public async Task ForgotPassword_Cancel()
{
string cancelUrl = null;
string confirmUrl = null;
// Mock the email service to intercept the outgoing email messages
var emailServiceMock = EmailServiceHelper.GetEmailServiceMock(
EmailTemplates.UserAccountRecover,
"alice@localhost", (templateName, emailTo, viewData, isHtml) =>
{
// 2. Get confirm url and call it
confirmUrl = viewData
.ToDictionary()["ConfirmUrl"].ToString();
cancelUrl = viewData
.ToDictionary()["CancelUrl"].ToString();
});
TestServer server = TestServerBuilderExtensions
.CreateServer(emailServiceMock);
HttpClient client = server.CreateClient();
// Call cancel url
await client.RecoveryCancelGetValidAsync(cancelUrl);
// Calling cancel url again shouldnt be possible
await client.RecoveryCancelGetInvalidAsync(cancelUrl);
// Calling confirm url shouldnt be possible after successfull
// cancelation
await client.RecoveryConfirmGetInvalidAsync(confirmUrl);
}
public async Task ChangeEmail_FoceUpdate()
{
string confirmUrl = null;
string cancelUrl = null;
// Mock the email service to intercept the outgoing email messages
var emailServiceMock = EmailServiceHelper.GetEmailServiceMock(
IdentityBaseConstants.EmailTemplates.UserAccountEmailChanged,
"nerd@localhost", (templateName, emailTo, viewData, isHtml) =>
{
// 2. Get confirm url and call it
confirmUrl = viewData
.ToDictionary()["ConfirmUrl"].ToString();
cancelUrl = viewData
.ToDictionary()["CancelUrl"].ToString();
});
TestServer server = this.CreateServer(emailServiceMock);
HttpClient client = await server.CreateAuthenticatedClient();
string uri = $"/api/useraccounts/{aliceId}/change_email";
HttpResponseMessage response = await client.PostJsonAsync(uri, new
{
Email = "nerd@localhost",
ClientId = "mvc.hybrid",
Force = true
});
response.EnsureSuccessStatusCode();
var json = response.Content.ReadAsStringAsync().Result;
}
private async Task <HttpResponseMessage> GetAndPostRecoverForm(
bool loginAfterAccountRecovery,
Action <TestServer, HttpClient> gotServer,
Action <string, string> gotMail)
{
// Mock the email service to intercept the outgoing email messages
var emailServiceMock = EmailServiceHelper.GetEmailServiceMock(
IdentityBaseConstants.EmailTemplates.UserAccountRecover,
"alice@localhost",
(templateName, emailTo, viewData, isHtml) =>
{
// 3. Get confirm url
var confirmUrl = viewData.ToDictionary()["ConfirmUrl"] as string;
var cancelUrl = viewData.ToDictionary()["CancelUrl"] as string;
gotMail(confirmUrl, cancelUrl);
});
// Create a server with custom configuration
var config = ConfigBuilder.Default
// remove the default service since we mocking it
.RemoveDefaultMailService()
// dont login after recovery
.Alter("App:LoginAfterAccountRecovery", loginAfterAccountRecovery ? "true" : "false")
.Build();
var server = TestServerBuilder.BuildServer <Startup>(config, (services) =>
{
services.AddSingleton(emailServiceMock.Object);
});
var client = server.CreateClient();
gotServer(server, client);
// Call the recovery page
var response = await client.GetAsync(
$"/recover?returnUrl={Constants.ReturnUrl}");
response.EnsureSuccessStatusCode();
// Fill out the form and submit
var doc = await response.Content.ReadAsHtmlDocumentAsync();
var form = new Dictionary <string, string>
{
{ "Email", "alice@localhost" },
{ "__RequestVerificationToken", doc.GetAntiForgeryToken() }
};
var response2 = await client.PostFormAsync(doc.GetFormAction(), form, response);
response2.EnsureSuccessStatusCode();
return(response2);
}
public async Task ForgotPassword_Confirm_AddNewPassword_Login()
{
string confirmUrl = null;
string cancelUrl = null;
// Mock the email service to intercept the outgoing email messages
var emailServiceMock = EmailServiceHelper.GetEmailServiceMock(
EmailTemplates.UserAccountRecover,
"alice@localhost", (templateName, emailTo, viewData, isHtml) =>
{
// 2. Get confirm url and call it
confirmUrl = viewData
.ToDictionary()["ConfirmUrl"].ToString();
cancelUrl = viewData
.ToDictionary()["CancelUrl"].ToString();
});
TestServer server = TestServerBuilderExtensions
.CreateServer(emailServiceMock);
HttpClient client = server.CreateClient();
// 1. Call the recovery page and Fill out the form and submit
HttpResponseMessage response = await client
.RecoveryGetAndPostFormAsync("alice@localhost");
Assert.NotNull(confirmUrl);
Assert.NotNull(cancelUrl);
// Call the confirmation link and fill out the form
HttpResponseMessage confirmResponse = await client
.RecoveryConfirmGetAndPostFormAsync(
confirmUrl,
"new-password"
);
HttpResponseMessage consentPostResponse = await
client.ConstentPostFormAsync(false, confirmResponse);
// Calling confirm url again shouldnt be possible
await client.RecoveryConfirmGetInvalidAsync(cancelUrl);
// Calling cancel url shouldnt be possible after successfull
// confirmation
await client.RecoveryCancelGetInvalidAsync(cancelUrl);
HttpResponseMessage loginResponse = await client
.LoginGetAndPostFormAsync("alice@localhost", "new-password");
loginResponse.ShouldBeRedirectedToAuthorizeEndpoint();
}
public async Task Invite_User()
{
string confirmUrl = null;
string cancelUrl = null;
// Mock the email service to intercept the outgoing email messages
var emailServiceMock = EmailServiceHelper.GetEmailServiceMock(
IdentityBaseConstants.EmailTemplates.UserAccountInvited,
"invited@localhost",
(templateName, emailTo, viewData, isHtml) =>
{
// 3. Get confirm url
confirmUrl = viewData.ToDictionary()["ConfirmUrl"] as string;
cancelUrl = viewData.ToDictionary()["CancelUrl"] as string;
});
// Create a server with custom configuration
var config = ConfigBuilder.Default
// remove the default service since we mocking it
.RemoveDefaultMailService()
.Alter("App:EnableInvitationCreateEndpoint", "true")
.Build();
var server = TestServerBuilder.BuildServer <Startup>(config, (services) =>
{
services.AddSingleton(emailServiceMock.Object);
});
var client = server.CreateClient();
// Act
var response = await client.PutJsonAsync("/invitations", new
{
Email = "invited@localhost",
ClientId = "mvc.hybrid"
});
response.EnsureSuccessStatusCode();
// Try to follow the confirmation link again it should return an error
var response3 = await client.GetAsync(confirmUrl);
response3.StatusCode.Should().Be(HttpStatusCode.OK);
var doc2 = await response3.Content.ReadAsHtmlDocumentAsync();
}
public async Task Invite_Confirm_AddPassword_Login()
{
string confirmUrl = null;
string cancelUrl = null;
// Mock the email service to intercept the outgoing email messages
var emailServiceMock = EmailServiceHelper.GetEmailServiceMock(
IdentityBaseConstants.EmailTemplates.UserAccountInvited,
"invited@localhost", (templateName, emailTo, viewData, isHtml) =>
{
// 2. Get confirm url and call it
confirmUrl = viewData
.ToDictionary()["ConfirmUrl"].ToString();
cancelUrl = viewData
.ToDictionary()["CancelUrl"].ToString();
});
TestServer server = this.CreateServer(emailServiceMock);
HttpClient client = await server.CreateAuthenticatedClient();
HttpResponseMessage response = await client
.PutJsonAsync("/api/invitations", new
{
Email = "invited@localhost",
ClientId = "mvc.hybrid"
});
response.EnsureSuccessStatusCode();
response.AssertSchema(Schemas.InvitationsPostResponse);
Assert.NotNull(confirmUrl);
Assert.NotNull(cancelUrl);
// Call the confirmation link and fill out the form
HttpResponseMessage confirmResponse = await client
.RegisterConfirmGetAndPostFormAsync(
confirmUrl,
"supersecret"
);
// confirmResponse.ShouldBeRedirectedToAuthorizeEndpoint();
}
public async Task ChangeEmail_Confirm_Login()
{
string confirmUrl = null;
string cancelUrl = null;
// Mock the email service to intercept the outgoing email messages
var emailServiceMock = EmailServiceHelper.GetEmailServiceMock(
IdentityBaseConstants.EmailTemplates.UserAccountEmailChanged,
"nerd@localhost", (templateName, emailTo, viewData, isHtml) =>
{
// 2. Get confirm url and call it
confirmUrl = viewData
.ToDictionary()["ConfirmUrl"].ToString();
cancelUrl = viewData
.ToDictionary()["CancelUrl"].ToString();
});
TestServer server = this.CreateServer(emailServiceMock);
HttpClient client = await server.CreateAuthenticatedClient();
string uri = $"/api/useraccounts/{aliceId}/change_email";
HttpResponseMessage response = await client.PostJsonAsync(uri, new
{
Email = "nerd@localhost",
ClientId = "mvc.hybrid",
Force = false
});
response.EnsureSuccessStatusCode();
// response.AssertSchema(Schemas.InvitationsPostResponse);
Assert.NotNull(confirmUrl);
Assert.NotNull(cancelUrl);
// Post password
// Try authenticate
}