public void Toggle_User_Success()
{
// Arrange
User newUser;
using (var _db = tu.CreateDataBaseContext())
{
newUser = tu.CreateUserObject();
_db.Users.Add(newUser);
_db.SaveChanges();
}
var expectedResponse = newUser;
var expectedResult = newUser.Disabled;
// ACT
UserManagementManager _umm = new UserManagementManager();
var response = _umm.ToggleUser(newUser, null);
var result = _umm.GetUser(newUser.Id);
// Assert
Assert.IsNotNull(response);
Assert.IsTrue(response == 1);
Assert.IsNotNull(result);
Assert.AreEqual(expectedResponse.Id, result.Id);
}
public string GetEmail(string token)
{
UserManagementManager umm = new UserManagementManager();
Session session = new Session();
User user;
string email;
try
{
using (var _db = new DatabaseContext())
{
SessionService ss = new SessionService(_db);
session = ss.GetSession(token);
if (session == null)
{
return("");
}
}
var id = session.UserId;
user = umm.GetUser(id);
email = user.Email;
}
catch (ArgumentNullException)
{
throw new ArgumentNullException("Session is null");
}
return(email);
}
public void Disable_User_Success()
{
// Arrange
newUser = tu.CreateUserInDb();
var expectedResponse = newUser;
var expectedResult = true;
// ACT
var response = _umm.DisableUser(newUser);
var result = _umm.GetUser(newUser.Id);
// Assert
Assert.IsTrue(response == 1);
Assert.IsNotNull(result);
Assert.AreEqual(expectedResult, result.Disabled);
}
public void CreateNewUser_Authorized_201()
{
var controller = new UserManagementController();
var admin = _ut.CreateUserObject();
admin.IsAdministrator = true;
var adminSession = _ut.CreateSessionObject(admin);
_ut.CreateSessionInDb(adminSession);
// modify user
var newUser = new {
username = Guid.NewGuid() + "@mail.com",
city = "Long Beach",
state = "California",
country = "USA",
manager = "",
isadmin = false,
disabled = false,
};
// mock payload
var mock_payload = new CreateUserRequestDTO
{
Username = newUser.username,
City = newUser.city,
State = newUser.state,
Country = newUser.country,
Manager = newUser.manager,
IsAdmin = newUser.isadmin,
Disabled = newUser.disabled
};
var expectedStatusCode = HttpStatusCode.Created;
var endpoint = API_Route_Local + "/user/update";
controller.Request = new HttpRequestMessage
{
RequestUri = new Uri(endpoint)
};
controller.Request.Headers.Add("token", adminSession.Token);
IHttpActionResult actionresult = controller.CreateNewUser(mock_payload);
Assert.IsInstanceOfType(actionresult, typeof(NegotiatedContentResult <string>));
var contentresult = actionresult as NegotiatedContentResult <string>;
Assert.AreEqual(expectedStatusCode, contentresult.StatusCode);
// persistence test
using (var _db = _ut.CreateDataBaseContext())
{
var _userManager = new UserManagementManager(_db);
var getUser = _userManager.GetUser(newUser.username);
Assert.AreNotEqual(newUser, getUser);
Assert.AreEqual(newUser.isadmin, getUser.IsAdministrator);
}
}
public IHttpActionResult DeleteUser(string userId)
{
using (var _db = new DatabaseContext())
{
try
{
// Throws ExceptionService.NoTokenProvidedException
// Throws ExceptionService.SessionNotFoundException
var session = ControllerHelpers.ValidateAndUpdateSession(Request);
// Throws ExceptionService.InvalidModelPayloadException
ControllerHelpers.ValidateModelAndPayload(ModelState, userId);
// Throws ExceptionService.InvalidGuidException
var UserId = ControllerHelpers.ParseAndCheckId(userId);
var _userManager = new UserManagementManager(_db);
var user = _userManager.GetUser(session.UserId);
if (user.IsAdministrator)
{
_userManager.DeleteUser(UserId);
_db.SaveChanges();
var responseDeleted = Content(HttpStatusCode.OK, "User was deleted.");
return(responseDeleted);
}
else
{
return(Content(HttpStatusCode.Unauthorized, "Non-administrators cannot delete users."));
}
}
catch (Exception e) when(e is UserNotFoundException)
{
return(Content(HttpStatusCode.NotFound, e.Message));
}
catch (Exception e) when(e is InvalidGuidException)
{
return(Content(HttpStatusCode.BadRequest, e.Message));
}
catch (Exception e) when(e is NoTokenProvidedException ||
e is SessionNotFoundException)
{
return(Content(HttpStatusCode.Unauthorized, e.Message));
}
catch (Exception e) when(e is InvalidModelPayloadException)
{
return(Content(HttpStatusCode.PreconditionFailed, e.Message));
}
catch (Exception e)
{
if (e is DbUpdateException ||
e is DbEntityValidationException)
{
_db.RevertDatabaseChanges(_db);
}
return(InternalServerError());
}
}
}
public IHttpActionResult CreateNewUser([FromBody, Required] CreateUserRequestDTO payload)
{
using (var _db = new DatabaseContext())
{
try
{
// Throws ExceptionService.NoTokenProvidedException
// Throws ExceptionService.SessionNotFoundException
var session = ControllerHelpers.ValidateAndUpdateSession(Request);
// Throws ExceptionService.InvalidModelPayloadException
ControllerHelpers.ValidateModelAndPayload(ModelState, payload);
var _userManager = new UserManagementManager(_db);
var user = _userManager.GetUser(session.UserId);
if (user.IsAdministrator)
{
// Throws exception, invalid username, invalid manager guid
var newUser = _userManager.CreateUser(payload);
_db.SaveChanges();
var responseCreated = Content(HttpStatusCode.Created, "User created.");
return(responseCreated);
}
return(Content(HttpStatusCode.Unauthorized, "Non-administrators cannot delete users."));
}
catch (Exception e) when(e is UserNotFoundException)
{
return(Content(HttpStatusCode.NotFound, e.Message));
}
catch (Exception e) when(e is InvalidGuidException ||
e is InvalidEmailException)
{
return(Content(HttpStatusCode.BadRequest, e.Message));
}
catch (Exception e) when(e is NoTokenProvidedException ||
e is SessionNotFoundException)
{
return(Content(HttpStatusCode.Unauthorized, e.Message));
}
catch (Exception e) when(e is InvalidModelPayloadException)
{
return(Content(HttpStatusCode.PreconditionFailed, e.Message));
}
catch (Exception e) when(e is UserAlreadyExistsException)
{
return(Content(HttpStatusCode.Conflict, e.Message));
}
catch (Exception e)
{
if (e is DbUpdateException ||
e is DbEntityValidationException)
{
_db.RevertDatabaseChanges(_db);
}
return(InternalServerError());
}
}
}
public LoginManagerUT()
{
lm = new LoginManager();
um = new UserManagementManager();
user = um.GetUser("*****@*****.**");
//CreateUser("*****@*****.**", "passwordtest54321", new DateTime(1996, 12, 15));
request = new LoginRequest();
request.email = "*****@*****.**";
request.password = "******";
}
public async Task <IHttpActionResult> DeleteFromSSO()
{
using (var _db = new DatabaseContext())
{
try
{
// Throws ExceptionService.NoTokenProvidedException
// Throws ExceptionService.SessionNotFoundException
var session = ControllerHelpers.ValidateAndUpdateSession(Request);
var _userManager = new UserManagementManager(_db);
var user = _userManager.GetUser(session.UserId);
if (user == null)
{
return(Ok());
}
var _ssoAPIManager = new KFC_SSO_Manager(_db);
var requestSuccessful = await _ssoAPIManager.DeleteUserFromSSOviaPointmap(user);
if (requestSuccessful)
{
_userManager.DeleteUser(user.Id);
_db.SaveChanges();
return(Ok("User was deleted from Pointmap and SSO"));
}
var response = Content(HttpStatusCode.InternalServerError, "User was not able to be deleted from SSO.");
return(response);
}
catch (Exception e) when(e is InvalidGuidException)
{
return(Content(HttpStatusCode.BadRequest, e.Message));
}
catch (Exception e) when(e is NoTokenProvidedException ||
e is SessionNotFoundException)
{
return(Content(HttpStatusCode.Unauthorized, e.Message));
}
catch (Exception e) when(e is KFCSSOAPIRequestException)
{
return(Content(HttpStatusCode.ServiceUnavailable, e.Message));
}
catch (Exception e)
{
if (e is DbUpdateException ||
e is DbEntityValidationException)
{
_db.RevertDatabaseChanges(_db);
}
return(Content(HttpStatusCode.InternalServerError, e.Message));
}
}
}
public IHttpActionResult GetAllUsers()
{
using (var _db = new DatabaseContext())
{
try
{
// Throws ExceptionService.NoTokenProvidedException
// Throws ExceptionService.SessionNotFoundException
var session = ControllerHelpers.ValidateAndUpdateSession(Request);
var _userManager = new UserManagementManager(_db);
var user = _userManager.GetUser(session.UserId);
if (user.IsAdministrator)
{
var users = _userManager.GetUsers();
_db.SaveChanges();
var responseUsers = Content(HttpStatusCode.OK, users);
return(responseUsers);
}
else
{
return(Content(HttpStatusCode.Unauthorized, "Non-administrators cannot view all users."));
}
}
catch (Exception e) when(e is UserNotFoundException)
{
return(Content(HttpStatusCode.NotFound, e.Message));
}
catch (Exception e) when(e is InvalidGuidException)
{
return(Content(HttpStatusCode.BadRequest, e.Message));
}
catch (Exception e) when(e is NoTokenProvidedException ||
e is SessionNotFoundException ||
e is UserIsNotAdministratorException)
{
return(Content(HttpStatusCode.Unauthorized, e.Message));
}
catch (Exception e)
{
if (e is DbUpdateException ||
e is DbEntityValidationException)
{
_db.RevertDatabaseChanges(_db);
}
return(InternalServerError());
}
}
}
public IHttpActionResult GetUser()
{
using (var _db = new DatabaseContext())
{
try
{
// Throws ExceptionService.NoTokenProvidedException
// Throws ExceptionService.SessionNotFoundException
var session = ControllerHelpers.ValidateAndUpdateSession(Request);
UserManagementManager _userManager = new UserManagementManager(_db);
var user = _userManager.GetUser(session.UserId);
_db.SaveChanges();
var responseData = new GetUserResponseData
{
id = user.Id,
username = user.Username,
disabled = user.Disabled,
isAdmin = user.IsAdministrator
};
var responseUser = Content(HttpStatusCode.OK, responseData);
return(responseUser);
}
catch (Exception e) when(e is UserNotFoundException)
{
return(Content(HttpStatusCode.NotFound, e.Message));
}
catch (Exception e) when(e is InvalidGuidException)
{
return(Content(HttpStatusCode.BadRequest, e.Message));
}
catch (Exception e) when(e is NoTokenProvidedException ||
e is SessionNotFoundException ||
e is UserIsNotAdministratorException)
{
return(Content(HttpStatusCode.Unauthorized, e.Message));
}
catch (Exception e)
{
if (e is DbUpdateException ||
e is DbEntityValidationException)
{
_db.RevertDatabaseChanges(_db);
}
return(InternalServerError());
}
}
}
[Route("sso/user/delete")] // Request from sso to delete user self from sso to all apps
public IHttpActionResult DeleteViaSSO([FromBody, Required] LoginRequestPayload requestPayload)
{
using (var _db = new DatabaseContext())
{
try
{
// Throws ExceptionService.InvalidModelPayloadException
ControllerHelpers.ValidateModelAndPayload(ModelState, requestPayload);
// Throws ExceptionService.InvalidGuidException
var userSSOID = ControllerHelpers.ParseAndCheckId(requestPayload.SSOUserId);
// Check valid signature
var _ssoServiceAuth = new SignatureService();
var validSignature = _ssoServiceAuth.IsValidClientRequest(userSSOID.ToString(), requestPayload.Email, requestPayload.Timestamp, requestPayload.Signature);
if (!validSignature)
{
return(Content(HttpStatusCode.Unauthorized, "Invalid Token signature."));
}
var _userManagementManager = new UserManagementManager(_db);
// Throw exception if user does not exist
var user = _userManagementManager.GetUser(userSSOID);
if (user == null)
{
return(Content(HttpStatusCode.OK, "User does not exist"));
}
_userManagementManager.DeleteUser(userSSOID);
_db.SaveChanges();
return(Ok("User was deleted"));
}
catch (Exception e) when(e is InvalidGuidException ||
e is InvalidModelPayloadException)
{
return(Content(HttpStatusCode.BadRequest, e.Message));
}
catch (Exception e)
{
if (e is DbUpdateException ||
e is DbEntityValidationException)
{
_db.RevertDatabaseChanges(_db);
}
return(Content(HttpStatusCode.InternalServerError, e.Message));
}
}
}
public void Enable_User_Success()
{
// Arrange
User newUser = tu.CreateUserInDb();
var expectedResponse = newUser;
var expectedResult = false;
// ACT
UserManagementManager _umm = new UserManagementManager();
var response = _umm.EnableUser(newUser);
var result = _umm.GetUser(newUser.Id);
// Assert
Assert.IsTrue(response == 1);
Assert.IsNotNull(result);
Assert.AreEqual(expectedResult, result.Disabled);
}
public void Toggle_User_Success()
{
// Arrange
newUser = tu.CreateUserInDb();
var expectedResult = !newUser.Disabled;
// ACT
using (var _db = new DatabaseContext())
{
_umm = new UserManagementManager(_db);
_umm.ToggleUser(newUser, true);
_db.SaveChanges();
var result = _umm.GetUser(newUser.Id);
// Assert
Assert.IsNotNull(result);
Assert.AreEqual(expectedResult, result.Disabled);
}
}
public IHttpActionResult LogoutViaSSO([FromBody] LogoutRequestPayload requestPayload)
{
using (var _db = new DatabaseContext())
{
try
{
// throws ExceptionService.InvalidModelPayloadException
ControllerHelpers.ValidateModelAndPayload(ModelState, requestPayload);
// throws ExceptionService.InvalidGuidException
var userSSOID = ControllerHelpers.ParseAndCheckId(requestPayload.SSOUserId);
var _userManagementManager = new UserManagementManager(_db);
var user = _userManagementManager.GetUser(userSSOID);
if (user == null)
{
return(Content(HttpStatusCode.OK, "User does not exist."));
}
var _userManager = new UserManager(_db);
_userManager.Logout(user);
_db.SaveChanges();
return(Ok("User was logged out."));
}
catch (Exception e) when(e is InvalidGuidException ||
e is InvalidModelPayloadException)
{
return(Content(HttpStatusCode.BadRequest, e.Message));
}
catch (Exception e) when(e is UserNotFoundException)
{
return(Content(HttpStatusCode.NotFound, e.Message));
}
catch (Exception e)
{
if (e is DbUpdateException ||
e is DbEntityValidationException)
{
_db.RevertDatabaseChanges(_db);
}
return(Content(HttpStatusCode.InternalServerError, e.Message));
}
}
}
public IHttpActionResult Delete() // User delete self from pointmap
{
using (var _db = new DatabaseContext())
{
try
{
// Throws ExceptionService.NoTokenProvidedException
// Throws ExceptionService.SessionNotFoundException
var session = ControllerHelpers.ValidateAndUpdateSession(Request);
var _userManager = new UserManagementManager(_db);
// Throw exception if user not found
var user = _userManager.GetUser(session.UserId);
if (user == null)
{
return(Content(HttpStatusCode.NotFound, "User does not exist."));
}
// Delete user self and their sessions
_userManager.DeleteUser(user.Id);
_db.SaveChanges();
var response = Content(HttpStatusCode.OK, "User was deleted from Pointmap.");
return(response);
}
catch (Exception e) when(e is InvalidGuidException)
{
return(Content(HttpStatusCode.BadRequest, e.Message));
}
catch (Exception e) when(e is NoTokenProvidedException ||
e is SessionNotFoundException)
{
return(Content(HttpStatusCode.Unauthorized, e.Message));
}
catch (Exception e)
{
if (e is DbUpdateException ||
e is DbEntityValidationException)
{
_db.RevertDatabaseChanges(_db);
}
return(Content(HttpStatusCode.InternalServerError, e.Message));
}
}
}
public async void LogoutFromSSO(string Username, Guid ssoID, long timestamp, string signature)
{
// Check if valid signature request
var validSignature = _ssoServiceAuth.IsValidClientRequest(ssoID.ToString(), Username, timestamp, signature);
if (!validSignature)
{
throw new InvalidTokenSignatureException("Session is not valid.");
}
_userManagementManager = new UserManagementManager(_db);
var _userManager = new UserManager(_db);
var user = _userManagementManager.GetUser(ssoID);
if (user == null)
{
return;
}
// Delete all sessions of the user
_userManager.Logout(user);
}
public void Create_User_Using_Manager()
{
// Arrange
string Username = Guid.NewGuid() + "@" + Guid.NewGuid() + ".com";
string password = (Guid.NewGuid()).ToString();
DateTime dob = DateTime.UtcNow;
// Act
using (var _db = tu.CreateDataBaseContext())
{
_umm = new UserManagementManager(_db);
var response = _umm.CreateUser(Username, Guid.NewGuid());
_db.SaveChanges();
var result = _umm.GetUser(response.Id);
// Assert
Assert.IsNotNull(response);
Assert.IsNotNull(result);
Assert.AreEqual(Username, result.Username);
}
}
public string GetEmail(string token)
{
UserManagementManager umm = new UserManagementManager();
SessionService ss = new SessionService();
Session session = new Session();
User user;
string email;
using (var _db = new DatabaseContext())
{
session = ss.GetSession(_db, token);
Console.WriteLine(session);
}
var id = session.UserId;
user = umm.GetUser(id);
email = user.Email;
return(email);
}
public static UserContract GetUser(Guid token, Guid userID)
{
return(UserManagementManager.GetUser(token, userID));
}
