public void ResetsPasswordMigratesPasswordHash()
{
var user = new User
{
Username = "******",
EmailAddress = "*****@*****.**",
HashedPassword = CryptographyService.GenerateSaltedHash("thePassword", "SHA1"),
PasswordHashAlgorithm = "SHA1",
PasswordResetToken = "some-token",
PasswordResetTokenExpirationDate = DateTime.UtcNow.AddDays(1),
};
var userService = new TestableUserService();
userService.MockUserRepository
.Setup(r => r.GetAll())
.Returns(new[] { user }.AsQueryable());
bool result = userService.ResetPasswordWithToken("user", "some-token", "new-password");
Assert.True(result);
Assert.Equal("PBKDF2", user.PasswordHashAlgorithm);
Assert.True(VerifyPasswordHash(user, "new-password"));
Assert.Null(user.PasswordResetToken);
Assert.Null(user.PasswordResetTokenExpirationDate);
userService.MockUserRepository
.Verify(u => u.CommitChanges());
}
public void ResetsPasswordAndPasswordTokenAndPasswordTokenDate()
{
var user = new User
{
Username = "******",
EmailAddress = "*****@*****.**",
PasswordResetToken = "some-token",
PasswordResetTokenExpirationDate = DateTime.UtcNow.AddDays(1),
PasswordHashAlgorithm = "PBKDF2"
};
var userService = new TestableUserService();
userService.MockCrypto
.Setup(c => c.GenerateSaltedHash("new-password", Constants.PBKDF2HashAlgorithmId))
.Returns("bacon-hash-and-eggs");
userService.MockUserRepository
.Setup(r => r.GetAll())
.Returns(new[] { user }.AsQueryable());
bool result = userService.ResetPasswordWithToken("user", "some-token", "new-password");
Assert.True(result);
Assert.Equal("bacon-hash-and-eggs", user.HashedPassword);
Assert.Null(user.PasswordResetToken);
Assert.Null(user.PasswordResetTokenExpirationDate);
userService.MockUserRepository.Verify(u => u.CommitChanges());
}
public void ReturnsFalseIfUserNotFound()
{
var userService = new TestableUserService();
userService.MockUserRepository
.Setup(r => r.GetAll())
.Returns(Enumerable.Empty <User>().AsQueryable());
bool result = userService.ResetPasswordWithToken("user", "some-token", "new-password");
Assert.False(result);
}
public void ThrowsExceptionIfUserNotConfirmed()
{
var user = new User
{
Username = "******",
PasswordResetToken = "some-token",
PasswordResetTokenExpirationDate = DateTime.UtcNow.AddDays(1)
};
var userService = new TestableUserService();
userService.MockUserRepository
.Setup(r => r.GetAll())
.Returns(new[] { user }.AsQueryable());
Assert.Throws <InvalidOperationException>(() => userService.ResetPasswordWithToken("user", "some-token", "new-password"));
}
public void ThrowsExceptionIfUserNotConfirmed()
{
var user = new User
{
Username = "******",
PasswordResetToken = "some-token",
PasswordResetTokenExpirationDate = DateTime.UtcNow.AddDays(1)
};
var userService = new TestableUserService();
userService.MockCrypto
.Setup(c => c.GenerateSaltedHash("new-password", Constants.Sha512HashAlgorithmId))
.Returns("bacon-hash-and-eggs");
userService.MockUserRepository
.Setup(r => r.GetAll())
.Returns(new[] { user }.AsQueryable());
Assert.Throws <InvalidOperationException>(() => userService.ResetPasswordWithToken("user", "some-token", "new-password"));
}
public void ThrowsExceptionIfUserNotConfirmed()
{
var user = new User
{
Username = "******",
PasswordResetToken = "some-token",
PasswordResetTokenExpirationDate = DateTime.UtcNow.AddDays(1)
};
var userService = new TestableUserService();
userService.MockUserRepository
.Setup(r => r.GetAll())
.Returns(new[] { user }.AsQueryable());
Assert.Throws<InvalidOperationException>(() => userService.ResetPasswordWithToken("user", "some-token", "new-password"));
}
public void ResetsPasswordMigratesPasswordHash()
{
var user = new User
{
Username = "******",
EmailAddress = "*****@*****.**",
HashedPassword = CryptographyService.GenerateSaltedHash("thePassword", "SHA1"),
PasswordHashAlgorithm = "SHA1",
PasswordResetToken = "some-token",
PasswordResetTokenExpirationDate = DateTime.UtcNow.AddDays(1),
};
var userService = new TestableUserService();
userService.MockUserRepository
.Setup(r => r.GetAll())
.Returns(new[] { user }.AsQueryable());
bool result = userService.ResetPasswordWithToken("user", "some-token", "new-password");
Assert.True(result);
Assert.Equal("PBKDF2", user.PasswordHashAlgorithm);
Assert.True(VerifyPasswordHash(user, "new-password"));
Assert.Null(user.PasswordResetToken);
Assert.Null(user.PasswordResetTokenExpirationDate);
userService.MockUserRepository
.Verify(u => u.CommitChanges());
}
public void ReturnsFalseIfUserNotFound()
{
var userService = new TestableUserService();
userService.MockUserRepository
.Setup(r => r.GetAll())
.Returns(Enumerable.Empty<User>().AsQueryable());
bool result = userService.ResetPasswordWithToken("user", "some-token", "new-password");
Assert.False(result);
}
public void ResetsPasswordAndPasswordTokenAndPasswordTokenDate()
{
var user = new User
{
Username = "******",
EmailAddress = "*****@*****.**",
PasswordResetToken = "some-token",
PasswordResetTokenExpirationDate = DateTime.UtcNow.AddDays(1),
PasswordHashAlgorithm = "PBKDF2"
};
var userService = new TestableUserService();
userService.MockCrypto
.Setup(c => c.GenerateSaltedHash("new-password", Constants.PBKDF2HashAlgorithmId))
.Returns("bacon-hash-and-eggs");
userService.MockUserRepository
.Setup(r => r.GetAll())
.Returns(new[] { user }.AsQueryable());
bool result = userService.ResetPasswordWithToken("user", "some-token", "new-password");
Assert.True(result);
Assert.Equal("bacon-hash-and-eggs", user.HashedPassword);
Assert.Null(user.PasswordResetToken);
Assert.Null(user.PasswordResetTokenExpirationDate);
userService.MockUserRepository.Verify(u => u.CommitChanges());
}
public void ThrowsExceptionIfUserNotConfirmed()
{
var user = new User
{
Username = "******",
PasswordResetToken = "some-token",
PasswordResetTokenExpirationDate = DateTime.UtcNow.AddDays(1)
};
var userService = new TestableUserService();
userService.MockCrypto
.Setup(c => c.GenerateSaltedHash("new-password", Constants.Sha512HashAlgorithmId))
.Returns("bacon-hash-and-eggs");
userService.MockUserRepository
.Setup(r => r.GetAll())
.Returns(new[] { user }.AsQueryable());
Assert.Throws<InvalidOperationException>(() => userService.ResetPasswordWithToken("user", "some-token", "new-password"));
}
public void ResetsPasswordCredential()
{
var oldCred = CredentialBuilder.CreatePbkdf2Password("thePassword");
var user = new User
{
Username = "******",
EmailAddress = "*****@*****.**",
PasswordResetToken = "some-token",
PasswordResetTokenExpirationDate = DateTime.UtcNow.AddDays(1),
HashedPassword = oldCred.Value,
PasswordHashAlgorithm = Constants.PBKDF2HashAlgorithmId,
Credentials = new List<Credential>() { oldCred }
};
var userService = new TestableUserService();
userService.MockUserRepository
.Setup(r => r.GetAll())
.Returns(new[] { user }.AsQueryable());
bool result = userService.ResetPasswordWithToken("user", "some-token", "new-password");
Assert.True(result);
var newCred = user.Credentials.Single();
Assert.Equal(CredentialTypes.Password.Pbkdf2, newCred.Type);
Assert.True(VerifyPasswordHash(newCred.Value, Constants.PBKDF2HashAlgorithmId, "new-password"));
userService.MockUserRepository.VerifyCommitted();
}
public void ResetsPasswordAndPasswordTokenAndPasswordTokenDate()
{
var user = new User
{
Username = "******",
EmailAddress = "*****@*****.**",
PasswordResetToken = "some-token",
PasswordResetTokenExpirationDate = DateTime.UtcNow.AddDays(1),
HashedPassword = CryptographyService.GenerateSaltedHash("thePassword", Constants.PBKDF2HashAlgorithmId),
PasswordHashAlgorithm = Constants.PBKDF2HashAlgorithmId,
};
var userService = new TestableUserService();
userService.MockUserRepository
.Setup(r => r.GetAll())
.Returns(new[] { user }.AsQueryable());
bool result = userService.ResetPasswordWithToken("user", "some-token", "new-password");
Assert.True(result);
Assert.True(VerifyPasswordHash(user.HashedPassword, user.PasswordHashAlgorithm, "new-password"));
Assert.Null(user.PasswordResetToken);
Assert.Null(user.PasswordResetTokenExpirationDate);
userService.MockUserRepository.VerifyCommitted();
}
