public async Task Get_should_return_user()
{
// given
string email = "*****@*****.**";
var identityUser = new RoadkillIdentityUser()
{
Email = email
};
var responseUser = new UserResponse()
{
Email = email
};
_userManagerMock.FindByEmailAsync(email)
.Returns(identityUser);
_objectConverterMock
.ConvertToUserResponse(Arg.Any <RoadkillIdentityUser>())
.Returns(responseUser);
// when
var actionResult = await _usersController.Get(email);
// then
actionResult.ShouldBeOkObjectResult();
UserResponse actualUser = actionResult.GetOkObjectResultValue();
actualUser.Email.ShouldBe(email);
}
public async Task <ActionResult <string> > Authenticate([FromBody] AuthorizationRequest authorizationRequest)
{
RoadkillIdentityUser identityUser = await _userManager.FindByEmailAsync(authorizationRequest.Email);
if (identityUser == null)
{
return(NotFound($"The user with the email {authorizationRequest.Email} could not be found."));
}
SignInResult result = await _signInManager.PasswordSignInAsync(identityUser, authorizationRequest.Password, true, false);
if (result.Succeeded)
{
IList <Claim> existingClaims = await _userManager.GetClaimsAsync(identityUser);
if (existingClaims.Count == 0)
{
return(Forbid());
}
string token = _jwtTokenProvider.CreateToken(existingClaims, identityUser.Email);
return(Ok(token));
}
return(Forbid());
}
public async Task <ActionResult <string> > CreateAdmin(UserRequest userRequest)
{
RoadkillIdentityUser user = await _userManager.FindByEmailAsync(userRequest.Email);
if (user != null)
{
return(BadRequest(EmailExistsError));
}
var newUser = new RoadkillIdentityUser()
{
UserName = userRequest.Email,
Email = userRequest.Email,
EmailConfirmed = true
};
IdentityResult result = await _userManager.CreateAsync(newUser, userRequest.Password);
if (!result.Succeeded)
{
throw new ApiException($"Unable to create admin user {userRequest.Email} - UserManager call failed." + string.Join("\n", result.Errors));
}
await _userManager.AddClaimAsync(newUser, new Claim(ClaimTypes.Role, RoleNames.Admin));
return(CreatedAtAction(nameof(CreateAdmin), userRequest.Email));
}
public async Task <ActionResult <string> > Delete([FromBody] string email)
{
RoadkillIdentityUser identityUser = await _userManager.FindByEmailAsync(email);
if (identityUser == null)
{
return(NotFound(EmailDoesNotExistError));
}
if (identityUser.LockoutEnabled)
{
return(BadRequest(UserIsLockedOutError));
}
identityUser.LockoutEnd = DateTime.MaxValue;
identityUser.LockoutEnabled = true;
IdentityResult result = await _userManager.UpdateAsync(identityUser);
if (!result.Succeeded)
{
throw new ApiException($"Unable to delete user {email} - UserManager call failed." + string.Join("\n", result.Errors));
}
return(NoContent());
}
public async Task Authenticate_should_return_forbidden_when_signin_fails()
{
// given
string email = "*****@*****.**";
string password = "******";
var roadkillUser = new RoadkillIdentityUser()
{
Id = "1",
UserName = email,
NormalizedUserName = email.ToUpperInvariant(),
Email = email,
NormalizedEmail = email.ToUpperInvariant()
};
var model = new AuthorizationRequest()
{
Email = email,
Password = password
};
_userManagerMock.FindByEmailAsync(email)
.Returns(Task.FromResult(roadkillUser));
_signinManagerMock.PasswordSignInAsync(roadkillUser, password, true, false)
.Returns(Task.FromResult(SignInResult.Failed));
// when
ActionResult <string> actionResult = await _authorizationController.Authenticate(model);
// then
actionResult.ShouldNotBeNull();
actionResult.Result.ShouldBeOfType <ForbidResult>();
}
public async Task <ActionResult <AuthorizationResponse> > Authenticate([FromBody] AuthorizationRequest authorizationRequest)
{
RoadkillIdentityUser identityUser = await _userManager.FindByEmailAsync(authorizationRequest.Email);
if (identityUser == null)
{
return(NotFound($"The user with the email {authorizationRequest.Email} could not be found."));
}
SignInResult result = await _signInManager.PasswordSignInAsync(identityUser, authorizationRequest.Password, true, false);
if (result.Succeeded)
{
IList <Claim> existingClaims = await _userManager.GetClaimsAsync(identityUser);
if (existingClaims.Count == 0)
{
return(StatusCode(StatusCodes.Status403Forbidden));
}
// When testing on localhost, RemoteIpAddress is null.
var ipAddress = HttpContext.Connection.RemoteIpAddress ?? IPAddress.Loopback;
string ip = ipAddress.ToString();
var token = new AuthorizationResponse()
{
JwtToken = _jwtTokenService.CreateToken(existingClaims, identityUser.Email),
RefreshToken = await _jwtTokenService.CreateRefreshToken(identityUser.Email, ip)
};
return(Ok(token));
}
// don't use Forbid() as it goes through ASP.NET Core's authentication middleware
return(StatusCode(StatusCodes.Status403Forbidden));
}
public async Task <ActionResult <AuthorizationResponse> > Authenticate([FromBody] AuthorizationRequest authorizationRequest)
{
RoadkillIdentityUser identityUser = await _userManager.FindByEmailAsync(authorizationRequest.Email);
if (identityUser == null)
{
return(NotFound($"The user with the email {authorizationRequest.Email} could not be found."));
}
SignInResult result = await _signInManager.PasswordSignInAsync(identityUser, authorizationRequest.Password, true, false);
if (result.Succeeded)
{
IList <Claim> existingClaims = await _userManager.GetClaimsAsync(identityUser);
if (existingClaims.Count == 0)
{
return(StatusCode(StatusCodes.Status403Forbidden));
}
string refreshToken = Guid.NewGuid().ToString("N");
string email = identityUser.Email;
AuthorizationResponse response = await CreateNewJwtAndStoreWithRefreshToken(refreshToken, email, existingClaims.ToList());
return(Ok(response));
}
// don't use Forbid() as that goes through ASP.NET Core's authentication middleware, e.g. cookies
return(StatusCode(StatusCodes.Status403Forbidden));
}
public async Task <ActionResult <UserResponse> > Get(string email)
{
RoadkillIdentityUser identityUser = await _userManager.FindByEmailAsync(email);
if (identityUser == null)
{
return(NotFound(EmailDoesNotExistError));
}
UserResponse response = _userObjectsConverter.ConvertToUserResponse(identityUser);
return(Ok(response));
}
public async Task Authenticate_should_return_token_from_provider()
{
// given
string jwtToken = "jwt token";
string email = "*****@*****.**";
string password = "******";
var roadkillUser = new RoadkillIdentityUser()
{
Id = "1",
UserName = email,
NormalizedUserName = email.ToUpperInvariant(),
Email = email,
NormalizedEmail = email.ToUpperInvariant(),
RoleClaims = new List <string>()
};
var model = new AuthorizationRequest()
{
Email = email,
Password = password
};
_userManagerMock.FindByEmailAsync(email)
.Returns(Task.FromResult(roadkillUser));
_signinManagerMock.PasswordSignInAsync(roadkillUser, password, true, false)
.Returns(Task.FromResult(SignInResult.Success));
var claims = new List <Claim>()
{
new Claim("any", "thing")
} as IList <Claim>;
_userManagerMock.GetClaimsAsync(roadkillUser)
.Returns(Task.FromResult(claims));
_jwtTokenProvider.CreateToken(claims, roadkillUser.Email)
.Returns(jwtToken);
// when
ActionResult <string> actionResult = await _authorizationController.Authenticate(model);
// then
actionResult.Result.ShouldBeOfType <OkObjectResult>();
var okResult = actionResult.Result as OkObjectResult;
okResult.Value.ShouldBe(jwtToken);
}
public async Task <ActionResult <string> > CreateTestUser()
{
var newUser = new RoadkillIdentityUser()
{
UserName = "******",
Email = "admin@localhost",
EmailConfirmed = true
};
await _userManager.CreateAsync(newUser, "password");
await _userManager.AddClaimAsync(newUser, RoadkillClaims.AdminClaim);
return(CreatedAtAction(nameof(CreateTestUser), newUser.Email));
}
public async Task <ActionResult <IdentityResult> > CreateTestUser()
{
var newUser = new RoadkillIdentityUser()
{
UserName = "******",
Email = "admin@localhost",
EmailConfirmed = true
};
await _userManager.CreateAsync(newUser, "password");
await _userManager.AddClaimAsync(newUser, new Claim(ClaimTypes.Role, RoleNames.Admin));
return(CreatedAtAction(nameof(InstallController.CreateTestUser), newUser.Email));
}
private void CreateEditorUser(UserManager <RoadkillIdentityUser> manager)
{
EditorUser = new RoadkillIdentityUser()
{
UserName = "******",
Email = "*****@*****.**",
EmailConfirmed = true
};
EditorUserPassword = "******";
var result = manager.CreateAsync(EditorUser, EditorUserPassword).GetAwaiter().GetResult();
if (!result.Succeeded)
{
string errors = string.Join("\n", result.Errors.ToList().Select(x => x.Description));
throw new Exception("Failed to create editor user - " + errors);
}
manager.AddClaimAsync(EditorUser, RoadkillClaims.EditorClaim).GetAwaiter()
.GetResult();
}
private void CreateAdminUser(UserManager <RoadkillIdentityUser> manager)
{
AdminUser = new RoadkillIdentityUser()
{
UserName = "******",
Email = "*****@*****.**",
EmailConfirmed = true
};
AdminUserPassword = "******";
var result = manager.CreateAsync(AdminUser, AdminUserPassword).GetAwaiter().GetResult();
if (!result.Succeeded)
{
string errors = string.Join("\n", result.Errors.ToList().Select(x => x.Description));
throw new Exception("Failed to create admin user - " + errors);
}
manager.AddClaimAsync(AdminUser, new Claim(ClaimTypes.Role, RoleNames.Admin)).GetAwaiter()
.GetResult();
}
private async Task CreateAdminUser(UserManager <RoadkillIdentityUser> manager)
{
var adminUser = new RoadkillIdentityUser()
{
UserName = "******",
Email = "*****@*****.**",
EmailConfirmed = true
};
string password = "******";
var result = manager.CreateAsync(adminUser, password).GetAwaiter().GetResult();
if (!result.Succeeded)
{
string errors = string.Join("\n", result.Errors.ToList().Select(x => x.Description));
throw new Exception("Failed to create admin user - " + errors);
}
manager.AddClaimAsync(adminUser, RoadkillClaims.AdminClaim).GetAwaiter()
.GetResult();
_outputHelper.WriteLine("Created admin user with role");
}
public UserResponse ConvertToUserResponse(RoadkillIdentityUser roadkillIdentityUser)
{
return(_mapper.Map <UserResponse>(roadkillIdentityUser));
}
public async Task Authenticate_should_return_jwt_and_refresh_token_logging_ip()
{
// given
string ipAddress = "9.8.7.6";
string refreshToken = "refresh token";
string jwtToken = "jwt token";
string email = "*****@*****.**";
string password = "******";
var roadkillUser = new RoadkillIdentityUser()
{
Id = "1",
UserName = email,
NormalizedUserName = email.ToUpperInvariant(),
Email = email,
NormalizedEmail = email.ToUpperInvariant(),
RoleClaims = new List <string>()
};
var model = new AuthorizationRequest()
{
Email = email,
Password = password
};
_userManagerMock.FindByEmailAsync(email)
.Returns(Task.FromResult(roadkillUser));
_signinManagerMock.PasswordSignInAsync(roadkillUser, password, true, false)
.Returns(Task.FromResult(SignInResult.Success));
var claims = new List <Claim>()
{
new Claim("any", "thing")
} as IList <Claim>;
_userManagerMock.GetClaimsAsync(roadkillUser)
.Returns(Task.FromResult(claims));
_jwtTokenService
.CreateToken(claims, roadkillUser.Email)
.Returns(jwtToken);
var httpContext = new DefaultHttpContext();
httpContext.Connection.RemoteIpAddress = IPAddress.Parse(ipAddress);
_authorizationController.ControllerContext.HttpContext = httpContext;
_jwtTokenService
.CreateRefreshToken(roadkillUser.Email, ipAddress)
.Returns(refreshToken);
// when
ActionResult <AuthorizationResponse> actionResult = await _authorizationController.Authenticate(model);
// then
actionResult.Result.ShouldBeOfType <OkObjectResult>();
var okResult = actionResult.Result as OkObjectResult;
var response = okResult.Value as AuthorizationResponse;
response.ShouldNotBeNull();
response.JwtToken.ShouldBe(jwtToken);
response.RefreshToken.ShouldBe(refreshToken);
}
