public void ResetsPasswordMigratesPasswordHash()
{
var user = new User
{
Username = "******",
EmailAddress = "*****@*****.**",
HashedPassword = CryptographyService.GenerateSaltedHash("thePassword", "SHA1"),
PasswordHashAlgorithm = "SHA1",
PasswordResetToken = "some-token",
PasswordResetTokenExpirationDate = DateTime.UtcNow.AddDays(1),
};
var userService = new TestableUserService();
userService.MockUserRepository
.Setup(r => r.GetAll())
.Returns(new[] { user }.AsQueryable());
bool result = userService.ResetPasswordWithToken("user", "some-token", "new-password");
Assert.True(result);
Assert.Equal("PBKDF2", user.PasswordHashAlgorithm);
Assert.True(VerifyPasswordHash(user, "new-password"));
Assert.Null(user.PasswordResetToken);
Assert.Null(user.PasswordResetTokenExpirationDate);
userService.MockUserRepository
.Verify(u => u.CommitChanges());
}
public static Credential CreatePasswordCredential(string password)
{
return(new Credential(
type: CredentialTypes.Password.Pbkdf2,
value: CryptographyService.GenerateSaltedHash(
password,
Constants.PBKDF2HashAlgorithmId)));
}
User CreateUser(string username, string password, string emailAddress)
{
return(new User
{
Username = username,
EmailAddress = emailAddress,
HashedPassword = CryptographyService.GenerateSaltedHash(password, Constants.PBKDF2HashAlgorithmId),
PasswordHashAlgorithm = Constants.PBKDF2HashAlgorithmId
});
}
public void UpdatesTheHashedPassword()
{
var hash = CryptographyService.GenerateSaltedHash("oldpwd", "PBKDF2");
var user = new User {
Username = "******", HashedPassword = hash, PasswordHashAlgorithm = "PBKDF2"
};
var service = new TestableUserService();
service.MockUserRepository
.Setup(r => r.GetAll()).Returns(new[] { user }.AsQueryable());
var changed = service.ChangePassword("user", "oldpwd", "newpwd");
Assert.True(VerifyPasswordHash(user, "newpwd"));
}
public void WillNotFindsUsersByEmailAddress()
{
var hash = CryptographyService.GenerateSaltedHash("thePassword", Constants.PBKDF2HashAlgorithmId);
var user = new User {
Username = "******", HashedPassword = hash, EmailAddress = "*****@*****.**"
};
var service = new TestableUserService();
service.MockUserRepository
.Setup(r => r.GetAll())
.Returns(new[] { user }.AsQueryable());
var foundByEmailAddress = service.FindByUsernameAndPassword("*****@*****.**", "thePassword");
Assert.Null(foundByEmailAddress);
}
public void ReturnsFalseIfPasswordDoesNotMatchUser_PBKDF2()
{
var user = new User
{
Username = "******",
HashedPassword = CryptographyService.GenerateSaltedHash("oldpwd", "PBKDF2"),
PasswordHashAlgorithm = "PBKDF2",
};
var service = new TestableUserService();
service.MockUserRepository
.Setup(r => r.GetAll()).Returns(new[] { user }.AsQueryable());
var changed = service.ChangePassword("user", "not_the_password", "newpwd");
Assert.False(changed);
}
public void MigratesPasswordIfHashAlgorithmIsNotPBKDF2()
{
var user = new User {
Username = "******",
HashedPassword = CryptographyService.GenerateSaltedHash("oldpwd", "SHA1"),
PasswordHashAlgorithm = "SHA1"
};
var service = new TestableUserService();
service.MockUserRepository
.Setup(r => r.GetAll()).Returns(new[] { user }.AsQueryable());
var changed = service.ChangePassword("user", "oldpwd", "newpwd");
Assert.True(changed);
Assert.True(VerifyPasswordHash(user, "newpwd"));
Assert.Equal("PBKDF2", user.PasswordHashAlgorithm);
}
public static User CreateAUser(
string username,
string password,
string emailAddress,
string hashAlgorithm = Constants.PBKDF2HashAlgorithmId)
{
return(new User
{
Username = username,
HashedPassword = String.IsNullOrEmpty(password) ?
null :
CryptographyService.GenerateSaltedHash(password, hashAlgorithm),
PasswordHashAlgorithm = String.IsNullOrEmpty(password) ?
null :
hashAlgorithm,
EmailAddress = emailAddress,
});
}
public void FindsUsersUpdatesPasswordIfUsingLegacyHashAlgorithm()
{
var user = new User
{
Username = "******",
HashedPassword = CryptographyService.GenerateSaltedHash("thePassword", "SHA1"),
PasswordHashAlgorithm = "SHA1",
EmailAddress = "*****@*****.**",
};
var service = new TestableUserService();
service.MockUserRepository
.Setup(r => r.GetAll())
.Returns(new[] { user }.AsQueryable());
service.MockUserRepository
.Setup(r => r.CommitChanges())
.Verifiable();
service.FindByUsernameOrEmailAddressAndPassword("*****@*****.**", "thePassword");
Assert.Equal("PBKDF2", user.PasswordHashAlgorithm);
Assert.True(VerifyPasswordHash(user, "thePassword"));
service.MockUserRepository.Verify(r => r.CommitChanges(), Times.Once());
}
public static Credential CreateSha1Password(string plaintextPassword)
{
return(new Credential(
CredentialTypes.Password.Sha1,
CryptographyService.GenerateSaltedHash(plaintextPassword, Constants.Sha1HashAlgorithmId)));
}