public async Task WhenPasswordChangeRequired_RequirePasswordChangeTrue()
{
var username = "******" + TEST_DOMAIN;
var userId = await AddUserIfNotExistsAsync(username, c => c.RequirePasswordChange = true);
var query = new AuthenticateUserCredentialsQuery()
{
UserAreaCode = TestUserArea1.Code,
Username = username,
Password = VALID_PASSWORD
};
UserCredentialsAuthenticationResult result;
using var app = _appFactory.Create();
var repository = app.Services.GetService <IDomainRepository>();
result = await repository.ExecuteQueryAsync(query);
using (new AssertionScope())
{
result.Should().NotBeNull();
result.User.Should().NotBeNull();
result.User.UserId.Should().Be(userId);
result.IsSuccess.Should().BeTrue();
result.Error.Should().BeNull();
result.User.RequirePasswordChange.Should().BeTrue();
}
}
public async Task WhenValid_Maps()
{
var userId = await AddUserIfNotExistsAsync();
var query = new AuthenticateUserCredentialsQuery()
{
UserAreaCode = TestUserArea1.Code,
Username = VALID_USERNAME,
Password = VALID_PASSWORD
};
using var app = _appFactory.Create();
var repository = app.Services.GetService <IDomainRepository>();
var result = await repository.ExecuteQueryAsync(query);
using (new AssertionScope())
{
result.Should().NotBeNull();
result.User.Should().NotBeNull();
result.User.UserId.Should().Be(userId);
result.User.UserAreaCode.Should().Be(TestUserArea1.Code);
result.IsSuccess.Should().BeTrue();
result.Error.Should().BeNull();
// Non-defaults for these props are covered in other tests
result.User.RequirePasswordChange.Should().BeFalse();
result.User.IsAccountVerified.Should().BeFalse();
}
}
public async Task WhenIncorrectUserArea_ReturnsInvalidCredentials()
{
await AddUserIfNotExistsAsync();
var query = new AuthenticateUserCredentialsQuery()
{
UserAreaCode = TestUserArea2.Code,
Username = VALID_USERNAME,
Password = VALID_PASSWORD
};
UserCredentialsAuthenticationResult result;
using (var app = _appFactory.Create())
{
var repository = app.Services.GetService <IDomainRepository>();
result = await repository.ExecuteQueryAsync(query);
}
using (new AssertionScope())
{
result.Should().NotBeNull();
result.User.Should().BeNull();
result.IsSuccess.Should().BeFalse();
result.Error.ErrorCode.Should().Be(UserValidationErrors.Authentication.InvalidCredentials.ErrorCode);
}
}
public async Task WhenOldPasswordHash_PasswordRehashed()
{
var username = "******" + TEST_DOMAIN;
var userId = await AddUserIfNotExistsAsync(username);
string oldHash;
using (var app = _appFactory.Create())
{
var dbContext = app.Services.GetService <CofoundryDbContext>();
var user = await dbContext
.Users
.SingleAsync(u => u.UserId == userId);
user.Password = Defuse.PasswordCryptographyV2.CreateHash(VALID_PASSWORD);
user.PasswordHashVersion = (int)PasswordHashVersion.V2;
oldHash = user.Password;
await dbContext.SaveChangesAsync();
}
var query = new AuthenticateUserCredentialsQuery()
{
UserAreaCode = TestUserArea1.Code,
Username = username,
Password = VALID_PASSWORD
};
UserCredentialsAuthenticationResult result;
User updatedUser;
using (var app = _appFactory.Create())
{
var repository = app.Services.GetService <IDomainRepository>();
var dbContext = app.Services.GetService <CofoundryDbContext>();
result = await repository.ExecuteQueryAsync(query);
updatedUser = await dbContext
.Users
.FilterById(userId)
.SingleAsync();
}
using (new AssertionScope())
{
result.Should().NotBeNull();
result.IsSuccess.Should().BeTrue();
result.Error.Should().BeNull();
updatedUser.Password.Should().NotBe(oldHash);
}
}
public async Task WhenSystemUser_ReturnsInvalidCredentials()
{
// Set the system user password to a known value, as it is
// set randomly during installation
using (var app = _appFactory.Create())
{
var dbContext = app.Services.GetService <CofoundryDbContext>();
var passwordCryptographyService = app.Services.GetService <IPasswordCryptographyService>();
var systemUser = await dbContext
.Users
.SingleAsync(u => u.IsSystemAccount);
var hash = passwordCryptographyService.CreateHash(VALID_PASSWORD);
systemUser.Password = hash.Hash;
systemUser.PasswordHashVersion = hash.HashVersion;
await dbContext.SaveChangesAsync();
}
var query = new AuthenticateUserCredentialsQuery()
{
UserAreaCode = CofoundryAdminUserArea.Code,
Username = "******",
Password = VALID_PASSWORD
};
UserCredentialsAuthenticationResult result;
using (var app = _appFactory.Create())
{
var repository = app.Services.GetService <IDomainRepository>();
result = await repository.ExecuteQueryAsync(query);
}
using (new AssertionScope())
{
result.Should().NotBeNull();
result.User.Should().BeNull();
result.IsSuccess.Should().BeFalse();
result.Error.ErrorCode.Should().Be(UserValidationErrors.Authentication.InvalidCredentials.ErrorCode);
}
}
public async Task WhenPasswordInvalid_SendsMessage()
{
await AddUserIfNotExistsAsync();
using var app = _appFactory.Create();
var repository = app.Services.GetService <IDomainRepository>();
var query = new AuthenticateUserCredentialsQuery()
{
UserAreaCode = TestUserArea1.Code,
Username = VALID_USERNAME,
Password = "******"
};
await repository.ExecuteQueryAsync(query);
app.Mocks
.CountMessagesPublished <UserAuthenticationFailedMessage>(m =>
{
return(m.Username == VALID_USERNAME.ToLowerInvariant() && m.UserAreaCode == TestUserArea1.Code);
})
.Should().Be(1);
}
public async Task WhenUsernameNotExists_ReturnsInvalidCredentialsError(string username)
{
await AddUserIfNotExistsAsync();
var query = new AuthenticateUserCredentialsQuery()
{
UserAreaCode = CofoundryAdminUserArea.Code,
Username = username,
Password = VALID_PASSWORD
};
using var app = _appFactory.Create();
var repository = app.Services.GetService <IDomainRepository>();
var result = await repository.ExecuteQueryAsync(query);
using (new AssertionScope())
{
result.Should().NotBeNull();
result.User.Should().BeNull();
result.IsSuccess.Should().BeFalse();
result.Error.ErrorCode.Should().Be(UserValidationErrors.Authentication.InvalidCredentials.ErrorCode);
}
}
public async Task WhenDeletedUser_ReturnsInvalidCredentials()
{
var username = "******" + TEST_DOMAIN;
var userId = await AddUserIfNotExistsAsync(username);
using (var app = _appFactory.Create())
{
var repository = app.Services.GetService <IDomainRepository>();
await repository
.WithElevatedPermissions()
.ExecuteCommandAsync(new DeleteUserCommand(userId));
}
var query = new AuthenticateUserCredentialsQuery()
{
UserAreaCode = CofoundryAdminUserArea.Code,
Username = username,
Password = VALID_PASSWORD
};
UserCredentialsAuthenticationResult result;
using (var app = _appFactory.Create())
{
var repository = app.Services.GetService <IDomainRepository>();
result = await repository.ExecuteQueryAsync(query);
}
using (new AssertionScope())
{
result.Should().NotBeNull();
result.User.Should().BeNull();
result.IsSuccess.Should().BeFalse();
result.Error.ErrorCode.Should().Be(UserValidationErrors.Authentication.InvalidCredentials.ErrorCode);
}
}
public IDomainRepositoryQueryContext <UserCredentialsAuthenticationResult> AuthenticateCredentials(AuthenticateUserCredentialsQuery query)
{
return(DomainRepositoryQueryContextFactory.Create(query, ExtendableContentRepository));
}
