public void ValidateCorrectUserIdAndWrongPassword()
{
// Arrange
_passwordRepoMock.Setup(m => m.SaveUserInfo(It.IsAny <UserPasswordInfo>()))
.Returns(true);
_service = new PasswordApi.Service.PasswordService(_passwordRepoMock.Object, _passwordExpiryMock.Object, new Rfc2898CryptoService());
var sampleUserId = "user1";
var password = _service.GeneratePassword(sampleUserId);
var wrongPassword = _service.GeneratePassword("user2");
var hash = new Rfc2898CryptoService().HashPassword(password);
_passwordRepoMock.Setup(m => m.GetUserInfo(sampleUserId))
.Returns(new UserPasswordInfo
{
HashedPassword = hash.HashedPassword,
HashSalt = hash.HashSalt,
Expiry = DateTime.Now.AddSeconds(-1), //valid
});
// Act
var result = _service.IsPasswordValid(sampleUserId, wrongPassword);
// Assert
Assert.IsFalse(result, "userid and password must not be valid");
}