public void MfaAuthorizationSuccessfulTest_ChecksThatServiceReturnsTrueIfNoMfaSubscriptionIsSubscribed_VerifiesThroughReturnsValue()
{
IIdentityAccessPersistenceRepository persistenceRepository = (IIdentityAccessPersistenceRepository)ContextRegistry.GetContext()["IdentityAccessPersistenceRepository"];
IUserRepository userRepository = (IUserRepository)ContextRegistry.GetContext()["UserRepository"];
ISecurityKeysRepository securityKeysPairRepository = (ISecurityKeysRepository)ContextRegistry.GetContext()["SecurityKeysPairRepository"];
IMfaCodeSenderService mfaSmsService = (IMfaCodeSenderService)ContextRegistry.GetContext()["MfaSmsService"];
IMfaCodeSenderService mfaEmailService = (IMfaCodeSenderService)ContextRegistry.GetContext()["MfaEmailService"];
IMfaCodeGenerationService mfaCodeGenerationService = (IMfaCodeGenerationService)ContextRegistry.GetContext()["MfaCodeGenerationService"];
IMfaAuthorizationService mfaAuthorizationService = new MfaAuthorizationService(persistenceRepository,
userRepository, securityKeysPairRepository, mfaSmsService, mfaEmailService, mfaCodeGenerationService);
string apiKey = "123";
string userName = "******";
string phoneNumber = "2233344";
string email = "*****@*****.**";
User user = new User(userName, "asdf", "12345", "xyz", email, Language.English, TimeZone.CurrentTimeZone,
new TimeSpan(1, 1, 1, 1), DateTime.Now, "Pakistan", "", phoneNumber, "1234");
persistenceRepository.SaveUpdate(user);
user = userRepository.GetUserByUserName(userName);
Assert.IsNotNull(user);
SecurityKeysPair securityKeysPair = new SecurityKeysPair(user.Id, apiKey, "secret123", true, "#1");
persistenceRepository.SaveUpdate(securityKeysPair);
Tuple <bool, string> authorizeAccess = mfaAuthorizationService.AuthorizeAccess(apiKey, MfaConstants.Deposit, "");
Assert.IsTrue(authorizeAccess.Item1);
}
public void LoginMfaAuthorizationTest_ChecksIfMfaAuthorizationIsDoneSuccessfully_VerifiesThroughReturnValue()
{
ILoginApplicationService loginApplicationService = (ILoginApplicationService)_applicationContext["LoginApplicationService"];
ILogoutApplicationService logoutApplicationService = (ILogoutApplicationService)_applicationContext["LogoutApplicationService"];
IMfaSubscriptionRepository mfaSubscriptionRepository = (IMfaSubscriptionRepository)_applicationContext["MfaSubscriptionRepository"];
IMfaCodeGenerationService mfaCodeGenerationService = (IMfaCodeGenerationService)ContextRegistry.GetContext()["MfaCodeGenerationService"];
Assert.IsNotNull(loginApplicationService);
IRegistrationApplicationService registrationService = (IRegistrationApplicationService)_applicationContext["RegistrationApplicationService"];
string username = "******";
string activationKey = registrationService.CreateAccount(new SignupUserCommand(
"*****@*****.**", username, "alice", "Wonderland", TimeZone.CurrentTimeZone, ""));
Assert.IsNotNull(activationKey);
IUserApplicationService userApplicationService = (IUserApplicationService)_applicationContext["UserApplicationService"];
bool accountActivated = userApplicationService.ActivateAccount(new ActivationCommand(activationKey, "Bob", "alice"));
Assert.IsTrue(accountActivated);
UserValidationEssentials userValidationEssentials = loginApplicationService.Login(new LoginCommand("Bob", "alice"));
Assert.IsNotNull(userValidationEssentials);
Assert.IsNotNull(userValidationEssentials.ApiKey);
Assert.IsNotNull(userValidationEssentials.SecretKey);
Assert.IsNotNull(userValidationEssentials.SessionLogoutTime);
IList <MfaSubscription> allSubscriptions = mfaSubscriptionRepository.GetAllSubscriptions();
List <Tuple <string, string, bool> > mfaSubscriptions = new List <Tuple <string, string, bool> >();
foreach (var subscription in allSubscriptions)
{
mfaSubscriptions.Add(new Tuple <string, string, bool>(subscription.MfaSubscriptionId, subscription.MfaSubscriptionName,
true));
}
SubmitMfaSettingsResponse submitMfaSettingsResponse = userApplicationService.SubmitMfaSettings(
new MfaSettingsCommand(false, null, userValidationEssentials.ApiKey, mfaSubscriptions));
Assert.IsTrue(submitMfaSettingsResponse.Successful);
logoutApplicationService.Logout(new LogoutCommand(userValidationEssentials.ApiKey));
UserValidationEssentials validationEssentials = loginApplicationService.Login(new LoginCommand("Bob", "alice", null));
Assert.IsFalse(validationEssentials.LoginSuccessful);
Assert.IsNull(validationEssentials.ApiKey);
// As we are using the stub implementation for MfaCodeGenerationService, the service returns only the same code every
// time. So we can use the code in this test case
validationEssentials = loginApplicationService.Login(new LoginCommand("Bob", "alice", mfaCodeGenerationService.GenerateCode()));
Assert.IsTrue(validationEssentials.LoginSuccessful);
Assert.IsNotNull(validationEssentials.ApiKey);
Assert.IsNotNull(validationEssentials.SecretKey);
}
/// <summary>
/// Initializes a new instance of the <see cref="T:System.Object"/> class.
/// </summary>
public MfaAuthorizationService(IIdentityAccessPersistenceRepository persistenceRepository, IUserRepository userRepository,
ISecurityKeysRepository securityKeysRepository, IMfaCodeSenderService smsService, IMfaCodeSenderService emailService,
IMfaCodeGenerationService codeGenerationService)
{
_persistenceRepository = persistenceRepository;
_userRepository = userRepository;
_securityKeysRepository = securityKeysRepository;
_smsService = smsService;
_emailService = emailService;
_codeGenerationService = codeGenerationService;
}
public void MfaAuthorizationFailTest_ChecksThatServiceReturnsTrueIfMfaCodesDontMatch_VerifiesThroughReturnsValue()
{
IIdentityAccessPersistenceRepository persistenceRepository = (IIdentityAccessPersistenceRepository)ContextRegistry.GetContext()["IdentityAccessPersistenceRepository"];
IUserRepository userRepository = (IUserRepository)ContextRegistry.GetContext()["UserRepository"];
ISecurityKeysRepository securityKeysPairRepository = (ISecurityKeysRepository)ContextRegistry.GetContext()["SecurityKeysPairRepository"];
IMfaCodeSenderService mfaSmsService = (IMfaCodeSenderService)ContextRegistry.GetContext()["MfaSmsService"];
IMfaCodeSenderService mfaEmailService = (IMfaCodeSenderService)ContextRegistry.GetContext()["MfaEmailService"];
IMfaCodeGenerationService mfaCodeGenerationService = (IMfaCodeGenerationService)ContextRegistry.GetContext()["MfaCodeGenerationService"];
IMfaSubscriptionRepository mfaSubscriptionRepository = (IMfaSubscriptionRepository)ContextRegistry.GetContext()["MfaSubscriptionRepository"];
IMfaAuthorizationService mfaAuthorizationService = new MfaAuthorizationService(persistenceRepository,
userRepository, securityKeysPairRepository, mfaSmsService, mfaEmailService, mfaCodeGenerationService);
string apiKey = "123";
string userName = "******";
string phoneNumber = "2233344";
string email = "*****@*****.**";
User user = new User(userName, "asdf", "12345", "xyz", email, Language.English, TimeZone.CurrentTimeZone,
new TimeSpan(1, 1, 1, 1), DateTime.Now, "Pakistan", "", phoneNumber, "1234");
persistenceRepository.SaveUpdate(user);
user = userRepository.GetUserByUserName(userName);
Assert.IsNotNull(user);
SecurityKeysPair securityKeysPair = new SecurityKeysPair(user.Id, apiKey, "secret123", true, "#1");
persistenceRepository.SaveUpdate(securityKeysPair);
Tuple <bool, string> authorizeAccess = mfaAuthorizationService.AuthorizeAccess(apiKey, MfaConstants.Deposit, "");
Assert.IsTrue(authorizeAccess.Item1);
IList <MfaSubscription> allSubscriptions = mfaSubscriptionRepository.GetAllSubscriptions();
IList <Tuple <string, string, bool> > mfaSubscriptions = new List <Tuple <string, string, bool> >();
foreach (var subscription in allSubscriptions)
{
mfaSubscriptions.Add(new Tuple <string, string, bool>(subscription.MfaSubscriptionId,
subscription.MfaSubscriptionName, true));
}
user.AssignMfaSubscriptions(mfaSubscriptions);
persistenceRepository.SaveUpdate(user);
authorizeAccess = mfaAuthorizationService.AuthorizeAccess(apiKey, MfaConstants.Deposit, null);
Assert.IsFalse(authorizeAccess.Item1);
// The Stub Implementation always generates and returns the same MFA Code. We manuipulate it so that the code is
// incorrect
string mfaCode = mfaCodeGenerationService.GenerateCode();
authorizeAccess = mfaAuthorizationService.AuthorizeAccess(apiKey, MfaConstants.Deposit, mfaCode + "1");
Assert.IsFalse(authorizeAccess.Item1);
}
public void InitializationTest_ChecksIftheInstanceOfTheServiceIsInitializedAsExpectedUsingSpring_VerifiesThroughTheInstanceVariable()
{
IMfaCodeGenerationService smsService = (IMfaCodeGenerationService)ContextRegistry.GetContext()["MfaCodeGenerationService"];
Assert.IsNotNull(smsService);
}
