public async Task Handle_UserNotFound_ShouldReturnFalse()
{
// Arrange
var user = await _wolkDbContext.CreateAndSaveUser();
var request = new UserValidQuery {
SecurityStamp = user.SecurityStamp, UserId = user.Id + 1
};
// Act
var result = await _handler.Handle(request, CancellationToken.None);
// Assert
Assert.IsFalse(result);
}
public async Task Authenticate_CredentialsCorrect_RehashPassword()
{
// Arrange
var pass = "******";
var hash = PasswordUtilities.CreateDeprecatedPasswordHash(pass);
var url = "/api/user/authenticate";
var user = await WolkDbContext.CreateAndSaveUser(u => u.PasswordHash = hash);
var model = new SignInModel {
Email = user.Email, Password = pass
};
var request = new HttpRequestMessage(HttpMethod.Post, url)
{
Content = new StringContent(JsonConvert.SerializeObject(model), Encoding.UTF8, MimeTypes.Json)
};
// Act
using var response = await HttpClient.SendAsync(request);
// Assert
Assert.AreEqual(HttpStatusCode.OK, response.StatusCode);
// Check that the password hash has changed
Assert.AreNotEqual(hash, user.PasswordHash);
var passwordHasher = new PasswordHasher <Domain.Entities.User>();
Assert.AreEqual(
PasswordVerificationResult.Success,
passwordHasher.VerifyHashedPassword(user, user.PasswordHash, pass));
}
public async Task Handle_CredentialsCorrect_ShouldReturnLoggedInData()
{
// Arrange
var user = await _wolkDbContext.CreateAndSaveUser();
var request = new SignInQuery {
Email = user.Email, Password = "******"
};
_mockSignInManager
.Setup(m => m.CheckCredentialsAsync(request.Email, request.Password))
.ReturnsAsync(true);
var jwt = "dsfad.jwt.rwsdf";
_mockJwtManager
.Setup(m => m.CreateJwt(user))
.Returns(jwt);
// Act
var result = await _handler.Handle(request, CancellationToken.None);
// Assert
Assert.AreEqual(user.Email, result.Email);
Assert.AreEqual(user.Id, result.Id);
Assert.AreEqual(jwt, result.Token);
}
protected async Task <string> GetJwt(User user = null)
{
if (user == null)
{
user = await WolkDbContext.CreateAndSaveUser();
}
var jwtManager = ServiceProvider.GetService <IJwtManager>();
return(jwtManager.CreateJwt(user));
}
public async Task Authenticate_CredentialsCorrect()
{
// Arrange
var url = "/api/user/authenticate";
var user = await WolkDbContext.CreateAndSaveUser();
var model = new SignInModel {
Email = user.Email, Password = "******"
};
var request = new HttpRequestMessage(HttpMethod.Post, url)
{
Content = new StringContent(JsonConvert.SerializeObject(model), Encoding.UTF8, MimeTypes.Json)
};
// Act
using var response = await HttpClient.SendAsync(request);
// Assert
Assert.AreEqual(HttpStatusCode.OK, response.StatusCode);
var content = await response.Content.ReadAsStringAsync();
var viewModel = JsonConvert.DeserializeObject <SignedInViewModel>(content);
Assert.AreEqual(user.Id, viewModel.Id);
Assert.AreEqual(user.Email, viewModel.Email);
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
var result = new JwtSecurityTokenHandler().ValidateToken(viewModel.Token,
new TokenValidationParameters
{
IssuerSigningKey =
new SymmetricSecurityKey(Encoding.UTF8.GetBytes(IdentityConfiguration.JwtSecret)),
ValidateAudience = false,
ValidateIssuer = false
}, out var validatedToken);
Assert.AreEqual(user.Id.ToString(), result.Claims.Single(c => c.Type == "sub").Value);
// Act: do a call to get all notebooks with correct user token
url = "/api/notebook";
request = new HttpRequestMessage(HttpMethod.Get, url);
request.AddJwtBearer(viewModel.Token);
using var notebookResponse = await HttpClient.SendAsync(request);
// Assert
Assert.IsTrue(notebookResponse.IsSuccessStatusCode);
}
public async Task Authenticate_CredentialsIncorrect_ShouldReturn401()
{
// Arrange
var url = "/api/user/authenticate";
var user = await WolkDbContext.CreateAndSaveUser();
var model = new SignInModel {
Email = user.Email, Password = "******"
};
var request = new HttpRequestMessage(HttpMethod.Post, url)
{
Content = new StringContent(JsonConvert.SerializeObject(model), Encoding.UTF8, MimeTypes.Json)
};
// Act
using var response = await HttpClient.SendAsync(request);
// Assert
Assert.AreEqual(HttpStatusCode.Unauthorized, response.StatusCode);
}
public async Task Register_EmailAlreadyExists_ShouldReturn409()
{
// Arrange
var user = await WolkDbContext.CreateAndSaveUser();
var url = "/api/user";
var command = new CreateUserCommand {
Email = user.Email, Password = "******"
};
var request = new HttpRequestMessage(HttpMethod.Post, url)
{
Content = new StringContent(JsonConvert.SerializeObject(command), Encoding.UTF8, MimeTypes.Json)
};
// Act
using var response = await HttpClient.SendAsync(request);
// Assert
Assert.AreEqual(HttpStatusCode.Conflict, response.StatusCode);
}
public async Task Authenticate_CredentialsCorrect_UserIsDeleted_ShouldReturn401()
{
// Arrange
var url = "/api/user/authenticate";
var user = await WolkDbContext.CreateAndSaveUser();
var model = new SignInModel {
Email = user.Email, Password = "******"
};
var request = new HttpRequestMessage(HttpMethod.Post, url)
{
Content = new StringContent(JsonConvert.SerializeObject(model), Encoding.UTF8, MimeTypes.Json)
};
// Act
using var response = await HttpClient.SendAsync(request);
// Assert
Assert.AreEqual(HttpStatusCode.OK, response.StatusCode);
var content = await response.Content.ReadAsStringAsync();
var viewModel = JsonConvert.DeserializeObject <SignedInViewModel>(content);
// Act: delete user
WolkDbContext.Users.Remove(user);
await WolkDbContext.SaveChangesAsync();
// Act: do a call to get all notebooks with "deleted" user token
url = "/api/notebook";
request = new HttpRequestMessage(HttpMethod.Get, url);
request.AddJwtBearer(viewModel.Token);
using var notebookResponse = await HttpClient.SendAsync(request);
// Assert
Assert.AreEqual(HttpStatusCode.Unauthorized, notebookResponse.StatusCode);
}
public async Task Register_RegistrationTurnedOff_ShouldReturn400()
{
// Arrange
var existingUser = await WolkDbContext.CreateAndSaveUser();
var url = "/api/user";
var command = new CreateUserCommand {
Email = "*****@*****.**", Password = "******"
};
var request = new HttpRequestMessage(HttpMethod.Post, url)
{
Content = new StringContent(JsonConvert.SerializeObject(command), Encoding.UTF8, MimeTypes.Json)
};
// Act
using var response = await HttpClient.SendAsync(request);
// Assert
Assert.AreEqual(HttpStatusCode.BadRequest, response.StatusCode);
var content = await response.Content.ReadAsStringAsync();
Assert.IsTrue(content.Contains("User registration not allowed according to condiguration."));
}
public async Task Register_HappyFlow()
{
// Arrange
var existingUser = await WolkDbContext.CreateAndSaveUser();
var url = "/api/user";
var command = new CreateUserCommand {
Email = "*****@*****.**", Password = "******"
};
var request = new HttpRequestMessage(HttpMethod.Post, url)
{
Content = new StringContent(JsonConvert.SerializeObject(command), Encoding.UTF8, MimeTypes.Json)
};
// Act
using var response = await HttpClient.SendAsync(request);
// Assert
Assert.AreEqual(HttpStatusCode.NoContent, response.StatusCode);
var user = await WolkDbContext.Users.SingleAsync(u => u.Email == command.Email);
AssertCorrectPassword(user, command.Password);
}
