public async Task RememberBrowserSkipsTwoFactorVerificationSignIn(bool isPersistent) { // Setup var user = new TestUser { UserName = "******" }; var manager = MockHelpers.MockUserManager<TestUser>(); manager.Setup(m => m.GetTwoFactorEnabledAsync(user, CancellationToken.None)).ReturnsAsync(true).Verifiable(); manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable(); manager.Setup(m => m.SupportsUserTwoFactor).Returns(true).Verifiable(); manager.Setup(m => m.IsLockedOutAsync(user, CancellationToken.None)).ReturnsAsync(false).Verifiable(); manager.Setup(m => m.FindByNameAsync(user.UserName, CancellationToken.None)).ReturnsAsync(user).Verifiable(); manager.Setup(m => m.GetUserIdAsync(user, CancellationToken.None)).ReturnsAsync(user.Id).Verifiable(); manager.Setup(m => m.CheckPasswordAsync(user, "password", CancellationToken.None)).ReturnsAsync(true).Verifiable(); var context = new Mock<HttpContext>(); var response = new Mock<HttpResponse>(); context.Setup(c => c.Response).Returns(response.Object).Verifiable(); response.Setup(r => r.SignIn(It.Is<ClaimsIdentity>(i => i.AuthenticationType == ClaimsIdentityOptions.DefaultAuthenticationType), It.Is<AuthenticationProperties>(v => v.IsPersistent == isPersistent))).Verifiable(); var id = new ClaimsIdentity(HttpAuthenticationManager.TwoFactorRememberedAuthenticationType); id.AddClaim(new Claim(ClaimTypes.Name, user.Id)); var authResult = new AuthenticationResult(id, new AuthenticationProperties(), new AuthenticationDescription()); context.Setup(c => c.AuthenticateAsync(HttpAuthenticationManager.TwoFactorRememberedAuthenticationType)).ReturnsAsync(authResult).Verifiable(); var contextAccessor = new Mock<IContextAccessor<HttpContext>>(); contextAccessor.Setup(a => a.Value).Returns(context.Object); var signInService = new HttpAuthenticationManager(contextAccessor.Object); var roleManager = MockHelpers.MockRoleManager<TestRole>(); var claimsFactory = new Mock<ClaimsIdentityFactory<TestUser, TestRole>>(manager.Object, roleManager.Object); claimsFactory.Setup(m => m.CreateAsync(user, manager.Object.Options.ClaimsIdentity, CancellationToken.None)).ReturnsAsync(new ClaimsIdentity(ClaimsIdentityOptions.DefaultAuthenticationType)).Verifiable(); var helper = new SignInManager<TestUser>(manager.Object, signInService, claimsFactory.Object); // Act var result = await helper.PasswordSignInAsync(user.UserName, "password", isPersistent, false); // Assert Assert.Equal(SignInStatus.Success, result); manager.VerifyAll(); context.VerifyAll(); response.VerifyAll(); contextAccessor.VerifyAll(); claimsFactory.VerifyAll(); }
public async Task OnValidateIdentityRejectsWhenValidateSecurityStampFails() { var user = new TestUser("test"); var userManager = MockHelpers.MockUserManager<TestUser>(); var claimsManager = new Mock<IUserClaimsPrincipalFactory<TestUser>>(); var identityOptions = new IdentityOptions { SecurityStampValidationInterval = TimeSpan.Zero }; var options = new Mock<IOptions<IdentityOptions>>(); options.Setup(a => a.Options).Returns(identityOptions); var httpContext = new Mock<HttpContext>(); var contextAccessor = new Mock<IHttpContextAccessor>(); contextAccessor.Setup(a => a.HttpContext).Returns(httpContext.Object); var signInManager = new Mock<SignInManager<TestUser>>(userManager.Object, contextAccessor.Object, claimsManager.Object, options.Object, null); signInManager.Setup(s => s.ValidateSecurityStampAsync(It.IsAny<ClaimsPrincipal>(), user.Id)).ReturnsAsync(null).Verifiable(); var services = new ServiceCollection(); services.AddInstance(options.Object); services.AddInstance(signInManager.Object); services.AddInstance<ISecurityStampValidator>(new SecurityStampValidator<TestUser>()); httpContext.Setup(c => c.RequestServices).Returns(services.BuildServiceProvider()); var id = new ClaimsIdentity(IdentityOptions.ApplicationCookieAuthenticationScheme); id.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.Id)); var ticket = new AuthenticationTicket(new ClaimsPrincipal(id), new AuthenticationProperties { IssuedUtc = DateTimeOffset.UtcNow }, IdentityOptions.ApplicationCookieAuthenticationScheme); var context = new CookieValidatePrincipalContext(httpContext.Object, ticket, new CookieAuthenticationOptions()); Assert.NotNull(context.Properties); Assert.NotNull(context.Options); Assert.NotNull(context.Principal); await SecurityStampValidator.ValidatePrincipalAsync(context); Assert.Null(context.Principal); signInManager.VerifyAll(); }
public async Task ValidateFailsWithTooShortUserNames(string input) { // Setup var manager = MockHelpers.TestUserManager(new NoopUserStore()); var validator = new UserValidator<TestUser>(); var user = new TestUser {UserName = input}; // Act var result = await validator.ValidateAsync(manager, user); // Assert IdentityResultAssert.IsFailure(result, "UserName cannot be null or empty."); }
public async Task ValidateFailsWithTooShortUserNames(string input) { // Setup var manager = MockHelpers.TestUserManager(new NoopUserStore()); var validator = new UserValidator<TestUser>(); var user = new TestUser {UserName = input}; // Act var result = await validator.ValidateAsync(manager, user); // Assert IdentityResultAssert.IsFailure(result, IdentityErrorDescriber.Default.InvalidUserName(input)); }
public async Task VerifyAccountControllerSignIn(bool isPersistent) { var app = new ApplicationBuilder(CallContextServiceLocator.Locator.ServiceProvider); app.UseCookieAuthentication(); var context = new Mock<HttpContext>(); var auth = new Mock<AuthenticationManager>(); context.Setup(c => c.Authentication).Returns(auth.Object).Verifiable(); auth.Setup(a => a.SignInAsync(new IdentityCookieOptions().ApplicationCookieAuthenticationScheme, It.IsAny<ClaimsPrincipal>(), It.IsAny<AuthenticationProperties>())).Returns(Task.FromResult(0)).Verifiable(); // REVIEW: is persistant mocking broken //It.Is<AuthenticationProperties>(v => v.IsPersistent == isPersistent))).Returns(Task.FromResult(0)).Verifiable(); var contextAccessor = new Mock<IHttpContextAccessor>(); contextAccessor.Setup(a => a.HttpContext).Returns(context.Object); var services = new ServiceCollection(); services.AddLogging(); services.AddInstance(contextAccessor.Object); services.AddIdentity<TestUser, TestRole>(); services.AddSingleton<IUserStore<TestUser>, InMemoryUserStore<TestUser>>(); services.AddSingleton<IRoleStore<TestRole>, InMemoryRoleStore<TestRole>>(); app.ApplicationServices = services.BuildServiceProvider(); // Act var user = new TestUser { UserName = "******" }; const string password = "******"; var userManager = app.ApplicationServices.GetRequiredService<UserManager<TestUser>>(); var signInManager = app.ApplicationServices.GetRequiredService<SignInManager<TestUser>>(); IdentityResultAssert.IsSuccess(await userManager.CreateAsync(user, password)); var result = await signInManager.PasswordSignInAsync(user, password, isPersistent, false); // Assert Assert.True(result.Succeeded); context.VerifyAll(); auth.VerifyAll(); contextAccessor.VerifyAll(); }
public async Task DefaultAlphaNumericOnlyUserNameValidation(string userName, bool expectSuccess) { // Setup var manager = MockHelpers.TestUserManager(new NoopUserStore()); var validator = new UserValidator<TestUser>(); var user = new TestUser {UserName = userName}; // Act var result = await validator.ValidateAsync(manager, user); // Assert if (expectSuccess) { IdentityResultAssert.IsSuccess(result); } else { IdentityResultAssert.IsFailure(result); } }
public async Task CanAllowNonAlphaNumericUserName(string userName, bool expectSuccess) { // Setup var manager = MockHelpers.TestUserManager(new NoopUserStore()); manager.Options.User.AllowOnlyAlphanumericNames = false; var validator = new UserValidator<TestUser>(); var user = new TestUser {UserName = userName}; // Act var result = await validator.ValidateAsync(manager, user); // Assert if (expectSuccess) { IdentityResultAssert.IsSuccess(result); } else { IdentityResultAssert.IsFailure(result); } }
public async Task PasswordSignInWorksWithNonTwoFactorStore() { // Setup var user = new TestUser { UserName = "******" }; var manager = SetupUserManager(user); manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable(); manager.Setup(m => m.IsLockedOutAsync(user)).ReturnsAsync(false).Verifiable(); manager.Setup(m => m.CheckPasswordAsync(user, "password")).ReturnsAsync(true).Verifiable(); manager.Setup(m => m.ResetAccessFailedCountAsync(user)).ReturnsAsync(IdentityResult.Success).Verifiable(); var context = new Mock<HttpContext>(); var auth = new Mock<AuthenticationManager>(); SetupSignIn(auth); context.Setup(c => c.Authentication).Returns(auth.Object).Verifiable(); var helper = SetupSignInManager(manager.Object, context.Object); // Act var result = await helper.PasswordSignInAsync(user.UserName, "password", false, false); // Assert Assert.True(result.Succeeded); manager.Verify(); context.Verify(); auth.Verify(); }
public async Task CanPasswordSignIn(bool isPersistent) { // Setup var user = new TestUser { UserName = "******" }; var manager = SetupUserManager(user); manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable(); manager.Setup(m => m.IsLockedOutAsync(user)).ReturnsAsync(false).Verifiable(); manager.Setup(m => m.CheckPasswordAsync(user, "password")).ReturnsAsync(true).Verifiable(); var context = new Mock<HttpContext>(); var auth = new Mock<AuthenticationManager>(); context.Setup(c => c.Authentication).Returns(auth.Object).Verifiable(); SetupSignIn(auth, user.Id, isPersistent); var helper = SetupSignInManager(manager.Object, context.Object); // Act var result = await helper.PasswordSignInAsync(user.UserName, "password", isPersistent, false); // Assert Assert.True(result.Succeeded); manager.Verify(); context.Verify(); auth.Verify(); }
public async Task PasswordSignInFailsWithWrongPasswordCanAccessFailedAndLockout() { // Setup var user = new TestUser { UserName = "******" }; var manager = MockHelpers.MockUserManager<TestUser>(); var lockedout = false; manager.Setup(m => m.AccessFailedAsync(user, CancellationToken.None)).Returns(() => { lockedout = true; return Task.FromResult(IdentityResult.Success); }).Verifiable(); manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable(); manager.Setup(m => m.IsLockedOutAsync(user, CancellationToken.None)).Returns(() => Task.FromResult(lockedout)); manager.Setup(m => m.FindByNameAsync(user.UserName, CancellationToken.None)).ReturnsAsync(user).Verifiable(); manager.Setup(m => m.CheckPasswordAsync(user, "bogus", CancellationToken.None)).ReturnsAsync(false).Verifiable(); var context = new Mock<HttpContext>(); var contextAccessor = new Mock<IContextAccessor<HttpContext>>(); contextAccessor.Setup(a => a.Value).Returns(context.Object); var roleManager = MockHelpers.MockRoleManager<TestRole>(); var claimsFactory = new Mock<ClaimsIdentityFactory<TestUser, TestRole>>(manager.Object, roleManager.Object); var helper = new SignInManager<TestUser>(manager.Object, new HttpAuthenticationManager(contextAccessor.Object), claimsFactory.Object); // Act var result = await helper.PasswordSignInAsync(user.UserName, "bogus", false, true); // Assert Assert.Equal(SignInStatus.LockedOut, result); manager.VerifyAll(); }
public async Task CanRequireConfirmedPhoneNumberForPasswordSignIn(bool confirmed) { // Setup var user = new TestUser { UserName = "******" }; var manager = SetupUserManager(user); manager.Setup(m => m.IsPhoneNumberConfirmedAsync(user)).ReturnsAsync(confirmed).Verifiable(); var context = new Mock<HttpContext>(); var auth = new Mock<AuthenticationManager>(); if (confirmed) { manager.Setup(m => m.CheckPasswordAsync(user, "password")).ReturnsAsync(true).Verifiable(); context.Setup(c => c.Authentication).Returns(auth.Object).Verifiable(); SetupSignIn(auth); } var identityOptions = new IdentityOptions(); identityOptions.SignIn.RequireConfirmedPhoneNumber = true; var logStore = new StringBuilder(); var helper = SetupSignInManager(manager.Object, context.Object, logStore, identityOptions); // Act var result = await helper.PasswordSignInAsync(user, "password", false, false); // Assert Assert.Equal(confirmed, result.Succeeded); Assert.NotEqual(confirmed, result.IsNotAllowed); Assert.Equal(confirmed, !logStore.ToString().Contains($"User {user.Id} cannot sign in without a confirmed phone number.")); manager.Verify(); context.Verify(); auth.Verify(); }
public async Task PasswordSignInFailsWithWrongPassword() { // Setup var user = new TestUser { UserName = "******" }; var manager = SetupUserManager(user); manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable(); manager.Setup(m => m.IsLockedOutAsync(user)).ReturnsAsync(false).Verifiable(); manager.Setup(m => m.CheckPasswordAsync(user, "bogus")).ReturnsAsync(false).Verifiable(); var context = new Mock<HttpContext>(); var logStore = new StringBuilder(); var helper = SetupSignInManager(manager.Object, context.Object, logStore); // Act var result = await helper.PasswordSignInAsync(user.UserName, "bogus", false, false); // Assert Assert.False(result.Succeeded); Assert.True(logStore.ToString().Contains($"User {user.Id} failed to provide the correct password.")); manager.Verify(); context.Verify(); }
public async Task RememberClientStoresUserId() { // Setup var user = new TestUser { UserName = "******" }; var manager = SetupUserManager(user); var context = new Mock<HttpContext>(); var auth = new Mock<AuthenticationManager>(); context.Setup(c => c.Authentication).Returns(auth.Object).Verifiable(); auth.Setup(a => a.SignInAsync( manager.Object.Options.Cookies.TwoFactorRememberMeCookieAuthenticationScheme, It.Is<ClaimsPrincipal>(i => i.FindFirstValue(ClaimTypes.Name) == user.Id && i.Identities.First().AuthenticationType == manager.Object.Options.Cookies.TwoFactorRememberMeCookieAuthenticationScheme), It.Is<AuthenticationProperties>(v => v.IsPersistent == true))).Returns(Task.FromResult(0)).Verifiable(); var helper = SetupSignInManager(manager.Object, context.Object); // Act await helper.RememberTwoFactorClientAsync(user); // Assert manager.Verify(); context.Verify(); auth.Verify(); }
public async Task CanResignIn(bool isPersistent, bool externalLogin) { // Setup var user = new TestUser { UserName = "******" }; var context = new Mock<HttpContext>(); var auth = new Mock<AuthenticationManager>(); context.Setup(c => c.Authentication).Returns(auth.Object).Verifiable(); var loginProvider = "loginprovider"; var id = new ClaimsIdentity(); if (externalLogin) { id.AddClaim(new Claim(ClaimTypes.AuthenticationMethod, loginProvider)); } // REVIEW: auth changes we lost the ability to mock is persistent //var properties = new AuthenticationProperties { IsPersistent = isPersistent }; auth.Setup(a => a.AuthenticateAsync(It.Is<AuthenticateContext>(c => c.AuthenticationScheme == IdentityCookieOptions.ApplicationCookieAuthenticationType))) .Returns(Task.FromResult(0)).Verifiable(); var manager = SetupUserManager(user); var signInManager = new Mock<SignInManager<TestUser>>(manager.Object, new HttpContextAccessor { HttpContext = context.Object }, new Mock<IUserClaimsPrincipalFactory<TestUser>>().Object, null, null) { CallBase = true }; //signInManager.Setup(s => s.SignInAsync(user, It.Is<AuthenticationProperties>(p => p.IsPersistent == isPersistent), //externalLogin? loginProvider : null)).Returns(Task.FromResult(0)).Verifiable(); signInManager.Setup(s => s.SignInAsync(user, It.IsAny<AuthenticationProperties>(), null)).Returns(Task.FromResult(0)).Verifiable(); signInManager.Object.Context = context.Object; // Act await signInManager.Object.RefreshSignInAsync(user); // Assert context.Verify(); auth.Verify(); signInManager.Verify(); }
public async Task RememberBrowserSkipsTwoFactorVerificationSignIn(bool isPersistent) { // Setup var user = new TestUser { UserName = "******" }; var manager = SetupUserManager(user); manager.Setup(m => m.GetTwoFactorEnabledAsync(user)).ReturnsAsync(true).Verifiable(); IList<string> providers = new List<string>(); providers.Add("PhoneNumber"); manager.Setup(m => m.GetValidTwoFactorProvidersAsync(user)).Returns(Task.FromResult(providers)).Verifiable(); manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable(); manager.Setup(m => m.SupportsUserTwoFactor).Returns(true).Verifiable(); manager.Setup(m => m.IsLockedOutAsync(user)).ReturnsAsync(false).Verifiable(); manager.Setup(m => m.CheckPasswordAsync(user, "password")).ReturnsAsync(true).Verifiable(); var context = new Mock<HttpContext>(); var response = new Mock<HttpResponse>(); context.Setup(c => c.Response).Returns(response.Object).Verifiable(); SetupSignIn(response); var id = new ClaimsIdentity(IdentityOptions.TwoFactorRememberMeCookieAuthenticationType); id.AddClaim(new Claim(ClaimTypes.Name, user.Id)); var authResult = new AuthenticationResult(new ClaimsPrincipal(id), new AuthenticationProperties(), new AuthenticationDescription()); context.Setup(c => c.AuthenticateAsync(IdentityOptions.TwoFactorRememberMeCookieAuthenticationScheme)).ReturnsAsync(authResult).Verifiable(); var contextAccessor = new Mock<IHttpContextAccessor>(); contextAccessor.Setup(a => a.HttpContext).Returns(context.Object); var roleManager = MockHelpers.MockRoleManager<TestRole>(); var identityOptions = new IdentityOptions(); var options = new Mock<IOptions<IdentityOptions>>(); options.Setup(a => a.Options).Returns(identityOptions); var claimsFactory = new Mock<UserClaimsPrincipalFactory<TestUser, TestRole>>(manager.Object, roleManager.Object, options.Object); claimsFactory.Setup(m => m.CreateAsync(user)).ReturnsAsync(new ClaimsPrincipal(new ClaimsIdentity(IdentityOptions.ApplicationCookieAuthenticationType))).Verifiable(); var helper = new SignInManager<TestUser>(manager.Object, contextAccessor.Object, claimsFactory.Object, options.Object); // Act var result = await helper.PasswordSignInAsync(user.UserName, "password", isPersistent, false); // Assert Assert.True(result.Succeeded); manager.Verify(); context.Verify(); response.Verify(); contextAccessor.Verify(); claimsFactory.Verify(); }
public async Task RememberClientStoresUserId() { // Setup var user = new TestUser { UserName = "******" }; var manager = SetupUserManager(user); var context = new Mock<HttpContext>(); var response = new Mock<HttpResponse>(); var contextAccessor = new Mock<IHttpContextAccessor>(); var roleManager = MockHelpers.MockRoleManager<TestRole>(); var identityOptions = new IdentityOptions(); var options = new Mock<IOptions<IdentityOptions>>(); options.Setup(a => a.Options).Returns(identityOptions); var claimsFactory = new UserClaimsPrincipalFactory<TestUser, TestRole>(manager.Object, roleManager.Object, options.Object); context.Setup(c => c.Response).Returns(response.Object).Verifiable(); response.Setup(r => r.SignIn( IdentityOptions.TwoFactorRememberMeCookieAuthenticationScheme, It.Is<ClaimsPrincipal>(i => i.FindFirstValue(ClaimTypes.Name) == user.Id && i.Identities.First().AuthenticationType == IdentityOptions.TwoFactorRememberMeCookieAuthenticationType), It.Is<AuthenticationProperties>(v => v.IsPersistent == true))).Verifiable(); contextAccessor.Setup(a => a.HttpContext).Returns(context.Object).Verifiable(); options.Setup(a => a.Options).Returns(identityOptions).Verifiable(); var helper = new SignInManager<TestUser>(manager.Object, contextAccessor.Object, claimsFactory, options.Object); // Act await helper.RememberTwoFactorClientAsync(user); // Assert manager.Verify(); context.Verify(); response.Verify(); contextAccessor.Verify(); options.Verify(); }
public async Task CanTwoFactorSignIn(bool isPersistent, bool supportsLockout, bool externalLogin, bool rememberClient) { // Setup var user = new TestUser { UserName = "******" }; var manager = SetupUserManager(user); var provider = "twofactorprovider"; var code = "123456"; manager.Setup(m => m.SupportsUserLockout).Returns(supportsLockout).Verifiable(); if (supportsLockout) { manager.Setup(m => m.IsLockedOutAsync(user)).ReturnsAsync(false).Verifiable(); manager.Setup(m => m.ResetAccessFailedCountAsync(user)).ReturnsAsync(IdentityResult.Success).Verifiable(); } manager.Setup(m => m.VerifyTwoFactorTokenAsync(user, provider, code)).ReturnsAsync(true).Verifiable(); var context = new Mock<HttpContext>(); var response = new Mock<HttpResponse>(); var contextAccessor = new Mock<IHttpContextAccessor>(); var twoFactorInfo = new SignInManager<TestUser>.TwoFactorAuthenticationInfo { UserId = user.Id }; var loginProvider = "loginprovider"; var id = SignInManager<TestUser>.StoreTwoFactorInfo(user.Id, externalLogin ? loginProvider : null); var authResult = new AuthenticationResult(id, new AuthenticationProperties(), new AuthenticationDescription()); var roleManager = MockHelpers.MockRoleManager<TestRole>(); var identityOptions = new IdentityOptions(); var options = new Mock<IOptions<IdentityOptions>>(); options.Setup(a => a.Options).Returns(identityOptions); var claimsFactory = new UserClaimsPrincipalFactory<TestUser, TestRole>(manager.Object, roleManager.Object, options.Object); if (externalLogin) { response.Setup(r => r.SignIn( IdentityOptions.ApplicationCookieAuthenticationScheme, It.Is<ClaimsPrincipal>(i => i.FindFirstValue(ClaimTypes.AuthenticationMethod) == loginProvider && i.FindFirstValue(ClaimTypes.NameIdentifier) == user.Id), It.Is<AuthenticationProperties>(v => v.IsPersistent == isPersistent))).Verifiable(); response.Setup(r => r.SignOut(IdentityOptions.ExternalCookieAuthenticationScheme)).Verifiable(); } else { SetupSignIn(response, user.Id); } if (rememberClient) { response.Setup(r => r.SignIn( IdentityOptions.TwoFactorRememberMeCookieAuthenticationScheme, It.Is<ClaimsPrincipal>(i => i.FindFirstValue(ClaimTypes.Name) == user.Id && i.Identities.First().AuthenticationType == IdentityOptions.TwoFactorRememberMeCookieAuthenticationType), It.Is<AuthenticationProperties>(v => v.IsPersistent == true))).Verifiable(); } context.Setup(c => c.Response).Returns(response.Object).Verifiable(); context.Setup(c => c.AuthenticateAsync(IdentityOptions.TwoFactorUserIdCookieAuthenticationScheme)).ReturnsAsync(authResult).Verifiable(); contextAccessor.Setup(a => a.HttpContext).Returns(context.Object); var logStore = new StringBuilder(); var logger = MockHelpers.MockILogger<SignInManager<TestUser>>(logStore); var helper = new SignInManager<TestUser>(manager.Object, contextAccessor.Object, claimsFactory, options.Object, null); helper.Logger = logger.Object; string expectedScope = string.Format("{0} for {1}: {2}", "TwoFactorSignInAsync", "user", user.Id); string expectedLog = string.Format("{0} : {1}", "TwoFactorSignInAsync", "Succeeded"); // Act var result = await helper.TwoFactorSignInAsync(provider, code, isPersistent, rememberClient); // Assert Assert.True(result.Succeeded); Assert.NotEqual(-1, logStore.ToString().IndexOf(expectedLog)); Assert.NotEqual(-1, logStore.ToString().IndexOf(expectedScope)); manager.Verify(); context.Verify(); response.Verify(); contextAccessor.Verify(); }
public async Task CanExternalSignIn(bool isPersistent, bool supportsLockout) { // Setup var user = new TestUser { UserName = "******" }; const string loginProvider = "login"; const string providerKey = "fookey"; var manager = SetupUserManager(user); manager.Setup(m => m.SupportsUserLockout).Returns(supportsLockout).Verifiable(); if (supportsLockout) { manager.Setup(m => m.IsLockedOutAsync(user)).ReturnsAsync(false).Verifiable(); } manager.Setup(m => m.FindByLoginAsync(loginProvider, providerKey)).ReturnsAsync(user).Verifiable(); var context = new Mock<HttpContext>(); var response = new Mock<HttpResponse>(); context.Setup(c => c.Response).Returns(response.Object).Verifiable(); SetupSignIn(response, user.Id, isPersistent, loginProvider); var contextAccessor = new Mock<IHttpContextAccessor>(); contextAccessor.Setup(a => a.HttpContext).Returns(context.Object); var roleManager = MockHelpers.MockRoleManager<TestRole>(); var identityOptions = new IdentityOptions(); response.Setup(r => r.SignOut(IdentityOptions.ExternalCookieAuthenticationScheme)).Verifiable(); var options = new Mock<IOptions<IdentityOptions>>(); options.Setup(a => a.Options).Returns(identityOptions); var claimsFactory = new UserClaimsPrincipalFactory<TestUser, TestRole>(manager.Object, roleManager.Object, options.Object); var logStore = new StringBuilder(); var logger = MockHelpers.MockILogger<SignInManager<TestUser>>(logStore); var helper = new SignInManager<TestUser>(manager.Object, contextAccessor.Object, claimsFactory, options.Object, null); helper.Logger = logger.Object; string expectedScope = string.Format("{0} for {1}: {2}", "ExternalLoginSignInAsync", "user", user.Id); string expectedLog = string.Format("{0} : {1}", "ExternalLoginSignInAsync", "Succeeded"); // Act var result = await helper.ExternalLoginSignInAsync(loginProvider, providerKey, isPersistent); // Assert Assert.True(result.Succeeded); Assert.NotEqual(-1, logStore.ToString().IndexOf(expectedLog)); Assert.NotEqual(-1, logStore.ToString().IndexOf(expectedScope)); manager.Verify(); context.Verify(); response.Verify(); contextAccessor.Verify(); }
public async Task PasswordSignInRequiresVerification(bool supportsLockout) { // Setup var user = new TestUser { UserName = "******" }; var manager = SetupUserManager(user); manager.Setup(m => m.SupportsUserLockout).Returns(supportsLockout).Verifiable(); if (supportsLockout) { manager.Setup(m => m.IsLockedOutAsync(user)).ReturnsAsync(false).Verifiable(); } IList<string> providers = new List<string>(); providers.Add("PhoneNumber"); manager.Setup(m => m.GetValidTwoFactorProvidersAsync(user)).Returns(Task.FromResult(providers)).Verifiable(); manager.Setup(m => m.SupportsUserTwoFactor).Returns(true).Verifiable(); manager.Setup(m => m.GetTwoFactorEnabledAsync(user)).ReturnsAsync(true).Verifiable(); manager.Setup(m => m.CheckPasswordAsync(user, "password")).ReturnsAsync(true).Verifiable(); if (supportsLockout) { manager.Setup(m => m.ResetAccessFailedCountAsync(user)).ReturnsAsync(IdentityResult.Success).Verifiable(); } var context = new Mock<HttpContext>(); var response = new Mock<HttpResponse>(); response.Setup(r => r.SignIn(IdentityOptions.TwoFactorUserIdCookieAuthenticationScheme, It.Is<ClaimsPrincipal>(id => id.FindFirstValue(ClaimTypes.Name) == user.Id), It.IsAny<AuthenticationProperties>())).Verifiable(); context.Setup(c => c.Response).Returns(response.Object).Verifiable(); var contextAccessor = new Mock<IHttpContextAccessor>(); contextAccessor.Setup(a => a.HttpContext).Returns(context.Object); var roleManager = MockHelpers.MockRoleManager<TestRole>(); var identityOptions = new IdentityOptions(); var options = new Mock<IOptions<IdentityOptions>>(); options.Setup(a => a.Options).Returns(identityOptions); var logStore = new StringBuilder(); var logger = MockHelpers.MockILogger<SignInManager<TestUser>>(logStore); var helper = new SignInManager<TestUser>(manager.Object, contextAccessor.Object, new UserClaimsPrincipalFactory<TestUser, TestRole>(manager.Object, roleManager.Object, options.Object), options.Object, null); helper.Logger = logger.Object; string expectedScope = string.Format("{0} for {1}: {2}", "PasswordSignInAsync", "user", user.Id); string expectedLog = string.Format("{0} : {1}", "PasswordSignInAsync", "RequiresTwoFactor"); // Act var result = await helper.PasswordSignInAsync(user.UserName, "password", false, false); // Assert Assert.False(result.Succeeded); Assert.True(result.RequiresTwoFactor); Assert.NotEqual(-1, logStore.ToString().IndexOf(expectedLog)); Assert.NotEqual(-1, logStore.ToString().IndexOf(expectedScope)); manager.Verify(); context.Verify(); response.Verify(); contextAccessor.Verify(); }
public async Task PasswordSignInWorksWithNonTwoFactorStore() { // Setup var user = new TestUser { UserName = "******" }; var manager = SetupUserManager(user); manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable(); manager.Setup(m => m.IsLockedOutAsync(user)).ReturnsAsync(false).Verifiable(); manager.Setup(m => m.CheckPasswordAsync(user, "password")).ReturnsAsync(true).Verifiable(); manager.Setup(m => m.ResetAccessFailedCountAsync(user)).ReturnsAsync(IdentityResult.Success).Verifiable(); var context = new Mock<HttpContext>(); var response = new Mock<HttpResponse>(); SetupSignIn(response); context.Setup(c => c.Response).Returns(response.Object).Verifiable(); var contextAccessor = new Mock<IHttpContextAccessor>(); contextAccessor.Setup(a => a.HttpContext).Returns(context.Object); var roleManager = MockHelpers.MockRoleManager<TestRole>(); var identityOptions = new IdentityOptions(); var options = new Mock<IOptions<IdentityOptions>>(); options.Setup(a => a.Options).Returns(identityOptions); var claimsFactory = new UserClaimsPrincipalFactory<TestUser, TestRole>(manager.Object, roleManager.Object, options.Object); var helper = new SignInManager<TestUser>(manager.Object, contextAccessor.Object, claimsFactory, options.Object); // Act var result = await helper.PasswordSignInAsync(user.UserName, "password", false, false); // Assert Assert.True(result.Succeeded); manager.Verify(); context.Verify(); response.Verify(); contextAccessor.Verify(); }
public async Task PasswordSignInRequiresVerification(bool supportsLockout) { // Setup var user = new TestUser { UserName = "******" }; var manager = SetupUserManager(user); manager.Setup(m => m.SupportsUserLockout).Returns(supportsLockout).Verifiable(); if (supportsLockout) { manager.Setup(m => m.IsLockedOutAsync(user)).ReturnsAsync(false).Verifiable(); } IList<string> providers = new List<string>(); providers.Add("PhoneNumber"); manager.Setup(m => m.GetValidTwoFactorProvidersAsync(user)).Returns(Task.FromResult(providers)).Verifiable(); manager.Setup(m => m.SupportsUserTwoFactor).Returns(true).Verifiable(); manager.Setup(m => m.GetTwoFactorEnabledAsync(user)).ReturnsAsync(true).Verifiable(); manager.Setup(m => m.CheckPasswordAsync(user, "password")).ReturnsAsync(true).Verifiable(); if (supportsLockout) { manager.Setup(m => m.ResetAccessFailedCountAsync(user)).ReturnsAsync(IdentityResult.Success).Verifiable(); } var context = new Mock<HttpContext>(); var helper = SetupSignInManager(manager.Object, context.Object); var auth = new Mock<AuthenticationManager>(); auth.Setup(a => a.SignInAsync(helper.Options.Cookies.TwoFactorUserIdCookieAuthenticationScheme, It.Is<ClaimsPrincipal>(id => id.FindFirstValue(ClaimTypes.Name) == user.Id))).Returns(Task.FromResult(0)).Verifiable(); context.Setup(c => c.Authentication).Returns(auth.Object).Verifiable(); // Act var result = await helper.PasswordSignInAsync(user.UserName, "password", false, false); // Assert Assert.False(result.Succeeded); Assert.True(result.RequiresTwoFactor); manager.Verify(); context.Verify(); auth.Verify(); }
public async Task CanExternalSignIn(bool isPersistent, bool supportsLockout) { // Setup var user = new TestUser { UserName = "******" }; const string loginProvider = "login"; const string providerKey = "fookey"; var manager = SetupUserManager(user); manager.Setup(m => m.SupportsUserLockout).Returns(supportsLockout).Verifiable(); if (supportsLockout) { manager.Setup(m => m.IsLockedOutAsync(user)).ReturnsAsync(false).Verifiable(); } manager.Setup(m => m.FindByLoginAsync(loginProvider, providerKey)).ReturnsAsync(user).Verifiable(); var context = new Mock<HttpContext>(); var auth = new Mock<AuthenticationManager>(); context.Setup(c => c.Authentication).Returns(auth.Object).Verifiable(); SetupSignIn(auth, user.Id, isPersistent, loginProvider); var helper = SetupSignInManager(manager.Object, context.Object); // Act var result = await helper.ExternalLoginSignInAsync(loginProvider, providerKey, isPersistent); // Assert Assert.True(result.Succeeded); manager.Verify(); context.Verify(); auth.Verify(); }
public async Task PasswordSignInFailsWithWrongPassword() { // Setup var user = new TestUser { UserName = "******" }; var manager = SetupUserManager(user); manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable(); manager.Setup(m => m.IsLockedOutAsync(user)).ReturnsAsync(false).Verifiable(); manager.Setup(m => m.CheckPasswordAsync(user, "bogus")).ReturnsAsync(false).Verifiable(); var context = new Mock<HttpContext>(); var contextAccessor = new Mock<IHttpContextAccessor>(); contextAccessor.Setup(a => a.HttpContext).Returns(context.Object); var roleManager = MockHelpers.MockRoleManager<TestRole>(); var identityOptions = new IdentityOptions(); var options = new Mock<IOptions<IdentityOptions>>(); options.Setup(a => a.Options).Returns(identityOptions); var claimsFactory = new Mock<UserClaimsPrincipalFactory<TestUser, TestRole>>(manager.Object, roleManager.Object, options.Object); var logStore = new StringBuilder(); var logger = MockHelpers.MockILogger<SignInManager<TestUser>>(logStore); var helper = new SignInManager<TestUser>(manager.Object, contextAccessor.Object, claimsFactory.Object, options.Object); helper.Logger = logger.Object; string expectedScope = string.Format("{0} for {1}: {2}", "PasswordSignInAsync", "user", user.Id); string expectedLog = string.Format("{0} : {1}", "PasswordSignInAsync", "Failed"); // Act var result = await helper.PasswordSignInAsync(user.UserName, "bogus", false, false); // Assert Assert.False(result.Succeeded); Assert.NotEqual(-1, logStore.ToString().IndexOf(expectedLog)); Assert.NotEqual(-1, logStore.ToString().IndexOf(expectedScope)); manager.Verify(); context.Verify(); contextAccessor.Verify(); }
public async Task CanTwoFactorSignIn(bool isPersistent, bool supportsLockout, bool externalLogin, bool rememberClient) { // Setup var user = new TestUser { UserName = "******" }; var manager = SetupUserManager(user); var provider = "twofactorprovider"; var code = "123456"; manager.Setup(m => m.SupportsUserLockout).Returns(supportsLockout).Verifiable(); if (supportsLockout) { manager.Setup(m => m.IsLockedOutAsync(user)).ReturnsAsync(false).Verifiable(); manager.Setup(m => m.ResetAccessFailedCountAsync(user)).ReturnsAsync(IdentityResult.Success).Verifiable(); } manager.Setup(m => m.VerifyTwoFactorTokenAsync(user, provider, code)).ReturnsAsync(true).Verifiable(); var context = new Mock<HttpContext>(); var auth = new Mock<AuthenticationManager>(); var twoFactorInfo = new SignInManager<TestUser>.TwoFactorAuthenticationInfo { UserId = user.Id }; var loginProvider = "loginprovider"; var helper = SetupSignInManager(manager.Object, context.Object); var id = helper.StoreTwoFactorInfo(user.Id, externalLogin ? loginProvider : null); if (externalLogin) { auth.Setup(a => a.SignInAsync( helper.Options.Cookies.ApplicationCookieAuthenticationScheme, It.Is<ClaimsPrincipal>(i => i.FindFirstValue(ClaimTypes.AuthenticationMethod) == loginProvider && i.FindFirstValue(ClaimTypes.NameIdentifier) == user.Id), It.IsAny<AuthenticationProperties>())).Returns(Task.FromResult(0)).Verifiable(); // REVIEW: restore ability to test is persistent //It.Is<AuthenticationProperties>(v => v.IsPersistent == isPersistent))).Verifiable(); auth.Setup(a => a.SignOutAsync(helper.Options.Cookies.ExternalCookieAuthenticationScheme)).Returns(Task.FromResult(0)).Verifiable(); } else { SetupSignIn(auth, user.Id); } if (rememberClient) { auth.Setup(a => a.SignInAsync( helper.Options.Cookies.TwoFactorRememberMeCookieAuthenticationScheme, It.Is<ClaimsPrincipal>(i => i.FindFirstValue(ClaimTypes.Name) == user.Id && i.Identities.First().AuthenticationType == helper.Options.Cookies.TwoFactorRememberMeCookieAuthenticationScheme), It.IsAny<AuthenticationProperties>())).Returns(Task.FromResult(0)).Verifiable(); //It.Is<AuthenticationProperties>(v => v.IsPersistent == true))).Returns(Task.FromResult(0)).Verifiable(); } auth.Setup(a => a.AuthenticateAsync(helper.Options.Cookies.TwoFactorUserIdCookieAuthenticationScheme)).ReturnsAsync(id).Verifiable(); context.Setup(c => c.Authentication).Returns(auth.Object).Verifiable(); // Act var result = await helper.TwoFactorSignInAsync(provider, code, isPersistent, rememberClient); // Assert Assert.True(result.Succeeded); manager.Verify(); context.Verify(); auth.Verify(); }
public async Task CanTwoFactorSignIn(bool isPersistent, bool supportsLockout, bool externalLogin, bool rememberClient) { // Setup var user = new TestUser { UserName = "******" }; var manager = SetupUserManager(user); var provider = "twofactorprovider"; var code = "123456"; manager.Setup(m => m.SupportsUserLockout).Returns(supportsLockout).Verifiable(); if (supportsLockout) { manager.Setup(m => m.IsLockedOutAsync(user)).ReturnsAsync(false).Verifiable(); manager.Setup(m => m.ResetAccessFailedCountAsync(user)).ReturnsAsync(IdentityResult.Success).Verifiable(); } manager.Setup(m => m.VerifyTwoFactorTokenAsync(user, provider, code)).ReturnsAsync(true).Verifiable(); var context = new Mock <HttpContext>(); var auth = new Mock <AuthenticationManager>(); var twoFactorInfo = new SignInManager <TestUser> .TwoFactorAuthenticationInfo { UserId = user.Id }; var loginProvider = "loginprovider"; var helper = SetupSignInManager(manager.Object, context.Object); var id = helper.StoreTwoFactorInfo(user.Id, externalLogin ? loginProvider : null); if (externalLogin) { auth.Setup(a => a.SignInAsync( helper.Options.Cookies.ApplicationCookieAuthenticationScheme, It.Is <ClaimsPrincipal>(i => i.FindFirstValue(ClaimTypes.AuthenticationMethod) == loginProvider && i.FindFirstValue(ClaimTypes.NameIdentifier) == user.Id), It.IsAny <AuthenticationProperties>())).Returns(Task.FromResult(0)).Verifiable(); // REVIEW: restore ability to test is persistent //It.Is<AuthenticationProperties>(v => v.IsPersistent == isPersistent))).Verifiable(); auth.Setup(a => a.SignOutAsync(helper.Options.Cookies.ExternalCookieAuthenticationScheme)).Returns(Task.FromResult(0)).Verifiable(); } else { SetupSignIn(auth, user.Id); } if (rememberClient) { auth.Setup(a => a.SignInAsync( helper.Options.Cookies.TwoFactorRememberMeCookieAuthenticationScheme, It.Is <ClaimsPrincipal>(i => i.FindFirstValue(ClaimTypes.Name) == user.Id && i.Identities.First().AuthenticationType == helper.Options.Cookies.TwoFactorRememberMeCookieAuthenticationScheme), It.IsAny <AuthenticationProperties>())).Returns(Task.FromResult(0)).Verifiable(); //It.Is<AuthenticationProperties>(v => v.IsPersistent == true))).Returns(Task.FromResult(0)).Verifiable(); } auth.Setup(a => a.AuthenticateAsync(helper.Options.Cookies.TwoFactorUserIdCookieAuthenticationScheme)).ReturnsAsync(id).Verifiable(); context.Setup(c => c.Authentication).Returns(auth.Object).Verifiable(); // Act var result = await helper.TwoFactorSignInAsync(provider, code, isPersistent, rememberClient); // Assert Assert.True(result.Succeeded); manager.Verify(); context.Verify(); auth.Verify(); }
public async Task RememberBrowserSkipsTwoFactorVerificationSignIn(bool isPersistent) { // Setup var user = new TestUser { UserName = "******" }; var manager = SetupUserManager(user); manager.Setup(m => m.GetTwoFactorEnabledAsync(user)).ReturnsAsync(true).Verifiable(); IList<string> providers = new List<string>(); providers.Add("PhoneNumber"); manager.Setup(m => m.GetValidTwoFactorProvidersAsync(user)).Returns(Task.FromResult(providers)).Verifiable(); manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable(); manager.Setup(m => m.SupportsUserTwoFactor).Returns(true).Verifiable(); manager.Setup(m => m.IsLockedOutAsync(user)).ReturnsAsync(false).Verifiable(); manager.Setup(m => m.CheckPasswordAsync(user, "password")).ReturnsAsync(true).Verifiable(); var context = new Mock<HttpContext>(); var auth = new Mock<AuthenticationManager>(); context.Setup(c => c.Authentication).Returns(auth.Object).Verifiable(); SetupSignIn(auth); var id = new ClaimsIdentity(manager.Object.Options.Cookies.TwoFactorRememberMeCookieAuthenticationScheme); id.AddClaim(new Claim(ClaimTypes.Name, user.Id)); auth.Setup(a => a.AuthenticateAsync(manager.Object.Options.Cookies.TwoFactorRememberMeCookieAuthenticationScheme)).ReturnsAsync(new ClaimsPrincipal(id)).Verifiable(); var helper = SetupSignInManager(manager.Object, context.Object); // Act var result = await helper.PasswordSignInAsync(user.UserName, "password", isPersistent, false); // Assert Assert.True(result.Succeeded); manager.Verify(); context.Verify(); auth.Verify(); }
public async Task EnsureClaimsIdentityHasExpectedClaims(bool supportRoles, bool supportClaims, bool supportRoleClaims) { // Setup var userManager = MockHelpers.MockUserManager <TestUser>(); var roleManager = MockHelpers.MockRoleManager <TestRole>(); var user = new TestUser { UserName = "******" }; userManager.Setup(m => m.SupportsUserClaim).Returns(supportClaims); userManager.Setup(m => m.SupportsUserRole).Returns(supportRoles); userManager.Setup(m => m.GetUserIdAsync(user, CancellationToken.None)).ReturnsAsync(user.Id); userManager.Setup(m => m.GetUserNameAsync(user, CancellationToken.None)).ReturnsAsync(user.UserName); var roleClaims = new[] { "Admin", "Local" }; if (supportRoles) { userManager.Setup(m => m.GetRolesAsync(user, CancellationToken.None)).ReturnsAsync(roleClaims); roleManager.Setup(m => m.SupportsRoleClaims).Returns(supportRoleClaims); } var userClaims = new[] { new Claim("Whatever", "Value"), new Claim("Whatever2", "Value2") }; if (supportClaims) { userManager.Setup(m => m.GetClaimsAsync(user, CancellationToken.None)).ReturnsAsync(userClaims); } userManager.Object.Options = new IdentityOptions(); var admin = new TestRole() { Name = "Admin" }; var local = new TestRole() { Name = "Local" }; var adminClaims = new[] { new Claim("AdminClaim1", "Value1"), new Claim("AdminClaim2", "Value2") }; var localClaims = new[] { new Claim("LocalClaim1", "Value1"), new Claim("LocalClaim2", "Value2") }; if (supportRoleClaims) { roleManager.Setup(m => m.FindByNameAsync("Admin", CancellationToken.None)).ReturnsAsync(admin); roleManager.Setup(m => m.FindByNameAsync("Local", CancellationToken.None)).ReturnsAsync(local); roleManager.Setup(m => m.GetClaimsAsync(admin, CancellationToken.None)).ReturnsAsync(adminClaims); roleManager.Setup(m => m.GetClaimsAsync(local, CancellationToken.None)).ReturnsAsync(localClaims); } var options = new Mock <IOptions <IdentityOptions> >(); var identityOptions = new IdentityOptions(); options.Setup(a => a.Options).Returns(identityOptions); var factory = new ClaimsIdentityFactory <TestUser, TestRole>(userManager.Object, roleManager.Object, options.Object); // Act var identity = await factory.CreateAsync(user); // Assert var manager = userManager.Object; Assert.NotNull(identity); Assert.Equal(IdentityOptions.ApplicationCookieAuthenticationType, identity.AuthenticationType); var claims = identity.Claims.ToList(); Assert.NotNull(claims); Assert.True( claims.Any(c => c.Type == manager.Options.ClaimsIdentity.UserNameClaimType && c.Value == user.UserName)); Assert.True(claims.Any(c => c.Type == manager.Options.ClaimsIdentity.UserIdClaimType && c.Value == user.Id)); Assert.Equal(supportRoles, claims.Any(c => c.Type == manager.Options.ClaimsIdentity.RoleClaimType && c.Value == "Admin")); Assert.Equal(supportRoles, claims.Any(c => c.Type == manager.Options.ClaimsIdentity.RoleClaimType && c.Value == "Local")); foreach (var cl in userClaims) { Assert.Equal(supportClaims, claims.Any(c => c.Type == cl.Type && c.Value == cl.Value)); } foreach (var cl in adminClaims) { Assert.Equal(supportRoleClaims, claims.Any(c => c.Type == cl.Type && c.Value == cl.Value)); } foreach (var cl in localClaims) { Assert.Equal(supportRoleClaims, claims.Any(c => c.Type == cl.Type && c.Value == cl.Value)); } userManager.VerifyAll(); roleManager.VerifyAll(); }
public async Task PasswordSignInFailsWithWrongPasswordCanAccessFailedAndLockout() { // Setup var user = new TestUser { UserName = "******" }; var manager = SetupUserManager(user); var lockedout = false; manager.Setup(m => m.AccessFailedAsync(user)).Returns(() => { lockedout = true; return Task.FromResult(IdentityResult.Success); }).Verifiable(); manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable(); manager.Setup(m => m.IsLockedOutAsync(user)).Returns(() => Task.FromResult(lockedout)); manager.Setup(m => m.CheckPasswordAsync(user, "bogus")).ReturnsAsync(false).Verifiable(); var context = new Mock<HttpContext>(); var helper = SetupSignInManager(manager.Object, context.Object); // Act var result = await helper.PasswordSignInAsync(user.UserName, "bogus", false, true); // Assert Assert.False(result.Succeeded); Assert.True(result.IsLockedOut); manager.Verify(); }
public async Task PasswordSignInReturnsLockedOutWhenLockedOut() { // Setup var user = new TestUser { UserName = "******" }; var manager = SetupUserManager(user); manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable(); manager.Setup(m => m.IsLockedOutAsync(user)).ReturnsAsync(true).Verifiable(); var context = new Mock<HttpContext>(); var contextAccessor = new Mock<IHttpContextAccessor>(); contextAccessor.Setup(a => a.HttpContext).Returns(context.Object); var roleManager = MockHelpers.MockRoleManager<TestRole>(); var identityOptions = new IdentityOptions(); var options = new Mock<IOptions<IdentityOptions>>(); options.Setup(a => a.Value).Returns(identityOptions); var claimsFactory = new UserClaimsPrincipalFactory<TestUser, TestRole>(manager.Object, roleManager.Object, options.Object); var logStore = new StringBuilder(); var logger = MockHelpers.MockILogger<SignInManager<TestUser>>(logStore); var helper = new SignInManager<TestUser>(manager.Object, contextAccessor.Object, claimsFactory, options.Object, logger.Object); // Act var result = await helper.PasswordSignInAsync(user.UserName, "bogus", false, false); // Assert Assert.False(result.Succeeded); Assert.True(result.IsLockedOut); Assert.True(logStore.ToString().Contains($"User {user.Id} is currently locked out.")); manager.Verify(); }
public async Task PasswordSignInFailsWithWrongPasswordCanAccessFailedAndLockout() { // Setup var user = new TestUser { UserName = "******" }; var manager = SetupUserManager(user); var lockedout = false; manager.Setup(m => m.AccessFailedAsync(user)).Returns(() => { lockedout = true; return Task.FromResult(IdentityResult.Success); }).Verifiable(); manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable(); manager.Setup(m => m.IsLockedOutAsync(user)).Returns(() => Task.FromResult(lockedout)); manager.Setup(m => m.CheckPasswordAsync(user, "bogus")).ReturnsAsync(false).Verifiable(); var context = new Mock<HttpContext>(); var contextAccessor = new Mock<IHttpContextAccessor>(); contextAccessor.Setup(a => a.HttpContext).Returns(context.Object); var roleManager = MockHelpers.MockRoleManager<TestRole>(); var identityOptions = new IdentityOptions(); var options = new Mock<IOptions<IdentityOptions>>(); options.Setup(a => a.Options).Returns(identityOptions); var claimsFactory = new Mock<UserClaimsPrincipalFactory<TestUser, TestRole>>(manager.Object, roleManager.Object, options.Object); var helper = new SignInManager<TestUser>(manager.Object, contextAccessor.Object, claimsFactory.Object, options.Object); // Act var result = await helper.PasswordSignInAsync(user.UserName, "bogus", false, true); // Assert Assert.False(result.Succeeded); Assert.True(result.IsLockedOut); manager.Verify(); }
private static Mock<UserManager<TestUser>> SetupUserManager(TestUser user) { var manager = MockHelpers.MockUserManager<TestUser>(); manager.Setup(m => m.FindByNameAsync(user.UserName)).ReturnsAsync(user); manager.Setup(m => m.FindByIdAsync(user.Id)).ReturnsAsync(user); manager.Setup(m => m.GetUserIdAsync(user)).ReturnsAsync(user.Id.ToString()); manager.Setup(m => m.GetUserNameAsync(user)).ReturnsAsync(user.UserName); return manager; }
public async Task CanRequireConfirmedPhoneNumberForPasswordSignIn(bool confirmed) { // Setup var user = new TestUser { UserName = "******" }; var manager = SetupUserManager(user); manager.Setup(m => m.IsPhoneNumberConfirmedAsync(user)).ReturnsAsync(confirmed).Verifiable(); var context = new Mock<HttpContext>(); var response = new Mock<HttpResponse>(); if (confirmed) { manager.Setup(m => m.CheckPasswordAsync(user, "password")).ReturnsAsync(true).Verifiable(); context.Setup(c => c.Response).Returns(response.Object).Verifiable(); SetupSignIn(response); } var contextAccessor = new Mock<IHttpContextAccessor>(); contextAccessor.Setup(a => a.HttpContext).Returns(context.Object); var roleManager = MockHelpers.MockRoleManager<TestRole>(); var identityOptions = new IdentityOptions(); identityOptions.SignIn.RequireConfirmedPhoneNumber = true; var options = new Mock<IOptions<IdentityOptions>>(); options.Setup(a => a.Options).Returns(identityOptions); var claimsFactory = new Mock<UserClaimsPrincipalFactory<TestUser, TestRole>>(manager.Object, roleManager.Object, options.Object); var logStore = new StringBuilder(); var logger = MockHelpers.MockILogger<SignInManager<TestUser>>(logStore); var helper = new SignInManager<TestUser>(manager.Object, contextAccessor.Object, claimsFactory.Object, options.Object, null); helper.Logger = logger.Object; string expectedScope = string.Format("{0} for {1}: {2}", "PasswordSignInAsync", "user", user.Id); string expectedLog = string.Format("{0} : {1}", "CanSignInAsync", confirmed.ToString()); // Act var result = await helper.PasswordSignInAsync(user, "password", false, false); // Assert Assert.Equal(confirmed, result.Succeeded); Assert.NotEqual(confirmed, result.IsNotAllowed); Assert.NotEqual(-1, logStore.ToString().IndexOf(expectedLog)); Assert.NotEqual(-1, logStore.ToString().IndexOf(expectedScope)); manager.Verify(); context.Verify(); response.Verify(); contextAccessor.Verify(); }
public async Task CanTwoFactorSignIn(bool isPersistent, bool supportsLockout, bool externalLogin, bool rememberClient) { // Setup var user = new TestUser { UserName = "******" }; var manager = MockHelpers.MockUserManager <TestUser>(); var provider = "twofactorprovider"; var code = "123456"; manager.Setup(m => m.SupportsUserLockout).Returns(supportsLockout).Verifiable(); if (supportsLockout) { manager.Setup(m => m.IsLockedOutAsync(user, CancellationToken.None)).ReturnsAsync(false).Verifiable(); manager.Setup(m => m.ResetAccessFailedCountAsync(user, CancellationToken.None)).ReturnsAsync(IdentityResult.Success).Verifiable(); } manager.Setup(m => m.FindByIdAsync(user.Id, CancellationToken.None)).ReturnsAsync(user).Verifiable(); manager.Setup(m => m.VerifyTwoFactorTokenAsync(user, provider, code, CancellationToken.None)).ReturnsAsync(true).Verifiable(); manager.Setup(m => m.GetUserIdAsync(user, CancellationToken.None)).ReturnsAsync(user.Id).Verifiable(); manager.Setup(m => m.GetUserNameAsync(user, CancellationToken.None)).ReturnsAsync(user.UserName).Verifiable(); var context = new Mock <HttpContext>(); var response = new Mock <HttpResponse>(); var contextAccessor = new Mock <IHttpContextAccessor>(); var twoFactorInfo = new SignInManager <TestUser> .TwoFactorAuthenticationInfo { UserId = user.Id }; var loginProvider = "loginprovider"; var id = SignInManager <TestUser> .StoreTwoFactorInfo(user.Id, externalLogin?loginProvider : null); var authResult = new AuthenticationResult(id, new AuthenticationProperties(), new AuthenticationDescription()); var roleManager = MockHelpers.MockRoleManager <TestRole>(); var identityOptions = new IdentityOptions(); var options = new Mock <IOptions <IdentityOptions> >(); options.Setup(a => a.Options).Returns(identityOptions); var claimsFactory = new ClaimsIdentityFactory <TestUser, TestRole>(manager.Object, roleManager.Object, options.Object); if (externalLogin) { response.Setup(r => r.SignIn( It.Is <AuthenticationProperties>(v => v.IsPersistent == isPersistent), It.Is <ClaimsIdentity>(i => i.FindFirstValue(ClaimTypes.NameIdentifier) == user.Id && i.FindFirstValue(ClaimTypes.AuthenticationMethod) == loginProvider))).Verifiable(); response.Setup(r => r.SignOut(IdentityOptions.ExternalCookieAuthenticationType)).Verifiable(); } else { response.Setup(r => r.SignIn( It.Is <AuthenticationProperties>(v => v.IsPersistent == isPersistent), It.Is <ClaimsIdentity>(i => i.FindFirstValue(ClaimTypes.NameIdentifier) == user.Id))).Verifiable(); } if (rememberClient) { response.Setup(r => r.SignIn( It.Is <AuthenticationProperties>(v => v.IsPersistent == true), It.Is <ClaimsIdentity>(i => i.FindFirstValue(ClaimTypes.Name) == user.Id && i.AuthenticationType == IdentityOptions.TwoFactorRememberMeCookieAuthenticationType))).Verifiable(); } context.Setup(c => c.Response).Returns(response.Object).Verifiable(); context.Setup(c => c.AuthenticateAsync(IdentityOptions.TwoFactorUserIdCookieAuthenticationType)).ReturnsAsync(authResult).Verifiable(); contextAccessor.Setup(a => a.Value).Returns(context.Object); var logStore = new StringBuilder(); var loggerFactory = MockHelpers.MockILoggerFactory(MockHelpers.MockILogger(logStore).Object); var helper = new SignInManager <TestUser>(manager.Object, contextAccessor.Object, claimsFactory, options.Object, loggerFactory.Object); string expected = string.Format("{0} for user: {1} : Result : {2}", "TwoFactorSignInAsync", user.Id.ToString(), "Succeeded"); // Act var result = await helper.TwoFactorSignInAsync(provider, code, isPersistent, rememberClient); // Assert Assert.True(result.Succeeded); Assert.NotEqual(-1, logStore.ToString().IndexOf(expected)); manager.VerifyAll(); context.VerifyAll(); response.VerifyAll(); contextAccessor.VerifyAll(); }