Several improvements to to the Tests

- nullability
- no more .wait()
- general cleanups

bff/samples/Hosts.Tests/TestInfra/AppHostFixture.cs

@@ -1,6 +1,10 @@
 using Aspire.Hosting;
 using Microsoft.Extensions.Logging;
+
+#if !DEBUG_NCRUNCH
 using Projects;
+#endif
+
 using Serilog;
 using Serilog.Core;
 using Serilog.Extensions.Logging;

bff/test/Duende.Bff.Blazor.Client.UnitTests/Duende.Bff.Blazor.Client.UnitTests.csproj

@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
     <TargetFramework>net8.0</TargetFramework>
@@ -7,6 +7,7 @@
 
     <IsPackable>false</IsPackable>
     <IsTestProject>true</IsTestProject>
+    <TreatWarningsAsErrors>True</TreatWarningsAsErrors>
   </PropertyGroup>
 
   <ItemGroup>

bff/test/Duende.Bff.Blazor.UnitTests/Duende.Bff.Blazor.UnitTests.csproj

@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
     <TargetFramework>net8.0</TargetFramework>
@@ -7,6 +7,7 @@
 
     <IsPackable>false</IsPackable>
     <IsTestProject>true</IsTestProject>
+    <TreatWarningsAsErrors>True</TreatWarningsAsErrors>
   </PropertyGroup>
 
   <ItemGroup>

bff/test/Duende.Bff.EntityFramework.Tests/Duende.Bff.EntityFramework.Tests.csproj

@@ -1,6 +1,8 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
     <PropertyGroup>
         <TargetFrameworks>net8.0;net9.0</TargetFrameworks>
+        <Nullable>enable</Nullable>
+        <TreatWarningsAsErrors>True</TreatWarningsAsErrors>
     </PropertyGroup>
 
     <ItemGroup>

bff/test/Duende.Bff.Tests/Duende.Bff.Tests.csproj

@@ -1,31 +1,33 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
-  <PropertyGroup>
-    <TargetFrameworks>net8.0;net9.0</TargetFrameworks>
-  </PropertyGroup>
+    <PropertyGroup>
+        <TargetFrameworks>net8.0;net9.0</TargetFrameworks>
+        <Nullable>enable</Nullable>
+        <TreatWarningsAsErrors>True</TreatWarningsAsErrors>
+    </PropertyGroup>
 
-  <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" />
-    <PackageReference Include="Shouldly"/>
-    <PackageReference Include="xunit" />
-    <PackageReference Include="xunit.runner.visualstudio">
-      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
-      <PrivateAssets>all</PrivateAssets>
-    </PackageReference>
-    <PackageReference Include="coverlet.collector">
-      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
-      <PrivateAssets>all</PrivateAssets>
-    </PackageReference>
-
-    <PackageReference Include="Duende.IdentityServer" />
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" />
-    <PackageReference Include="Microsoft.AspNetCore.TestHost" />
-    <PackageReference Include="Microsoft.Extensions.TimeProvider.Testing" />
-  </ItemGroup>
+    <ItemGroup>
+        <PackageReference Include="Microsoft.NET.Test.Sdk" />
+        <PackageReference Include="Shouldly"/>
+        <PackageReference Include="xunit" />
+        <PackageReference Include="xunit.runner.visualstudio">
+            <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+            <PrivateAssets>all</PrivateAssets>
+        </PackageReference>
+        <PackageReference Include="coverlet.collector">
+            <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+            <PrivateAssets>all</PrivateAssets>
+        </PackageReference>
 
-  <ItemGroup>
-    <ProjectReference Include="..\..\src\Duende.Bff\Duende.Bff.csproj" />
-    <ProjectReference Include="..\..\src\Duende.Bff.Yarp\Duende.Bff.Yarp.csproj" />
-  </ItemGroup>
+        <PackageReference Include="Duende.IdentityServer" />
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" />
+        <PackageReference Include="Microsoft.AspNetCore.TestHost" />
+        <PackageReference Include="Microsoft.Extensions.TimeProvider.Testing" />
+    </ItemGroup>
+
+    <ItemGroup>
+        <ProjectReference Include="..\..\src\Duende.Bff\Duende.Bff.csproj" />
+        <ProjectReference Include="..\..\src\Duende.Bff.Yarp\Duende.Bff.Yarp.csproj" />
+    </ItemGroup>
 
 </Project>

bff/test/Duende.Bff.Tests/Endpoints/LocalEndpointTests.cs

@@ -6,8 +6,7 @@
 using Microsoft.Extensions.DependencyInjection;
 using System.Net;
 using System.Net.Http;
-using System.Text;
-using System.Text.Json;
+using System.Net.Http.Json;
 using System.Threading.Tasks;
 using Shouldly;
 using Xunit;
@@ -22,44 +21,36 @@ public async Task calls_to_authorized_local_endpoint_should_succeed()
         {
             await BffHost.BffLoginAsync("alice");
 
-            var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/local_authz"));
-            req.Headers.Add("x-csrf", "1");
-            var response = await BffHost.BrowserClient.SendAsync(req);
+            var apiResult = await BffHost.BrowserClient.CallBffHostApi(
+                url: BffHost.Url("/local_authz")
+            );
 
-            response.IsSuccessStatusCode.ShouldBeTrue();
-            response.Content.Headers.ContentType.MediaType.ShouldBe("application/json");
-            var json = await response.Content.ReadAsStringAsync();
-            var apiResult = JsonSerializer.Deserialize<ApiResponse>(json);
             apiResult.Method.ShouldBe("GET");
             apiResult.Path.ShouldBe("/local_authz");
             apiResult.Sub.ShouldBe("alice");
         }
-        
+
         [Fact]
         public async Task calls_to_authorized_local_endpoint_without_csrf_should_succeed_without_antiforgery_header()
         {
             await BffHost.BffLoginAsync("alice");
 
-            var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/local_authz_no_csrf"));
-            var response = await BffHost.BrowserClient.SendAsync(req);
+            var apiResult = await BffHost.BrowserClient.CallBffHostApi(
+                url: BffHost.Url("/local_authz_no_csrf")
+            );
 
-            response.IsSuccessStatusCode.ShouldBeTrue();
-            response.Content.Headers.ContentType.MediaType.ShouldBe("application/json");
-            var json = await response.Content.ReadAsStringAsync();
-            var apiResult = JsonSerializer.Deserialize<ApiResponse>(json);
             apiResult.Method.ShouldBe("GET");
             apiResult.Path.ShouldBe("/local_authz_no_csrf");
             apiResult.Sub.ShouldBe("alice");
         }
-        
+
         [Fact]
         public async Task unauthenticated_calls_to_authorized_local_endpoint_should_fail()
         {
-            var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/local_authz"));
-            req.Headers.Add("x-csrf", "1");
-            var response = await BffHost.BrowserClient.SendAsync(req);
-
-            response.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
+            var response = await BffHost.BrowserClient.CallBffHostApi(
+                url: BffHost.Url("/local_authz"),
+                expectedStatusCode: HttpStatusCode.Unauthorized
+            );
         }
 
         [Fact]
@@ -70,27 +61,24 @@ public async Task calls_to_local_endpoint_should_require_antiforgery_header()
 
             response.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
         }
-
+
+
         [Fact]
         public async Task calls_to_local_endpoint_without_csrf_should_not_require_antiforgery_header()
         {
-            var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/local_anon_no_csrf"));
-            var response = await BffHost.BrowserClient.SendAsync(req);
-
-            response.StatusCode.ShouldBe(HttpStatusCode.OK);
+            var response = await BffHost.BrowserClient.CallBffHostApi(
+                url: BffHost.Url("/local_anon_no_csrf"),
+                expectedStatusCode: HttpStatusCode.OK
+            );
         }
 
         [Fact]
         public async Task calls_to_anon_endpoint_should_allow_anonymous()
         {
-            var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/local_anon"));
-            req.Headers.Add("x-csrf", "1");
-            var response = await BffHost.BrowserClient.SendAsync(req);
+            var apiResult = await BffHost.BrowserClient.CallBffHostApi(
+                url: BffHost.Url("/local_anon")
+            );
 
-            response.IsSuccessStatusCode.ShouldBeTrue();
-            response.Content.Headers.ContentType.MediaType.ShouldBe("application/json");
-            var json = await response.Content.ReadAsStringAsync();
-            var apiResult = JsonSerializer.Deserialize<ApiResponse>(json);
             apiResult.Method.ShouldBe("GET");
             apiResult.Path.ShouldBe("/local_anon");
             apiResult.Sub.ShouldBeNull();
@@ -101,20 +89,17 @@ public async Task put_to_local_endpoint_should_succeed()
         {
             await BffHost.BffLoginAsync("alice");
 
-            var req = new HttpRequestMessage(HttpMethod.Put, BffHost.Url("/local_authz"));
-            req.Headers.Add("x-csrf", "1");
-            req.Content = new StringContent(JsonSerializer.Serialize(new TestPayload("hello test api")), Encoding.UTF8, "application/json");
-            var response = await BffHost.BrowserClient.SendAsync(req);
+            var apiResult = await BffHost.BrowserClient.CallBffHostApi(
+                url: BffHost.Url("/local_authz"),
+                method: HttpMethod.Put,
+                content: JsonContent.Create(new TestPayload("hello test api"))
+            );
 
-            response.IsSuccessStatusCode.ShouldBeTrue();
-            response.Content.Headers.ContentType.MediaType.ShouldBe("application/json");
-            var json = await response.Content.ReadAsStringAsync();
-            var apiResult = JsonSerializer.Deserialize<ApiResponse>(json);
             apiResult.Method.ShouldBe("PUT");
             apiResult.Path.ShouldBe("/local_authz");
             apiResult.Sub.ShouldBe("alice");
-            var body = JsonSerializer.Deserialize<TestPayload>(apiResult.Body);
-            body.Message.ShouldBe("hello test api");
+            var body = apiResult.BodyAs<TestPayload>();
+            body.Message.ShouldBe("hello test api", apiResult.Body);
         }
 
         [Fact]
@@ -125,29 +110,31 @@ public async Task unauthenticated_non_bff_endpoint_should_return_302_for_login()
             var response = await BffHost.BrowserClient.SendAsync(req);
 
             response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
-            response.Headers.Location.ToString().ToLowerInvariant().ShouldStartWith(IdentityServerHost.Url("/connect/authorize"));
+            response.Headers.Location
+                .ShouldNotBeNull()
+                .ToString()
+                .ToLowerInvariant()
+                .ShouldStartWith(IdentityServerHost.Url("/connect/authorize"));
         }
 
         [Fact]
         public async Task unauthenticated_api_call_should_return_401()
         {
-            var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/always_fail_authz"));
-            req.Headers.Add("x-csrf", "1");
-            var response = await BffHost.BrowserClient.SendAsync(req);
-
-            response.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
+            var response = await BffHost.BrowserClient.CallBffHostApi(
+                url: BffHost.Url("/always_fail_authz"),
+                expectedStatusCode: HttpStatusCode.Unauthorized
+            );
         }
-        
+
         [Fact]
         public async Task forbidden_api_call_should_return_403()
         {
             await BffHost.BffLoginAsync("alice");
 
-            var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/always_fail_authz"));
-            req.Headers.Add("x-csrf", "1");
-            var response = await BffHost.BrowserClient.SendAsync(req);
-
-            response.StatusCode.ShouldBe(HttpStatusCode.Forbidden);
+            var response = await BffHost.BrowserClient.CallBffHostApi(
+                url: BffHost.Url("/always_fail_authz"),
+                expectedStatusCode: HttpStatusCode.Forbidden
+            );
         }
 
         [Fact]
@@ -156,11 +143,10 @@ public async Task challenge_response_should_return_401()
             await BffHost.BffLoginAsync("alice");
             BffHost.LocalApiResponseStatus = BffHost.ResponseStatus.Challenge;
 
-            var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/local_authz"));
-            req.Headers.Add("x-csrf", "1");
-            var response = await BffHost.BrowserClient.SendAsync(req);
-
-            response.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
+            var response = await BffHost.BrowserClient.CallBffHostApi(
+                url: BffHost.Url("/local_authz"),
+                expectedStatusCode: HttpStatusCode.Unauthorized
+            );
         }
 
         [Fact]
@@ -169,11 +155,10 @@ public async Task forbid_response_should_return_403()
             await BffHost.BffLoginAsync("alice");
             BffHost.LocalApiResponseStatus = BffHost.ResponseStatus.Forbid;
 
-            var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/local_authz"));
-            req.Headers.Add("x-csrf", "1");
-            var response = await BffHost.BrowserClient.SendAsync(req);
-
-            response.StatusCode.ShouldBe(HttpStatusCode.Forbidden);
+            var response = await BffHost.BrowserClient.CallBffHostApi(
+                url: BffHost.Url("/local_authz"),
+                expectedStatusCode: HttpStatusCode.Forbidden
+            );
         }
 
         [Fact]
@@ -182,21 +167,20 @@ public async Task challenge_response_when_response_handling_skipped_should_trigg
             await BffHost.BffLoginAsync("alice");
             BffHost.LocalApiResponseStatus = BffHost.ResponseStatus.Challenge;
 
-            var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/local_anon_no_csrf_no_response_handling"));
-            var response = await BffHost.BrowserClient.SendAsync(req);
-
-            response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            var response = await BffHost.BrowserClient.CallBffHostApi(
+                url: BffHost.Url("/local_anon_no_csrf_no_response_handling"),
+                expectedStatusCode: HttpStatusCode.Redirect
+            );
         }
 
-
         [Fact]
         public async Task fallback_policy_should_not_fail()
         {
             BffHost.OnConfigureServices += svcs =>
             {
                 svcs.AddAuthorization(opts =>
-                { 
-                    opts.FallbackPolicy = 
+                {
+                    opts.FallbackPolicy =
                         new Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder()
                         .RequireAuthenticatedUser()
                         .Build();
@@ -208,4 +192,4 @@ public async Task fallback_policy_should_not_fail()
             response.StatusCode.ShouldNotBe(HttpStatusCode.InternalServerError);
         }
     }
-}
+}