protected override void Initialize(System.Web.Routing.RequestContext requestContext)
{
base.Initialize(requestContext);
if (requestContext.HttpContext.User.Identity.IsAuthenticated)
{
string username = requestContext.HttpContext.User.Identity.Name;
CurrentUser = _userService.GetUserByEmail(username);
}
}
/// <summary>
/// Send an email to the specified user
/// </summary>
/// <param name="recipient">Recipient of the email</param>
/// <param name="template">Template used for email</param>
/// <param name="messageParams">Values for placeholders used in template to replace with.</param>
public async Task<bool> Notify(User recipient, INotificationTemplate template, object messageParams)
{
var message = new MailMessage(new MailAddress(_fromEmail, _fromName),
new MailAddress(recipient.Email));
IDictionary<string, string> templateValues =
_templateService.ParseTemplate(TemplateNode, template, messageParams);
message.Subject = templateValues["Subject"];
// Wrap the body in the parent template
var parentEmailTemplate =
new NotificationTemplate(template.ContainingDirectory, "Email");
IDictionary<string, string> parentTemplate =
_templateService.ParseTemplate("Template", parentEmailTemplate, new
{
Body = templateValues["Body"]
});
message.Body = parentTemplate["Message"];
message.IsBodyHtml = true;
try
{
_emailService.Send(message);
_logService.CreateLog(new Log
{
Category = LogCategory.Application,
Level = LogLevel.Info,
Message = string.Format("Email notification to {0} successful: {1}", message.To, message.Subject),
Details = message.Body
});
}
catch (SmtpException ex)
{
_logService.CreateLog(new Log
{
Category = LogCategory.Application,
Level = LogLevel.Error,
Message = string.Format("Email notification to {0} failed: {1}", message.To, message.Subject),
Details = ex.Message + " \n\n Original Email: " + message.Body
});
}
await Task.Yield();
return true;
}
public void GenerateResetToken_Creates_Token()
{
// Arrange
var user = new User
{
Email = "*****@*****.**",
ResetPasswordToken = "1234"
};
var users = new List<User>()
{
user
};
var originalToken = user.ResetPasswordToken;
var userRepository = new Mock<IUserRepository>();
userRepository.Setup(u => u.FindAll()).Returns(users.AsQueryable());
var userService = CreateUserService(userRepository.Object);
// Act
userService.GenerateResetRequest(user);
// Assert
Assert.AreNotEqual(originalToken, user.ResetPasswordToken);
}
public void Authenticate_Successful_With_Valid_User()
{
// Arrange
var user = new User
{
Email = "*****@*****.**",
Status = UserStatus.Active
};
var users = new List<User>()
{
user
};
var userRepository = new Mock<IUserRepository>();
userRepository.Setup(u => u.FindAll()).Returns(users.AsQueryable());
var userService = CreateUserService(userRepository.Object);
userService.GenerateUserPassword(user, "test");
// Act
var result = userService.Authenticate(user.Email, "test");
// Assert
Assert.IsNotNull(result);
}
public void ResetPassword_Changes_Password()
{
// Arrange
var user = new User
{
Email = "*****@*****.**",
};
var users = new List<User>()
{
user
};
var originalPass = user.HashedPassword;
var userRepository = new Mock<IUserRepository>();
userRepository.Setup(u => u.FindAll()).Returns(users.AsQueryable());
var userService = CreateUserService(userRepository.Object);
// Act
userService.ResetPassword(user, "newpass");
// Assert
Assert.AreNotEqual(originalPass, user.HashedPassword);
}
public void ResetPassword_Fails_With_Empty_Pass()
{
// Arrange
var user = new User
{
Email = "*****@*****.**",
};
var users = new List<User>()
{
user
};
var userRepository = new Mock<IUserRepository>();
userRepository.Setup(u => u.FindAll()).Returns(users.AsQueryable());
var userService = CreateUserService(userRepository.Object);
// Act
userService.ResetPassword(user, "");
// Asserted by attribute
}
/// <summary> /// Send a notification with placeholders replaced with specified parameters /// </summary> /// <param name="recipient">User that will receive the notification</param> /// <param name="template">Template to be parsed</param> /// <param name="messageParams">Object containing propreties to be replaced</param> /// <returns></returns> public abstract Task<bool> Notify(User recipient, INotificationTemplate template, object messageParams);
public void DeleteUser(User user)
{
user.Status = UserStatus.Deleted;
_userRepository.Save(user);
}
public void SignUp_Successful_For_Valid_User()
{
// Arrange
var inputModel = new SignUpInputModel
{
Email = "*****@*****.**",
Password = "******",
ConfirmPassword = "******"
};
var user = new User()
{
Email = inputModel.Email,
AuthToken = new AuthToken()
};
var userService = new Mock<IUserService>();
userService.Setup(u => u.Authenticate(It.IsAny<string>(), It.IsAny<string>())).Returns(user);
userService.Setup(u => u.ValidateUser(It.IsAny<User>(), It.IsAny<IValidationDictionary>())).Returns(true);
var controller = CreateController(userService.Object);
// Act
var result = controller.SignUp(inputModel);
// Assert
Assert.IsTrue(result.Success);
}
/// <summary>
/// Create a new user
/// </summary>
/// <param name="user">User to create</param>
public void CreateUser(User user)
{
// Save permissions
if (user.Role == Role.Administrator)
{
var p = _permissionRepository.FindAll().FirstOrDefault(pe => pe.Name == Permission.EditUsers);
var up = new UserPermission()
{
User = user,
Permission = p
};
user.Permissions.Add(up);
p = _permissionRepository.FindAll().FirstOrDefault(pe => pe.Name == Permission.EditResources);
up = new UserPermission()
{
User = user,
Permission = p
};
user.Permissions.Add(up);
}
// Save user
_userRepository.Save(user);
}
/// <summary>
/// Check that user data is valid.
/// </summary>
/// <param name="user">User to validate</param>
/// <param name="validationDictionary">Dictionary of errors</param>
/// <returns></returns>
public bool ValidateUser(User user, IValidationDictionary validationDictionary)
{
// Email cannot be null
if (string.IsNullOrEmpty(user.Email))
{
validationDictionary.AddError("Email", "Email is required.");
} else if (!EmailValidator.IsValid(user.Email))
{
validationDictionary.AddError("Email", "Invalid email address.");
} else {
// Check for existing email
var existing = GetUserByEmail(user.Email);
if (existing != null && existing.Id != user.Id)
{
validationDictionary.AddError("Email", "Email is already in use. Please try another");
}
}
if (user.HashedPassword == null || user.HashedPassword.Length == 0)
{
validationDictionary.AddError("Password", "Password is required.");
}
return validationDictionary.IsValid;
}
/// <summary>
/// Update an existing user.
/// </summary>
/// <param name="user">User to update</param>
/// <param name="newPassword">New password for user</param>
public void UpdateUser(User user, string newPassword = null)
{
if (!string.IsNullOrEmpty(newPassword))
{
GenerateUserPassword(user, newPassword);
}
_userRepository.Save(user);
}
/// <summary>
/// Update a user's password and send notification email.
/// </summary>
/// <param name="user">User to reset password</param>
/// <param name="newPassword">New password</param>
/// <returns>True if reset token was found</returns>
public void ResetPassword(User user, string newPassword)
{
if (String.IsNullOrEmpty(newPassword))
{
throw new Exception("New password cannot be empty.");
}
// Update password
user.Salt = HashSalt.GenerateSalt();
user.HashedPassword = HashSalt.HashPassword(newPassword, user.Salt);
user.ResetPasswordToken = null;
_userRepository.SaveAndEvict(user);
// Send notification email
_notificationService.Notify(user, new NotificationTemplate(
_configService.AppSettings("NotificationTemplatePath"), "PasswordReset"),
null);
}
/// <summary>
/// Generate an encrypted password for the specified user.
/// </summary>
/// <param name="user">User to generate password for</param>
/// <param name="plainTextPassword">Password to encrypt.</param>
public void GenerateUserPassword(User user, string plainTextPassword)
{
user.Salt = HashSalt.GenerateSalt();
user.HashedPassword = HashSalt.HashPassword(plainTextPassword, user.Salt);
}
/// <summary>
/// Generate a password reset token and email the link to the user.
/// </summary>
/// <param name="user"></param>
public void GenerateResetRequest(User user)
{
user.ResetPasswordToken = KeyGenerator.GetUniqueKey(ResetPasswordTokenLength);
_userRepository.Save(user);
_notificationService.Notify(user, new NotificationTemplate(
_configService.AppSettings("NotificationTemplatePath"), "ForgotPassword"), new
{
ResetToken = user.ResetPasswordToken
});
}
public void SignIn_Success_For_Valid_User()
{
// Arrange
const string email = "*****@*****.**";
const string password = "******";
var user = new User
{
Email = email,
AuthToken = new AuthToken
{
Token = "12345",
Expires = DateTime.UtcNow
}
};
var userService = new Mock<IUserService>();
userService.Setup(u => u.Authenticate(It.IsAny<string>(), It.IsAny<string>())).Returns(user);
var controller = CreateController(userService.Object);
var currentUser = new Mock<User>();
currentUser.Setup(u => u.HasPermission(It.IsAny<string>())).Returns(true);
controller.CurrentUser = currentUser.Object;
// Act
BaseResponseModel result = controller.SignIn(new SignInInputModel
{
Email = email,
Password = password
});
// Assert
Assert.IsTrue(result.Success);
}
/// <summary>
/// Send a notification that does not contain any placeholders
/// </summary>
/// <param name="recipient">User that will receive the notification</param>
/// <param name="template">Template to be parsed</param>
/// <returns></returns>
public Task<bool> Notify(User recipient, INotificationTemplate template)
{
return Notify(recipient, template, null);
}
public UserViewModel(User user)
{
_innerUser = user;
}
private static void CreateUsers(int numMembers)
{
for (int i = 1; i < numMembers; i++)
{
var member = new User
{
Email = "member" + i + "@honeypot.com",
Role = Role.Member,
ResetPasswordToken = "member" + i
};
_userService.GenerateUserPassword(member, "test");
_userService.CreateUser(member);
}
var admin = new User
{
Email = "*****@*****.**",
Role = Role.Administrator
};
_userService.GenerateUserPassword(admin, "test");
_userService.CreateUser(admin);
}
