public void DeleteUserSSO_InvalidtokenSignature_401() { newUser = _tu.CreateUserObject(); Session newSession = _tu.CreateSessionObject(newUser); _tu.CreateSessionInDb(newSession); var endpoint = API_ROUTE_LOCAL + "/sso/user/delete"; var _userController = new UserController(); _userController.Request = new HttpRequestMessage { RequestUri = new Uri(endpoint) }; var loginDTO = new LoginRequestPayload { SSOUserId = Guid.NewGuid().ToString(), Email = "*****@*****.**", Timestamp = 1928743091, Signature = "ahsbdkfhasjdfln", }; var request = new HttpRequestMessage(); request.Headers.Add("token", newSession.Token); _userController.Request = request; //invalid signature should throw and InvalidTokenSignatureException // and return a 401 NegotiatedContentResult <string> response = (NegotiatedContentResult <string>)_userController.DeleteViaSSO(loginDTO); Assert.AreEqual(HttpStatusCode.Unauthorized, response.StatusCode); }
public async Task <LoginRequestResponse> Login([FromBody] LoginRequestPayload payload) { return(await _mediator.Send(new LoginRequest() { UserName = payload.UserName, Password = payload.Password })); }
public void Login_NewUser_ValidUsername_200() { var controller = new UserController(); var user = ut.CreateSSOUserInDb(); var timestamp = 12312445; var expectedStatusCode = HttpStatusCode.SeeOther; MockLoginPayload mock_payload = new MockLoginPayload { ssoUserId = user.Id, email = user.Username, timestamp = timestamp }; var endpoint = API_ROUTE_LOCAL + "/api/user/login"; var payload = new LoginRequestPayload { Email = user.Username, SSOUserId = mock_payload.ssoUserId.ToString(), Timestamp = mock_payload.timestamp, Signature = mock_payload.Signature(), }; controller.Request = new HttpRequestMessage { RequestUri = new Uri(endpoint) }; var actionresult = controller.LoginFromSSO(payload); Assert.IsInstanceOfType(actionresult, typeof(Task <HttpResponseMessage>)); Assert.IsNotNull(actionresult as Task <HttpResponseMessage>); var result = actionresult as Task <HttpResponseMessage>; Assert.AreEqual(expectedStatusCode, result.Result.StatusCode); }
public async Task <HttpResponseMessage> LoginFromSSO([FromBody] LoginRequestPayload requestPayload) { using (var _db = new DatabaseContext()) { try { // Throws ExceptionService.InvalidModelPayloadException ControllerHelpers.ValidateModelAndPayload(ModelState, requestPayload); // Throws ExceptionService.InvalidGuidException Guid userSSOID = ControllerHelpers.ParseAndCheckId(requestPayload.SSOUserId); var _ssoLoginManager = new KFC_SSO_Manager(_db); // user will get logged in or registered var loginSession = await _ssoLoginManager.LoginFromSSO( requestPayload.Email, userSSOID, requestPayload.Timestamp, requestPayload.Signature); _db.SaveChanges(); var redirectURL = "https://pointmap.net/#/login/?token=" + loginSession.Token; var response = SSOLoginResponse.ResponseRedirect(Request, redirectURL); return(response); } catch (Exception e) when(e is InvalidGuidException || e is InvalidModelPayloadException || e is InvalidEmailException) { var response = new HttpResponseMessage(HttpStatusCode.BadRequest); response.Content = new StringContent(e.Message); return(response); } catch (Exception e) when(e is UserAlreadyExistsException) { var response = new HttpResponseMessage(HttpStatusCode.Conflict); response.Content = new StringContent(e.Message); return(response); } catch (Exception e) when(e is InvalidTokenSignatureException) { var response = new HttpResponseMessage(HttpStatusCode.Unauthorized); response.Content = new StringContent(e.Message); return(response); } catch (Exception e) { if (e is DbUpdateException || e is DbEntityValidationException) { _db.RevertDatabaseChanges(_db); } var response = new HttpResponseMessage(HttpStatusCode.InternalServerError); return(response); } } }
[Route("sso/user/delete")] // Request from sso to delete user self from sso to all apps public IHttpActionResult DeleteViaSSO([FromBody, Required] LoginRequestPayload requestPayload) { using (var _db = new DatabaseContext()) { try { // Throws ExceptionService.InvalidModelPayloadException ControllerHelpers.ValidateModelAndPayload(ModelState, requestPayload); // Throws ExceptionService.InvalidGuidException var userSSOID = ControllerHelpers.ParseAndCheckId(requestPayload.SSOUserId); // Check valid signature var _ssoServiceAuth = new SignatureService(); var validSignature = _ssoServiceAuth.IsValidClientRequest(userSSOID.ToString(), requestPayload.Email, requestPayload.Timestamp, requestPayload.Signature); if (!validSignature) { return(Content(HttpStatusCode.Unauthorized, "Invalid Token signature.")); } var _userManagementManager = new UserManagementManager(_db); // Throw exception if user does not exist var user = _userManagementManager.GetUser(userSSOID); if (user == null) { return(Content(HttpStatusCode.OK, "User does not exist")); } _userManagementManager.DeleteUser(userSSOID); _db.SaveChanges(); return(Ok("User was deleted")); } catch (Exception e) when(e is InvalidGuidException || e is InvalidModelPayloadException) { return(Content(HttpStatusCode.BadRequest, e.Message)); } catch (Exception e) { if (e is DbUpdateException || e is DbEntityValidationException) { _db.RevertDatabaseChanges(_db); } return(Content(HttpStatusCode.InternalServerError, e.Message)); } } }
public void LoginRegister_Invalid_Signature_401() { var controller = new UserController(); var existing_user = ut.CreateSSOUserInDb(); var existing_username = existing_user.Username; var existing_ssoID = existing_user.Id; var timestamp = 23454252; var expectedStatusCode = HttpStatusCode.Unauthorized; MockLoginPayload mock_payload = new MockLoginPayload { ssoUserId = existing_ssoID, email = existing_username, timestamp = timestamp }; // modify payload value var alterdEmail = "*****@*****.**"; var endpoint = API_ROUTE_LOCAL + "/api/user/login"; LoginRequestPayload payload = new LoginRequestPayload { Email = alterdEmail, SSOUserId = mock_payload.ssoUserId.ToString(), Timestamp = mock_payload.timestamp, Signature = mock_payload.Signature(), }; controller.Request = new HttpRequestMessage { RequestUri = new Uri(endpoint) }; var actionresult = controller.LoginFromSSO(payload); // returns a HTTPResponseMessage Assert.IsInstanceOfType(actionresult, typeof(Task <HttpResponseMessage>)); var contentresult = actionresult as Task <HttpResponseMessage>; Assert.AreEqual(expectedStatusCode, contentresult.Result.StatusCode); }
public void Register_Attempt_InvalidSSOID_400() { var controller = new UserController(); var attemptedUsername = "******"; var attemptedSSOId = Guid.NewGuid(); var attemptedTimestamp = 2345678; var expectedStatusCode = HttpStatusCode.BadRequest; MockLoginPayload mock_payload = new MockLoginPayload { ssoUserId = attemptedSSOId, email = attemptedUsername, timestamp = attemptedTimestamp }; var endpoint = API_ROUTE_LOCAL + "/api/user/login"; var makeAttemptedSSOIdInvalid = mock_payload.ssoUserId.ToString() + "838fjf57h2dhdn2dn"; LoginRequestPayload payload = new LoginRequestPayload { Email = mock_payload.email, SSOUserId = makeAttemptedSSOIdInvalid, Timestamp = mock_payload.timestamp, Signature = mock_payload.Signature(), }; controller.Request = new HttpRequestMessage { RequestUri = new Uri(endpoint) }; var actionresult = controller.LoginFromSSO(payload); // returns a HTTPResponseMessage Assert.IsInstanceOfType(actionresult, typeof(Task <HttpResponseMessage>)); var contentresult = actionresult as Task <HttpResponseMessage>; Assert.AreEqual(expectedStatusCode, contentresult.Result.StatusCode); }
public async Task <IActionResult> Login(LoginRequestPayload payload) { try { HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, oktaTokenUrl); request.Content = new StringContent(payload.ToString(), Encoding.UTF8, "application/x-www-form-urlencoded"); request.Headers.Add("Accept", "application/json"); HttpResponseMessage response = await HttpClient.SendAsync(request); string responseString = await response.Content.ReadAsStringAsync(); if (response.StatusCode != HttpStatusCode.OK) { throw new Exception(responseString); } LoginResponsePayload outgoing = JsonConvert.DeserializeObject <LoginResponsePayload>(responseString); return(Ok(outgoing)); } catch (Exception e) { return(BadRequest(e)); } }
public void Login_ExistingUser_ValidSSOID_200() { var controller = new UserController(); var existing_user = ut.CreateSSOUserInDb(); var existing_username = existing_user.Username; var existing_ssoID = existing_user.Id; var timestamp = 23454252; MockLoginPayload mock_payload = new MockLoginPayload { ssoUserId = existing_ssoID, email = existing_username, timestamp = timestamp }; var endpoint = API_ROUTE_LOCAL + "/api/user/login"; var payload = new LoginRequestPayload { Email = existing_username, SSOUserId = mock_payload.ssoUserId.ToString(), Timestamp = mock_payload.timestamp, Signature = mock_payload.Signature(), }; controller.Request = new HttpRequestMessage { RequestUri = new Uri(endpoint) }; var actionresult = controller.LoginFromSSO(payload); Assert.IsInstanceOfType(actionresult, typeof(Task <HttpResponseMessage>)); var contentresult = actionresult as Task <HttpResponseMessage>; Assert.IsNotNull(contentresult); }