public void IsInvalid_WhenEmailVerificationByTicket_IsNotAllowedPurpose(
EmailVerificationPurpose entityPurpose, EmailVerificationPurpose allowedPurpose1, EmailVerificationPurpose?allowedPurpose2)
{
var ticket = FakeData.String();
var queries = new Mock <IProcessQueries>(MockBehavior.Strict);
var command = new FakeMustBePurposedVerifyEmailTicketCommand
{
Ticket = ticket,
Purpose1 = allowedPurpose1,
Purpose2 = allowedPurpose2,
};
var entity = new EmailVerification {
Ticket = ticket, Purpose = entityPurpose,
};
Expression <Func <EmailVerificationBy, bool> > expectedQuery = x => x.Ticket == command.Ticket;
queries.Setup(x => x.Execute(It.Is(expectedQuery)))
.Returns(Task.FromResult(entity));
var validator = new FakeMustBePurposedVerifyEmailTicketValidator(queries.Object);
var result = validator.Validate(command);
result.IsValid.ShouldBeFalse();
Func <ValidationFailure, bool> ticketError = x => x.PropertyName == command.PropertyName(y => y.Ticket);
result.Errors.Count(ticketError).ShouldEqual(1);
result.Errors.Single(ticketError).ErrorMessage.ShouldEqual(Resources
.Validation_EmailVerificationTicket_IsWrongPurpose
.Replace("{PropertyName}", EmailVerification.Constraints.Label.ToLower())
);
queries.Verify(x => x.Execute(It.Is(expectedQuery)), Times.Once);
validator.ShouldHaveValidationErrorFor(x => x.Ticket, command);
queries.Verify(x => x.Execute(It.Is(expectedQuery)), Times.Exactly(2));
}
public void IsValid_WhenEmailVerificationByTicketIsFound_AndTokenIsValid_AndTokensAreEqual_AndTokenIsNotEmpty()
{
string token = FakeData.String();
string ticket = FakeData.String();
var queries = new Mock <IProcessQueries>(MockBehavior.Strict);
var command = new FakeMustHaveValidVerifyEmailTokenCommand
{
Ticket = ticket,
Token = token,
};
var entity = new EmailVerification
{
Ticket = ticket,
Token = token,
Purpose = EmailVerificationPurpose.ForgotPassword,
};
Expression <Func <EmailVerificationBy, bool> > ticketQuery = x => x.Ticket == command.Ticket;
queries.Setup(x => x.Execute(It.Is(ticketQuery))).Returns(Task.FromResult(entity));
Expression <Func <EmailVerificationTokenIsValid, bool> > verifyQuery =
x => x.Ticket == command.Ticket && x.Token == token && x.Purpose == entity.Purpose;
queries.Setup(x => x.Execute(It.Is(verifyQuery))).Returns(Task.FromResult(true));
var validator = new FakeMustHaveValidVerifyEmailTokenValidator(queries.Object);
var result = validator.Validate(command);
result.IsValid.ShouldBeTrue();
queries.Verify(x => x.Execute(It.Is(ticketQuery)), Times.Once);
queries.Verify(x => x.Execute(It.Is(verifyQuery)), Times.Once);
validator.ShouldNotHaveValidationErrorFor(x => x.Ticket, command);
queries.Verify(x => x.Execute(It.Is(ticketQuery)), Times.Exactly(2));
queries.Verify(x => x.Execute(It.Is(verifyQuery)), Times.Exactly(2));
}
public void IsValid_WhenEmailVerificationByTicket_IsAllowedPurpose(
EmailVerificationPurpose entityPurpose, EmailVerificationPurpose allowedPurpose1, EmailVerificationPurpose?allowedPurpose2)
{
var ticket = FakeData.String();
var queries = new Mock <IProcessQueries>(MockBehavior.Strict);
var command = new FakeMustBePurposedVerifyEmailTicketCommand
{
Ticket = ticket,
Purpose1 = allowedPurpose1,
Purpose2 = allowedPurpose2,
};
var entity = new EmailVerification {
Ticket = ticket, Purpose = entityPurpose,
};
Expression <Func <EmailVerificationBy, bool> > expectedQuery = x => x.Ticket == command.Ticket;
queries.Setup(x => x.Execute(It.Is(expectedQuery)))
.Returns(Task.FromResult(entity));
var validator = new FakeMustBePurposedVerifyEmailTicketValidator(queries.Object);
var result = validator.Validate(command);
result.IsValid.ShouldBeTrue();
queries.Verify(x => x.Execute(It.Is(expectedQuery)), Times.Once);
validator.ShouldNotHaveValidationErrorFor(x => x.Ticket, command);
queries.Verify(x => x.Execute(It.Is(expectedQuery)), Times.Exactly(2));
}
public void IsInvalid_WhenEmailVerification_IsAlreadyRedeemed()
{
var ticket = FakeData.String();
var queries = new Mock <IProcessQueries>(MockBehavior.Strict);
var command = new FakeMustBeRedeemableVerifyEmailTicketCommand {
Ticket = ticket,
};
var entity = new EmailVerification
{
Ticket = ticket,
RedeemedOnUtc = DateTime.UtcNow.AddMinutes(-1),
};
Expression <Func <EmailVerificationBy, bool> > expectedQuery = x => x.Ticket == ticket;
queries.Setup(x => x.Execute(It.Is(expectedQuery))).Returns(Task.FromResult(entity));
var validator = new FakeMustBeRedeemableVerifyEmailTicketValidator(queries.Object);
var result = validator.Validate(command);
result.IsValid.ShouldBeFalse();
Func <ValidationFailure, bool> ticketError = x => x.PropertyName == command.PropertyName(y => y.Ticket);
result.Errors.Count(ticketError).ShouldEqual(1);
result.Errors.Single(ticketError).ErrorMessage.ShouldEqual(Resources
.Validation_EmailVerificationTicket_IsRedeemed
.Replace("{PropertyName}", EmailVerification.Constraints.Label.ToLower())
);
queries.Verify(x => x.Execute(It.Is(expectedQuery)), Times.Exactly(2));
validator.ShouldHaveValidationErrorFor(x => x.Ticket, command.Ticket);
queries.Verify(x => x.Execute(It.Is(expectedQuery)), Times.Exactly(4));
}
public void IsInvalid_WhenEmailVerificationByTicket_HasSecretNotEqualToCommandSecret()
{
string secret = FakeData.String().ToUpper();
string ticket = FakeData.String();
var queries = new Mock <IProcessQueries>(MockBehavior.Strict);
var command = new FakeMustBeVerifiedEmailSecretCommand {
Secret = secret, Ticket = ticket,
};
var entity = new EmailVerification {
Secret = secret.ToLower(), Ticket = ticket,
};
Expression <Func <EmailVerificationBy, bool> > expectedQuery = x => x.Ticket == command.Ticket;
queries.Setup(x => x.Execute(It.Is(expectedQuery))).Returns(Task.FromResult(entity));
var validator = new FakeMustBeVerifiedEmailSecretValidator(queries.Object);
var result = validator.Validate(command);
result.IsValid.ShouldBeFalse();
Func <ValidationFailure, bool> secretError = x => x.PropertyName == command.PropertyName(y => y.Secret);
result.Errors.Count(secretError).ShouldEqual(1);
result.Errors.Single(secretError).ErrorMessage.ShouldEqual(Resources
.Validation_EmailVerificationSecret_IsWrong
.Replace("{PropertyName}", EmailVerification.Constraints.SecretLabel.ToLower())
.Replace("{PropertyValue}", command.Secret)
);
queries.Verify(x => x.Execute(It.Is(expectedQuery)), Times.Once);
validator.ShouldHaveValidationErrorFor(x => x.Secret, command);
queries.Verify(x => x.Execute(It.Is(expectedQuery)), Times.Exactly(2));
}
public async Task Handle(CreateEmailVerification command)
{
// find or create the email address
var emailAddress = await _entities.Get <EmailAddress>().ByValueAsync(command.EmailAddress)
?? new EmailAddress
{
Value = command.EmailAddress.ToLower(), // TODO: allow users to change capitalization of email?
HashedValue = await _queries.Execute(new HashedEmailValueBy(command.EmailAddress)),
};
// create random secret and ticket
// note that changing the length of the secret requires updating the
// email messages sent to the address, since those mention secret length
var secret = _queries.Execute(new RandomSecret(10, 12));
var ticket = _queries.Execute(new RandomSecret(20, 25));
// make sure ticket is unique
while (_entities.Query <EmailVerification>().ByTicket(ticket) != null)
{
ticket = _queries.Execute(new RandomSecret(20, 25));
}
// serialize a new user token to a string
var token = await _userManager.UserTokenProvider.GenerateAsync(command.Purpose.ToString(), _userManager,
new UserTicket
{
UserName = ticket,
});
// create the verification
var verification = new EmailVerification
{
EmailAddress = emailAddress,
Purpose = command.Purpose,
Secret = secret,
Ticket = ticket,
Token = token,
// change this, and you have to change the content of the email messages to reflect new expiration
ExpiresOnUtc = DateTime.UtcNow.AddMinutes(30),
};
_entities.Create(verification);
if (command.Commit)
{
await _entities.SaveChangesAsync();
}
command.CreatedEntity = verification;
}
public void IsInvalid_WhenCommandToken_DoesNotEqualEntityToken()
{
string token = FakeData.String().ToUpper();
string ticket = FakeData.String();
var queries = new Mock <IProcessQueries>(MockBehavior.Strict);
var command = new FakeMustHaveValidVerifyEmailTokenCommand
{
Ticket = ticket,
Token = token,
};
var entity = new EmailVerification
{
Ticket = ticket,
Token = token.ToLower(),
Purpose = EmailVerificationPurpose.ForgotPassword,
};
Expression <Func <EmailVerificationBy, bool> > ticketQuery = x => x.Ticket == command.Ticket;
queries.Setup(x => x.Execute(It.Is(ticketQuery))).Returns(Task.FromResult(entity));
Expression <Func <EmailVerificationTokenIsValid, bool> > verifyQuery =
x => x.Ticket == command.Ticket && x.Token == token && x.Purpose == entity.Purpose;
queries.Setup(x => x.Execute(It.Is(verifyQuery))).Returns(Task.FromResult(true));
var validator = new FakeMustHaveValidVerifyEmailTokenValidator(queries.Object);
var result = validator.Validate(command);
result.IsValid.ShouldBeFalse();
Func <ValidationFailure, bool> ticketError = x => x.PropertyName == command.PropertyName(y => y.Ticket);
result.Errors.Count(ticketError).ShouldEqual(1);
result.Errors.Single(ticketError).ErrorMessage.ShouldEqual(Resources
.Validation_EmailVerificationTicket_HasInvalidToken
.Replace("{PropertyName}", EmailVerification.Constraints.Label.ToLower())
);
queries.Verify(x => x.Execute(It.Is(ticketQuery)), Times.Once);
queries.Verify(x => x.Execute(It.Is(verifyQuery)), Times.Once);
validator.ShouldHaveValidationErrorFor(x => x.Ticket, command);
queries.Verify(x => x.Execute(It.Is(ticketQuery)), Times.Exactly(2));
queries.Verify(x => x.Execute(It.Is(verifyQuery)), Times.Exactly(2));
}
public void Handler_ReturnsNullEmailVerification_WhenNotFound_ByTicket()
{
var ticket = FakeData.String();
var emailVerification = new EmailVerification
{
Ticket = FakeData.String(),
};
var data = new[] { emailVerification }.AsQueryable();
var query = new EmailVerificationBy(ticket);
var dbSet = new Mock <DbSet <EmailVerification> >(MockBehavior.Strict).SetupDataAsync(data);
var entities = new Mock <IReadEntities>(MockBehavior.Strict);
var entitySet = new EntitySet <EmailVerification>(dbSet.Object, entities.Object);
entities.Setup(x => x.Query <EmailVerification>()).Returns(entitySet);
var handler = new HandleEmailVerificationByQuery(entities.Object);
EmailVerification result = handler.Handle(query).Result;
result.ShouldBeNull();
entities.Verify(x => x.Query <EmailVerification>(), Times.Once);
}
public void IsValid_WhenEmailVerification_IsNotAlreadyRedeemed()
{
var ticket = FakeData.String();
var queries = new Mock <IProcessQueries>(MockBehavior.Strict);
var command = new FakeMustNotBeRedeemedVerifyEmailTicketCommand {
Ticket = ticket,
};
var entity = new EmailVerification {
Ticket = ticket,
};
Expression <Func <EmailVerificationBy, bool> > expectedQuery = x => x.Ticket == ticket;
queries.Setup(x => x.Execute(It.Is(expectedQuery))).Returns(Task.FromResult(entity));
var validator = new FakeMustNotBeRedeemedVerifyEmailTicketValidator(queries.Object);
var result = validator.Validate(command);
result.IsValid.ShouldBeTrue();
queries.Verify(x => x.Execute(It.Is(expectedQuery)), Times.Once);
validator.ShouldNotHaveValidationErrorFor(x => x.Ticket, command.Ticket);
queries.Verify(x => x.Execute(It.Is(expectedQuery)), Times.Exactly(2));
}
public void IsValid_WhenEmailVerificationByTicket_HasSecretEqualingCommandSecret()
{
string secret = FakeData.String();
string ticket = FakeData.String();
var queries = new Mock <IProcessQueries>(MockBehavior.Strict);
var command = new FakeMustBeVerifiedEmailSecretCommand {
Secret = secret, Ticket = ticket,
};
var entity = new EmailVerification {
Secret = secret, Ticket = ticket,
};
Expression <Func <EmailVerificationBy, bool> > expectedQuery = x => x.Ticket == command.Ticket;
queries.Setup(x => x.Execute(It.Is(expectedQuery))).Returns(Task.FromResult(entity));
var validator = new FakeMustBeVerifiedEmailSecretValidator(queries.Object);
var result = validator.Validate(command);
result.IsValid.ShouldBeTrue();
queries.Verify(x => x.Execute(It.Is(expectedQuery)), Times.Once);
validator.ShouldNotHaveValidationErrorFor(x => x.Secret, command);
queries.Verify(x => x.Execute(It.Is(expectedQuery)), Times.Exactly(2));
}
public void IsValid_WhenEmailVerification_IsNotEmpty_AndIsFoundByTicket_AndIsNotRedeemed_AndIsNotExpired()
{
var ticket = FakeData.String();
var queries = new Mock <IProcessQueries>(MockBehavior.Strict);
var command = new FakeMustBeRedeemableVerifyEmailTicketCommand {
Ticket = ticket,
};
var entity = new EmailVerification
{
Ticket = ticket,
ExpiresOnUtc = DateTime.UtcNow.AddMinutes(1),
};
Expression <Func <EmailVerificationBy, bool> > expectedQuery = x => x.Ticket == ticket;
queries.Setup(x => x.Execute(It.Is(expectedQuery))).Returns(Task.FromResult(entity));
var validator = new FakeMustBeRedeemableVerifyEmailTicketValidator(queries.Object);
var result = validator.Validate(command);
result.IsValid.ShouldBeTrue();
queries.Verify(x => x.Execute(It.Is(expectedQuery)), Times.Exactly(3));
validator.ShouldNotHaveValidationErrorFor(x => x.Ticket, command.Ticket);
queries.Verify(x => x.Execute(It.Is(expectedQuery)), Times.Exactly(6));
}
