensions.DependencyInjection;
+using Shouldly;
 using Xunit;
 using Xunit.Abstractions;
+using LoginRequest = ManagedCode.Orleans.Identity.Tests.Cookies.LoginRequest;
 
-namespace ManagedCode.Orleans.Identity.Tests;
+namespace ManagedCode.Orleans.Identity.Tests.Jwt;
 
 [Collection(nameof(TestClusterApplication))]
 public class JwtGrainFilterTests
 
@@ -1,13 +1,13 @@
-using System.Net;
 using System.Net.Http.Json;
-using Shouldly;
+using ManagedCode.Orleans.Identity.Tests.Cluster;
+using ManagedCode.Orleans.Identity.Tests.TestApp.Models;
 using Microsoft.AspNetCore.SignalR;
 using Microsoft.AspNetCore.SignalR.Client;
-using ManagedCode.Orleans.Identity.Tests.Cluster;
+using Shouldly;
 using Xunit;
 using Xunit.Abstractions;
 
-namespace ManagedCode.Orleans.Identity.Tests;
+namespace ManagedCode.Orleans.Identity.Tests.Jwt;
 
 [Collection(nameof(TestClusterApplication))]
 public class JwtSignalRTests
@@ -26,19 +26,22 @@ private async Task<string> GetJwtToken(string username)
         var client = _testApp.CreateClient();
         var loginRequest = new { Username = username };
         var response = await client.PostAsJsonAsync("/auth/login", loginRequest);
-        
+
         response.IsSuccessStatusCode.ShouldBeTrue();
         var result = await response.Content.ReadFromJsonAsync<LoginResponse>();
         return result!.Token;
     }
 
-    private async Task<HubConnection> CreateSignalRConnection(string token)
+    private async Task<HubConnection> CreateSignalRConnection(string? token = null)
     {
         var connection = _testApp.CreateSignalRClient("TestAuthorizeHub", builder =>
         {
             builder.WithUrl($"{_testApp.Server.BaseAddress}TestAuthorizeHub", options =>
             {
-                options.AccessTokenProvider = () => Task.FromResult<string?>(token);
+                if (!string.IsNullOrEmpty(token))
+                {
+                    options.AccessTokenProvider = () => Task.FromResult<string?>(token);
+                }
             });
         });
 
@@ -89,6 +92,27 @@ public async Task SignalR_GetPublicInfo_WhenAuthenticated_ShouldReturnPublicInfo
             await connection.DisposeAsync();
         }
     }
+    
+    [Fact]
+    public async Task SignalR_GetPublicInfo_WhenNotAuthenticated_ShouldReturnPublicInfo()
+    {
+        // Arrange
+        var connection = await CreateSignalRConnection();
+
+        try
+        {
+            // Act
+            var result = await connection.InvokeAsync<string>("GetPublicInfo");
+
+            // Assert
+            result.ShouldNotBeNullOrEmpty();
+            result.ShouldContain("public information");
+        }
+        finally
+        {
+            await connection.DisposeAsync();
+        }
+    }
 
     [Fact]
     public async Task SignalR_GetAdminInfo_WhenAdmin_ShouldReturnSuccess()
@@ -123,9 +147,9 @@ public async Task SignalR_GetAdminInfo_WhenNotAdmin_ShouldThrowException()
         try
         {
             // Act & Assert
-            var exception = await Assert.ThrowsAsync<HubException>(() => 
+            var exception = await Assert.ThrowsAsync<HubException>(() =>
                 connection.InvokeAsync<string>("GetAdminInfo"));
-            
+
             exception.Message.ShouldContain("Failed to invoke 'GetAdminInfo' because user is unauthorized");
         }
         finally
@@ -143,9 +167,9 @@ public async Task SignalR_ConnectWithoutToken_ShouldFail()
             .Build();
 
         // Act & Assert
-        var exception = await Assert.ThrowsAsync<HttpRequestException>(() => 
+        var exception = await Assert.ThrowsAsync<HttpRequestException>(() =>
             connection.StartAsync());
-        
+
         await connection.DisposeAsync();
     }
-} 
+}