public async Task TestInvalidCaseAsync() { // arrange var obj = new { username = "******", password = "******" }; var repository = new Mock <IRepository>(); var settings = new ApplicationSettings(); var set = TestUtilities.CreateDbSetMock(new List <User> { new User { Username = obj.username, Password = CryptoUtilities.CreateHash(obj.password) }, }); repository .Setup(x => x.AsQueryable <User>()) .Returns(set.Object); var validationService = new ValidationService(repository.Object, settings); // act var exception = await TestUtilities.ThrowsAsync <ValidationException>(async() => await validationService.ValidateOldPasswordAsync(obj.username, "something else")); // assert Assert.Equal(ValidationReason.PasswordIsIncorrect, exception.Reason); repository.Verify(x => x.AsQueryable <User>(), Times.Once); }
public void TestValidCase() { // arrange var obj = new { username = "******", password = "******" }; var repository = new Mock <IRepository>(); var settings = new ApplicationSettings(); var set = TestUtilities.CreateDbSetMock(new List <User> { new User { Username = obj.username, Password = CryptoUtilities.CreateHash(obj.password) }, }); repository .Setup(x => x.AsQueryable <User>()) .Returns(set.Object); var validationService = new ValidationService(repository.Object, settings); // act Assert.DoesNotThrow(async() => await validationService.ValidateOldPasswordAsync(obj.username, obj.password)); // assert repository.Verify(x => x.AsQueryable <User>(), Times.Exactly(1)); }
public virtual async Task ChangePasswordAsync(dynamic model) { _validationService.Bundles.ValidateNewPassword(model); var user = await _repository.UserByUsernameAsync((string)model.username); user.Password = CryptoUtilities.CreateHash((string)model.password); await _repository.UpdateAsync(user); }
public void TestInvalidPassword() { // arrange var hash = CryptoUtilities.CreateHash("password"); // act var valid = CryptoUtilities.ValidatePassword("something else", hash); // assert Assert.False(valid); }
public virtual async Task ResetPasswordAsync(dynamic model) { _validationService.Bundles.ValidateNewPassword(model); string q = model.q; int id; string ciphertext; try { var split = q.Split(new[] { ':' }); id = int.Parse(split[0]); ciphertext = split[1]; } catch { throw new ServiceException(ServiceReason.InvalidUserRequest); } var request = await _repository.GetAsync <UserRequest>(id); if (request == null || request.RequestType != UserRequestType.ResetPassword) { throw new ServiceException(ServiceReason.InvalidUserRequest); } try { var plaintext = CryptoUtilities.Decrypt(ciphertext, request.Key, request.IV); dynamic obj = JObject.Parse(plaintext); var credentials = new User { Username = obj.username, Password = obj.password }; if (!CryptoUtilities.ValidatePassword(credentials.Password, request.Password)) { throw new ServiceException(ServiceReason.ResetPasswordError); } var user = await _repository.UserByUsernameAsync(credentials.Username); user.Password = CryptoUtilities.CreateHash((string)model.password); await _repository.UpdateAsync(user); await _repository.UpdateAsync(request); } catch { throw new ServiceException(ServiceReason.ResetPasswordError); } }
public void TestDefaultBehavior() { // arrange/act var hash = CryptoUtilities.CreateHash("password"); // assert var tokens = hash.Split(new[] { ':' }, StringSplitOptions.RemoveEmptyEntries); Assert.Equal(3, tokens.Length); Assert.Equal(Constants.Cryptography.HASH_ITERATIONS, int.Parse(tokens[0])); Assert.Equal(Constants.Cryptography.SALT_BYTE_SIZE, Convert.FromBase64String(tokens[1]).Length); Assert.Equal(Constants.Cryptography.HASH_BYTE_SIZE, Convert.FromBase64String(tokens[2]).Length); }
public async Task TestWithInvalidPasswordAsync() { // arrange var obj = new { email = "*****@*****.**", password = "******", rememberMe = false }; var repository = new Mock <IRepository>(); var settings = new ApplicationSettings(); var validationService = new Mock <ValidationService>(repository.Object, settings); var administrationService = new Mock <AdministrationService>(repository.Object, validationService.Object); var mailService = new Mock <MailService>(repository.Object); var httpContext = new Mock <HttpContextBase>(); var httpResponse = new Mock <HttpResponseBase>(); var cookies = new HttpCookieCollection(); var user = new User { Email = obj.email, Password = CryptoUtilities.CreateHash("something else") }; var userSet = TestUtilities.CreateDbSetMock(new List <User> { user }); repository .Setup(x => x.AsQueryable <User>()) .Returns(userSet.Object); httpContext .SetupGet(x => x.Response) .Returns(httpResponse.Object); httpResponse .SetupGet(x => x.Cookies) .Returns(cookies); dynamic model = JObject.FromObject(obj); var accountService = new AccountService(repository.Object, validationService.Object, administrationService.Object, mailService.Object); // act var exception = await TestUtilities.ThrowsAsync <ServiceException>(async() => await accountService.SignInAsync(httpContext.Object, model)); // assert Assert.Equal(exception.Reason, ServiceReason.InvalidCredentials); httpResponse.VerifyGet(x => x.Cookies, Times.Never); }
public async Task TestDefaultBehaviorAsync() { // arrange var obj = new { email = "*****@*****.**", password = "******", rememberMe = false }; var repository = new Mock <IRepository>(); var settings = new ApplicationSettings(); var validationService = new Mock <ValidationService>(repository.Object, settings); var administrationService = new Mock <AdministrationService>(repository.Object, validationService.Object); var mailService = new Mock <MailService>(repository.Object); var httpContext = new Mock <HttpContextBase>(); var httpResponse = new Mock <HttpResponseBase>(); var cookies = new HttpCookieCollection(); var user = new User { Email = obj.email, Password = CryptoUtilities.CreateHash(obj.password), Enabled = true }; var userSet = TestUtilities.CreateDbSetMock(new List <User> { user }); repository .Setup(x => x.AsQueryable <User>()) .Returns(userSet.Object); httpContext .SetupGet(x => x.Response) .Returns(httpResponse.Object); httpResponse .SetupGet(x => x.Cookies) .Returns(cookies); dynamic model = JObject.FromObject(obj); var accountService = new AccountService(repository.Object, validationService.Object, administrationService.Object, mailService.Object); // act await TestUtilities.DoesNotThrowAsync(async() => await accountService.SignInAsync(httpContext.Object, model)); // assert Assert.Equal(httpResponse.Object.Cookies[".ASPXAUTH"].Expires, DateTime.MinValue); }
public void TestValidPassword() { // arrange var obj = new { password = "******" }; var hash = CryptoUtilities.CreateHash(obj.password); // act var valid = CryptoUtilities.ValidatePassword(obj.password, hash); // assert Assert.True(valid); }
private static User SeedUser(DbContext context, string firstName, string lastName, string username, string email, string password) { var entity = new User { FirstName = firstName, LastName = lastName, Username = username, Email = email, Password = CryptoUtilities.CreateHash(password), Enabled = true, CreatedDate = DateTime.UtcNow }; context.Set <User>().Add(entity); return(entity); }
public async Task TestDefaultBehaviorAsync() { // arrange var obj = new { username = "******", oldPassword = "******", password = "******", confirmPassword = "******" }; var repository = new Mock <IRepository>(); var settings = new ApplicationSettings(); var validationService = new Mock <ValidationService>(repository.Object, settings); var administrationService = new Mock <AdministrationService>(repository.Object, validationService.Object); var mailService = new Mock <MailService>(repository.Object); var user = new User { Username = obj.username, Password = CryptoUtilities.CreateHash(obj.oldPassword) }; var set = TestUtilities.CreateDbSetMock(new List <User> { user }); repository .Setup(x => x.AsQueryable <User>()) .Returns(set.Object); dynamic model = JObject.FromObject(new { obj.oldPassword, obj.password, obj.confirmPassword }); var accountService = new AccountService(repository.Object, validationService.Object, administrationService.Object, mailService.Object); // act await accountService.ChangePasswordAsync(obj.username, model); // assert Assert.Equal(obj.username, (string)model.username); validationService.Verify(x => x.ValidateOldPasswordAsync(obj.username, obj.oldPassword), Times.Once); administrationService.Verify(x => x.ChangePasswordAsync(It.IsAny <object>()), Times.Once); }
public virtual async Task CreateUserAsync(dynamic model) { await _validationService.ValidateNewUserByUsernameAsync((string)model.username); await _validationService.ValidateNewUserByEmailAsync((string)model.email); _validationService.Bundles.ValidateUser(model); _validationService.Bundles.ValidateNewPassword(model); var user = new User { Username = model.username, FirstName = model.firstName, LastName = model.lastName, Email = model.email, Password = CryptoUtilities.CreateHash((string)model.password), Enabled = model.enabled }; await AddRolesAsync(model, user); await _repository.InsertAsync(user); }
public virtual async Task <string> CreateUserRequestAsync(string username, UserRequestType requestType) { var password = Guid.NewGuid().ToString(); var credentials = JObject.FromObject(new { username, password }); using (var algorithm = TripleDES.Create()) { var request = new UserRequest { Key = algorithm.Key, IV = algorithm.IV, Username = username, Password = CryptoUtilities.CreateHash(password), RequestType = requestType }; await _repository.InsertAsync(request); var ciphertext = CryptoUtilities.Encrypt(credentials.ToString(), algorithm.Key, algorithm.IV); return(HttpUtility.UrlEncode(request.Id + ":" + ciphertext)); } }
public async Task TestDefaultBehaviorAsync() { // arrange var obj = new { username = "******" }; var repository = new Mock <IRepository>(); var settings = new ApplicationSettings(); var validationService = new Mock <ValidationService>(repository.Object, settings); var administrationService = new Mock <AdministrationService>(repository.Object, validationService.Object); var mailService = new Mock <MailService>(repository.Object); var user = new User { Username = obj.username }; var request = new UserRequest { Id = 1, Username = obj.username, RequestType = UserRequestType.Activation }; var userSet = TestUtilities.CreateDbSetMock(new List <User> { user }); repository .Setup(x => x.AsQueryable <User>()) .Returns(userSet.Object); repository .Setup(x => x.GetAsync <User>(1)) .ReturnsAsync(user); repository .Setup(x => x.GetAsync <UserRequest>(1)) .ReturnsAsync(request); var password = Guid.NewGuid().ToString(); var credentials = JObject.FromObject(new { obj.username, password }); string q; using (var algorithm = TripleDES.Create()) { request.Key = algorithm.Key; request.IV = algorithm.IV; request.Password = CryptoUtilities.CreateHash(password); var ciphertext = CryptoUtilities.Encrypt(credentials.ToString(), algorithm.Key, algorithm.IV); q = 1 + ":" + ciphertext; } dynamic model = JObject.FromObject(new { q }); var accountService = new AccountService(repository.Object, validationService.Object, administrationService.Object, mailService.Object); // act await TestUtilities.DoesNotThrowAsync(async() => await accountService.ActivateAsync(model)); // assert Assert.True(user.Enabled); repository.Verify(x => x.GetAsync <UserRequest>(It.IsAny <int>()), Times.Once); repository.Verify(x => x.AsQueryable <User>(), Times.Once); repository.Verify(x => x.UpdateAsync(user), Times.Once()); repository.Verify(x => x.UpdateAsync(request), Times.Once()); }
public async Task TestWithInvalidPasswordAsync() { // arrange var obj = new { username = "******", password = "******" }; var repository = new Mock <IRepository>(); var settings = new ApplicationSettings(); var validationService = new Mock <ValidationService>(repository.Object, settings); var administrationService = new Mock <AdministrationService>(repository.Object, validationService.Object); var mailService = new Mock <MailService>(repository.Object); validationService .SetupGet(x => x.Bundles) .Returns(new ValidationBundles(validationService.Object)); var user = new User { Username = obj.username }; var request = new UserRequest { Id = 1, Username = obj.username, RequestType = UserRequestType.ResetPassword }; var userSet = TestUtilities.CreateDbSetMock(new List <User> { user }); repository .Setup(x => x.AsQueryable <User>()) .Returns(userSet.Object); repository .Setup(x => x.GetAsync <UserRequest>(1)) .ReturnsAsync(request); var password = Guid.NewGuid().ToString(); var credentials = JObject.FromObject(obj); string q; using (var algorithm = TripleDES.Create()) { request.Key = algorithm.Key; request.IV = algorithm.IV; request.Password = CryptoUtilities.CreateHash(password); var ciphertext = CryptoUtilities.Encrypt(credentials.ToString(), algorithm.Key, algorithm.IV); q = 1 + ":" + ciphertext; } dynamic model = JObject.FromObject(new { q }); var accountService = new AccountService(repository.Object, validationService.Object, administrationService.Object, mailService.Object); // act var exception = await TestUtilities.ThrowsAsync <ServiceException>(async() => await accountService.ResetPasswordAsync(model)); // assert Assert.Equal(ServiceReason.ResetPasswordError, exception.Reason); Assert.Null(user.Password); repository.Verify(x => x.GetAsync <UserRequest>(It.IsAny <int>()), Times.Once); repository.Verify(x => x.AsQueryable <User>(), Times.Never); repository.Verify(x => x.UpdateAsync(user), Times.Never()); repository.Verify(x => x.UpdateAsync(request), Times.Never()); }