public async Task TestWithInvalidUserRequestAsync()
{
// arrange
var obj = new {
username = "******",
password = "******"
};
var repository = new Mock <IRepository>();
var settings = new ApplicationSettings();
var validationService = new Mock <ValidationService>(repository.Object, settings);
var administrationService = new Mock <AdministrationService>(repository.Object, validationService.Object);
var mailService = new Mock <MailService>(repository.Object);
validationService
.SetupGet(x => x.Bundles)
.Returns(new ValidationBundles(validationService.Object));
var request = new UserRequest {
Id = 1,
Username = obj.username,
RequestType = UserRequestType.Activation
};
repository
.Setup(x => x.GetAsync <UserRequest>(1))
.ReturnsAsync(request);
var credentials = JObject.FromObject(obj);
string q;
using (var algorithm = TripleDES.Create()) {
var ciphertext = CryptoUtilities.Encrypt(credentials.ToString(), algorithm.Key, algorithm.IV);
q = 1 + ":" + ciphertext;
}
dynamic model = JObject.FromObject(new {
q
});
var accountService = new AccountService(repository.Object, validationService.Object, administrationService.Object, mailService.Object);
// act
var exception = await TestUtilities.ThrowsAsync <ServiceException>(async() => await accountService.ResetPasswordAsync(model));
// assert
Assert.Equal(ServiceReason.InvalidUserRequest, exception.Reason);
repository.Verify(x => x.GetAsync <UserRequest>(It.IsAny <int>()), Times.Once);
}
// Encryption of goal description
byte[] GetCipherText(string diaryText)
{
Account account = accountManager.CheckForAccount();
if (!account.Properties.TryGetValue("keymaterial", out string keyString))
{
return(null);
}
byte[] keyMaterial = Convert.FromBase64String(keyString);
return(CryptoUtilities.Encrypt(CryptoUtilities.StringToByteArray(diaryText), keyMaterial));
}
byte[] GetCipherText(string diaryText)
{
string keyString;
if (!account.Properties.TryGetValue(kmKey, out keyString))
{
return(null);
}
byte[] keyMaterial = Convert.FromBase64String(keyString);
return(CryptoUtilities.Encrypt(CryptoUtilities.StringToByteArray(diaryText), keyMaterial));
}
public void TestDefaultBehavior()
{
// arrange
var obj = new {
plaintext = "secret"
};
string ciphertext;
// act
using (var algorithm = TripleDES.Create()) {
ciphertext = CryptoUtilities.Encrypt(obj.plaintext, algorithm.Key, algorithm.IV);
}
// assert
Assert.NotEqual(obj.plaintext, ciphertext);
}
public virtual async Task <string> CreateUserRequestAsync(string username, UserRequestType requestType)
{
var password = Guid.NewGuid().ToString();
var credentials = JObject.FromObject(new {
username,
password
});
using (var algorithm = TripleDES.Create()) {
var request = new UserRequest {
Key = algorithm.Key,
IV = algorithm.IV,
Username = username,
Password = CryptoUtilities.CreateHash(password),
RequestType = requestType
};
await _repository.InsertAsync(request);
var ciphertext = CryptoUtilities.Encrypt(credentials.ToString(), algorithm.Key, algorithm.IV);
return(HttpUtility.UrlEncode(request.Id + ":" + ciphertext));
}
}
// To encrypt using stored copy of the key
public void EncryptToFile(string filepath, byte[] protectedKey)
{
#region Parameter Checks
if (null == filepath)
{
throw new ArgumentNullException("Filepath can't be empty.");
}
if (null == EncryptionInfo)
{
throw new NullReferenceException("EncryptionInfo can't be empty.");
}
if (null == EncryptionInfo.EncryptionKey)
{
throw new NullReferenceException("EncryptionKey can't be empty.");
}
if (null == EncryptionInfo.ValidationKey)
{
throw new NullReferenceException("ValidationKey can't be empty.");
}
if (null == EncryptionInfo.IV)
{
throw new NullReferenceException("IV can't be empty.");
}
if (null == EncryptionInfo.Salt)
{
throw new NullReferenceException("Salt can't be empty.");
}
#endregion Parameter Checks
try
{
using (var cu = new CryptoUtilities(EncryptionInfo.SelectedAlgorithm))
{
// Serialize and encrypt folder list
XmlSerializer xsSubmit = new XmlSerializer(typeof(MvxObservableCollection <Folder>));
var xml = string.Empty;
using (var sww = new StringWriter())
using (XmlWriter writer = XmlWriter.Create(sww))
{
xsSubmit.Serialize(writer, FolderList);
xml = sww.ToString(); // Serialized XML
}
// Unprotect the key and encrypt data
Data = cu.Encrypt(Encoding.UTF8.GetBytes(xml),
cu.UnprotectEncryptionKey(protectedKey,
EncryptionInfo.EncryptionKey, EncryptionInfo.IV),
EncryptionInfo.IV);
// Serialize vault and save to file
xsSubmit = new XmlSerializer(typeof(Vault));
xml = string.Empty;
using (var sww = new StringWriter())
using (XmlWriter writer = XmlWriter.Create(sww))
{
xsSubmit.Serialize(writer, GetInstance());
xml = sww.ToString(); // Serialized XML
}
File.WriteAllText(filepath, xml);
//byte[] encodedText = Encoding.UTF8.GetBytes(xml);
//using (FileStream sourceStream = new FileStream(filepath,
// FileMode.Create, FileAccess.Write, FileShare.None,
// bufferSize: 4096, useAsync: true))
//{
// await sourceStream.WriteAsync(encodedText, 0, encodedText.Length);
//};
}
}
catch (Exception)
{
throw;
}
}
public void EncryptToFile(string filepath, SecureString password)
{
#region Parameter Checks
if (null == filepath)
{
throw new ArgumentNullException("Filepath can't be empty");
}
if (null == EncryptionInfo)
{
throw new NullReferenceException("EncryptionInfo can't be empty");
}
if (null == EncryptionInfo.EncryptionKey)
{
throw new NullReferenceException("EncryptionKey can't be empty");
}
if (null == EncryptionInfo.ValidationKey)
{
throw new NullReferenceException("ValidationKey can't be empty");
}
if (null == EncryptionInfo.IV)
{
throw new NullReferenceException("IV can't be empty");
}
if (null == EncryptionInfo.Salt)
{
throw new NullReferenceException("Salt can't be empty");
}
#endregion Parameter Checks
try
{
using (var cu = new CryptoUtilities(EncryptionInfo.SelectedAlgorithm))
{
if (!CryptoUtilities.ValidatePassword(password, EncryptionInfo.ValidationKey, EncryptionInfo.Salt))
{
throw new ArgumentException("Incorrect password");
}
// Serialize and encrypt folder list
XmlSerializer xsSubmit = new XmlSerializer(typeof(MvxObservableCollection <Folder>));
var xml = string.Empty;
using (var sww = new StringWriter())
using (XmlWriter writer = XmlWriter.Create(sww))
{
xsSubmit.Serialize(writer, FolderList);
xml = sww.ToString(); // Serialized XML
}
// Unprotect the key and encrypt data
Data = cu.Encrypt(Encoding.UTF8.GetBytes(xml),
cu.UnprotectEncryptionKey(password,
EncryptionInfo.EncryptionKey, EncryptionInfo.Salt, EncryptionInfo.IV),
EncryptionInfo.IV);
// Serialize vault and save to file
xsSubmit = new XmlSerializer(typeof(Vault));
xml = string.Empty;
using (var sww = new StringWriter())
using (XmlWriter writer = XmlWriter.Create(sww))
{
xsSubmit.Serialize(writer, GetInstance());
xml = sww.ToString(); // Serialized XML
}
File.WriteAllText(filepath, xml);
}
}
catch (Exception)
{
throw;
}
}
public async Task TestDefaultBehaviorAsync()
{
// arrange
var obj = new {
username = "******"
};
var repository = new Mock <IRepository>();
var settings = new ApplicationSettings();
var validationService = new Mock <ValidationService>(repository.Object, settings);
var administrationService = new Mock <AdministrationService>(repository.Object, validationService.Object);
var mailService = new Mock <MailService>(repository.Object);
var user = new User {
Username = obj.username
};
var request = new UserRequest {
Id = 1,
Username = obj.username,
RequestType = UserRequestType.Activation
};
var userSet = TestUtilities.CreateDbSetMock(new List <User> {
user
});
repository
.Setup(x => x.AsQueryable <User>())
.Returns(userSet.Object);
repository
.Setup(x => x.GetAsync <User>(1))
.ReturnsAsync(user);
repository
.Setup(x => x.GetAsync <UserRequest>(1))
.ReturnsAsync(request);
var password = Guid.NewGuid().ToString();
var credentials = JObject.FromObject(new {
obj.username,
password
});
string q;
using (var algorithm = TripleDES.Create()) {
request.Key = algorithm.Key;
request.IV = algorithm.IV;
request.Password = CryptoUtilities.CreateHash(password);
var ciphertext = CryptoUtilities.Encrypt(credentials.ToString(), algorithm.Key, algorithm.IV);
q = 1 + ":" + ciphertext;
}
dynamic model = JObject.FromObject(new {
q
});
var accountService = new AccountService(repository.Object, validationService.Object, administrationService.Object, mailService.Object);
// act
await TestUtilities.DoesNotThrowAsync(async() => await accountService.ActivateAsync(model));
// assert
Assert.True(user.Enabled);
repository.Verify(x => x.GetAsync <UserRequest>(It.IsAny <int>()), Times.Once);
repository.Verify(x => x.AsQueryable <User>(), Times.Once);
repository.Verify(x => x.UpdateAsync(user), Times.Once());
repository.Verify(x => x.UpdateAsync(request), Times.Once());
}
public async Task TestWithInvalidPasswordAsync()
{
// arrange
var obj = new {
username = "******",
password = "******"
};
var repository = new Mock <IRepository>();
var settings = new ApplicationSettings();
var validationService = new Mock <ValidationService>(repository.Object, settings);
var administrationService = new Mock <AdministrationService>(repository.Object, validationService.Object);
var mailService = new Mock <MailService>(repository.Object);
validationService
.SetupGet(x => x.Bundles)
.Returns(new ValidationBundles(validationService.Object));
var user = new User {
Username = obj.username
};
var request = new UserRequest {
Id = 1,
Username = obj.username,
RequestType = UserRequestType.ResetPassword
};
var userSet = TestUtilities.CreateDbSetMock(new List <User> {
user
});
repository
.Setup(x => x.AsQueryable <User>())
.Returns(userSet.Object);
repository
.Setup(x => x.GetAsync <UserRequest>(1))
.ReturnsAsync(request);
var password = Guid.NewGuid().ToString();
var credentials = JObject.FromObject(obj);
string q;
using (var algorithm = TripleDES.Create()) {
request.Key = algorithm.Key;
request.IV = algorithm.IV;
request.Password = CryptoUtilities.CreateHash(password);
var ciphertext = CryptoUtilities.Encrypt(credentials.ToString(), algorithm.Key, algorithm.IV);
q = 1 + ":" + ciphertext;
}
dynamic model = JObject.FromObject(new {
q
});
var accountService = new AccountService(repository.Object, validationService.Object, administrationService.Object, mailService.Object);
// act
var exception = await TestUtilities.ThrowsAsync <ServiceException>(async() => await accountService.ResetPasswordAsync(model));
// assert
Assert.Equal(ServiceReason.ResetPasswordError, exception.Reason);
Assert.Null(user.Password);
repository.Verify(x => x.GetAsync <UserRequest>(It.IsAny <int>()), Times.Once);
repository.Verify(x => x.AsQueryable <User>(), Times.Never);
repository.Verify(x => x.UpdateAsync(user), Times.Never());
repository.Verify(x => x.UpdateAsync(request), Times.Never());
}
