Ejemplo n.º 1
0
        public void ResetPasswordTest()
        {
            UserAccountRecoveryController usersController = CreateFakeUserAccountRecoveryController();

            //Set up recovery token on user
            TokenCreatorValidator tokenCreatorValidator = new TokenCreatorValidator(_testApiSecret);
            TokenCreationParams   tokenCreationParams   = tokenCreatorValidator.CreateToken(_users[0].Id, 30);

            _users[0].RecoverySalt = tokenCreationParams.SaltBytes;
            _usersService.Update(_users[0]);

            //Call endpoint with wrong token
            var response = usersController.ResetPassword(new PasswordResetModel(
                                                             _users[0].Email, "wrong-token", "new-password-u1")
                                                         );

            Assert.IsType <BadRequestObjectResult>(response);
            Assert.True(PasswordVerifier.VerifyPasswordHash("password-u1", _users[0].PasswordHash, _users[0].PasswordSalt));

            //Call endpoint and check Ok and user modifications
            response = usersController.ResetPassword(new PasswordResetModel(
                                                         _users[0].Email, tokenCreationParams.TokenStr, "new-password-u1")
                                                     );
            Assert.IsType <OkResult>(response);
            Assert.True(PasswordVerifier.VerifyPasswordHash("new-password-u1", _users[0].PasswordHash, _users[0].PasswordSalt));
            Assert.Null(_users[0].RecoverySalt);
        }
Ejemplo n.º 2
0
        private UserAccountRecoveryController CreateFakeUserAccountRecoveryController(User loggedUser = null)
        {
            //Create fake DBContext
            var context = new GlovoDbContext(ContextOptions);

            //Create fake HttpContextAccessor
            var httpContext         = new DefaultHttpContext();
            var httpContextAccessor = new HttpContextAccessor {
                HttpContext = httpContext
            };

            //Add logged user to HttpContextAccessor in case it is needed
            if (loggedUser != null)
            {
                httpContextAccessor.HttpContext.Items["User"] = loggedUser;
            }

            //Create RestApiUsersService instance with fake DBContext and HttpContextAccessor
            _usersService = new RestApiUsersService(context, httpContextAccessor);

            //Create mapper with UsersProfile
            var mapper = new MapperConfiguration(cfg => {
                cfg.AddProfile <LocationsProfile>();
                cfg.AddProfile <OrdersProductsProfile>();
                cfg.AddProfile <OrdersProfile>();
                cfg.AddProfile <ProductsProfile>();
                cfg.AddProfile <RestaurantsProfile>();
                cfg.AddProfile <UsersProfile>();
            }).CreateMapper();

            //Create AppConfiguration options using fake secret string
            _testApiSecret = RandomString(1024);
            IOptions <AppConfiguration> appConfigOptions = new OptionsWrapper <AppConfiguration>(
                new AppConfiguration {
                Secret = _testApiSecret
            }
                );

            //Create UsersController instance with the RestApiUsersService instance, the mapper and the
            //fake AppConfiguration
            var usersController = new UserAccountRecoveryController(_usersService, mapper, appConfigOptions)
            {
                ControllerContext = { HttpContext = httpContext }
            };

            return(usersController);
        }
Ejemplo n.º 3
0
        public void AskForRecoveryEmailTest()
        {
            UserAccountRecoveryController usersController = CreateFakeUserAccountRecoveryController();

            //Check endpoint returns Ok with existing email
            var response = usersController.SendPasswordEmail(
                new PasswordEmailModel(_users[0].Email)
                );

            Assert.IsType <OkObjectResult>(response.Result);
            Assert.Equal(_users[0].Email, ((PasswordEmailModel)((OkObjectResult)response.Result).Value).Email);

            //Cannot validate salt, as the token is sent to the user through email and not API
            User emailUser = _usersService.GetById(_users[0].Id);

            Assert.NotNull(emailUser.RecoverySalt);

            //Check endpoint returns error with non-existing email
            response = usersController.SendPasswordEmail(new PasswordEmailModel("non-existing-email"));
            Assert.IsType <BadRequestObjectResult>(response.Result);
        }