fix: stabilize mini app login and safe area
This commit is contained in:
@@ -12,6 +12,10 @@ public sealed class MiniAppDashboardTests
|
||||
Assert.Contains("/auth/telegram-webapp", miniAppPage, StringComparison.Ordinal);
|
||||
Assert.Contains("watchTelegramMiniAppLogin", miniAppPage, StringComparison.Ordinal);
|
||||
Assert.Contains("/auth/status", miniAppPage, StringComparison.Ordinal);
|
||||
Assert.Contains("miniAppAuthStatus", miniAppPage, StringComparison.Ordinal);
|
||||
Assert.Contains("telegram-webapp-missing", miniAppPage, StringComparison.Ordinal);
|
||||
Assert.Contains("telegram-init-data-empty", miniAppPage, StringComparison.Ordinal);
|
||||
Assert.Contains("telegram-auth-failed", miniAppPage, StringComparison.Ordinal);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
@@ -24,10 +28,18 @@ public sealed class MiniAppDashboardTests
|
||||
Assert.Contains("Telegram.WebApp.initData", appShell, StringComparison.Ordinal);
|
||||
Assert.Contains("window.waitForTelegramMiniAppInitData", appShell, StringComparison.Ordinal);
|
||||
Assert.Contains("window.watchTelegramMiniAppLogin", appShell, StringComparison.Ordinal);
|
||||
Assert.Contains("window.handleTelegramLogin", appShell, StringComparison.Ordinal);
|
||||
Assert.Contains("/auth/telegram-login", appShell, StringComparison.Ordinal);
|
||||
Assert.Contains("data-onauth", appShell, StringComparison.Ordinal);
|
||||
Assert.DoesNotContain("data-auth-url", appShell, StringComparison.Ordinal);
|
||||
Assert.Contains("setTimeout(resolve, 100)", appShell, StringComparison.Ordinal);
|
||||
Assert.Contains("reloadOnReturn", appShell, StringComparison.Ordinal);
|
||||
Assert.Contains("gmRelayMiniAppLoginLeftPage", appShell, StringComparison.Ordinal);
|
||||
Assert.Contains("window.location.reload()", appShell, StringComparison.Ordinal);
|
||||
Assert.Contains("syncTelegramMiniAppViewport", appShell, StringComparison.Ordinal);
|
||||
Assert.Contains("safeAreaChanged", appShell, StringComparison.Ordinal);
|
||||
Assert.Contains("contentSafeAreaChanged", appShell, StringComparison.Ordinal);
|
||||
Assert.Contains("viewportChanged", appShell, StringComparison.Ordinal);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
@@ -36,7 +48,9 @@ public sealed class MiniAppDashboardTests
|
||||
var program = await File.ReadAllTextAsync(FindRepositoryFile("src/GmRelay.Web/Program.cs"));
|
||||
|
||||
Assert.Contains("MapPost(\"/auth/telegram-webapp\"", program, StringComparison.Ordinal);
|
||||
Assert.Contains("MapPost(\"/auth/telegram-login\"", program, StringComparison.Ordinal);
|
||||
Assert.Contains("VerifyWebAppInitData", program, StringComparison.Ordinal);
|
||||
Assert.Contains("VerifyLoginPayload", program, StringComparison.Ordinal);
|
||||
Assert.Contains("MapGet(\"/auth/status\"", program, StringComparison.Ordinal);
|
||||
Assert.Contains("authenticated", program, StringComparison.Ordinal);
|
||||
}
|
||||
@@ -49,15 +63,24 @@ public sealed class MiniAppDashboardTests
|
||||
Assert.Contains("mini-app-page", css, StringComparison.Ordinal);
|
||||
Assert.Contains("mini-app-auth-card", css, StringComparison.Ordinal);
|
||||
Assert.Contains("@media (max-width: 768px)", css, StringComparison.Ordinal);
|
||||
Assert.Contains("--tg-safe-area-inset-top", css, StringComparison.Ordinal);
|
||||
Assert.Contains("--tg-content-safe-area-inset-top", css, StringComparison.Ordinal);
|
||||
Assert.Contains(".telegram-mini-app .nav-header", css, StringComparison.Ordinal);
|
||||
Assert.Contains(".telegram-mini-app .nav-toggle", css, StringComparison.Ordinal);
|
||||
Assert.Contains(".telegram-mini-app .mini-app-page", css, StringComparison.Ordinal);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task LoginPage_ShouldRefreshMiniAppAfterExternalTelegramLogin()
|
||||
public async Task LoginPage_ShouldAuthenticateMiniAppFallbackInsideCurrentWebView()
|
||||
{
|
||||
var loginPage = await File.ReadAllTextAsync(FindRepositoryFile("src/GmRelay.Web/Components/Pages/Login.razor"));
|
||||
|
||||
Assert.Contains(
|
||||
"JS.InvokeVoidAsync(\"watchTelegramMiniAppLogin\", \"/auth/status\", \"/\", true)",
|
||||
"JS.InvokeVoidAsync(\"loadTelegramWidget\", BotUsername, \"/auth/telegram-login\")",
|
||||
loginPage,
|
||||
StringComparison.Ordinal);
|
||||
Assert.Contains(
|
||||
"JS.InvokeVoidAsync(\"watchTelegramMiniAppLogin\", \"/auth/status\", \"/\", false)",
|
||||
loginPage,
|
||||
StringComparison.Ordinal);
|
||||
}
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
using System.Security.Cryptography;
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
using GmRelay.Web.Services;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
using Microsoft.Extensions.Configuration;
|
||||
@@ -135,6 +136,125 @@ public sealed class TelegramAuthServiceTests
|
||||
Assert.False(verified);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void VerifyLoginPayload_ShouldAcceptValidTelegramWidgetCallbackPayload()
|
||||
{
|
||||
const string botToken = "test-bot-token";
|
||||
var authDate = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
|
||||
var values = new Dictionary<string, string>
|
||||
{
|
||||
["auth_date"] = authDate.ToString(),
|
||||
["first_name"] = "Ada",
|
||||
["id"] = "424242",
|
||||
["last_name"] = "Lovelace",
|
||||
["photo_url"] = "https://t.me/i/userpic/320/ada.jpg",
|
||||
["username"] = "ada"
|
||||
};
|
||||
var payload = new TelegramLoginPayload(
|
||||
424242,
|
||||
"Ada",
|
||||
"Lovelace",
|
||||
"ada",
|
||||
"https://t.me/i/userpic/320/ada.jpg",
|
||||
authDate,
|
||||
ComputeTelegramHash(botToken, values));
|
||||
var service = new TelegramAuthService(CreateConfiguration(botToken));
|
||||
|
||||
var verified = service.VerifyLoginPayload(payload, out var telegramId, out var name);
|
||||
|
||||
Assert.True(verified);
|
||||
Assert.Equal(424242L, telegramId);
|
||||
Assert.Equal("Ada Lovelace", name);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void VerifyLoginPayload_ShouldRejectTamperedCallbackHash()
|
||||
{
|
||||
var payload = new TelegramLoginPayload(
|
||||
424242,
|
||||
"Ada",
|
||||
null,
|
||||
null,
|
||||
null,
|
||||
DateTimeOffset.UtcNow.ToUnixTimeSeconds(),
|
||||
"00");
|
||||
var service = new TelegramAuthService(CreateConfiguration("test-bot-token"));
|
||||
|
||||
var verified = service.VerifyLoginPayload(payload, out _, out _);
|
||||
|
||||
Assert.False(verified);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void VerifyLoginPayload_ShouldRejectExpiredCallbackPayload()
|
||||
{
|
||||
const string botToken = "test-bot-token";
|
||||
var authDate = DateTimeOffset.UtcNow.AddDays(-2).ToUnixTimeSeconds();
|
||||
var values = new Dictionary<string, string>
|
||||
{
|
||||
["auth_date"] = authDate.ToString(),
|
||||
["first_name"] = "Ada",
|
||||
["id"] = "424242"
|
||||
};
|
||||
var payload = new TelegramLoginPayload(
|
||||
424242,
|
||||
"Ada",
|
||||
null,
|
||||
null,
|
||||
null,
|
||||
authDate,
|
||||
ComputeTelegramHash(botToken, values));
|
||||
var service = new TelegramAuthService(CreateConfiguration(botToken));
|
||||
|
||||
var verified = service.VerifyLoginPayload(payload, out _, out _);
|
||||
|
||||
Assert.False(verified);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void VerifyLoginPayload_ShouldRejectMissingRequiredCallbackFields()
|
||||
{
|
||||
var payload = new TelegramLoginPayload(
|
||||
0,
|
||||
"",
|
||||
null,
|
||||
null,
|
||||
null,
|
||||
DateTimeOffset.UtcNow.ToUnixTimeSeconds(),
|
||||
"");
|
||||
var service = new TelegramAuthService(CreateConfiguration("test-bot-token"));
|
||||
|
||||
var verified = service.VerifyLoginPayload(payload, out _, out _);
|
||||
|
||||
Assert.False(verified);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void TelegramLoginPayload_ShouldDeserializeTelegramWidgetSnakeCaseJson()
|
||||
{
|
||||
var payload = JsonSerializer.Deserialize<TelegramLoginPayload>(
|
||||
"""
|
||||
{
|
||||
"id": 424242,
|
||||
"first_name": "Ada",
|
||||
"last_name": "Lovelace",
|
||||
"username": "ada",
|
||||
"photo_url": "https://t.me/i/userpic/320/ada.jpg",
|
||||
"auth_date": 1714300000,
|
||||
"hash": "abcdef"
|
||||
}
|
||||
""");
|
||||
|
||||
Assert.NotNull(payload);
|
||||
Assert.Equal(424242L, payload.Id);
|
||||
Assert.Equal("Ada", payload.FirstName);
|
||||
Assert.Equal("Lovelace", payload.LastName);
|
||||
Assert.Equal("ada", payload.Username);
|
||||
Assert.Equal("https://t.me/i/userpic/320/ada.jpg", payload.PhotoUrl);
|
||||
Assert.Equal(1714300000L, payload.AuthDate);
|
||||
Assert.Equal("abcdef", payload.Hash);
|
||||
}
|
||||
|
||||
private static IConfiguration CreateConfiguration(string botToken) =>
|
||||
new ConfigurationBuilder()
|
||||
.AddInMemoryCollection(new Dictionary<string, string?>
|
||||
|
||||
@@ -12,6 +12,19 @@ public sealed class WebStylesTests
|
||||
css);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task AppCss_ShouldReserveTelegramMiniAppSafeAreaForMobileChrome()
|
||||
{
|
||||
var appCss = await File.ReadAllTextAsync(FindRepositoryFile("src/GmRelay.Web/wwwroot/app.css"));
|
||||
Assert.Contains("--gm-tg-safe-top", appCss, StringComparison.Ordinal);
|
||||
Assert.Contains("--tg-safe-area-inset-top", appCss, StringComparison.Ordinal);
|
||||
Assert.Contains("--tg-content-safe-area-inset-top", appCss, StringComparison.Ordinal);
|
||||
Assert.Contains("env(safe-area-inset-top", appCss, StringComparison.Ordinal);
|
||||
Assert.Contains(".telegram-mini-app .content", appCss, StringComparison.Ordinal);
|
||||
Assert.Contains(".telegram-mini-app .nav-header", appCss, StringComparison.Ordinal);
|
||||
Assert.Contains(".telegram-mini-app .nav-toggle", appCss, StringComparison.Ordinal);
|
||||
}
|
||||
|
||||
private static string FindRepositoryFile(string relativePath)
|
||||
{
|
||||
var directory = new DirectoryInfo(AppContext.BaseDirectory);
|
||||
|
||||
Reference in New Issue
Block a user