public async Task GivenEmployeeAuth_WhenGetRequest_ThenReturnOkWithOwnLogs()
{
// Arrange
var employeeAccount = _fixture.Context.Users.Last();
var employeeDetails = _fixture.Context.Employees.Where(m => m.IdentityId == employeeAccount.Id).First();
var admin = new LoginViewModel
{
UserName = employeeAccount.UserName,
Password = DefaultAdmin.Password,
};
// Act
var request = new HttpRequestMessage(HttpMethod.Get, API_URL);
await AuthExtensions.SetupRequestAuth(request, _fixture, admin);
var response = await _fixture.Client.SendAsync(request);
var result = await response.Content.ReadAsStringAsync();
var resultModel = JsonConvert.DeserializeObject <ListResponse <LogViewModel> >(result);
// Assert
response.EnsureSuccessStatusCode();
var totalList = _fixture.Context.Logs.Where(m => m.EmployeeId == employeeDetails.Id).Count();
Assert.Equal(totalList, resultModel.Meta.TotalItems);
}
public async Task <IActionResult> Login([FromBody] LoginDto customer)
{
var customerEntity = await _repository.Customer.GetCustomerByEmail(customer.email);
if (customerEntity == null)
{
return(NotFound());
}
if (!AuthExtensions.VerifyPasswordHash(customer.password, customerEntity.passwordHash, customerEntity.passwordSalt))
{
return(NotFound("Invalid email or password"));
}
var claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, customerEntity.id.ToString()),
new Claim(ClaimTypes.Email, customerEntity.email),
new Claim(ClaimTypes.Name, customerEntity.name)
};
var customerResult = _mapper.Map <CustomerDto>(customerEntity);
return(Ok(new {
customer = customerResult,
token = AuthExtensions.TokenGeneration(claims, _config)
}));
}
public async Task <IActionResult> UpdateUser(int id, [FromBody] UserForUpdateDto user)
{
var userEntity = HttpContext.Items["entity"] as User;
if (!string.IsNullOrEmpty(user.password) && user.password != null)
{
AuthExtensions.CreatePasswordHash(user.password, out byte[] passwordHash, out byte[] passwordSalt);
user.passwordHash = passwordHash;
user.passwordSalt = passwordSalt;
}
else
{
user.passwordHash = userEntity.passwordHash;
user.passwordSalt = userEntity.passwordSalt;
}
_mapper.Map(user, userEntity);
_repository.User.UpdateUser(userEntity);
await _repository.SaveAsync();
var userResult = new UserDto();
var token = string.Empty;
this.CreateUserResponse(userEntity, out userResult, out token);
return(Ok(new {
user = userResult,
token
}));
}
public async Task <IActionResult> Login([FromBody] LoginDto user)
{
var userEntity = await _repository.User.GetUserByEmail(user.email);
if (userEntity == null)
{
return(NotFound());
}
if (!AuthExtensions.VerifyPasswordHash(user.password, userEntity.passwordHash, userEntity.passwordSalt))
{
return(NotFound("Invalid email or password"));
}
var userResult = new UserDto();
var token = string.Empty;
this.CreateUserResponse(userEntity, out userResult, out token);
var menus = await _repository.RolMenu.GetRolMenusByRolId(userEntity.rolId);
var menusResult = _mapper.Map <IEnumerable <RolMenuDto> >(menus)
.Select(m => m.Menu);
return(Ok(new {
user = userResult,
menu = menusResult,
token,
}));
}
public async Task GivenEmployeeModel_WhenPutUpdatePasswordRequest_ThenReturnOk()
{
// Arrange
const string NEW_PASSWORD = "******";
var model = _fixture.Context.Users.ToList().ElementAt(5);
var viewModel = new UpdatePasswordViewModel
{
UserName = model.UserName,
Password = NEW_PASSWORD,
};
// Act
var response = await _fixture.Client.PutAsJsonAsync($"{API_URL}/update-password", viewModel);
// Assert
response.EnsureSuccessStatusCode();
var assertLogin = await AuthExtensions.GetJwt(
_fixture,
new LoginViewModel
{
UserName = model.UserName,
Password = NEW_PASSWORD,
}
);
Assert.NotEmpty(assertLogin);
}
public async Task GivenValidModel_WhenPostRegisterRequest_ThenReturnOk()
{
// Arrange
var model = new EmployeeTestModel();
// Act
var response = await _fixture.Client.PostAsJsonAsync($"{API_URL}/register", model);
// Assert
response.EnsureSuccessStatusCode();
var updatedModel = await _fixture.Context.Employees.FirstAsync(m => m.FullName == model.FullName);
Assert.Equal(updatedModel.FullName, model.FullName);
Assert.Equal(updatedModel.CardNo, model.CardNo);
Assert.Equal(updatedModel.Position, model.Position);
var assertAccount = await AuthExtensions.GetJwt(
_fixture,
new LoginViewModel
{
UserName = model.UserName,
Password = model.Password
}
);
Assert.NotEmpty(assertAccount);
}
public async Task GivenValidAccountsPerRole_WhenPostChallenge_ThenReturnOk(string role)
{
// Arrange
var userName = DefaultAdmin.UserName;
if (role == "Employee")
{
var employee = _fixture.Context.Users.First(m => m.UserName != DefaultAdmin.UserName);
userName = employee.UserName;
}
var credentials = new LoginViewModel
{
UserName = userName,
Password = "******",
};
// Act
var request = new HttpRequestMessage(HttpMethod.Post, $"{API_URL}/challenge/{role}");
await AuthExtensions.SetupRequestAuth(request, _fixture, credentials);
var response = await _fixture.Client.SendAsync(request);
// Assert
response.EnsureSuccessStatusCode();
}
public ConfigTest(TestServerFixture fixture)
{
_fixture = fixture;
// Set up Default Auth as Admin
var userCredentials = new LoginViewModel
{
UserName = DefaultAdmin.UserName,
Password = DefaultAdmin.Password
};
AuthExtensions.SetupJwtAuth(_fixture, userCredentials).Wait();
}
private void CreateUserResponse(User userEntity, out UserDto userResult, out string token)
{
var claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, userEntity.id.ToString()),
new Claim(ClaimTypes.Email, userEntity.email),
new Claim(ClaimTypes.Name, userEntity.name),
new Claim(ClaimTypes.Role, userEntity.rolId == 1 ? "Administrador" : "Capturista")
};
userResult = _mapper.Map <UserDto>(userEntity);
token = AuthExtensions.TokenGeneration(claims, _config);
}
public async Task <IActionResult> CreateCustomer([FromBody] CustomerCreationDto customer)
{
var customerEntity = _mapper.Map <Customer>(customer);
AuthExtensions.CreatePasswordHash(customer.password, out byte[] passwordHash, out byte[] passwordSalt);
customer.passwordHash = passwordHash;
customer.passwordSalt = passwordSalt;
_repository.Customer.CreateCustomer(customerEntity);
await _repository.SaveAsync();
var createdCustomer = _mapper.Map <CustomerDto>(customerEntity);
return(CreatedAtRoute("CustomerById", new { id = createdCustomer.customerId }, createdCustomer));
}
public async Task <IActionResult> CreateUser([FromBody] UserCreationDto user)
{
var userEntity = _mapper.Map <User>(user);
AuthExtensions.CreatePasswordHash(user.password, out byte[] passwordHash, out byte[] passwordSalt);
userEntity.passwordHash = passwordHash;
userEntity.passwordSalt = passwordSalt;
_repository.User.CreateUser(userEntity);
await _repository.SaveAsync();
var createdUser = _mapper.Map <UserDto>(userEntity);
return(CreatedAtRoute("UserById", new { id = createdUser.userId }, createdUser));
}
public async Task GivenAuthByEmployee_WhenPutChangePasswordRequest_ThenReturnOk()
{
// Arrange
const string NEW_PASSWORD = "******";
const string DEFAULT_PASSWORD = DefaultAdmin.Password;
var model = _fixture.Context.Users.Last();
var viewModel = await Task.Run(() => JsonConvert.SerializeObject(
new ChangePasswordViewModel
{
OldPassword = DEFAULT_PASSWORD,
NewPassword = NEW_PASSWORD,
}
));
// Act
var request = new HttpRequestMessage(HttpMethod.Put, $"{API_URL}/change-password");
request.Content = new StringContent(viewModel, Encoding.UTF8, "application/json");
// Send request as Employee
await AuthExtensions.SetupRequestAuth(
request,
_fixture,
new LoginViewModel
{
UserName = model.UserName,
Password = DEFAULT_PASSWORD,
}
);
var response = await _fixture.Client.SendAsync(request);
// Assert
response.EnsureSuccessStatusCode();
var assertLogin = await AuthExtensions.GetJwt(
_fixture,
new LoginViewModel
{
UserName = model.UserName,
Password = NEW_PASSWORD,
}
);
Assert.NotEmpty(assertLogin);
}
public async Task GivenAuthAsEmployee_WhenRequestInAdminOnlyEndpoints_ThenReturnForbidden(HttpMethod method, string url)
{
// Arrange
var employee = _fixture.Context.Users.First(m => m.UserName != DefaultAdmin.UserName);
var credentials = new LoginViewModel
{
UserName = employee.UserName,
Password = "******",
};
// Act
var request = new HttpRequestMessage(method, url);
await AuthExtensions.SetupRequestAuth(request, _fixture, credentials);
var response = await _fixture.Client.SendAsync(request);
// Assert
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
}
public IActionResult RefreshToken([FromBody] TokenDto model)
{
var validatedClaims = (AuthExtensions.VerifyToken(model.token, _config));
if (validatedClaims == null)
{
return(Unauthorized());
}
var user = new UserDto
{
userId = int.Parse(validatedClaims.First(c => c.Type == ClaimTypes.NameIdentifier).Value),
email = validatedClaims.First(c => c.Type == ClaimTypes.Email).Value,
name = validatedClaims.First(c => c.Type == ClaimTypes.Name).Value
};
return(Ok(new {
user,
token = AuthExtensions.TokenGeneration(validatedClaims.ToList(), _config)
}));
}
public async Task <IActionResult> UpdateCustomer(int id, [FromBody] CustomerForUpdateDto customer)
{
var customerEntity = HttpContext.Items["entity"] as Customer;
if (!string.IsNullOrEmpty(customer.password))
{
AuthExtensions.CreatePasswordHash(customer.password, out byte[] passwordHash, out byte[] passwordSalt);
customer.passwordHash = passwordHash;
customer.passwordSalt = passwordSalt;
}
else
{
customer.passwordHash = customerEntity.passwordHash;
customer.passwordSalt = customerEntity.passwordSalt;
}
_mapper.Map(customer, customerEntity);
_repository.Customer.UpdateCustomer(customerEntity);
await _repository.SaveAsync();
return(NoContent());
}
