diff --git a/tests/ModelContextProtocol.AspNetCore.Tests/OAuth/AuthTests.cs b/tests/ModelContextProtocol.AspNetCore.Tests/OAuth/AuthTests.cs index 331f81461..a66bf1b9d 100644 --- a/tests/ModelContextProtocol.AspNetCore.Tests/OAuth/AuthTests.cs +++ b/tests/ModelContextProtocol.AspNetCore.Tests/OAuth/AuthTests.cs @@ -893,6 +893,101 @@ public async Task ResourceMetadata_DoesNotAddTrailingSlash() transport, loggerFactory: LoggerFactory, cancellationToken: TestContext.Current.CancellationToken); } + [Fact] + public void CloneResourceMetadataClonesAllProperties() + { + var propertyNames = typeof(ProtectedResourceMetadata).GetProperties().Select(property => property.Name).ToList(); + + // Set metadata properties to non-default values to verify they're copied. + var metadata = new ProtectedResourceMetadata + { + Resource = "https://example.com/resource", + AuthorizationServers = ["https://auth1.example.com", "https://auth2.example.com"], + BearerMethodsSupported = ["header", "body", "query"], + ScopesSupported = ["read", "write", "admin"], + JwksUri = "https://example.com/.well-known/jwks.json", + ResourceSigningAlgValuesSupported = ["RS256", "ES256"], + ResourceName = "Test Resource", + ResourceDocumentation = "https://docs.example.com", + ResourcePolicyUri = "https://example.com/policy", + ResourceTosUri = "https://example.com/terms", + TlsClientCertificateBoundAccessTokens = true, + AuthorizationDetailsTypesSupported = ["payment_initiation", "account_information"], + DpopSigningAlgValuesSupported = ["RS256", "PS256"], + DpopBoundAccessTokensRequired = true + }; + + var clonedMetadata = metadata.Clone(); + + // Ensure the cloned metadata is not the same instance + Assert.NotSame(metadata, clonedMetadata); + + // Verify Resource property + Assert.Equal(metadata.Resource, clonedMetadata.Resource); + Assert.True(propertyNames.Remove(nameof(metadata.Resource))); + + // Verify AuthorizationServers list is cloned and contains the same values + Assert.NotSame(metadata.AuthorizationServers, clonedMetadata.AuthorizationServers); + Assert.Equal(metadata.AuthorizationServers, clonedMetadata.AuthorizationServers); + Assert.True(propertyNames.Remove(nameof(metadata.AuthorizationServers))); + + // Verify BearerMethodsSupported list is cloned and contains the same values + Assert.NotSame(metadata.BearerMethodsSupported, clonedMetadata.BearerMethodsSupported); + Assert.Equal(metadata.BearerMethodsSupported, clonedMetadata.BearerMethodsSupported); + Assert.True(propertyNames.Remove(nameof(metadata.BearerMethodsSupported))); + + // Verify ScopesSupported list is cloned and contains the same values + Assert.NotSame(metadata.ScopesSupported, clonedMetadata.ScopesSupported); + Assert.Equal(metadata.ScopesSupported, clonedMetadata.ScopesSupported); + Assert.True(propertyNames.Remove(nameof(metadata.ScopesSupported))); + + // Verify JwksUri property + Assert.Equal(metadata.JwksUri, clonedMetadata.JwksUri); + Assert.True(propertyNames.Remove(nameof(metadata.JwksUri))); + + // Verify ResourceSigningAlgValuesSupported list is cloned (nullable list) + Assert.NotSame(metadata.ResourceSigningAlgValuesSupported, clonedMetadata.ResourceSigningAlgValuesSupported); + Assert.Equal(metadata.ResourceSigningAlgValuesSupported, clonedMetadata.ResourceSigningAlgValuesSupported); + Assert.True(propertyNames.Remove(nameof(metadata.ResourceSigningAlgValuesSupported))); + + // Verify ResourceName property + Assert.Equal(metadata.ResourceName, clonedMetadata.ResourceName); + Assert.True(propertyNames.Remove(nameof(metadata.ResourceName))); + + // Verify ResourceDocumentation property + Assert.Equal(metadata.ResourceDocumentation, clonedMetadata.ResourceDocumentation); + Assert.True(propertyNames.Remove(nameof(metadata.ResourceDocumentation))); + + // Verify ResourcePolicyUri property + Assert.Equal(metadata.ResourcePolicyUri, clonedMetadata.ResourcePolicyUri); + Assert.True(propertyNames.Remove(nameof(metadata.ResourcePolicyUri))); + + // Verify ResourceTosUri property + Assert.Equal(metadata.ResourceTosUri, clonedMetadata.ResourceTosUri); + Assert.True(propertyNames.Remove(nameof(metadata.ResourceTosUri))); + + // Verify TlsClientCertificateBoundAccessTokens property + Assert.Equal(metadata.TlsClientCertificateBoundAccessTokens, clonedMetadata.TlsClientCertificateBoundAccessTokens); + Assert.True(propertyNames.Remove(nameof(metadata.TlsClientCertificateBoundAccessTokens))); + + // Verify AuthorizationDetailsTypesSupported list is cloned (nullable list) + Assert.NotSame(metadata.AuthorizationDetailsTypesSupported, clonedMetadata.AuthorizationDetailsTypesSupported); + Assert.Equal(metadata.AuthorizationDetailsTypesSupported, clonedMetadata.AuthorizationDetailsTypesSupported); + Assert.True(propertyNames.Remove(nameof(metadata.AuthorizationDetailsTypesSupported))); + + // Verify DpopSigningAlgValuesSupported list is cloned (nullable list) + Assert.NotSame(metadata.DpopSigningAlgValuesSupported, clonedMetadata.DpopSigningAlgValuesSupported); + Assert.Equal(metadata.DpopSigningAlgValuesSupported, clonedMetadata.DpopSigningAlgValuesSupported); + Assert.True(propertyNames.Remove(nameof(metadata.DpopSigningAlgValuesSupported))); + + // Verify DpopBoundAccessTokensRequired property + Assert.Equal(metadata.DpopBoundAccessTokensRequired, clonedMetadata.DpopBoundAccessTokensRequired); + Assert.True(propertyNames.Remove(nameof(metadata.DpopBoundAccessTokensRequired))); + + // Ensure we've checked every property. When new properties get added, we'll have to update this test along with the Clone implementation. + Assert.Empty(propertyNames); + } + [Fact] public async Task ResourceMetadata_PreservesExplicitTrailingSlash() {