public void Create_WhenCalled_CreatesUser() { // Arrange var (passwordHash, passwordSalt) = _passwordHelper.CreateHash("test_password"); var user = new User { FirstName = "test first name", LastName = "test last name", Username = "******", PasswordHash = passwordHash, PasswordSalt = passwordSalt }; // Act var response = _service.Create(user, "test_password"); // Assert Assert.Equal(user.Username, response.Username); Assert.Equal(user.FirstName, response.FirstName); Assert.Equal(user.LastName, response.LastName); var userFromDb = _db.Users.Single(x => x.Username == user.Username); Assert.Equal(user.Username, userFromDb.Username); Assert.Equal(user.FirstName, userFromDb.FirstName); Assert.Equal(user.LastName, userFromDb.LastName); Assert.True(_passwordHelper.VerifyHash("test_password", userFromDb.PasswordHash, userFromDb.PasswordSalt)); }
/// <inheritdoc /> public async Task <Dto.AuthenticateAsync.ResponseDto> AuthenticateAsync(Dto.AuthenticateAsync.RequestDto dto) { var user = await _db.Users.SingleOrDefaultAsync(x => x.Username == dto.Username && x.IsActive); // Check if the username exists. if (user == null) { throw new EntityNotFoundException(_l["Username is incorrect."]); } // Check for too many failed login attempts. if (user.LoginFailedAt != null) { var secondsPassed = DateTime.UtcNow.Subtract(user.LoginFailedAt.GetValueOrDefault()).Seconds; var isMaxCountExceeded = user.LoginFailedCount >= _appSettings.MaxLoginFailedCount; var isWaitingTimePassed = secondsPassed > _appSettings.LoginFailedWaitingTime; if (isMaxCountExceeded && !isWaitingTimePassed) { var secondsToWait = _appSettings.LoginFailedWaitingTime - secondsPassed; throw new TooManyFailedLoginAttemptsException(string.Format( _l["You must wait for {0} seconds before you try to log in again."], secondsToWait)); } } // Check if password is correct. if (!_passwordHelper.VerifyHash(dto.Password, user.PasswordHash, user.PasswordSalt)) { user.LoginFailedCount += 1; user.LoginFailedAt = DateTime.UtcNow; await _db.SaveChangesAsync(); throw new IncorrectPasswordException(_l["Password is incorrect."]); } // Authentication successful. user.LoginFailedCount = 0; user.LoginFailedAt = null; user.LastLoginAt = DateTime.UtcNow; await _db.SaveChangesAsync(); return(new Dto.AuthenticateAsync.ResponseDto { Id = user.Id, Username = user.Username, GivenName = user.GivenName, FamilyName = user.FamilyName, Email = user.Email, Token = CreateToken(user.Id.ToString()) }); }