public void Invoke_NoToken_SaveNorEditAreCalled()
{
// prepare
var guid = Guid.NewGuid();
var userFromDb = new DataAccess.Models.User
{
Id = guid,
Name = "Name",
PasswordHash = "hash",
PasswordSalt = "salt"
};
var mockedUserRepository = new Mock <IUserRepository>();
mockedUserRepository.Setup(r => r.GetById(It.IsAny <Guid>()))
.Returns(userFromDb);
var mockedUserTokenRepo = new Mock <IUserTokenRepository>();
var mockedUnitOfWork = new Mock <IUnitOfWork>();
var action = new EditUserPassword(mockedUserTokenRepo.Object, mockedUserRepository.Object, mockedUnitOfWork.Object);
// action
var actionResult = action.Invoke(guid, "123");
// assert
Assert.False(actionResult);
mockedUnitOfWork.Verify(r => r.Save(), Times.Never);
mockedUserRepository.Verify(r => r.Edit(It.IsAny <DataAccess.Models.User>()), Times.Never);
mockedUserTokenRepo.Verify(r => r.FindBy(It.IsAny <Expression <Func <DataAccess.Models.UserToken, bool> > >()), Times.Once);
mockedUserTokenRepo.Verify(r => r.Delete(It.IsAny <DataAccess.Models.UserToken>()), Times.Never);
mockedUnitOfWork.Verify(r => r.Save(), Times.Never);
}
public void Invoke_ValidData_ChangesPasswordSaltAndHash()
{
// prepare
var userFromDb = new DataAccess.Models.User()
{
Id = 1,
Name = "Name",
PasswordHash = "hash",
PasswordSalt = "salt"
};
DataAccess.Models.User userSaved = null;
var mockedUserRepo = new Mock <IUserRepository>();
mockedUserRepo.Setup(r => r.GetById(1)).Returns(userFromDb);
mockedUserRepo.Setup(r => r.Edit(It.IsAny <DataAccess.Models.User>()))
.Callback <DataAccess.Models.User>(u => userSaved = u);
var mockedHasher = new Mock <IHasher>();
mockedHasher.Setup(h => h.GenerateRandomSalt()).Returns("salt-generated");
mockedHasher.Setup(h => h.CreateHash("plain", "salt-generated")).Returns("plain-hashed");
var action = new EditUserPassword(mockedUserRepo.Object, mockedHasher.Object);
// action
var actionResult = action.Invoke(1, "plain");
// assert
Assert.True(actionResult);
Assert.Equal("plain-hashed", userSaved.PasswordHash);
Assert.Equal("salt-generated", userSaved.PasswordSalt);
Assert.Equal("Name", userSaved.Name);
}
public void Invoke_ValidData_SavedAndEditAreCalled()
{
// prepare
var guid = new Guid();
var userFromDb = new DataAccess.Models.User
{
Id = guid,
Name = "Name",
PasswordHash = "hash",
PasswordSalt = "salt"
};
var userToken = new DataAccess.Models.UserToken
{
SecretToken = "123"
};
var findByResult = new List <DataAccess.Models.UserToken> {
userToken
};
DataAccess.Models.User userSaved = null;
var mockedUserRepository = new Mock <IUserRepository>();
mockedUserRepository.Setup(r => r.GetById(It.IsAny <Guid>())).Returns(userFromDb);
mockedUserRepository.Setup(r => r.Edit(It.IsAny <DataAccess.Models.User>()))
.Callback <DataAccess.Models.User>(u => userSaved = u);
var mockedUserTokenRepo = new Mock <IUserTokenRepository>();
mockedUserTokenRepo.Setup(r => r.FindBy(It.IsAny <Expression <Func <DataAccess.Models.UserToken, bool> > >()))
.Returns(findByResult.AsQueryable);
var mockedHasher = new Mock <IHasher>();
mockedHasher.Setup(h => h.GenerateRandomSalt()).Returns("salt-generated");
mockedHasher.Setup(h => h.CreatePasswordHash("plain", "salt-generated")).Returns("plain-hashed");
var mockedUnitOfWork = new Mock <IUnitOfWork>();
var action = new EditUserPassword(mockedUserTokenRepo.Object, mockedUserRepository.Object, mockedUnitOfWork.Object, mockedHasher.Object);
// action
var actionResult = action.Invoke(Guid.NewGuid(), "plain");
// assert
Assert.True(actionResult);
Assert.Equal("plain-hashed", userSaved.PasswordHash);
Assert.Equal("salt-generated", userSaved.PasswordSalt);
Assert.Equal("Name", userSaved.Name);
Assert.Equal("123", userToken.SecretToken);
mockedHasher.Verify(r => r.GenerateRandomSalt(), Times.Once);
mockedHasher.Verify(r => r.CreatePasswordHash(It.IsAny <string>(), It.IsAny <string>()), Times.Once);
mockedUserRepository.Verify(r => r.Edit(It.IsAny <DataAccess.Models.User>()), Times.Once());
mockedUserTokenRepo.Verify(r => r.Delete(It.IsAny <DataAccess.Models.UserToken>()), Times.Once());
mockedUnitOfWork.Verify(r => r.Save(), Times.Once());
}
public void UpdateUserPassword(EditUserPassword uvm)
{
var config = new MapperConfiguration(cfg => { cfg.CreateMap <EditUserPassword, User>(); cfg.IgnoreUnMapped(); });
IMapper mapper = config.CreateMapper();
User u = mapper.Map <EditUserPassword, User>(uvm);
u.PasswordHash = SHA256HashGenerator.GenerateHash(uvm.Password);
ur.UpdateUserDetail(u);
}
public IActionResult EditPassword([FromBody] EditUserPassword model)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var response = userService.UpdatePassword(model.UserId, model.Password);
if (!response.Success)
{
return(BadRequest(response.Message));
}
return(Ok(response.Success));
}
public ActionResult ChangePassword()
{
int uid = Convert.ToInt32(Session["CurrentUserID"]);
UserViewModel uvm = this.us.GetUsersByUserID(uid);
EditUserPassword evm = new EditUserPassword()
{
UserID = uvm.UserID, Email = uvm.Email, Password = "", ConfirmPassword = ""
};
if (evm != null)
{
return(View(evm));
}
return(RedirectToAction("Index", "Home"));
}
public ActionResult ChangePassword(EditUserPassword evm)
{
if (ModelState.IsValid)
{
evm.UserID = Convert.ToInt32(Session["CurrentUserID"]);
this.us.UpdateUserPassword(evm);
Session["CurrentUserEmail"] = evm.Email;
return(RedirectToAction("Index", "Home"));
}
else
{
ModelState.AddModelError("x", "Invalid data");
return(View(evm));
}
}
public void Invoke_ValidData_NoUser()
{
// prepare
var userToken = new DataAccess.Models.UserToken
{
SecretToken = "123"
};
var findByResult = new List <DataAccess.Models.UserToken> {
userToken
};
DataAccess.Models.User userSaved = null;
var mockedUserRepository = new Mock <IUserRepository>();
var mockedUserTokenRepo = new Mock <IUserTokenRepository>();
mockedUserTokenRepo.Setup(r => r.FindBy(It.IsAny <Expression <Func <DataAccess.Models.UserToken, bool> > >()))
.Returns(findByResult.AsQueryable);
var mockedHasher = new Mock <IHasher>();
mockedHasher.Setup(h => h.GenerateRandomSalt()).Returns("salt-generated");
mockedHasher.Setup(h => h.CreatePasswordHash("plain", "salt-generated")).Returns("plain-hashed");
var mockedUnitOfWork = new Mock <IUnitOfWork>();
var action = new EditUserPassword(mockedUserTokenRepo.Object, mockedUserRepository.Object, mockedUnitOfWork.Object, mockedHasher.Object);
// action
var actionResult = action.Invoke(Guid.NewGuid(), "plain");
// assert
Assert.False(actionResult);
Assert.Null(userSaved);
mockedHasher.Verify(r => r.GenerateRandomSalt(), Times.Never);
mockedHasher.Verify(r => r.CreatePasswordHash(It.IsAny <string>(), It.IsAny <string>()), Times.Never);
mockedUserRepository.Verify(r => r.Edit(It.IsAny <DataAccess.Models.User>()), Times.Never);
mockedUnitOfWork.Verify(r => r.Save(), Times.Never);
mockedUserTokenRepo.Verify(r => r.Delete(It.IsAny <DataAccess.Models.UserToken>()), Times.Never);
mockedUnitOfWork.Verify(r => r.Save(), Times.Never);
}
public IActionResult EditPassword(EditUserPassword editPassword, int user_id)
{
if (HttpContext.Session.GetInt32("user_id") != null)
{
if (dbContext.Users.Any(u => u.UserId == (int)HttpContext.Session.GetInt32("user_id")))
{
if ((int)HttpContext.Session.GetInt32("user_id") == user_id)
{
if (ModelState.IsValid)
{
var hasher = new PasswordHasher <EditUserPassword>();
editPassword.Password = hasher.HashPassword(editPassword, editPassword.Password);
dbContext.Users.FirstOrDefault(u => u.UserId == user_id).Password = editPassword.Password;
dbContext.SaveChanges();
return(RedirectToAction("SelfEdit"));
}
ViewBag.User = dbContext.Users.FirstOrDefault(u => u.UserId == user_id);
return(View("SelfEdit"));
}
else
{
if (dbContext.Users.FirstOrDefault(u => u.UserId == (int)HttpContext.Session.GetInt32("user_id")).Level == 9)
{
if (ModelState.IsValid)
{
var hasher = new PasswordHasher <EditUserPassword>();
editPassword.Password = hasher.HashPassword(editPassword, editPassword.Password);
dbContext.Users.FirstOrDefault(u => u.UserId == user_id).Password = editPassword.Password;
dbContext.SaveChanges();
return(RedirectToAction("Edit", new { user_id = user_id }));
}
ViewBag.User = dbContext.Users.FirstOrDefault(u => u.UserId == user_id);
return(View("Edit"));
}
return(RedirectToAction("Dashboard"));
}
}
return(RedirectToAction("Logout"));
}
return(RedirectToAction("Login"));
}
public void Invoke_InvalidData_SaveNorEditAreCalled()
{
// prepare
var userFromDb = new DataAccess.Models.User()
{
Id = 1
};
var mockedUserRepo = new Mock <IUserRepository>();
mockedUserRepo.Setup(r => r.GetById(1))
.Returns(userFromDb);
var action = new EditUserPassword(mockedUserRepo.Object);
// action
var actionResult = action.Invoke(1, "");
// assert
Assert.False(actionResult);
mockedUserRepo.Verify(r => r.Save(), Times.Never);
mockedUserRepo.Verify(r => r.Edit(It.IsAny <DataAccess.Models.User>()), Times.Never);
}
public IActionResult EditPassword([FromBody] EditUserPassword model)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var userIdVal = User.FindFirst(ClaimTypes.NameIdentifier)?.Value;
if (string.IsNullOrEmpty(userIdVal))
{
return(BadRequest("Invalid attempt"));
}
int userId = Convert.ToInt32(userIdVal);
var response = userService.UpdatePassword(userId, model.Password);
if (!response.Success)
{
return(BadRequest(response.Message));
}
return(Ok(response.Success));
}
