public async Task GivenEmployeeAuth_WhenGetRequest_ThenReturnOkWithOwnLogs() { // Arrange var employeeAccount = _fixture.Context.Users.Last(); var employeeDetails = _fixture.Context.Employees.Where(m => m.IdentityId == employeeAccount.Id).First(); var admin = new LoginViewModel { UserName = employeeAccount.UserName, Password = DefaultAdmin.Password, }; // Act var request = new HttpRequestMessage(HttpMethod.Get, API_URL); await AuthExtensions.SetupRequestAuth(request, _fixture, admin); var response = await _fixture.Client.SendAsync(request); var result = await response.Content.ReadAsStringAsync(); var resultModel = JsonConvert.DeserializeObject <ListResponse <LogViewModel> >(result); // Assert response.EnsureSuccessStatusCode(); var totalList = _fixture.Context.Logs.Where(m => m.EmployeeId == employeeDetails.Id).Count(); Assert.Equal(totalList, resultModel.Meta.TotalItems); }
public async Task <IActionResult> Login([FromBody] LoginDto customer) { var customerEntity = await _repository.Customer.GetCustomerByEmail(customer.email); if (customerEntity == null) { return(NotFound()); } if (!AuthExtensions.VerifyPasswordHash(customer.password, customerEntity.passwordHash, customerEntity.passwordSalt)) { return(NotFound("Invalid email or password")); } var claims = new List <Claim> { new Claim(ClaimTypes.NameIdentifier, customerEntity.id.ToString()), new Claim(ClaimTypes.Email, customerEntity.email), new Claim(ClaimTypes.Name, customerEntity.name) }; var customerResult = _mapper.Map <CustomerDto>(customerEntity); return(Ok(new { customer = customerResult, token = AuthExtensions.TokenGeneration(claims, _config) })); }
public async Task <IActionResult> UpdateUser(int id, [FromBody] UserForUpdateDto user) { var userEntity = HttpContext.Items["entity"] as User; if (!string.IsNullOrEmpty(user.password) && user.password != null) { AuthExtensions.CreatePasswordHash(user.password, out byte[] passwordHash, out byte[] passwordSalt); user.passwordHash = passwordHash; user.passwordSalt = passwordSalt; } else { user.passwordHash = userEntity.passwordHash; user.passwordSalt = userEntity.passwordSalt; } _mapper.Map(user, userEntity); _repository.User.UpdateUser(userEntity); await _repository.SaveAsync(); var userResult = new UserDto(); var token = string.Empty; this.CreateUserResponse(userEntity, out userResult, out token); return(Ok(new { user = userResult, token })); }
public async Task <IActionResult> Login([FromBody] LoginDto user) { var userEntity = await _repository.User.GetUserByEmail(user.email); if (userEntity == null) { return(NotFound()); } if (!AuthExtensions.VerifyPasswordHash(user.password, userEntity.passwordHash, userEntity.passwordSalt)) { return(NotFound("Invalid email or password")); } var userResult = new UserDto(); var token = string.Empty; this.CreateUserResponse(userEntity, out userResult, out token); var menus = await _repository.RolMenu.GetRolMenusByRolId(userEntity.rolId); var menusResult = _mapper.Map <IEnumerable <RolMenuDto> >(menus) .Select(m => m.Menu); return(Ok(new { user = userResult, menu = menusResult, token, })); }
public async Task GivenEmployeeModel_WhenPutUpdatePasswordRequest_ThenReturnOk() { // Arrange const string NEW_PASSWORD = "******"; var model = _fixture.Context.Users.ToList().ElementAt(5); var viewModel = new UpdatePasswordViewModel { UserName = model.UserName, Password = NEW_PASSWORD, }; // Act var response = await _fixture.Client.PutAsJsonAsync($"{API_URL}/update-password", viewModel); // Assert response.EnsureSuccessStatusCode(); var assertLogin = await AuthExtensions.GetJwt( _fixture, new LoginViewModel { UserName = model.UserName, Password = NEW_PASSWORD, } ); Assert.NotEmpty(assertLogin); }
public async Task GivenValidModel_WhenPostRegisterRequest_ThenReturnOk() { // Arrange var model = new EmployeeTestModel(); // Act var response = await _fixture.Client.PostAsJsonAsync($"{API_URL}/register", model); // Assert response.EnsureSuccessStatusCode(); var updatedModel = await _fixture.Context.Employees.FirstAsync(m => m.FullName == model.FullName); Assert.Equal(updatedModel.FullName, model.FullName); Assert.Equal(updatedModel.CardNo, model.CardNo); Assert.Equal(updatedModel.Position, model.Position); var assertAccount = await AuthExtensions.GetJwt( _fixture, new LoginViewModel { UserName = model.UserName, Password = model.Password } ); Assert.NotEmpty(assertAccount); }
public async Task GivenValidAccountsPerRole_WhenPostChallenge_ThenReturnOk(string role) { // Arrange var userName = DefaultAdmin.UserName; if (role == "Employee") { var employee = _fixture.Context.Users.First(m => m.UserName != DefaultAdmin.UserName); userName = employee.UserName; } var credentials = new LoginViewModel { UserName = userName, Password = "******", }; // Act var request = new HttpRequestMessage(HttpMethod.Post, $"{API_URL}/challenge/{role}"); await AuthExtensions.SetupRequestAuth(request, _fixture, credentials); var response = await _fixture.Client.SendAsync(request); // Assert response.EnsureSuccessStatusCode(); }
public ConfigTest(TestServerFixture fixture) { _fixture = fixture; // Set up Default Auth as Admin var userCredentials = new LoginViewModel { UserName = DefaultAdmin.UserName, Password = DefaultAdmin.Password }; AuthExtensions.SetupJwtAuth(_fixture, userCredentials).Wait(); }
private void CreateUserResponse(User userEntity, out UserDto userResult, out string token) { var claims = new List <Claim> { new Claim(ClaimTypes.NameIdentifier, userEntity.id.ToString()), new Claim(ClaimTypes.Email, userEntity.email), new Claim(ClaimTypes.Name, userEntity.name), new Claim(ClaimTypes.Role, userEntity.rolId == 1 ? "Administrador" : "Capturista") }; userResult = _mapper.Map <UserDto>(userEntity); token = AuthExtensions.TokenGeneration(claims, _config); }
public async Task <IActionResult> CreateCustomer([FromBody] CustomerCreationDto customer) { var customerEntity = _mapper.Map <Customer>(customer); AuthExtensions.CreatePasswordHash(customer.password, out byte[] passwordHash, out byte[] passwordSalt); customer.passwordHash = passwordHash; customer.passwordSalt = passwordSalt; _repository.Customer.CreateCustomer(customerEntity); await _repository.SaveAsync(); var createdCustomer = _mapper.Map <CustomerDto>(customerEntity); return(CreatedAtRoute("CustomerById", new { id = createdCustomer.customerId }, createdCustomer)); }
public async Task <IActionResult> CreateUser([FromBody] UserCreationDto user) { var userEntity = _mapper.Map <User>(user); AuthExtensions.CreatePasswordHash(user.password, out byte[] passwordHash, out byte[] passwordSalt); userEntity.passwordHash = passwordHash; userEntity.passwordSalt = passwordSalt; _repository.User.CreateUser(userEntity); await _repository.SaveAsync(); var createdUser = _mapper.Map <UserDto>(userEntity); return(CreatedAtRoute("UserById", new { id = createdUser.userId }, createdUser)); }
public async Task GivenAuthByEmployee_WhenPutChangePasswordRequest_ThenReturnOk() { // Arrange const string NEW_PASSWORD = "******"; const string DEFAULT_PASSWORD = DefaultAdmin.Password; var model = _fixture.Context.Users.Last(); var viewModel = await Task.Run(() => JsonConvert.SerializeObject( new ChangePasswordViewModel { OldPassword = DEFAULT_PASSWORD, NewPassword = NEW_PASSWORD, } )); // Act var request = new HttpRequestMessage(HttpMethod.Put, $"{API_URL}/change-password"); request.Content = new StringContent(viewModel, Encoding.UTF8, "application/json"); // Send request as Employee await AuthExtensions.SetupRequestAuth( request, _fixture, new LoginViewModel { UserName = model.UserName, Password = DEFAULT_PASSWORD, } ); var response = await _fixture.Client.SendAsync(request); // Assert response.EnsureSuccessStatusCode(); var assertLogin = await AuthExtensions.GetJwt( _fixture, new LoginViewModel { UserName = model.UserName, Password = NEW_PASSWORD, } ); Assert.NotEmpty(assertLogin); }
public async Task GivenAuthAsEmployee_WhenRequestInAdminOnlyEndpoints_ThenReturnForbidden(HttpMethod method, string url) { // Arrange var employee = _fixture.Context.Users.First(m => m.UserName != DefaultAdmin.UserName); var credentials = new LoginViewModel { UserName = employee.UserName, Password = "******", }; // Act var request = new HttpRequestMessage(method, url); await AuthExtensions.SetupRequestAuth(request, _fixture, credentials); var response = await _fixture.Client.SendAsync(request); // Assert Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode); }
public IActionResult RefreshToken([FromBody] TokenDto model) { var validatedClaims = (AuthExtensions.VerifyToken(model.token, _config)); if (validatedClaims == null) { return(Unauthorized()); } var user = new UserDto { userId = int.Parse(validatedClaims.First(c => c.Type == ClaimTypes.NameIdentifier).Value), email = validatedClaims.First(c => c.Type == ClaimTypes.Email).Value, name = validatedClaims.First(c => c.Type == ClaimTypes.Name).Value }; return(Ok(new { user, token = AuthExtensions.TokenGeneration(validatedClaims.ToList(), _config) })); }
public async Task <IActionResult> UpdateCustomer(int id, [FromBody] CustomerForUpdateDto customer) { var customerEntity = HttpContext.Items["entity"] as Customer; if (!string.IsNullOrEmpty(customer.password)) { AuthExtensions.CreatePasswordHash(customer.password, out byte[] passwordHash, out byte[] passwordSalt); customer.passwordHash = passwordHash; customer.passwordSalt = passwordSalt; } else { customer.passwordHash = customerEntity.passwordHash; customer.passwordSalt = customerEntity.passwordSalt; } _mapper.Map(customer, customerEntity); _repository.Customer.UpdateCustomer(customerEntity); await _repository.SaveAsync(); return(NoContent()); }