[TEST] Unit tests for LinkedIn token auto-refresh (maintain ≥80% coverage)

[artcava]

Overview

Add unit tests for all new classes introduced by the LinkedIn token auto-refresh feature, ensuring the project maintains the ≥ 80% line coverage target defined in tests/README.md.

Depends on: #56 #57 #58 #60

---

New Classes to Cover

Class	Test File	Priority
KeyVaultService	tests/Services/KeyVaultServiceTests.cs	High
LinkedInAuthService	tests/Services/LinkedInAuthServiceTests.cs	High
LinkedInTokenRefresherFunction	tests/Functions/LinkedInTokenRefresherFunctionTests.cs	High
LinkedInTokenExpiryWarningFunction	tests/Functions/LinkedInTokenExpiryWarningFunctionTests.cs	Medium

---

Test Cases — KeyVaultService

GetSecretAsync_WhenSecretExists_ReturnsValue
GetSecretAsync_WhenSecretNotFound_ThrowsKeyVaultException
SetSecretAsync_WhenCalledWithValidValue_UpdatesSecret
SetSecretAsync_WhenKeyVaultUnreachable_ThrowsException

Note: KeyVaultService wraps SecretClient (Azure SDK). Use constructor injection with a mocked SecretClient or abstract it behind a thin wrapper to keep it testable without real Azure credentials.

---

Test Cases — LinkedInAuthService

RefreshTokenAsync_WhenRefreshTokenIsValid_ReturnsNewAccessToken
RefreshTokenAsync_WhenResponseIncludesNewRefreshToken_ReturnsBothTokens
RefreshTokenAsync_WhenResponseHasNoRefreshToken_ReturnsEmptyRefreshToken
RefreshTokenAsync_WhenLinkedInReturns401_ThrowsUnauthorizedException
RefreshTokenAsync_WhenLinkedInReturns400_ThrowsBadRequestException
RefreshTokenAsync_WhenNetworkFails_ThrowsHttpRequestException

Mock HttpClient via HttpMessageHandler substitution (Moq pattern already used in the project).

---

Test Cases — LinkedInTokenRefresherFunction

Run_WhenRefreshSucceeds_UpdatesAccessTokenInKeyVault
Run_WhenRefreshSucceeds_AndNewRefreshTokenReturned_UpdatesRefreshTokenInKeyVault
Run_WhenRefreshSucceeds_AndNoNewRefreshToken_DoesNotOverwriteRefreshToken
Run_WhenLinkedInAuthServiceThrows_LogsErrorWithSeverityLevel3
Run_WhenKeyVaultSetSecretThrows_LogsErrorWithSeverityLevel3

Mock ILinkedInAuthService, IKeyVaultService, and ILogger<LinkedInTokenRefresherFunction>.

---

Test Cases — LinkedInTokenExpiryWarningFunction

Run_WhenRefreshTokenExpiresInMoreThan15Days_DoesNotLogWarning
Run_WhenRefreshTokenExpiresInLessThan15Days_LogsWarning
Run_WhenRefreshTokenExpiryIsNull_LogsWarning
Run_WhenKeyVaultUnreachable_LogsError

---

Coverage Enforcement

Currently coverage is collected in CI but not enforced as a build gate. Consider adding a threshold check to the dotnet test command in .github/workflows/master_xposterfunction.yml:

- name: Run tests with coverage
  run: >
    dotnet test
    --collect:"XPlat Code Coverage"
    /p:CoverletOutputFormat=cobertura
    /p:Threshold=80
    /p:ThresholdType=line
    /p:ThresholdStat=total

This makes the CI pipeline fail if coverage drops below 80%, preventing regressions.

This enforcement step is in scope for this issue — add it once all new tests are green.

---

Acceptance Criteria

• All test cases listed above are implemented and pass
• dotnet test with coverage reports ≥ 80% line coverage overall
• No real HTTP calls or Azure credentials used in unit tests
• Test method names follow MethodName_Condition_ExpectedResult convention (see tests/README.md)
• CI pipeline enforces the 80% threshold via /p:Threshold=80

References

• tests/README.md — Coverage Target
• Issue [DEV] Implement KeyVaultService abstraction #56 — KeyVaultService
• Issue [DEV] Implement LinkedInAuthService (token refresh logic) #57 — LinkedInAuthService
• Issue [DEV] Implement LinkedInTokenRefresherFunction (timer trigger) #58 — LinkedInTokenRefresherFunction
• Issue [OPS] Add token expiry warning mechanism (defense in depth) #60 — LinkedInTokenExpiryWarningFunction

[github-actions]

👋 Thanks for opening this issue! A maintainer will review it soon and label it as approved if it can proceed to development.

[artcava]

Deferred (test classes) — CI threshold implemented separately

Unit tests — deferred

All four test classes (KeyVaultServiceTests, LinkedInAuthServiceTests, LinkedInTokenRefresherFunctionTests, LinkedInTokenExpiryWarningFunctionTests) depend on the implementation issues #56, #57, #58, and #60, which are deferred pending availability of a valid LinkedIn refresh_token.

See #56 for the full reasoning.

CI coverage threshold — implemented now

The 80% line coverage enforcement via /p:Threshold=80 in the CI pipeline is independent of the refresh token chain and will be implemented in a dedicated PR on develop. This prevents coverage regressions regardless of when the new test classes are added.