public void CheckUserAuthorizationTest()
{
//Arrange
var userNotInDb = new UserWithPasswordModel
{
Email = "*****@*****.**",
Password = "******"
};
var userInDb = new UserWithPasswordModel
{
Email = "*****@*****.**",
Password = "******",
};
//Action
Mock <IUserMapper> userMapper = new Mock <IUserMapper>();
UserWithPasswordModel userModel = new UserWithPasswordModel();
//UserService userService = new UserService(userMapper.Object);
////We need to get rid off dependency of DbManager to test correctly
////Assert
//Assert.AreEqual(userService.CheckUserAuthorization(userInDb), true);
//Assert.AreEqual(userService.CheckUserAuthorization(userNotInDb), true);
//Assert.AreEqual(userInDb.Id, 1);
//Assert.AreEqual(userInDb.Claim, new[] { "Teacher", "Student" });
}
public UserWithPasswordModel GetUserWithPasswordByUsername(string username)
{
SqlDataReader reader = this.ExecuteReader(
@"SELECT Id,
Username,
PasswordHash,
PasswordSalt
FROM Users
WHERE Username = @username",
new Dictionary <string, object>
{
{ "@username", username }
});
using (reader)
{
if (reader.Read())
{
int userId = reader.GetInt32(0);
string userUsername = reader.GetString(1);
string passwordHash = reader.GetString(2);
string passwordSalt = reader.GetString(3);
UserWithPasswordModel userWithPassword = new UserWithPasswordModel(userId, userUsername, passwordHash, passwordSalt);
return(userWithPassword);
}
return(null);
}
}
public bool CheckUserAuthorization(UserWithPasswordModel userLoginApi)
{
using (var uow = _unitOfWorkFactory.GetUnitOfWork())
{
var user = uow.UserRepository.GetAll().FirstOrDefault(u => ((u.Email).ToLower() == (userLoginApi.Email).ToLower()));
if ((user != null) && (VerifyPasswords(user.Password, userLoginApi.Password)))
{
userLoginApi.Id = user.Id;
userLoginApi.Roles = user.Roles.Select(x => x.Name);
user.HashedToken = _token.Sha256Hash(_token.RandomString(ConstContainer.HashLength));
userLoginApi.HashToken = user.HashedToken;
uow.UserRepository.AddOrUpdate(user);
uow.Save();
return(true);
}
return(false);
}
//using (var context = new WorldOfWordsDatabaseContext())
//{
// var user = context.Users.FirstOrDefault(u => ((u.Email).ToLower() == (userLoginApi.Email).ToLower()));
// if ((user != null) && (VerifyPasswords(user.Password, userLoginApi.Password)))
// {
// userLoginApi.Id = user.Id;
// userLoginApi.Roles = user.Roles.Select(x => x.Name);
// user.HashedToken = _token.Sha256Hash(_token.RandomString(ConstContainer.HashLength));
// userLoginApi.HashToken = user.HashedToken;
// context.Users.AddOrUpdate(user);
// context.SaveChanges();
// return true;
// }
// return false;
//}
}
public IHttpActionResult Post(UserWithPasswordModel userData)
{
if (_service.CheckUserAuthorization(userData))
{
return(Ok(_mapUserToToken.MapToTokenModel(userData)));
}
return(Unauthorized());
}
public TokenModel MapToTokenModel(UserWithPasswordModel userToMap)
{
return(new TokenModel()
{
EmailAndIdToken = _token.EncodeEmailAndIdToken(userToMap.Id.ToString() + ' ' + userToMap.Email.ToLower()),
RolesToken = _token.EncodeRoleToken(userToMap.Roles),
HashToken = userToMap.HashToken
});
}
[Test] //+
public void CheckUserAuthorization_PasswordsNotEqual_Test()
{
//Arrange
UserWithPasswordModel userLoginApi = new UserWithPasswordModel();
PasswordHasher passHesher = new PasswordHasher();
User user = new User();
user.Email = entity.Email;
user.Id = 4;
user.Roles = new List <Role> {
new Role()
{
Name = "admin", Id = user.Id
}
};
userLoginApi.Password = "******";
userLoginApi.Email = user.Email;
string userPassword = passHesher.HashPassword("blablabla");
user.Password = userPassword;
IQueryable <User> Users = new List <User>
{
user
}.AsQueryable <User>();
worldOfWordsUow.Setup(t => t.UserRepository).Returns(userReposit.Object);
userReposit.Setup(t => t.GetAll()).Returns(Users);
userReposit.Setup(t => t.AddOrUpdate(user)).Verifiable("added or updated");
worldOfWordsUow.Setup(t => t.Save()).Verifiable("Saved");
//Act
var result = usServ.CheckUserAuthorization(userLoginApi);
//Assert
uowFactory.Verify(f => f.GetUnitOfWork(), Times.Once);
worldOfWordsUow.Verify(t => t.UserRepository, Times.Once);
userReposit.Verify(t => t.AddOrUpdate(It.IsAny <User>()), Times.Never);
worldOfWordsUow.Verify(t => t.Save(), Times.Never);
Assert.IsFalse(result);
}
public UserModel GetUser(UserLoginBindingModel userModel)
{
using (this.userRepository)
{
UserWithPasswordModel userWithPassword = this.userRepository.GetUserWithPasswordByUsername(userModel.Username);
if (userWithPassword == null)
{
return(null);
}
string actualPasswordHash = PasswordUtilities.GeneratePasswordHash(userModel.Password, userWithPassword.PasswordSalt);
if (actualPasswordHash != userWithPassword.PasswordHash)
{
return(null);
}
UserModel user = new UserModel(userWithPassword.Id, userWithPassword.Username);
return(user);
}
}
public void MapToTokenModelTest()
{
const string email = "*****@*****.**";
const int id = 1;
const string hash = "HashToken";
IEnumerable <string> roles = new[] { "Admin", "Student", "Teacher" };
Mock <ITokenValidation> token = new Mock <ITokenValidation>();
UserToTokenMapper mapper = new UserToTokenMapper(token.Object);
var initial = new UserWithPasswordModel()
{
Email = email,
Id = id,
HashToken = hash,
Roles = roles
};
var expected = new TokenModel()
{
EmailAndIdToken = email,
RolesToken = roles.ToString(),
HashToken = hash
};
token.Setup(x => x.EncodeEmailAndIdToken(id.ToString() + ' ' + email.ToLower()))
.Returns(email);
token.Setup(x => x.EncodeRoleToken(roles))
.Returns(roles.ToString);
var action = mapper.MapToTokenModel(initial);
Assert.IsNotNull(action);
Assert.AreEqual(action.EmailAndIdToken, expected.EmailAndIdToken);
Assert.AreEqual(action.HashToken, expected.HashToken);
Assert.AreEqual(action.RolesToken, expected.RolesToken);
}
public void LoginControllerPostMethodTest()
{
//Arrange
var userNotInDb = new UserWithPasswordModel
{
Email = "*****@*****.**",
Password = "******"
};
var userInDb = new UserWithPasswordModel
{
Email = "*****@*****.**",
Password = "******",
Roles = new[] { "Student", "Teacher" }
};
var userWithoutEmail = new UserWithPasswordModel
{
Email = null,
Password = "******"
};
//Action
Mock <IUserService> userService = new Mock <IUserService>();
Mock <IUserToTokenMapper> tokenMaper = new Mock <IUserToTokenMapper>();
GenericIdentity identity = new GenericIdentity("1");
Thread.CurrentPrincipal =
new GenericPrincipal(
identity,
new[] { "NoRoles" }
);
LoginController loginController = new LoginController(userService.Object, tokenMaper.Object);
userService
.Setup(x => x.CheckUserAuthorization(userWithoutEmail))
.Returns(false);
IHttpActionResult unauthorizedResult = loginController.Post(userNotInDb);
var actionUnauthorizedResult = unauthorizedResult as UnauthorizedResult;
unauthorizedResult = loginController.Post(userWithoutEmail);
var actionUnauthorizedRequestEmail = unauthorizedResult as UnauthorizedResult;
userService
.Setup(x => x.CheckUserAuthorization(userInDb))
.Returns(true);
tokenMaper
.Setup(x => x.MapToTokenModel(userInDb))
.Returns(new TokenModel()
{
RolesToken = "Claim token",
EmailAndIdToken = "Email and password token"
});
IHttpActionResult authorizedResult = loginController.Post(userInDb);
var actionAuthorizedResult = authorizedResult as OkNegotiatedContentResult <TokenModel>;
IHttpActionResult badRequestResult = loginController.Post(null);
var actionBadRequest = badRequestResult as BadRequestResult;
//Assert
Assert.IsNotNull(actionUnauthorizedRequestEmail);
Assert.IsNotNull(actionBadRequest);
Assert.IsNotNull(actionUnauthorizedResult);
Assert.IsNotNull(actionAuthorizedResult);
var authorizedContent = actionAuthorizedResult.Content;
Assert.IsNotNull(actionAuthorizedResult.Content);
Assert.AreEqual(authorizedContent.RolesToken, "Claim token");
}
