public void GivenInvalidPassword_ThrowsSubmarineArgumentException() { // Arrange var userId = Guid.NewGuid(); const string emailAddress = "This is an email address"; var authentication = new TestAuthenticationDtoBuilder() .WithEmailAddress(emailAddress) .Build(); var user = new TestUserEntityBuilder() .WithId(userId) .WithEmailAddress(emailAddress) .Build(); _mediator.SetupHandler <GetUserByEmailQuery, UserEntity>().ReturnsAsync(user); // Act & Assert Assert.Multiple(() => { var exception = Assert.ThrowsAsync <DataMismatchException>(() => _classUnderTest.AuthenticateAsync(authentication, CancellationToken.None)); Assert.That(exception.ExceptionCode, Is.EqualTo((int)ExceptionCode.DataMismatchException)); Assert.That(exception.TechnicalMessage, Is.Not.Null); Assert.That(exception.UserMessage, Is.EqualTo(ExceptionMessages.Authentication.PasswordIsIncorrect)); }); _mediator.VerifyHandler <GetUserByEmailQuery, UserEntity>(query => query.EmailAddress == emailAddress, Times.Once()); }
public async Task GivenValidCredentials_RespondsWithBearerTokenWithRolesClaim() { // Arrange var url = GetAuthenticateUrl(); var userId = Guid.NewGuid(); const string emailAddress = "*****@*****.**"; const string password = "******"; const string productKey = "This is a product key"; const string testProductOneName = "Test Product One Name"; const string testProductTwoName = "Test product Two Name"; var hashedPassword = BCrypt.Net.BCrypt.HashPassword(password); var authenticate = new TestAuthenticateRequestBuilder() .WithEmailAddress(emailAddress) .WithPassword(password) .Build(); var user = new TestUserEntityBuilder() .WithId(userId) .WithEmailAddress(emailAddress) .WithPassword(hashedPassword) .WithRole(UserRole.Administrator) .Build(); await _userCollection.InsertOneAsync(user); var license = new TestLicenseEntityBuilder() .WithUserId(userId) .WithKey(productKey) .WithProduct(new TestLicenseProductEntityBuilder() .WithName(testProductOneName) .Build()) .WithProduct(new TestLicenseProductEntityBuilder() .WithName(testProductTwoName) .Build()) .Build(); await _licenseCollection.InsertOneAsync(license); // Act var response = await HttpClient.PostAsJsonAsync(url, authenticate); // Assert var responseData = await response.Content.ReadFromJsonAsync <AuthenticatedResponse>(); var jwtSecurityTokenHander = new JwtSecurityTokenHandler(); var securityToken = jwtSecurityTokenHander.ReadJwtToken(responseData.BearerToken); Assert.Multiple(() => { Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.OK)); var roleClaims = securityToken.Claims.Where(x => x.Type == SubmarineRegisteredClaimNames.Roles); var administratorRoleClaim = roleClaims.FirstOrDefault(x => x.Value == UserRole.Administrator.ToString()); Assert.That(administratorRoleClaim, Is.Not.Null); }); }
public async Task GivenInvalidPasswordForUser_RespondsWithBadRequest() { var url = GetAuthenticateUrl(); const string emailAddress = "*****@*****.**"; const string password = "******"; var authenticate = new TestAuthenticateRequestBuilder() .WithEmailAddress(emailAddress) .WithPassword(password) .Build(); var user = new TestUserEntityBuilder() .WithEmailAddress(emailAddress) .Build(); await _userCollection.InsertOneAsync(user); // Act var response = await HttpClient.PostAsJsonAsync(url, authenticate); // Assert var responseData = await response.Content.ReadFromJsonAsync <ExceptionResponse>(); Assert.Multiple(() => { Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.Conflict)); Assert.That(responseData.ExceptionCode, Is.EqualTo((int)ExceptionCode.DataMismatchException)); Assert.That(responseData.TechnicalMessage, Is.Not.Null); Assert.That(responseData.UserMessage, Is.EqualTo(ExceptionMessages.Authentication.PasswordIsIncorrect)); }); }
public async Task GivenEmailAlreadyUsed_RespondsWithConflict() { var url = GetRegisterUrl(); const string emailAddress = "*****@*****.**"; const string password = "******"; var register = new TestRegisterRequestBuilder() .WithEmailAddress(emailAddress) .WithPassword(password) .Build(); var user = new TestUserEntityBuilder() .WithId(Guid.NewGuid()) .WithEmailAddress(emailAddress) .Build(); await _userCollection.InsertOneAsync(user); // Act var response = await HttpClient.PostAsJsonAsync(url, register); // Assert var responseData = await response.Content.ReadFromJsonAsync <ExceptionResponse>(); Assert.Multiple(() => { Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.Conflict)); Assert.That(responseData.ExceptionCode, Is.EqualTo((int)ExceptionCode.DataAlreadyExists)); Assert.That(responseData.TechnicalMessage, Is.Not.Null); Assert.That(responseData.UserMessage, Is.EqualTo(ExceptionMessages.User.UserExistsWithEmail)); }); }
public async Task GivenValidCredentials_RespondsWithBearerTokenWithAudienceClaim() { // Arrange var url = GetAuthenticateUrl(); var userId = Guid.NewGuid(); const string emailAddress = "*****@*****.**"; const string password = "******"; const string productKey = "This is a product key"; const string testProductOneName = "Test Product One Name"; const string testProductTwoName = "Test product Two Name"; var hashedPassword = BCrypt.Net.BCrypt.HashPassword(password); var authenticate = new TestAuthenticateRequestBuilder() .WithEmailAddress(emailAddress) .WithPassword(password) .Build(); var user = new TestUserEntityBuilder() .WithId(userId) .WithEmailAddress(emailAddress) .WithPassword(hashedPassword) .Build(); await _userCollection.InsertOneAsync(user); var license = new TestLicenseEntityBuilder() .WithUserId(userId) .WithKey(productKey) .WithProduct(new TestLicenseProductEntityBuilder() .WithName(testProductOneName) .Build()) .WithProduct(new TestLicenseProductEntityBuilder() .WithName(testProductTwoName) .Build()) .Build(); await _licenseCollection.InsertOneAsync(license); // Act var response = await HttpClient.PostAsJsonAsync(url, authenticate); // Assert var responseData = await response.Content.ReadFromJsonAsync <AuthenticatedResponse>(); var jwtSecurityTokenHander = new JwtSecurityTokenHandler(); var securityToken = jwtSecurityTokenHander.ReadJwtToken(responseData.BearerToken); Assert.Multiple(() => { Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.OK)); Assert.That(securityToken.Audiences.Contains(license.Key)); }); }
public async Task GivenValidCredentials_ReturnsBearerToken() { // Arrange var userId = Guid.NewGuid(); const string emailAddress = "This is an email address"; const string plainTextPassword = "******"; const string licenseKey = "This is a license key"; var authentication = new TestAuthenticationDtoBuilder() .WithEmailAddress(emailAddress) .WithPlainTextPassword(plainTextPassword) .Build(); var user = new TestUserEntityBuilder() .WithId(userId) .WithEmailAddress(emailAddress) .WithRole(UserRole.Standard) .Build(); const bool isPasswordValid = true; var unexpiredProduct = new TestLicenseProductEntityBuilder() .WithName("Unexpired Product Name") .WithExpiration(DateTime.UtcNow.AddDays(1)) .Build(); var expiredProduct = new TestLicenseProductEntityBuilder() .WithName("Expired Product Name") .WithExpiration(DateTime.UtcNow.AddDays(-2)) .Build(); var license = new TestLicenseEntityBuilder() .WithKey(licenseKey) .WithProduct(unexpiredProduct) .WithProduct(expiredProduct) .Build(); const string bearerToken = "This is a bearer token"; _mediator.SetupHandler <GetUserByEmailQuery, UserEntity>().ReturnsAsync(user); _mediator.SetupHandler <CompareHashTextQuery, bool>().ReturnsAsync(isPasswordValid); _mediator.SetupHandler <GetLicenseByUserIdQuery, LicenseEntity>().ReturnsAsync(license); _mediator.SetupHandler <GenerateBearerTokenQuery, string>().ReturnsAsync(bearerToken); // Act var result = await _classUnderTest.AuthenticateAsync(authentication, CancellationToken.None); // Assert Assert.That(result.BearerToken, Is.EqualTo(bearerToken)); _mediator.VerifyHandler <GetUserByEmailQuery, UserEntity>(query => query.EmailAddress == emailAddress, Times.Once()); _mediator.VerifyHandler <CompareHashTextQuery, bool>(query => query.Hash == user.Password && query.Text == plainTextPassword, Times.Once()); _mediator.VerifyHandler <GenerateBearerTokenQuery, string>(query => ValidateGenerateBearerTokenQuery(query, user, licenseKey), Times.Once()); }
public void GivenNoLicenseForUser_ThrowsSubmarineEntityNotFoundException() { // Arrange var userId = Guid.NewGuid(); const string emailAddress = "This is an email address"; const string plainTextPassword = "******"; var authentication = new TestAuthenticationDtoBuilder() .WithEmailAddress(emailAddress) .WithPlainTextPassword(plainTextPassword) .Build(); var user = new TestUserEntityBuilder() .WithId(userId) .WithEmailAddress(emailAddress) .Build(); const bool isPasswordValid = true; _mediator.SetupHandler <GetUserByEmailQuery, UserEntity>().ReturnsAsync(user); _mediator.SetupHandler <CompareHashTextQuery, bool>().ReturnsAsync(isPasswordValid); // Act & Assert Assert.Multiple(() => { var exception = Assert.ThrowsAsync <EntityNotFoundException>(() => _classUnderTest.AuthenticateAsync(authentication, CancellationToken.None)); Assert.That(exception.ExceptionCode, Is.EqualTo((int)ExceptionCode.EntityNotFound)); Assert.That(exception.TechnicalMessage, Is.Not.Null); Assert.That(exception.UserMessage, Is.EqualTo(ExceptionMessages.License.NoLicenseWithUserId)); }); _mediator.VerifyHandler <GetUserByEmailQuery, UserEntity>(query => query.EmailAddress == emailAddress, Times.Once()); _mediator.VerifyHandler <CompareHashTextQuery, bool>(query => query.Hash == user.Password && query.Text == plainTextPassword, Times.Once()); }
public async Task GivenNoLicenseForUser_RespondsWithNotFound() { // Arrange var url = GetAuthenticateUrl(); const string emailAddress = "*****@*****.**"; const string password = "******"; var hashedPassword = BCrypt.Net.BCrypt.HashPassword(password); var authenticate = new TestAuthenticateRequestBuilder() .WithEmailAddress(emailAddress) .WithPassword(password) .Build(); var user = new TestUserEntityBuilder() .WithEmailAddress(emailAddress) .WithPassword(hashedPassword) .Build(); await _userCollection.InsertOneAsync(user); // Act var response = await HttpClient.PostAsJsonAsync(url, authenticate); // Assert var responseData = await response.Content.ReadFromJsonAsync <ExceptionResponse>(); Assert.Multiple(() => { Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.NotFound)); Assert.That(responseData.ExceptionCode, Is.EqualTo((int)ExceptionCode.EntityNotFound)); Assert.That(responseData.TechnicalMessage, Is.Not.Null); Assert.That(responseData.UserMessage, Is.EqualTo(ExceptionMessages.License.NoLicenseWithUserId)); }); }