public void ChangePasswordSuccessTest_ChecksIfThePasswordIsChangedSuccessfully_VeririesThroughTheReturnedValue()
{
IUserRepository userRepository = new MockUserRepository();
ISecurityKeysRepository securityKeysRepository = new MockSecurityKeysRepository();
IPasswordEncryptionService passwordEncryptionService = new PasswordEncryptionService();
IIdentityAccessPersistenceRepository persistenceRepository = new MockPersistenceRepository(false);
UserApplicationService userApplicationService = new UserApplicationService(userRepository, securityKeysRepository,
passwordEncryptionService, persistenceRepository, new MockEmailService(), new PasswordCodeGenerationService());
// Store the Securiyty Keys with the Username of the User at hand
(securityKeysRepository as MockSecurityKeysRepository).AddSecurityKeysPair(new SecurityKeysPair(
new ApiKey("123456789").Value, new SecretKey("987654321").Value, "desc", 0, true));
// We need to encrypt the password in the test case ourselves, as we are not registering the user through
// the proper service here
(userRepository as MockUserRepository).AddUser(new User("*****@*****.**", "linkinpark",
passwordEncryptionService.EncryptPassword("burnitdown"), "USA", TimeZone.CurrentTimeZone, "", ""));
User userBeforePasswordChange = userRepository.GetUserByUserName("linkinpark");
string passwordBeforeChange = userBeforePasswordChange.Password;
// Give the API key that is already stored in the Security keys repository mentioned with the User Name
//UserValidationEssentials userValidationEssentials = new UserValidationEssentials(new Tuple<ApiKey, SecretKey>(
// new ApiKey("123456789"), new SecretKey("987654321")), new TimeSpan(0,0,10,0));
ChangePasswordResponse changePasswordResponse = userApplicationService.ChangePassword(new ChangePasswordCommand(
"123456789", "burnitdown", "burnitdowntwice"));
Assert.IsTrue(changePasswordResponse.ChangeSuccessful);
User userAfterPasswordChange = userRepository.GetUserByUserName("linkinpark");
string passwordAfterChange = userAfterPasswordChange.Password;
// Verify the old and new password do not match
Assert.AreNotEqual(passwordBeforeChange, passwordAfterChange);
}
public void ActivateAccountSuccessTest_ChecksIfTheAccountIsActivatedSuccessfully_VeririesThroughTheReturnedValue()
{
IUserRepository userRepository = new MockUserRepository();
ISecurityKeysRepository securityKeysRepository = new MockSecurityKeysRepository();
IPasswordEncryptionService passwordEncryptionService = new PasswordEncryptionService();
IIdentityAccessPersistenceRepository persistenceRepository = new MockPersistenceRepository(false);
UserApplicationService userApplicationService = new UserApplicationService(userRepository, securityKeysRepository,
passwordEncryptionService, persistenceRepository, new MockEmailService(), new PasswordCodeGenerationService());
// Store the Securiyty Keys with the Username of the User at hand
(securityKeysRepository as MockSecurityKeysRepository).AddSecurityKeysPair(new SecurityKeysPair(
new ApiKey("123456789").Value, new SecretKey("987654321").Value, "desc", 0, true));
string activationKey = "123456789";
string username = "******";
string password = "******";
User user = new User("*****@*****.**", username,
passwordEncryptionService.EncryptPassword(password), "USA", TimeZone.CurrentTimeZone,
"", activationKey);
user.AddTierStatus(Status.NonVerified, new Tier(TierLevelConstant.Tier0, TierLevelConstant.Tier0));
// We need to encrypt the password in the test case ourselves, as we are not registering the user through
// the proper service here
(userRepository as MockUserRepository).AddUser(user);
bool changeSuccessful = userApplicationService.ActivateAccount(new ActivationCommand(activationKey, username, password));
Assert.IsTrue(changeSuccessful);
User user1 = (persistenceRepository as MockPersistenceRepository).GetUser(username);
Assert.IsNotNull(user1);
Assert.IsTrue(user1.IsActivationKeyUsed.Value);
Assert.IsFalse(user1.IsUserBlocked.Value);
}
public void CancelAccountActivationSuccessfulTest_MakesSureAccountActivationGetsCancelledWhenEverythingIsGivenAsExpected_VerifiesByReturnedValueAndQueryingRepository()
{
IUserRepository userRepository = new MockUserRepository();
ISecurityKeysRepository securityKeysRepository = new MockSecurityKeysRepository();
IPasswordEncryptionService passwordEncryptionService = new PasswordEncryptionService();
IIdentityAccessPersistenceRepository persistenceRepository = new MockPersistenceRepository(false);
UserApplicationService userApplicationService = new UserApplicationService(userRepository, securityKeysRepository,
passwordEncryptionService, persistenceRepository, new MockEmailService(), new PasswordCodeGenerationService());
string activationKey = "123456789";
string username = "******";
string password = "******";
User user = new User("*****@*****.**", username, passwordEncryptionService.EncryptPassword(password),
"USA", TimeZone.CurrentTimeZone, "", activationKey);
user.AddTierStatus(Status.NonVerified, new Tier(TierLevelConstant.Tier0, TierLevelConstant.Tier0));
// We need to encrypt the password in the test case ourselves, as we are not registering the user through
// the proper service here
(userRepository as MockUserRepository).AddUser(user);
bool accountActivationCancelled = userApplicationService.CancelAccountActivation(new CancelActivationCommand(activationKey));
Assert.IsTrue(accountActivationCancelled);
User userByUserName = userRepository.GetUserByUserName(username);
Assert.IsNull(userByUserName);
}
public void ActivateAccountFailDueToBlankPasswordTest_MakesSureThatTheAccountIsNotActivatedWhenBlankPasswordIsGiven_VeririesThroughTheReturnedValue()
{
IUserRepository userRepository = new MockUserRepository();
ISecurityKeysRepository securityKeysRepository = new MockSecurityKeysRepository();
IPasswordEncryptionService passwordEncryptionService = new PasswordEncryptionService();
IIdentityAccessPersistenceRepository persistenceRepository = new MockPersistenceRepository(false);
UserApplicationService userApplicationService = new UserApplicationService(userRepository, securityKeysRepository,
passwordEncryptionService, persistenceRepository, new MockEmailService(), new PasswordCodeGenerationService());
// Store the Securiyty Keys with the Username of the User at hand
(securityKeysRepository as MockSecurityKeysRepository).AddSecurityKeysPair(new SecurityKeysPair(
new ApiKey("123456789").Value, new SecretKey("987654321").Value, "desc", 0, true));
string activationKey = "123456789";
string username = "******";
string password = "******";
User user = new User("*****@*****.**", username,
passwordEncryptionService.EncryptPassword(password), "USA", TimeZone.CurrentTimeZone,
"", activationKey);
user.AddTierStatus(Status.NonVerified, new Tier(TierLevelConstant.Tier0, TierLevelConstant.Tier0));
// We need to encrypt the password in the test case ourselves, as we are not registering the user through
// the proper service here
(userRepository as MockUserRepository).AddUser(user);
userApplicationService.ActivateAccount(new ActivationCommand(activationKey, username, password + "pass"));
}
public void LoginSuccessfulTest_ChecksIfTheSecurityKeysAreProperlyReturnedWhileLoggingIn_VerifiesTheReturnedKeysToConfirm()
{
IUserRepository userRepository = new MockUserRepository();
IIdentityAccessPersistenceRepository persistRepository = new MockPersistenceRepository(false);
ISecurityKeysApplicationService securityKeysApplicationService = new SecurityKeysApplicationService(new SecurityKeysGenerationService(),
persistRepository, null, null);
IPasswordEncryptionService passwordEncryptionService = new PasswordEncryptionService();
IMfaAuthorizationService mockMfaAuthorizationService = new MockMfaAuthorizationService();
ILoginApplicationService loginApplicationService = new LoginApplicationService(userRepository, passwordEncryptionService,
securityKeysApplicationService, new MockPersistenceRepository(false), mockMfaAuthorizationService);
string enteredPassword = "******";
User user = new User("*****@*****.**", "brucewayne", passwordEncryptionService.EncryptPassword(enteredPassword),
"Ninja County", TimeZone.CurrentTimeZone, "", "");
user.AutoLogout = new TimeSpan(0, 0, 0, 60);
user.IsActivationKeyUsed = new IsActivationKeyUsed(true);
// Add this user to the MockUserRepository
(userRepository as MockUserRepository).AddUser(user);
UserValidationEssentials userValidationEssentials = loginApplicationService.Login(
new LoginCommand("brucewayne", enteredPassword));
Assert.IsNotNull(userValidationEssentials);
Assert.IsNotNull(userValidationEssentials.ApiKey);
Assert.IsNotNull(userValidationEssentials.SecretKey);
Assert.AreEqual(userValidationEssentials.SessionLogoutTime, user.AutoLogout);
}
public void CompareFalseEncrytionTest_EncryptsAPasswordTwiceAndThenComparesBothToBeDifferent_FailsIfTheyAreEqual()
{
PasswordEncryptionService passwordEncryption = new PasswordEncryptionService();
string password = "******";
string encryptPassword = passwordEncryption.EncryptPassword(password);
Assert.IsNotNull(encryptPassword);
// Last letter is different
string secondPassword = "******";
string secondEncryptPassword = passwordEncryption.EncryptPassword(secondPassword);
Assert.IsNotNull(secondEncryptPassword);
Assert.AreNotEqual(encryptPassword, secondEncryptPassword);
}
public void EncryptPasswordTest_EncryptsTwoPasswordAndCheckifNotNullAndLength_VerifiesThroughHashedValues()
{
PasswordEncryptionService passwordEncryption = new PasswordEncryptionService();
string password = "******";
string encryptPassword = passwordEncryption.EncryptPassword(password);
Assert.IsNotNull(encryptPassword);
Assert.AreNotEqual(password, encryptPassword);
string secondPassword = "******";
string secondEncryptPassword = passwordEncryption.EncryptPassword(secondPassword);
Assert.IsNotNull(secondEncryptPassword);
Assert.AreNotEqual(secondPassword, secondEncryptPassword);
Assert.AreEqual(encryptPassword.Length, secondEncryptPassword.Length);
}
public void DeveReconhecerSenhaEncriptada()
{
var texto = Guid.NewGuid().ToString();
var encryptionService = new PasswordEncryptionService();
var hash = encryptionService.EncryptPassword(texto);
Assert.IsTrue(encryptionService.ComparePasswords(texto, hash));
}
public void DeveGerarHashesIguaisVariasVezes()
{
var texto = Guid.NewGuid().ToString();
var hash1 = new PasswordEncryptionService().EncryptPassword(texto);
var hash2 = new PasswordEncryptionService().EncryptPassword(texto);
var passwordEncryptionService = new PasswordEncryptionService();
var hash3 = passwordEncryptionService.EncryptPassword(texto);
var hash4 = passwordEncryptionService.EncryptPassword(texto);
Assert.AreEqual(hash1, hash2, "Hash 1 e 2 são diferentes");
Assert.AreEqual(hash3, hash4, "Hash 3 e 4 são diferentes");
Assert.AreEqual(hash1, hash3, "Hash 1 e 3 são diferentes");
Assert.AreEqual(hash1, hash4, "Hash 1 e 4 são diferentes");
Assert.AreEqual(hash2, hash3, "Hash 2 e 3 são diferentes");
Assert.AreEqual(hash2, hash4, "Hash 2 e 4 são diferentes");
}
public void EncryptPasswordTwiceAndCompareTest_EncryptsAPasswordTwiceAndThenComparesBothToBeTheSame_FailsIfNotEqual()
{
PasswordEncryptionService passwordEncryption = new PasswordEncryptionService();
string password = "******";
string hasedPassword = passwordEncryption.EncryptPassword(password);
Assert.IsNotNull(hasedPassword);
string samePassword = "******";
Assert.IsTrue(passwordEncryption.VerifyPassword(samePassword, hasedPassword));
}
public void CompareFalseEncrytionTest_EncryptsAPasswordTwiceAndThenComparesBothToBeDifferentByVerifyMethod_FailsIfTheyAreEqual()
{
PasswordEncryptionService passwordEncryption = new PasswordEncryptionService();
string password = "******";
string hashedPassword = passwordEncryption.EncryptPassword(password);
Assert.IsNotNull(hashedPassword);
// Last letter is different
string secondPassword = "******";
Assert.IsFalse(passwordEncryption.VerifyPassword(secondPassword, hashedPassword));
}
public async Task <bool> ChangePassword(UserChangePassDTO userInfo)
{
using (_unitOfWork)
{
User user = await _unitOfWork.UserRepository.FindByID(userInfo.UserId);
if (!PasswordEncryptionService.IsPasswordCorrect(user.Password, userInfo.OldPassword, _appSettings.SaltLength))
{
return(false);
}
user.Password = PasswordEncryptionService.EncryptPassword(userInfo.NewPassword, _appSettings.SaltLength);
_unitOfWork.UserRepository.Update(user);
return(await _unitOfWork.Save());
}
}
public void LoginFailDueToBlankPasswordTest_MakesSureLoginFailsInCaseOfBlankPassword_VerifiesTheReturnedNullResultToConfirm()
{
IUserRepository userRepository = new MockUserRepository();
IIdentityAccessPersistenceRepository persistRepository = new MockPersistenceRepository(false);
ISecurityKeysApplicationService securityKeysApplicationService = new SecurityKeysApplicationService(new SecurityKeysGenerationService(),
persistRepository, null, null);
IPasswordEncryptionService passwordEncryptionService = new PasswordEncryptionService();
IMfaAuthorizationService mockMfaAuthorizationService = new MockMfaAuthorizationService();
ILoginApplicationService loginApplicationService = new LoginApplicationService(userRepository, passwordEncryptionService,
securityKeysApplicationService, new MockPersistenceRepository(false), mockMfaAuthorizationService);
string enteredPassword = "******";
User user = new User("*****@*****.**", "brucewayne", passwordEncryptionService.EncryptPassword(enteredPassword),
"Ninja County", TimeZone.CurrentTimeZone, "", "");
user.AutoLogout = new TimeSpan(0, 0, 0, 60);
// Add this user to the MockUserRepository
(userRepository as MockUserRepository).AddUser(user);
loginApplicationService.Login(new LoginCommand("brucewayne", ""));
}
public async Task <UserAuthenticateResponseDTO> AddUserAccount(UserRegisterDTO userInfo)
{
using (_unitOfWork)
{
if (_unitOfWork.UserRepository.UsernameTaken(userInfo.Username))
{
return(null);
}
userInfo.Password = PasswordEncryptionService.EncryptPassword(userInfo.Password, _appSettings.SaltLength);
User newUser = _mapper.Map <UserRegisterDTO, User>(userInfo);
await _unitOfWork.UserRepository.Create(newUser);
await _unitOfWork.Save();
UserAuthenticateResponseDTO returnUser = _mapper.Map <User, UserAuthenticateResponseDTO>(newUser);
returnUser.Token = _tokenManager.GenerateToken(newUser.UserId);
returnUser.UnseenNotifications = _unitOfWork.UserRepository.GetUnseenNotificationNumber(newUser.UserId);
return(returnUser);
}
}
public void CancelAccountActivationFailedDueToBlankActivationKey_MakesSureAccountActivationDoesNotGetCancelledWhenBlankActivationKeyIsGiven_VerifiesByExpectingException()
{
IUserRepository userRepository = new MockUserRepository();
ISecurityKeysRepository securityKeysRepository = new MockSecurityKeysRepository();
IPasswordEncryptionService passwordEncryptionService = new PasswordEncryptionService();
IIdentityAccessPersistenceRepository persistenceRepository = new MockPersistenceRepository(false);
UserApplicationService userApplicationService = new UserApplicationService(userRepository, securityKeysRepository,
passwordEncryptionService, persistenceRepository, new MockEmailService(), new PasswordCodeGenerationService());
string activationKey = "123456789";
string username = "******";
string password = "******";
User user = new User("*****@*****.**", username, passwordEncryptionService.EncryptPassword(password),
"USA", TimeZone.CurrentTimeZone, "", activationKey);
user.AddTierStatus(Status.NonVerified, new Tier(TierLevelConstant.Tier0, TierLevelConstant.Tier0));
// We need to encrypt the password in the test case ourselves, as we are not registering the user through
// the proper service here
(userRepository as MockUserRepository).AddUser(user);
userApplicationService.CancelAccountActivation(new CancelActivationCommand(""));
}
//[ExpectedException(typeof(Exception))]
public void ChangePasswordFailDueToSessionTimeoutTest_ChecksThePasswordDoesNotGetChangedWhenSessionTimeoutHasExpired_VerifiesByExpectingException()
{
IUserRepository userRepository = new MockUserRepository();
ISecurityKeysRepository securityKeysRepository = new MockSecurityKeysRepository();
IPasswordEncryptionService passwordEncryptionService = new PasswordEncryptionService();
IIdentityAccessPersistenceRepository persistenceRepository = new MockPersistenceRepository(false);
UserApplicationService userApplicationService = new UserApplicationService(userRepository, securityKeysRepository,
passwordEncryptionService, persistenceRepository, new MockEmailService(), new PasswordCodeGenerationService());
// Store the Securiyty Keys with the Username of the User at hand
(securityKeysRepository as MockSecurityKeysRepository).AddSecurityKeysPair(new SecurityKeysPair(
new ApiKey("123456789").Value, new SecretKey("987654321").Value, "desc", 0, true));
var user = new User("*****@*****.**", "linkinpark", passwordEncryptionService.EncryptPassword("burnitdown"), "USA", TimeZone.CurrentTimeZone, "", "");
// We need to encrypt the password in the test case ourselves, as we are not registering the user through
// the proper service here
(userRepository as MockUserRepository).AddUser(user);
User userBeforePasswordChange = userRepository.GetUserByUserName("linkinpark");
string passwordBeforeChange = userBeforePasswordChange.Password;
// Give the API key that is already stored in the Security keys repository mentioned with the User Name
//UserValidationEssentials userValidationEssentials = new UserValidationEssentials(new Tuple<ApiKey, SecretKey>(
// new ApiKey("123456789"), new SecretKey("987654321")), new TimeSpan(0, 0, 0, 0, 1));
(userRepository as MockUserRepository).DeleteUser(user);
user.AutoLogout = new TimeSpan(0, 0, 0, 0, 1);
(userRepository as MockUserRepository).AddUser(user);
// Wrong password given
userApplicationService.ChangePassword(new ChangePasswordCommand("123456789", "burnitdown",
"burnitdowntwice"));
User userAfterPasswordChange = userRepository.GetUserByUserName("linkinpark");
string passwordAfterChange = userAfterPasswordChange.Password;
// Verify the old and new password do not match
Assert.AreNotEqual(passwordBeforeChange, passwordAfterChange);
}