public void ResetPasswordTest()
{
UserAccountRecoveryController usersController = CreateFakeUserAccountRecoveryController();
//Set up recovery token on user
TokenCreatorValidator tokenCreatorValidator = new TokenCreatorValidator(_testApiSecret);
TokenCreationParams tokenCreationParams = tokenCreatorValidator.CreateToken(_users[0].Id, 30);
_users[0].RecoverySalt = tokenCreationParams.SaltBytes;
_usersService.Update(_users[0]);
//Call endpoint with wrong token
var response = usersController.ResetPassword(new PasswordResetModel(
_users[0].Email, "wrong-token", "new-password-u1")
);
Assert.IsType <BadRequestObjectResult>(response);
Assert.True(PasswordVerifier.VerifyPasswordHash("password-u1", _users[0].PasswordHash, _users[0].PasswordSalt));
//Call endpoint and check Ok and user modifications
response = usersController.ResetPassword(new PasswordResetModel(
_users[0].Email, tokenCreationParams.TokenStr, "new-password-u1")
);
Assert.IsType <OkResult>(response);
Assert.True(PasswordVerifier.VerifyPasswordHash("new-password-u1", _users[0].PasswordHash, _users[0].PasswordSalt));
Assert.Null(_users[0].RecoverySalt);
}
private UserAccountRecoveryController CreateFakeUserAccountRecoveryController(User loggedUser = null)
{
//Create fake DBContext
var context = new GlovoDbContext(ContextOptions);
//Create fake HttpContextAccessor
var httpContext = new DefaultHttpContext();
var httpContextAccessor = new HttpContextAccessor {
HttpContext = httpContext
};
//Add logged user to HttpContextAccessor in case it is needed
if (loggedUser != null)
{
httpContextAccessor.HttpContext.Items["User"] = loggedUser;
}
//Create RestApiUsersService instance with fake DBContext and HttpContextAccessor
_usersService = new RestApiUsersService(context, httpContextAccessor);
//Create mapper with UsersProfile
var mapper = new MapperConfiguration(cfg => {
cfg.AddProfile <LocationsProfile>();
cfg.AddProfile <OrdersProductsProfile>();
cfg.AddProfile <OrdersProfile>();
cfg.AddProfile <ProductsProfile>();
cfg.AddProfile <RestaurantsProfile>();
cfg.AddProfile <UsersProfile>();
}).CreateMapper();
//Create AppConfiguration options using fake secret string
_testApiSecret = RandomString(1024);
IOptions <AppConfiguration> appConfigOptions = new OptionsWrapper <AppConfiguration>(
new AppConfiguration {
Secret = _testApiSecret
}
);
//Create UsersController instance with the RestApiUsersService instance, the mapper and the
//fake AppConfiguration
var usersController = new UserAccountRecoveryController(_usersService, mapper, appConfigOptions)
{
ControllerContext = { HttpContext = httpContext }
};
return(usersController);
}
public void AskForRecoveryEmailTest()
{
UserAccountRecoveryController usersController = CreateFakeUserAccountRecoveryController();
//Check endpoint returns Ok with existing email
var response = usersController.SendPasswordEmail(
new PasswordEmailModel(_users[0].Email)
);
Assert.IsType <OkObjectResult>(response.Result);
Assert.Equal(_users[0].Email, ((PasswordEmailModel)((OkObjectResult)response.Result).Value).Email);
//Cannot validate salt, as the token is sent to the user through email and not API
User emailUser = _usersService.GetById(_users[0].Id);
Assert.NotNull(emailUser.RecoverySalt);
//Check endpoint returns error with non-existing email
response = usersController.SendPasswordEmail(new PasswordEmailModel("non-existing-email"));
Assert.IsType <BadRequestObjectResult>(response.Result);
}