Beispiel #1
0
        public void Create_WhenCalled_CreatesUser()
        {
            // Arrange
            var (passwordHash, passwordSalt) = _passwordHelper.CreateHash("test_password");

            var user = new User
            {
                FirstName = "test first name",
                LastName = "test last name",
                Username = "******",
                PasswordHash = passwordHash,
                PasswordSalt = passwordSalt
            };

            // Act
            var response = _service.Create(user, "test_password");

            // Assert
            Assert.Equal(user.Username, response.Username);
            Assert.Equal(user.FirstName, response.FirstName);
            Assert.Equal(user.LastName, response.LastName);

            var userFromDb = _db.Users.Single(x => x.Username == user.Username);
            Assert.Equal(user.Username, userFromDb.Username);
            Assert.Equal(user.FirstName, userFromDb.FirstName);
            Assert.Equal(user.LastName, userFromDb.LastName);
            Assert.True(_passwordHelper.VerifyHash("test_password", userFromDb.PasswordHash, userFromDb.PasswordSalt));
        }
Beispiel #2
0
        /// <inheritdoc />
        public async Task <Dto.AuthenticateAsync.ResponseDto> AuthenticateAsync(Dto.AuthenticateAsync.RequestDto dto)
        {
            var user = await _db.Users.SingleOrDefaultAsync(x => x.Username == dto.Username && x.IsActive);

            // Check if the username exists.
            if (user == null)
            {
                throw new EntityNotFoundException(_l["Username is incorrect."]);
            }

            // Check for too many failed login attempts.
            if (user.LoginFailedAt != null)
            {
                var secondsPassed = DateTime.UtcNow.Subtract(user.LoginFailedAt.GetValueOrDefault()).Seconds;

                var isMaxCountExceeded  = user.LoginFailedCount >= _appSettings.MaxLoginFailedCount;
                var isWaitingTimePassed = secondsPassed > _appSettings.LoginFailedWaitingTime;

                if (isMaxCountExceeded && !isWaitingTimePassed)
                {
                    var secondsToWait = _appSettings.LoginFailedWaitingTime - secondsPassed;
                    throw new TooManyFailedLoginAttemptsException(string.Format(
                                                                      _l["You must wait for {0} seconds before you try to log in again."], secondsToWait));
                }
            }

            // Check if password is correct.
            if (!_passwordHelper.VerifyHash(dto.Password, user.PasswordHash, user.PasswordSalt))
            {
                user.LoginFailedCount += 1;
                user.LoginFailedAt     = DateTime.UtcNow;
                await _db.SaveChangesAsync();

                throw new IncorrectPasswordException(_l["Password is incorrect."]);
            }

            // Authentication successful.
            user.LoginFailedCount = 0;
            user.LoginFailedAt    = null;
            user.LastLoginAt      = DateTime.UtcNow;
            await _db.SaveChangesAsync();

            return(new Dto.AuthenticateAsync.ResponseDto
            {
                Id = user.Id,
                Username = user.Username,
                GivenName = user.GivenName,
                FamilyName = user.FamilyName,
                Email = user.Email,
                Token = CreateToken(user.Id.ToString())
            });
        }