public async Task SuccessfulAuthenticationRequest_ReturnsAuthenticationResult_AndStatusCodeOk()
{
var fakeAccessToken = "fakeAccessToken";
var fakeIdToken = "fakeIdToken";
var fakeRefreshToken = "fakeRefreshToken";
var user = new AwsCognitoUser
{
UserName = "******",
Password = "******"
};
_cognitoAdapterHelper.UserExists(Arg.Any <AwsCognitoUser>()).Returns(true);
_cognitoAdapterHelper.UserIsConfirmed(Arg.Any <AwsCognitoUser>()).Returns(true);
_awsCognitoClient.InitiateAuthAsync(Arg.Any <InitiateAuthRequest>()).Returns(new InitiateAuthResponse
{
AuthenticationResult = new AuthenticationResultType
{
AccessToken = fakeAccessToken,
IdToken = fakeIdToken,
RefreshToken = fakeRefreshToken
}
});
var authResponse = await _authAdapter.AuthenticateUserAsync(user);
var content = await authResponse.Content.ReadAsStringAsync();
var authenticationResult = JsonConvert.DeserializeObject <AuthenticationResultType>(content);
Assert.AreEqual(HttpStatusCode.OK, authResponse.StatusCode);
Assert.AreEqual(fakeAccessToken, authenticationResult.AccessToken);
Assert.AreEqual(fakeIdToken, authenticationResult.IdToken);
Assert.AreEqual(fakeRefreshToken, authenticationResult.RefreshToken);
}
public async Task <IActionResult> CreateAccount([FromBody] AwsCognitoUser cognitoUser)
{
try
{
var signUpResponse = await _authAdapter.RegisterNewUserAsync(cognitoUser);
switch (signUpResponse.StatusCode)
{
case HttpStatusCode.Conflict:
return(new ConflictObjectResult($"The email address {cognitoUser.UserName} already has an account associated with it."));
case HttpStatusCode.Created:
return(new OkObjectResult($"Account successfully created. Please check your email for a confirmation code."));
default:
return(new ContentResult
{
ContentType = "text/plain",
Content = "An error has occurred",
StatusCode = (int)signUpResponse.StatusCode
});
}
}
catch (Exception e)
{
Console.WriteLine(e);
throw;
}
}
public void OneTimeSetUp()
{
_testServer = new TestServer();
_httpClient = _testServer.CreateClient();
var secretsClient = new AmazonSecretsManagerClient(RegionEndpoint.USWest2);
var secretResponse = secretsClient.GetSecretValueAsync(new GetSecretValueRequest
{
SecretId = TestUserSecretId
}).Result;
_testUserCreds = JsonConvert.DeserializeObject <TestUserCreds>(secretResponse.SecretString);
_emailAdapter = new EmailAdapter();
_user = new AwsCognitoUser
{
FirstName = "test",
LastName = "user",
PhoneNumber = "+12223334444",
UserName = _testUserCreds.TraceTestUserEmail,
Password = _testUserCreds.TraceTestUserPassword
};
var serviceProvider = _testServer.GetTestServiceProvider();
_authAdapter = serviceProvider.GetRequiredService <IAuthAdapter>();
_httpHandler = new HttpHandler(_clientConfig, _httpClient);
_apiClient = new TraceApiClient(_httpHandler);
}
public async Task SuccessfulAuthentication_ReturnsCorrectAuthHeaders_AndRedirectsTo_GetRemindersView()
{
var fakeAccessToken = "fakeAccessToken";
var fakeIdToken = "fakeIdToken";
var fakeRefreshToken = "fakeRefreshToken";
var user = new AwsCognitoUser
{
UserName = "******",
Password = "******"
};
var mockAuthResult = new AuthenticationResultType
{
AccessToken = fakeAccessToken,
IdToken = fakeIdToken,
RefreshToken = fakeRefreshToken
};
_authAdapter.AuthenticateUserAsync(Arg.Any <AwsCognitoUser>()).Returns(new HttpResponseMessage
{
StatusCode = HttpStatusCode.OK,
Content = new StringContent(JsonConvert.SerializeObject(mockAuthResult))
});
var context = _accountsController.ControllerContext.HttpContext = new DefaultHttpContext();
var authResponse = await _accountsController.Login(user) as RedirectToActionResult;
Assert.AreEqual("GetRemindersView", authResponse.ActionName);
}
public async Task <HttpResponseMessage> RegisterNewUserAsync(AwsCognitoUser user)
{
if (await _cognitoAdapterHelper.UserExists(user))
{
return(new HttpResponseMessage(HttpStatusCode.Conflict));
}
var signUpRequest = new SignUpRequest()
{
Username = user.UserName,
Password = user.Password,
ClientId = _clientId,
UserAttributes = new List <AttributeType>
{
new AttributeType
{
Name = "given_name",
Value = user.FirstName
},
new AttributeType
{
Name = "family_name",
Value = user.LastName
},
new AttributeType
{
Name = "phone_number",
Value = user.PhoneNumber
}
}
};
var signUpResponse = await _awsCognitoClient.SignUpAsync(signUpRequest);
return(new HttpResponseMessage(HttpStatusCode.Created));
}
public async Task <HttpResponseMessage> ConfirmPasswordWithRetryAsync(AwsCognitoUser user)
{
return(await Policy.HandleResult(_circuitBreaker)
.WaitAndRetryAsync(DecorrelatedJitter())
.ExecuteAsync(ex =>
_httpHandler.SendRequestWithBodyAsync(user, HttpMethod.Post, ConfirmPasswordEndpoint, _token), CancellationToken.None));
}
public async Task <IActionResult> CreateAccount(AwsCognitoUser cognitoUser, string message = "")
{
//use this to display info messages after redirect
ViewBag.InfoMessage = message;
HttpResponseMessage signUpResponse;
try
{
signUpResponse = await _authAdapter.RegisterNewUserAsync(cognitoUser);
}
catch (Exception ex)
{
_logger.LogError(ex);
return(RedirectToAction("GetCreateAccountView", "Accounts", new { message = "An error has occurred." }));
}
switch (signUpResponse.StatusCode)
{
case HttpStatusCode.Conflict:
return(RedirectToAction("GetCreateAccountView", "Accounts", new { message = $"The email address {cognitoUser.UserName} already has an account associated with it." }));
case HttpStatusCode.Created:
await _userRepository.AddUserAsync(cognitoUser.UserName);
return(RedirectToAction("GetConfirmAccountView", "Accounts", new { message = $"Account successfully created. Please check your email for a confirmation code." }));
default:
_logger.LogError(signUpResponse);
return(RedirectToAction("GetCreateAccountView", "Accounts", new { message = "An error has occurred." }));
}
}
public async Task <HttpResponseMessage> AuthenticateUserAsync(AwsCognitoUser user)
{
if (!await _cognitoAdapterHelper.UserExists(user))
{
return(new HttpResponseMessage(HttpStatusCode.NotFound));
}
if (!await _cognitoAdapterHelper.UserIsConfirmed(user))
{
return(new HttpResponseMessage(HttpStatusCode.BadRequest));
}
var authRequest = new InitiateAuthRequest
{
AuthFlow = AuthFlowType.USER_PASSWORD_AUTH,
AuthParameters = new Dictionary <string, string>
{
{ "USERNAME", user.UserName },
{ "PASSWORD", user.Password }
},
ClientId = _clientId
};
var authResponse = await _awsCognitoClient.InitiateAuthAsync(authRequest);
return(new HttpResponseMessage
{
StatusCode = HttpStatusCode.OK,
Content = new StringContent(JsonConvert.SerializeObject(authResponse.AuthenticationResult))
});
}
public async Task <HttpResponseMessage> LoginWithRetryAsync(AwsCognitoUser user)
{
var respsone = await Policy.HandleResult(_circuitBreaker)
.WaitAndRetryAsync(DecorrelatedJitter())
.ExecuteAsync(ex =>
_httpHandler.SendRequestWithBodyAsync(user, HttpMethod.Post, LoginEndpoint), CancellationToken.None);
_token = JsonConvert.DeserializeObject <TokenResponse>(await respsone.Content.ReadAsStringAsync());
return(respsone);
}
internal async Task AdminDeleteUser(AwsCognitoUser user)
{
var userInfo = await _cognitoAdapterHelper.GetUserInfo(user);
await _awsCognitoClient.AdminDeleteUserAsync(new AdminDeleteUserRequest
{
UserPoolId = _cognitoConfig.UserPoolId,
Username = userInfo.Username
});
}
public async Task AttemptToConfirmAccount_ButUserIsAlreadyConfirmed_RedirectsTo_GetLoginView()
{
_authAdapter.ConfirmUserAsync(Arg.Any <AwsCognitoUser>()).Returns(new HttpResponseMessage(HttpStatusCode.Conflict));
var user = new AwsCognitoUser
{
UserName = "******",
ConfirmationCode = "123456"
};
var confirmAccountResponse = await _accountsController.ConfirmAccount(user) as RedirectToActionResult;
Assert.AreEqual("GetLoginView", confirmAccountResponse.ActionName);
}
public async Task IsUerDoesNotExist_ConfirmAccount_ReturnsStatusCode_NotFound()
{
var user = new AwsCognitoUser
{
UserName = "******",
ConfirmationCode = "123456"
};
_cognitoAdapterHelper.UserExists(Arg.Any <AwsCognitoUser>()).Returns(false);
var confirmUserResponse = await _authAdapter.ConfirmUserAsync(user);
Assert.AreEqual(HttpStatusCode.NotFound, confirmUserResponse.StatusCode);
}
public async Task IfUserExists_RegisterNewUser_ReturnsStatusCode_Conflict()
{
var user = new AwsCognitoUser
{
UserName = "******",
Password = "******"
};
_cognitoAdapterHelper.UserExists(Arg.Any <AwsCognitoUser>()).Returns(true);
var registerUserResponse = await _authAdapter.RegisterNewUserAsync(user);
Assert.AreEqual(HttpStatusCode.Conflict, registerUserResponse.StatusCode);
}
public async Task IfUserDoesNotExist_AuthenticateUser_ReturnsStatusCode_NotFound()
{
var user = new AwsCognitoUser
{
UserName = "******",
Password = "******"
};
_cognitoAdapterHelper.UserExists(Arg.Any <AwsCognitoUser>()).Returns(false);
var authResponse = await _authAdapter.AuthenticateUserAsync(user);
Assert.AreEqual(HttpStatusCode.NotFound, authResponse.StatusCode);
}
public async Task IfExpiredCodeException_IsThrownBy_ConfirmNewUserAsync_ExceptionIsLogged_AndUserRedirectedTo_ResendConfirmationCodeView()
{
_authAdapter.ConfirmUserAsync(Arg.Any <AwsCognitoUser>()).Throws(new ExpiredCodeException("expired code"));
var user = new AwsCognitoUser
{
UserName = "******",
ConfirmationCode = "123456"
};
var confirmAccountResponse = await _accountsController.ConfirmAccount(user) as RedirectToActionResult;
_logger.Received(1).LogError(Arg.Any <object>());
Assert.AreEqual("GetResendConfirmationCodeView", confirmAccountResponse.ActionName);
}
public async Task SuccessfulCreationOfAccount_ReturnsStatusCode_Created()
{
var user = new AwsCognitoUser
{
UserName = "******",
Password = "******"
};
_cognitoAdapterHelper.UserExists(Arg.Any <AwsCognitoUser>()).Returns(false);
_awsCognitoClient.SignUpAsync(Arg.Any <SignUpRequest>()).Returns(new SignUpResponse());
var registerUserResponse = await _authAdapter.RegisterNewUserAsync(user);
Assert.AreEqual(HttpStatusCode.Created, registerUserResponse.StatusCode);
}
public async Task IsUerIsAlreadyConfirmed_ConfirmAccount_ReturnsStatusCode_Conflict()
{
var user = new AwsCognitoUser
{
UserName = "******",
ConfirmationCode = "123456"
};
_cognitoAdapterHelper.UserExists(Arg.Any <AwsCognitoUser>()).Returns(true);
_cognitoAdapterHelper.UserIsConfirmed(Arg.Any <AwsCognitoUser>()).Returns(true);
var confirmUserResponse = await _authAdapter.ConfirmUserAsync(user);
Assert.AreEqual(HttpStatusCode.Conflict, confirmUserResponse.StatusCode);
}
public async Task IfUserIsNotConfirmed_AuthenticateUser_ReturnsStatusCode_BadRequest()
{
var user = new AwsCognitoUser
{
UserName = "******",
Password = "******"
};
_cognitoAdapterHelper.UserExists(Arg.Any <AwsCognitoUser>()).Returns(true);
_cognitoAdapterHelper.UserIsConfirmed(Arg.Any <AwsCognitoUser>()).Returns(false);
var authResponse = await _authAdapter.AuthenticateUserAsync(user);
Assert.AreEqual(HttpStatusCode.BadRequest, authResponse.StatusCode);
}
public async Task AttemptToCreateAccount_ButUserExists_RedirectsToCorrectAction()
{
_authAdapter.RegisterNewUserAsync(Arg.Any <AwsCognitoUser>()).Returns(new HttpResponseMessage(HttpStatusCode.Conflict));
var user = new AwsCognitoUser
{
UserName = "******",
Password = "******"
};
var createAccountResponse = await _accountsController.CreateAccount(user) as RedirectToActionResult;
await _userRepository.Received(0).AddUserAsync(Arg.Any <string>());
Assert.AreEqual("GetCreateAccountView", createAccountResponse.ActionName);
}
public async Task IfExpiredCodeException_IsThrownBy_AuthenticateUserAsync_ExceptionIsLogged_AndUserRedirectedTo_GetLoginView()
{
_authAdapter.AuthenticateUserAsync(Arg.Any <AwsCognitoUser>()).Throws(new Exception());
var user = new AwsCognitoUser
{
UserName = "******",
Password = "******"
};
var authResponse = await _accountsController.Login(user) as RedirectToActionResult;
_logger.Received(1).LogError(Arg.Any <object>());
Assert.AreEqual("GetLoginView", authResponse.ActionName);
}
public async Task UserExists_ReturnsFalse_IfUserDoesNotExist()
{
var user = new AwsCognitoUser
{
UserName = "******",
Password = "******"
};
_awsCognitoClient.ListUsersAsync(Arg.Any <ListUsersRequest>()).Returns(new ListUsersResponse {
Users = new List <UserType>()
});
var userExists = await _cognitoAdapterHelper.UserExists(user);
Assert.IsFalse(userExists);
}
public async Task IfExceptionIsThrown_ByAuthAdapter_ExceptionIsLogged_AndUserIsRedirectedBackToCreateAccountView()
{
_authAdapter.RegisterNewUserAsync(Arg.Any <AwsCognitoUser>()).Throws(new Exception());
var user = new AwsCognitoUser
{
UserName = "******",
Password = "******"
};
var createAccountResponse = await _accountsController.CreateAccount(user) as RedirectToActionResult;
_logger.Received(1).LogError(Arg.Any <object>());
await _userRepository.Received(0).AddUserAsync(Arg.Any <string>());
Assert.AreEqual("GetCreateAccountView", createAccountResponse.ActionName);
}
public async Task SuccessfulConfirmation_OfAccount_ReturnsStatusCode_Ok()
{
var user = new AwsCognitoUser
{
UserName = "******",
ConfirmationCode = "123456"
};
_cognitoAdapterHelper.UserExists(Arg.Any <AwsCognitoUser>()).Returns(true);
_cognitoAdapterHelper.UserIsConfirmed(Arg.Any <AwsCognitoUser>()).Returns(false);
_awsCognitoClient.ConfirmSignUpAsync(Arg.Any <ConfirmSignUpRequest>()).Returns(new ConfirmSignUpResponse());
var confirmUserResponse = await _authAdapter.ConfirmUserAsync(user);
Assert.AreEqual(HttpStatusCode.OK, confirmUserResponse.StatusCode);
}
public async Task <IActionResult> ConfirmAccount([FromBody] AwsCognitoUser cognitoUser)
{
HttpResponseMessage confirmSignUpResponse;
try
{
confirmSignUpResponse = await _authAdapter.ConfirmUserAsync(cognitoUser);
}
catch (CodeMismatchException)
{
return(new ContentResult
{
Content = "Invalid verification code provided.",
ContentType = "text/plain",
StatusCode = (int)HttpStatusCode.BadRequest
});
}
catch (ExpiredCodeException)
{
return(new ContentResult
{
Content = "Verification code expired. Client must request a new code.",
ContentType = "text/plain",
StatusCode = (int)HttpStatusCode.BadRequest
});
}
switch (confirmSignUpResponse.StatusCode)
{
case HttpStatusCode.NotFound:
return(new NotFoundObjectResult($"The username {cognitoUser.UserName} does not exist."));
case HttpStatusCode.Conflict:
return(new ConflictObjectResult($"The username {cognitoUser.UserName} is already confirmed. Login to continue."));
case HttpStatusCode.OK:
return(new OkObjectResult("Account confirmed. Please login to continue."));
default:
return(new ContentResult
{
ContentType = "text/plain",
Content = "An error has occurred",
StatusCode = (int)confirmSignUpResponse.StatusCode
});
}
}
public async Task <HttpResponseMessage> AdminDeleteUser(AwsCognitoUser user)
{
if (!await _cognitoAdapterHelper.UserExists(user))
{
return(new HttpResponseMessage(HttpStatusCode.NotFound));
}
var userInfo = await _cognitoAdapterHelper.GetUserInfo(user);
await _awsCognitoClient.AdminDeleteUserAsync(new AdminDeleteUserRequest
{
UserPoolId = _cognitoConfig.UserPoolId,
Username = userInfo.Username
});
return(new HttpResponseMessage(HttpStatusCode.OK));
}
public async Task AttemptToLogin_ButUserIsNotConfirmed_RedirectsToConfirmAccountView()
{
var user = new AwsCognitoUser
{
UserName = "******",
Password = "******"
};
_authAdapter.AuthenticateUserAsync(Arg.Any <AwsCognitoUser>()).Returns(new HttpResponseMessage
{
StatusCode = HttpStatusCode.BadRequest
});
var authResponse = await _accountsController.Login(user) as RedirectToActionResult;
Assert.AreEqual("GetConfirmAccountView", authResponse.ActionName);
}
public async Task <HttpResponseMessage> RegisterNewUserAsync(AwsCognitoUser user)
{
if (await _cognitoAdapterHelper.UserExists(user))
{
return(new HttpResponseMessage(HttpStatusCode.Conflict));
}
var signUpRequest = new SignUpRequest()
{
Username = user.UserName,
Password = user.Password,
ClientId = _clientId
};
var signUpResponse = await _awsCognitoClient.SignUpAsync(signUpRequest);
return(new HttpResponseMessage(HttpStatusCode.Created));
}
public async Task <IActionResult> Login([FromBody] AwsCognitoUser cognitoUser)
{
try
{
var loginResponse = await _authAdapter.AuthenticateUserAsync(cognitoUser);
switch (loginResponse.StatusCode)
{
case HttpStatusCode.OK:
var authResult =
JsonConvert.DeserializeObject <AuthenticationResultType>(
await loginResponse.Content.ReadAsStringAsync());
var tokenResponse = new TokenResponse
{
IdToken = authResult.IdToken,
RefreshToken = authResult.RefreshToken,
AccessToken = authResult.AccessToken
};
return(new ContentResult
{
Content = JsonConvert.SerializeObject(tokenResponse),
ContentType = "application/json",
StatusCode = (int)HttpStatusCode.OK
});
case HttpStatusCode.BadRequest:
return(new BadRequestObjectResult($"Login failed. User {cognitoUser.UserName} is unconfirmed."));
case HttpStatusCode.NotFound:
return(new NotFoundObjectResult($"Login failed. User {cognitoUser.UserName} does not exist."));
default:
return(new ContentResult
{
ContentType = "text/plain",
Content = "An error has occurred",
StatusCode = (int)loginResponse.StatusCode
});
}
}
catch (Exception e)
{
Console.WriteLine(e);
throw;
}
}
public async Task <IActionResult> ConfirmAccount(AwsCognitoUser cognitoUser, string message = "")
{
ViewBag.InfoMessage = message;
HttpResponseMessage confirmSignUpResponse;
try
{
confirmSignUpResponse = await _authAdapter.ConfirmUserAsync(cognitoUser);
}
catch (CodeMismatchException ex)
{
_logger.LogError(ex);
return(RedirectToAction("GetConfirmAccountView", "Accounts", new { message = "Invalid verification code provided. Please try again." }));
}
catch (ExpiredCodeException ex)
{
_logger.LogError(ex);
return(RedirectToAction("GetResendConfirmationCodeView", "Accounts", new { message = "Verification code expired. Please request a new code." }));
}
catch (Exception ex)
{
_logger.LogError(ex);
return(RedirectToAction("GetConfirmAccountView", "Accounts", new { message = "An error has occurred." }));
}
switch (confirmSignUpResponse.StatusCode)
{
case HttpStatusCode.NotFound:
return(RedirectToAction("GetCreateAccountView", "Accounts", new { message = $"The username {cognitoUser.UserName} does not exist. Please create an account." }));
case HttpStatusCode.Conflict:
return(RedirectToAction("GetLoginView", "Accounts", new { message = $"The username {cognitoUser.UserName} is already confirmed. Please login to continue." }));
case HttpStatusCode.OK:
return(RedirectToAction("GetLoginView", "Accounts", new { message = "Account confirmed. Please login to continue." }));
default:
_logger.LogError(confirmSignUpResponse);
return(RedirectToAction("GetCreateAccountView", "Accounts", new { message = "An error has occurred." }));
}
}
public async Task AccountsController_CreateAccountEndpoint_AddsUserToDatabase()
{
var testCognitoUser = new AwsCognitoUser
{
UserName = "******",
Password = "******"
};
_mockAuthAdapter.RegisterNewUserAsync(Arg.Any <AwsCognitoUser>()).Returns(new HttpResponseMessage(HttpStatusCode.Created));
var formContent = new FormUrlEncodedContent(new []
{
new KeyValuePair <string, string>("UserName", testCognitoUser.UserName),
new KeyValuePair <string, string>("Password", testCognitoUser.Password)
});
await _httpClient.PostAsync("accounts/create", formContent);
var testUsers = await _testDbContext.GetTestUsers();
Assert.AreEqual(testCognitoUser.UserName, testUsers.First().Username);
}
