public void DeleteUserSSO_InvalidtokenSignature_401()
{
newUser = _tu.CreateUserObject();
Session newSession = _tu.CreateSessionObject(newUser);
_tu.CreateSessionInDb(newSession);
var endpoint = API_ROUTE_LOCAL + "/sso/user/delete";
var _userController = new UserController();
_userController.Request = new HttpRequestMessage
{
RequestUri = new Uri(endpoint)
};
var loginDTO = new LoginRequestPayload
{
SSOUserId = Guid.NewGuid().ToString(),
Email = "*****@*****.**",
Timestamp = 1928743091,
Signature = "ahsbdkfhasjdfln",
};
var request = new HttpRequestMessage();
request.Headers.Add("token", newSession.Token);
_userController.Request = request;
//invalid signature should throw and InvalidTokenSignatureException
// and return a 401
NegotiatedContentResult <string> response = (NegotiatedContentResult <string>)_userController.DeleteViaSSO(loginDTO);
Assert.AreEqual(HttpStatusCode.Unauthorized, response.StatusCode);
}
public async Task <LoginRequestResponse> Login([FromBody] LoginRequestPayload payload)
{
return(await _mediator.Send(new LoginRequest()
{
UserName = payload.UserName, Password = payload.Password
}));
}
public void Login_NewUser_ValidUsername_200()
{
var controller = new UserController();
var user = ut.CreateSSOUserInDb();
var timestamp = 12312445;
var expectedStatusCode = HttpStatusCode.SeeOther;
MockLoginPayload mock_payload = new MockLoginPayload
{
ssoUserId = user.Id,
email = user.Username,
timestamp = timestamp
};
var endpoint = API_ROUTE_LOCAL + "/api/user/login";
var payload = new LoginRequestPayload
{
Email = user.Username,
SSOUserId = mock_payload.ssoUserId.ToString(),
Timestamp = mock_payload.timestamp,
Signature = mock_payload.Signature(),
};
controller.Request = new HttpRequestMessage
{
RequestUri = new Uri(endpoint)
};
var actionresult = controller.LoginFromSSO(payload);
Assert.IsInstanceOfType(actionresult, typeof(Task <HttpResponseMessage>));
Assert.IsNotNull(actionresult as Task <HttpResponseMessage>);
var result = actionresult as Task <HttpResponseMessage>;
Assert.AreEqual(expectedStatusCode, result.Result.StatusCode);
}
public async Task <HttpResponseMessage> LoginFromSSO([FromBody] LoginRequestPayload requestPayload)
{
using (var _db = new DatabaseContext())
{
try
{
// Throws ExceptionService.InvalidModelPayloadException
ControllerHelpers.ValidateModelAndPayload(ModelState, requestPayload);
// Throws ExceptionService.InvalidGuidException
Guid userSSOID = ControllerHelpers.ParseAndCheckId(requestPayload.SSOUserId);
var _ssoLoginManager = new KFC_SSO_Manager(_db);
// user will get logged in or registered
var loginSession = await _ssoLoginManager.LoginFromSSO(
requestPayload.Email,
userSSOID,
requestPayload.Timestamp,
requestPayload.Signature);
_db.SaveChanges();
var redirectURL = "https://pointmap.net/#/login/?token=" + loginSession.Token;
var response = SSOLoginResponse.ResponseRedirect(Request, redirectURL);
return(response);
}
catch (Exception e) when(e is InvalidGuidException ||
e is InvalidModelPayloadException ||
e is InvalidEmailException)
{
var response = new HttpResponseMessage(HttpStatusCode.BadRequest);
response.Content = new StringContent(e.Message);
return(response);
}
catch (Exception e) when(e is UserAlreadyExistsException)
{
var response = new HttpResponseMessage(HttpStatusCode.Conflict);
response.Content = new StringContent(e.Message);
return(response);
}
catch (Exception e) when(e is InvalidTokenSignatureException)
{
var response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
response.Content = new StringContent(e.Message);
return(response);
}
catch (Exception e)
{
if (e is DbUpdateException ||
e is DbEntityValidationException)
{
_db.RevertDatabaseChanges(_db);
}
var response = new HttpResponseMessage(HttpStatusCode.InternalServerError);
return(response);
}
}
}
[Route("sso/user/delete")] // Request from sso to delete user self from sso to all apps
public IHttpActionResult DeleteViaSSO([FromBody, Required] LoginRequestPayload requestPayload)
{
using (var _db = new DatabaseContext())
{
try
{
// Throws ExceptionService.InvalidModelPayloadException
ControllerHelpers.ValidateModelAndPayload(ModelState, requestPayload);
// Throws ExceptionService.InvalidGuidException
var userSSOID = ControllerHelpers.ParseAndCheckId(requestPayload.SSOUserId);
// Check valid signature
var _ssoServiceAuth = new SignatureService();
var validSignature = _ssoServiceAuth.IsValidClientRequest(userSSOID.ToString(), requestPayload.Email, requestPayload.Timestamp, requestPayload.Signature);
if (!validSignature)
{
return(Content(HttpStatusCode.Unauthorized, "Invalid Token signature."));
}
var _userManagementManager = new UserManagementManager(_db);
// Throw exception if user does not exist
var user = _userManagementManager.GetUser(userSSOID);
if (user == null)
{
return(Content(HttpStatusCode.OK, "User does not exist"));
}
_userManagementManager.DeleteUser(userSSOID);
_db.SaveChanges();
return(Ok("User was deleted"));
}
catch (Exception e) when(e is InvalidGuidException ||
e is InvalidModelPayloadException)
{
return(Content(HttpStatusCode.BadRequest, e.Message));
}
catch (Exception e)
{
if (e is DbUpdateException ||
e is DbEntityValidationException)
{
_db.RevertDatabaseChanges(_db);
}
return(Content(HttpStatusCode.InternalServerError, e.Message));
}
}
}
public void LoginRegister_Invalid_Signature_401()
{
var controller = new UserController();
var existing_user = ut.CreateSSOUserInDb();
var existing_username = existing_user.Username;
var existing_ssoID = existing_user.Id;
var timestamp = 23454252;
var expectedStatusCode = HttpStatusCode.Unauthorized;
MockLoginPayload mock_payload = new MockLoginPayload
{
ssoUserId = existing_ssoID,
email = existing_username,
timestamp = timestamp
};
// modify payload value
var alterdEmail = "*****@*****.**";
var endpoint = API_ROUTE_LOCAL + "/api/user/login";
LoginRequestPayload payload = new LoginRequestPayload
{
Email = alterdEmail,
SSOUserId = mock_payload.ssoUserId.ToString(),
Timestamp = mock_payload.timestamp,
Signature = mock_payload.Signature(),
};
controller.Request = new HttpRequestMessage
{
RequestUri = new Uri(endpoint)
};
var actionresult = controller.LoginFromSSO(payload);
// returns a HTTPResponseMessage
Assert.IsInstanceOfType(actionresult, typeof(Task <HttpResponseMessage>));
var contentresult = actionresult as Task <HttpResponseMessage>;
Assert.AreEqual(expectedStatusCode, contentresult.Result.StatusCode);
}
public void Register_Attempt_InvalidSSOID_400()
{
var controller = new UserController();
var attemptedUsername = "******";
var attemptedSSOId = Guid.NewGuid();
var attemptedTimestamp = 2345678;
var expectedStatusCode = HttpStatusCode.BadRequest;
MockLoginPayload mock_payload = new MockLoginPayload
{
ssoUserId = attemptedSSOId,
email = attemptedUsername,
timestamp = attemptedTimestamp
};
var endpoint = API_ROUTE_LOCAL + "/api/user/login";
var makeAttemptedSSOIdInvalid = mock_payload.ssoUserId.ToString() + "838fjf57h2dhdn2dn";
LoginRequestPayload payload = new LoginRequestPayload
{
Email = mock_payload.email,
SSOUserId = makeAttemptedSSOIdInvalid,
Timestamp = mock_payload.timestamp,
Signature = mock_payload.Signature(),
};
controller.Request = new HttpRequestMessage
{
RequestUri = new Uri(endpoint)
};
var actionresult = controller.LoginFromSSO(payload);
// returns a HTTPResponseMessage
Assert.IsInstanceOfType(actionresult, typeof(Task <HttpResponseMessage>));
var contentresult = actionresult as Task <HttpResponseMessage>;
Assert.AreEqual(expectedStatusCode, contentresult.Result.StatusCode);
}
public async Task <IActionResult> Login(LoginRequestPayload payload)
{
try {
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, oktaTokenUrl);
request.Content = new StringContent(payload.ToString(), Encoding.UTF8, "application/x-www-form-urlencoded");
request.Headers.Add("Accept", "application/json");
HttpResponseMessage response = await HttpClient.SendAsync(request);
string responseString = await response.Content.ReadAsStringAsync();
if (response.StatusCode != HttpStatusCode.OK)
{
throw new Exception(responseString);
}
LoginResponsePayload outgoing = JsonConvert.DeserializeObject <LoginResponsePayload>(responseString);
return(Ok(outgoing));
} catch (Exception e) {
return(BadRequest(e));
}
}
public void Login_ExistingUser_ValidSSOID_200()
{
var controller = new UserController();
var existing_user = ut.CreateSSOUserInDb();
var existing_username = existing_user.Username;
var existing_ssoID = existing_user.Id;
var timestamp = 23454252;
MockLoginPayload mock_payload = new MockLoginPayload
{
ssoUserId = existing_ssoID,
email = existing_username,
timestamp = timestamp
};
var endpoint = API_ROUTE_LOCAL + "/api/user/login";
var payload = new LoginRequestPayload
{
Email = existing_username,
SSOUserId = mock_payload.ssoUserId.ToString(),
Timestamp = mock_payload.timestamp,
Signature = mock_payload.Signature(),
};
controller.Request = new HttpRequestMessage
{
RequestUri = new Uri(endpoint)
};
var actionresult = controller.LoginFromSSO(payload);
Assert.IsInstanceOfType(actionresult, typeof(Task <HttpResponseMessage>));
var contentresult = actionresult as Task <HttpResponseMessage>;
Assert.IsNotNull(contentresult);
}
