public void AuthenticateLocalAsync_UserValidationFails_AuthenticateResultIsNull()
{
// Arrange
var options = new MembershipOptions();
var membershipService = A.Fake <IMembershipService>();
var roleService = A.Fake <IRoleService>();
var context = new LocalAuthenticationContext {
UserName = "******", Password = "******"
};
A.CallTo(() => membershipService.GetUserAsync("*****@*****.**"))
.Returns(Task.FromResult(new MembershipUser {
IsLockedOut = false
}));
A.CallTo(() => membershipService.ValidateUser("*****@*****.**", "password123"))
.Returns(Task.FromResult(false));
var service = new MembershipUserService(options, membershipService, roleService);
// Act
service.AuthenticateLocalAsync(context).Wait();
// Assert
context.AuthenticateResult.Should().BeNull();
A.CallTo(() => membershipService.GetUserAsync("*****@*****.**")).MustHaveHappened();
A.CallTo(() => membershipService.ValidateUser("*****@*****.**", "password123")).MustHaveHappened();
}
public void GetProfileDataAsync_UserNotFound_ThrowsArgumentException()
{
// Arrange
var userId = Guid.NewGuid();
var options = new MembershipOptions();
var membershipService = A.Fake <IMembershipService>();
var roleService = A.Fake <IRoleService>();
A.CallTo(() => membershipService.GetUserAsync(userId)).Returns(Task.FromResult((MembershipUser)null));
var context = new ProfileDataRequestContext
{
Subject = new ClaimsPrincipal(new ClaimsIdentity(new List <Claim>
{
new Claim(Constants.ClaimTypes.Subject, userId.ToString("N"))
}))
};
var service = new MembershipUserService(options, membershipService, roleService);
Action getProfileDataAsync = () => service.GetProfileDataAsync(context).Wait();
// Act
getProfileDataAsync.Should().Throw <ArgumentException>().WithMessage("Invalid subject identifier");
// Assert
A.CallTo(() => membershipService.GetUserAsync(userId)).MustHaveHappened();
}
public void IsActiveAsync_UserFoundAndActive_ContextIsActive()
{
// Arrange
var userId = Guid.NewGuid();
var options = new MembershipOptions();
var membershipService = A.Fake <IMembershipService>();
var roleService = A.Fake <IRoleService>();
var user = new MembershipUser {
IsLockedOut = false
};
A.CallTo(() => membershipService.GetUserAsync(userId)).Returns(Task.FromResult(user));
var context = new IsActiveContext(
new ClaimsPrincipal(
new ClaimsIdentity(new List <Claim>
{
new Claim(Constants.ClaimTypes.Subject, userId.ToString("N"))
})),
new Client()
);
var service = new MembershipUserService(options, membershipService, roleService);
// Act
service.IsActiveAsync(context).Wait();
// Assert
context.IsActive.Should().BeTrue();
A.CallTo(() => membershipService.GetUserAsync(userId)).MustHaveHappened();
}
public void GetProfileDataAsync_UserFound_NoClaimsRequested_NoIssuedClaims()
{
// Arrange
var userId = Guid.NewGuid();
var options = new MembershipOptions();
var membershipService = A.Fake <IMembershipService>();
var roleService = A.Fake <IRoleService>();
var user = new MembershipUser();
A.CallTo(() => membershipService.GetUserAsync(userId)).Returns(Task.FromResult(user));
var context = new ProfileDataRequestContext
{
Subject = new ClaimsPrincipal(new ClaimsIdentity(new List <Claim>
{
new Claim(Constants.ClaimTypes.Subject, userId.ToString("N"))
})),
AllClaimsRequested = false,
RequestedClaimTypes = new List <string>()
};
var service = new MembershipUserService(options, membershipService, roleService);
// Act
service.GetProfileDataAsync(context).Wait();
// Assert
context.IssuedClaims.Should().BeNullOrEmpty();
A.CallTo(() => membershipService.GetUserAsync(userId));
}
public void Ctor_MembershipServiceNull_ThrowsArgumentNullException()
{
var options = new MembershipOptions();
Action ctor = () => new MembershipUserService(options, null, null);
ctor.Should().Throw <ArgumentNullException>().And.ParamName.Should().Be("membershipService");
}
public void GetProfileDataAsync_UserFound_AllClaimsRequested_RolesIncluded_NoIssuedClaims()
{
// Arrange
var userId = Guid.NewGuid();
var options = new MembershipOptions
{
UseRoleProviderSource = true,
IdentityProvider = "idsvr"
};
var membershipService = A.Fake <IMembershipService>();
var roleService = A.Fake <IRoleService>();
var user = new MembershipUser
{
UserId = userId,
UserName = "******",
Email = "*****@*****.**",
IsLockedOut = false
};
A.CallTo(() => membershipService.GetUserAsync(userId))
.Returns(Task.FromResult(user));
A.CallTo(() => roleService.GetRolesForUser("*****@*****.**"))
.Returns(Task.FromResult(new[] { "role1", "role2", "role3" }));
var context = new ProfileDataRequestContext
{
Subject = new ClaimsPrincipal(new ClaimsIdentity(new List <Claim>
{
new Claim(Constants.ClaimTypes.Subject, userId.ToString("N"))
})),
AllClaimsRequested = true,
RequestedClaimTypes = new List <string>()
};
var service = new MembershipUserService(options, membershipService, roleService);
// Act
service.GetProfileDataAsync(context).Wait();
// Assert
var issuedClaims = context.IssuedClaims.ToList();
issuedClaims.Should().HaveCount(11);
issuedClaims.ShouldContain(JwtClaimTypes.Subject, userId.ToString("N"));
issuedClaims.ShouldContain(JwtClaimTypes.PreferredUserName, "*****@*****.**");
issuedClaims.ShouldContain(JwtClaimTypes.Email, "*****@*****.**");
issuedClaims.ShouldContain(JwtClaimTypes.IdentityProvider, "idsvr");
issuedClaims.ShouldContain(JwtClaimTypes.Role, "role1");
issuedClaims.ShouldContain(JwtClaimTypes.Role, "role2");
issuedClaims.ShouldContain(JwtClaimTypes.Role, "role3");
A.CallTo(() => membershipService.GetUserAsync(userId));
}
public void AuthenticateLocalAsync_UserValid_RolesNotIncluded_AuthenticateResultSet()
{
// Arrange
var userId = Guid.NewGuid();
var options = new MembershipOptions();
var membershipService = A.Fake <IMembershipService>();
var roleService = A.Fake <IRoleService>();
var context = new LocalAuthenticationContext {
UserName = "******", Password = "******"
};
A.CallTo(() => membershipService.GetUserAsync("*****@*****.**"))
.Returns(Task.FromResult(new MembershipUser
{
UserId = userId,
UserName = "******",
Email = "*****@*****.**",
IsLockedOut = false
}));
A.CallTo(() => membershipService.ValidateUser("*****@*****.**", "password123"))
.Returns(Task.FromResult(true));
var service = new MembershipUserService(options, membershipService, roleService);
// Act
service.AuthenticateLocalAsync(context).Wait();
// Assert
context.AuthenticateResult.Should().NotBeNull();
context.AuthenticateResult.HasSubject.Should().BeTrue();
var issuedClaims = context.AuthenticateResult.User.Claims.ToList();
issuedClaims.Should().HaveCount(10);
issuedClaims.ShouldContain(Constants.ClaimTypes.Subject, userId.ToString("N"));
issuedClaims.ShouldContain(Constants.ClaimTypes.Name, "*****@*****.**");
issuedClaims.ShouldContain(Constants.ClaimTypes.AuthenticationMethod, "password");
issuedClaims.ShouldContain(Constants.ClaimTypes.IdentityProvider, "idsrv");
issuedClaims.ShouldContain(Constants.ClaimTypes.AuthenticationTime);
issuedClaims.ShouldContain(Constants.ClaimTypes.PreferredUserName, "*****@*****.**");
issuedClaims.ShouldContain(Constants.ClaimTypes.Email, "*****@*****.**");
A.CallTo(() => membershipService.GetUserAsync("*****@*****.**")).MustHaveHappened();
A.CallTo(() => membershipService.ValidateUser("*****@*****.**", "password123")).MustHaveHappened();
}
public void IsActiveAsync_SubjectNull_ContextIsNotActive()
{
// Arrange
var options = new MembershipOptions();
var membershipService = A.Fake <IMembershipService>();
var roleService = A.Fake <IRoleService>();
var context = new IsActiveContext(new ClaimsPrincipal(new ClaimsIdentity()), new Client());
var service = new MembershipUserService(options, membershipService, roleService);
Action isActiveAsync = () => service.IsActiveAsync(context).Wait();
// Act + Assert
isActiveAsync.Should().Throw <InvalidOperationException>().And.Message.Should().Be("sub claim is missing");
}
public void GetProfileDataAsync_SubjectNull_ThrowsArgumentNullException()
{
// Arrange
var options = new MembershipOptions();
var membershipService = A.Fake <IMembershipService>();
var roleService = A.Fake <IRoleService>();
var context = new ProfileDataRequestContext {
Subject = null
};
var service = new MembershipUserService(options, membershipService, roleService);
Action getProfileDataAsync = () => service.GetProfileDataAsync(context).Wait();
// Act + Assert
getProfileDataAsync.Should().Throw <ArgumentNullException>()
.And.ParamName.Should().Be("subject");
}
public void AuthenticateLocalAsync_UsernameNullOrEmpty_AuthenticateResultIsNull(string username)
{
// Arrange
var options = new MembershipOptions();
var membershipService = A.Fake <IMembershipService>();
var roleService = A.Fake <IRoleService>();
var context = new LocalAuthenticationContext {
UserName = username
};
var service = new MembershipUserService(options, membershipService, roleService);
// Act
service.AuthenticateLocalAsync(context).Wait();
// Assert
context.AuthenticateResult.Should().BeNull();
}
public void GetProfileDataAsync_SubjectClaimMissing_ThrowsInvalidOperationException()
{
// Arrange
var options = new MembershipOptions();
var membershipService = A.Fake <IMembershipService>();
var roleService = A.Fake <IRoleService>();
var context = new ProfileDataRequestContext
{
Subject = new ClaimsPrincipal(new ClaimsIdentity(new List <Claim>()))
};
var service = new MembershipUserService(options, membershipService, roleService);
Action getProfileDataAsync = () => service.GetProfileDataAsync(context).Wait();
// Act + Assert
getProfileDataAsync.Should().Throw <InvalidOperationException>();
}
/// <summary>
/// Get the timeout value to use to wait for the silo liveness sub-system to detect and act on any recent cluster membership changes.
/// <seealso cref="WaitForLivenessToStabilizeAsync"/>
/// </summary>
public static TimeSpan GetLivenessStabilizationTime(MembershipOptions membershipOptions, bool didKill = false)
{
TimeSpan stabilizationTime = TimeSpan.Zero;
if (didKill)
{
// in case of hard kill (kill and not Stop), we should give silos time to detect failures first.
stabilizationTime = TestingUtils.Multiply(membershipOptions.ProbeTimeout, membershipOptions.NumMissedProbesLimit);
}
if (membershipOptions.UseLivenessGossip)
{
stabilizationTime += TimeSpan.FromSeconds(5);
}
else
{
stabilizationTime += TestingUtils.Multiply(membershipOptions.TableRefreshTimeout, 2);
}
return(stabilizationTime);
}
/// <summary>
/// Get the timeout value to use to wait for the silo liveness sub-system to detect and act on any recent cluster membership changes.
/// <seealso cref="WaitForLivenessToStabilizeAsync"/>
/// </summary>
public static TimeSpan GetLivenessStabilizationTime(GlobalConfiguration config, bool didKill = false)
{
var membershipOptions = new MembershipOptions()
{
NumMissedTableIAmAliveLimit = config.NumMissedTableIAmAliveLimit,
LivenessEnabled = config.LivenessEnabled,
ProbeTimeout = config.ProbeTimeout,
TableRefreshTimeout = config.TableRefreshTimeout,
DeathVoteExpirationTimeout = config.DeathVoteExpirationTimeout,
IAmAliveTablePublishTimeout = config.IAmAliveTablePublishTimeout,
MaxJoinAttemptTime = config.MaxJoinAttemptTime,
ExpectedClusterSize = config.ExpectedClusterSize,
ValidateInitialConnectivity = config.ValidateInitialConnectivity,
NumMissedProbesLimit = config.NumMissedProbesLimit,
UseLivenessGossip = config.UseLivenessGossip,
NumProbedSilos = config.NumProbedSilos,
NumVotesForDeathDeclaration = config.NumVotesForDeathDeclaration,
};
return(TestCluster.GetLivenessStabilizationTime(membershipOptions, didKill));
}
public void GetProfileDataAsync_SubjectClaimInvalid_ThrowsArgumentException(string subjectId)
{
// Arrange
var options = new MembershipOptions();
var membershipService = A.Fake <IMembershipService>();
var roleService = A.Fake <IRoleService>();
var context = new ProfileDataRequestContext
{
Subject = new ClaimsPrincipal(new ClaimsIdentity(new List <Claim>
{
new Claim(Constants.ClaimTypes.Subject, subjectId)
}))
};
var service = new MembershipUserService(options, membershipService, roleService);
Action getProfileDataAsync = () => service.GetProfileDataAsync(context).Wait();
// Act + Assert
getProfileDataAsync.Should().Throw <ArgumentException>().WithMessage("Invalid subject identifier");
}
public void IsActiveAsync_SubjectClaimInvalid_ContextIsNotActive(string subjectId)
{
// Arrange
var options = new MembershipOptions();
var membershipService = A.Fake <IMembershipService>();
var roleService = A.Fake <IRoleService>();
var context = new IsActiveContext(
new ClaimsPrincipal(new ClaimsIdentity(new List <Claim> {
new Claim(Constants.ClaimTypes.Subject, subjectId)
})),
new Client()
);
var service = new MembershipUserService(options, membershipService, roleService);
// Act
service.IsActiveAsync(context).Wait();
// Assert
context.IsActive.Should().BeFalse();
}
public void AuthenticateLocalAsync_UserNotFound_AuthenticateResultIsNull()
{
// Arrange
var options = new MembershipOptions();
var membershipService = A.Fake <IMembershipService>();
var roleService = A.Fake <IRoleService>();
var context = new LocalAuthenticationContext {
UserName = "******"
};
A.CallTo(() => membershipService.GetUserAsync("*****@*****.**"))
.Returns(Task.FromResult((MembershipUser)null));
var service = new MembershipUserService(options, membershipService, roleService);
// Act
service.AuthenticateLocalAsync(context).Wait();
// Assert
context.AuthenticateResult.Should().BeNull();
A.CallTo(() => membershipService.GetUserAsync("*****@*****.**")).MustHaveHappened();
}
/// <summary>Constructor</summary>
/// <param name="context">Membership Context</param>
/// <param name="options">Membership Options</param>
public MembershipRepository(IMembershipContext context, MembershipOptions options)
{
this.context = context.ThrowIfNull(nameof(context));
this.options = options.ThrowIfNull(nameof(options));
}
/// <summary>Constructor</summary>
/// <param name="options">Membership Options</param>
public MembershipContext(MembershipOptions options)
{
this.options = options.ThrowIfNull(nameof(options));
options.ConnectionString.ThrowIfNull(nameof(options.ConnectionString));
}
public PersistedUserMembership(IHttpContextAccessor context, MembershipOptions options, IPersistenceStore persistence)
{
_context = context;
_persistence = persistence;
Options = options;
}
/// <summary>Constructor</summary>
/// <param name="membershipContext">Membership Context</param>
/// <param name="options">Membership Options</param>
public RoleRepository(IMembershipContext membershipContext, MembershipOptions options)
{
this.membershipContext = membershipContext.ThrowIfNull(nameof(membershipContext));
this.options = options.ThrowIfNull(nameof(options));
}
