public void ReturnToken_WhenCorrectRegisterModel_OnCallToRegister()
{
var register = new LoginDto
{
Email = "*****@*****.**",
Password = "******"
};
var token = "test";
var userRepository = A.Fake <IUserRepository>();
A.CallTo(() => userRepository.UserExists(A <string> .Ignored)).Returns(false);
var userHelper = A.Fake <IUserHelper>();
A.CallTo(() => userHelper.BuildToken(A <UserDto> .Ignored)).Returns(token);
var loginDtoValidator = new LoginDtoValidator();
var controller = new AuthController(userRepository, userHelper, loginDtoValidator);
var response = controller.Register(register);
A.CallTo(() => userRepository.Add(A <User> .Ignored)).MustHaveHappened();
A.CallTo(() => userHelper.Register(A <int> .Ignored)).MustHaveHappened();
Assert.AreEqual(token, response.Value);
}
public void ReturnToken_WhenAuthorizedUser_CallsLogin()
{
var login = new LoginDto
{
Email = "*****@*****.**",
Password = "******"
};
var token = "test";
var userRepository = A.Fake <IUserRepository>();
A.CallTo(() => userRepository.UserExists(login.Email)).Returns(true);
var userHelper = A.Fake <IUserHelper>();
A.CallTo(() => userHelper.PasswordsMatch(login.Password, A <string> .Ignored, null)).Returns(true);
A.CallTo(() => userHelper.BuildToken(A <UserDto> .Ignored)).Returns(token);
var loginDtoValidator = new LoginDtoValidator();
var controller = new AuthController(userRepository, userHelper, loginDtoValidator);
var response = controller.Login(login);
Assert.AreEqual(token, response.Value);
}
public void ReturnError_WhenPasswordDoesNotMatch_OnCallToLogin()
{
var login = new LoginDto
{
Email = "*****@*****.**",
Password = "******"
};
var userRepository = A.Fake <IUserRepository>();
A.CallTo(() => userRepository.UserExists(login.Email)).Returns(true);
var userHelper = A.Fake <IUserHelper>();
A.CallTo(() => userHelper.PasswordsMatch(login.Password, A <string> .Ignored, null)).Returns(false);
var loginDtoValidator = new LoginDtoValidator();
var controller = new AuthController(userRepository, userHelper, loginDtoValidator);
var response = controller.Login(login);
Assert.AreEqual((int)HttpStatusCode.BadRequest, ((BadRequestObjectResult)response.Result).StatusCode);
Assert.AreEqual($"Incorrect password. Please try again.", ((BadRequestObjectResult)response.Result).Value);
}
public LoginDtoValidatorFixture()
{
Validator = new LoginDtoValidator();
Model = new LoginDto
{
Email = "*****@*****.**",
Password = "******"
};
}
public void Should_PassValidation_When_AllRulesPass()
{
// Arrange
var loginDtoValidator = new LoginDtoValidator();
var loginDto = new LoginDto(username: "******", password: "******");
// Act
var result = loginDtoValidator.Validate(loginDto, ruleSet: "UsernameAndPassword");
var isValid = result.IsValid;
// Assert
isValid.Should().Be(true);
}
protected virtual void Dispose(bool disposing)
{
if (!_disposed)
{
if (disposing)
{
#pragma warning disable CS8625 // Cannot convert null literal to non-nullable reference type.
Model = null;
Validator = null;
#pragma warning restore CS8625 // Cannot convert null literal to non-nullable reference type.
}
_disposed = true;
}
}
public void Should_FailValidationWithMessage_When_UsernameContainsSpecialCharacters()
{
// Arrange
var loginDtoValidator = new LoginDtoValidator();
var loginDto = new LoginDto(username: "******", password: "******");
// Act
var result = loginDtoValidator.Validate(loginDto, ruleSet: "UsernameAndPassword");
var isValid = result.IsValid;
var errors = result.Errors;
// Assert
isValid.Should().Be(false);
errors.Count.Should().Be(1);
errors[0].ToString().Should().Be("Username must not contain spaces and special characters.");
}
public void Should_FailValidationWithMessage_When_PasswordContainsSpaces()
{
// Arrange
var loginDtoValidator = new LoginDtoValidator();
var loginDto = new LoginDto(username: "******", password: "******");
// Act
var result = loginDtoValidator.Validate(loginDto, ruleSet: "UsernameAndPassword");
var isValid = result.IsValid;
var errors = result.Errors;
// Assert
isValid.Should().Be(false);
errors.Count.Should().Be(1);
errors[0].ToString().Should().Be("Password must not be empty or contain spaces.");
}
public void Should_FailValidationWithMessage_When_PasswordIsMoreThan64Characters()
{
// Arrange
var loginDtoValidator = new LoginDtoValidator();
var loginDto = new LoginDto(username: "******", password: "******");
// Act
var result = loginDtoValidator.Validate(loginDto, ruleSet: "UsernameAndPassword");
var isValid = result.IsValid;
var errors = result.Errors;
// Assert
isValid.Should().Be(false);
errors.Count.Should().Be(1);
errors[0].ToString().Should().Be("Password must be at least 8 characters and less than or equal to 64.");
}
public void Should_FailValidationWithMessage_When_UsernameIsNull()
{
// Arrange
var loginDtoValidator = new LoginDtoValidator();
var loginDto = new LoginDto(username: null, password: "******");
// Act
var result = loginDtoValidator.Validate(loginDto, ruleSet: "UsernameAndPassword");
var isValid = result.IsValid;
var errors = result.Errors;
// Assert
isValid.Should().Be(false);
errors.Count.Should().Be(2);
errors[0].ToString().Should().Be("Username is required.");
errors[1].ToString().Should().Be("Username is required.");
}
public void Should_FailValidationWithMessage_When_PasswordIsEmpty()
{
// Arrange
var loginDtoValidator = new LoginDtoValidator();
var loginDto = new LoginDto(username: "******", password: "");
// Act
var result = loginDtoValidator.Validate(loginDto, ruleSet: "UsernameAndPassword");
var isValid = result.IsValid;
var errors = result.Errors;
// Assert
isValid.Should().Be(false);
errors.Count.Should().Be(3);
errors[0].ToString().Should().Be("Password is required.");
errors[1].ToString().Should().Be("Password must be at least 8 characters and less than or equal to 64.");
errors[2].ToString().Should().Be("Password must not be empty or contain spaces.");
}
public void ReturnError_WhenUnauthorizedEmail_OnCallToLogin()
{
var login = new LoginDto
{
Email = "*****@*****.**",
Password = "******"
};
var userRepository = A.Fake <IUserRepository>();
A.CallTo(() => userRepository.UserExists(login.Email)).Returns(false);
var loginDtoValidator = new LoginDtoValidator();
var controller = new AuthController(userRepository, null, loginDtoValidator);
var response = controller.Login(login);
Assert.AreEqual((int)HttpStatusCode.BadRequest, ((BadRequestObjectResult)response.Result).StatusCode);
Assert.AreEqual($"Incorrect email address. Please try again.", ((BadRequestObjectResult)response.Result).Value);
}
public void ReturnError_WhenUsernameAlreadyExists_OnCallToRegister()
{
var register = new LoginDto
{
Email = "*****@*****.**",
Password = "******"
};
var userRepository = A.Fake <IUserRepository>();
A.CallTo(() => userRepository.UserExists(A <string> .Ignored)).Returns(true);
var loginDtoValidator = new LoginDtoValidator();
var controller = new AuthController(userRepository, null, loginDtoValidator);
var response = controller.Register(register);
Assert.AreEqual((int)HttpStatusCode.BadRequest, ((BadRequestObjectResult)response.Result).StatusCode);
Assert.AreEqual("Email already in use. Please try another.", ((BadRequestObjectResult)response.Result).Value);
}
public void ValidateBeforeLogin(LoginDto userForLogin)
{
var validator = new LoginDtoValidator();
CheckValidationResults(validator.Validate(userForLogin));
}
public void Setup()
{
_validator = new LoginDtoValidator();
}
public async Task <ActionResult <LoginResponseDto> > Login([FromBody] LoginDto dto)
{
LoginDtoValidator validator = new LoginDtoValidator();
ValidationResult result = await validator.ValidateAsync(dto);
if (result.IsValid)
{
#region 檢查是否可登入
var user = await _userManager.FindByNameAsync(dto.UserName);
if (user == null)
{
return(Problem(title: "登入失敗", detail: "請檢查您的帳號密碼是否正確", statusCode: 403));
}
if (!user.EmailConfirmed)
{
return(Problem(title: "帳戶尚未驗證", detail: "請前往您的信箱收取驗證信", statusCode: 403));
}
if (!user.IsEnable)
{
return(Problem(title: "帳戶尚未啟用", detail: "請聯絡管理員", statusCode: 403));
}
#endregion
#region 檢查密碼
var checkPasswordResult = await _signInManager.CheckPasswordSignInAsync(user, dto.Password, true);
if (checkPasswordResult.IsLockedOut)
{
return(Problem(title: "帳戶被鎖定", detail: "請聯絡管理員", statusCode: 403));
}
if (checkPasswordResult.IsNotAllowed)
{
return(Problem(title: "帳戶尚未驗證", detail: "請前往您的信箱收取驗證信", statusCode: 403));
}
if (checkPasswordResult.Succeeded)
{
#region 添加角色聲明
var claims = await _userManager.GetClaimsAsync(user);
var roleNames = await _userManager.GetRolesAsync(user);
foreach (var roleName in roleNames)
{
var role = await _roleManager.FindByNameAsync(roleName);
var roleClaims = await _roleManager.GetClaimsAsync(role);
foreach (var roleClaim in roleClaims)
{
claims.Add(roleClaim);
}
}
#endregion
var token = GenerateJwtToken(claims);
var returnDto = new LoginResponseDto {
AccessToken = token
};
return(Ok(returnDto));
}
#endregion
return(Problem(title: "登入失敗", detail: "請檢查您的帳號密碼是否正確", statusCode: 403));
}
return(BadRequest(result.Errors));
}
