public async Task CreateIdentityNullChecks()
{
var userManager = MockHelpers.MockUserManager<TestUser>().Object;
var roleManager = MockHelpers.MockRoleManager<TestRole>().Object;
var options = new Mock<IOptions<IdentityOptions>>();
Assert.Throws<ArgumentNullException>("optionsAccessor",
() => new UserClaimsPrincipalFactory<TestUser, TestRole>(userManager, roleManager, options.Object));
var identityOptions = new IdentityOptions();
options.Setup(a => a.Options).Returns(identityOptions);
var factory = new UserClaimsPrincipalFactory<TestUser, TestRole>(userManager, roleManager, options.Object);
await Assert.ThrowsAsync<ArgumentNullException>("user",
async () => await factory.CreateAsync(null));
}
public SignInManager(
UserManager userManager,
IHttpContextAccessor contextAccessor,
UserClaimsPrincipalFactory claimsFactory,
IOptions <IdentityOptions> optionsAccessor,
ILogger <SignInManager <User> > logger,
IUnitOfWorkManager unitOfWorkManager,
ISettingManager settingManager,
IAuthenticationSchemeProvider schemes
) : base(
userManager,
contextAccessor,
claimsFactory,
optionsAccessor,
logger,
unitOfWorkManager,
settingManager,
schemes)
{
}
public PaymentController(
IPaymentAppService paymentAppService,
ITenantRegistrationAppService tenantRegistrationAppService,
TenantManager tenantManager,
EditionManager editionManager,
IWebUrlService webUrlService,
ISubscriptionPaymentRepository subscriptionPaymentRepository,
UserClaimsPrincipalFactory <User, Role> userClaimsPrincipalFactory,
UserManager userManager,
SignInManager signInManager)
{
_paymentAppService = paymentAppService;
_tenantRegistrationAppService = tenantRegistrationAppService;
_tenantManager = tenantManager;
_editionManager = editionManager;
_webUrlService = webUrlService;
_subscriptionPaymentRepository = subscriptionPaymentRepository;
_userClaimsPrincipalFactory = userClaimsPrincipalFactory;
_userManager = userManager;
_signInManager = signInManager;
}
public async Task PasswordSignInReturnsLockedOutWhenLockedOut()
{
// Setup
var user = new TestUser {
UserName = "******"
};
var manager = SetupUserManager(user);
manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable();
manager.Setup(m => m.IsLockedOutAsync(user)).ReturnsAsync(true).Verifiable();
var context = new Mock <HttpContext>();
var contextAccessor = new Mock <IHttpContextAccessor>();
contextAccessor.Setup(a => a.HttpContext).Returns(context.Object);
var roleManager = MockHelpers.MockRoleManager <TestRole>();
var identityOptions = new IdentityOptions();
var options = new Mock <IOptions <IdentityOptions> >();
options.Setup(a => a.Options).Returns(identityOptions);
var claimsFactory = new UserClaimsPrincipalFactory <TestUser, TestRole>(manager.Object, roleManager.Object, options.Object);
var logStore = new StringBuilder();
var logger = MockHelpers.MockILogger <SignInManager <TestUser> >(logStore);
var helper = new SignInManager <TestUser>(manager.Object, contextAccessor.Object, claimsFactory, options.Object, null);
helper.Logger = logger.Object;
var expectedScope = string.Format("{0} for {1}: {2}", "PasswordSignInAsync", "user", user.Id);
var expectedLog = string.Format("{0} : {1}", "PasswordSignInAsync", "Lockedout");
// Act
var result = await helper.PasswordSignInAsync(user.UserName, "bogus", false, false);
// Assert
Assert.False(result.Succeeded);
Assert.True(result.IsLockedOut);
Assert.NotEqual(-1, logStore.ToString().IndexOf(expectedLog));
Assert.NotEqual(-1, logStore.ToString().IndexOf(expectedScope));
manager.Verify();
}
/// <summary>
/// 客户端授权时的验证,授权类型为client_credentials
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override async Task GrantClientCredentials(OAuthGrantClientCredentialsContext context)
{
var userService = context.HttpContext.ApplicationServices.GetService <UserService>();
var roleService = context.HttpContext.ApplicationServices.GetService <RoleService>();
var optionsMgr = context.HttpContext.ApplicationServices.GetService <IOptions <IdentityOptions> >();
User user = await userService.FindByUserToken(context.ClientId);
if (user == null)
{
context.SetError("invalid_grant", Resources.Error_NotFounUserName);
return;
}
UserClaimsPrincipalFactory <User, Role> claimsFactory
= new UserClaimsPrincipalFactory <User, Role>(userService, roleService, optionsMgr);
var principal = await claimsFactory.CreateAsync(user);
AuthenticationProperties properties = CreateProperties(user.UserName);
AuthenticationTicket ticket = new AuthenticationTicket(principal, properties, OAuthDefaults.AuthenticationType);
context.Validated(ticket);
}
private static SignInManager <TUser> BuildSignInManager <TUser>(UserManager <TUser> manager,
HttpContext context, ILogger logger = null, IdentityOptions identityOptions = null,
IAuthenticationSchemeProvider schemeProvider = null) where TUser : class
{
var contextAccessor = new Mock <IHttpContextAccessor>();
contextAccessor.Setup(a => a.HttpContext).Returns(context);
identityOptions = identityOptions ?? new IdentityOptions();
var options = new Mock <IOptions <IdentityOptions> >();
options.Setup(a => a.Value).Returns(identityOptions);
var claimsFactory = new UserClaimsPrincipalFactory <TUser>(manager, options.Object);
schemeProvider = schemeProvider ?? new Mock <IAuthenticationSchemeProvider>().Object;
var sm = new SignInManager <TUser>(manager, contextAccessor.Object, claimsFactory, options.Object, null, schemeProvider, new DefaultUserConfirmation <TUser>());
sm.Logger = logger ?? (new Mock <ILogger <SignInManager <TUser> > >()).Object;
return(sm);
}
public override async Task <AuthenticationState> GetAuthenticationStateAsync()
{
using var scope = _scopeFactory.CreateScope();
var userManager = scope.ServiceProvider.GetService <UserManager <TUser> >();
var state = base.GetAuthenticationStateAsync().Result;
var user = await userManager !.GetUserAsync(state.User);
AuthenticationState result = new AuthenticationState(new ClaimsPrincipal(new ClaimsIdentity()));
if (user != null)
{
var roles = await userManager !.GetRolesAsync(user);
var principalFactory = new UserClaimsPrincipalFactory <TUser>(userManager, new OptionsWrapper <IdentityOptions>(_options));
var principal = await principalFactory.CreateAsync(user);
var claimsPrincipal = new ClaimsPrincipal(new ClaimsIdentity(principal.Identity, roles.Select(role => new Claim(ClaimTypes.Role, role))));
result = new AuthenticationState(claimsPrincipal);
}
NotifyAuthenticationStateChanged(Task.FromResult(result));
return(result);
}
public async Task RememberClientStoresUserId()
{
// Setup
var user = new TestUser { UserName = "******" };
var manager = SetupUserManager(user);
var context = new Mock<HttpContext>();
var response = new Mock<HttpResponse>();
var contextAccessor = new Mock<IHttpContextAccessor>();
var roleManager = MockHelpers.MockRoleManager<TestRole>();
var identityOptions = new IdentityOptions();
var options = new Mock<IOptions<IdentityOptions>>();
options.Setup(a => a.Options).Returns(identityOptions);
var claimsFactory = new UserClaimsPrincipalFactory<TestUser, TestRole>(manager.Object, roleManager.Object, options.Object);
context.Setup(c => c.Response).Returns(response.Object).Verifiable();
response.Setup(r => r.SignIn(
IdentityOptions.TwoFactorRememberMeCookieAuthenticationScheme,
It.Is<ClaimsPrincipal>(i => i.FindFirstValue(ClaimTypes.Name) == user.Id
&& i.Identities.First().AuthenticationType == IdentityOptions.TwoFactorRememberMeCookieAuthenticationType),
It.Is<AuthenticationProperties>(v => v.IsPersistent == true))).Verifiable();
contextAccessor.Setup(a => a.HttpContext).Returns(context.Object).Verifiable();
options.Setup(a => a.Options).Returns(identityOptions).Verifiable();
var helper = new SignInManager<TestUser>(manager.Object, contextAccessor.Object, claimsFactory, options.Object);
// Act
await helper.RememberTwoFactorClientAsync(user);
// Assert
manager.Verify();
context.Verify();
response.Verify();
contextAccessor.Verify();
options.Verify();
}
public async Task CanTwoFactorSignIn(bool isPersistent, bool supportsLockout, bool externalLogin, bool rememberClient)
{
// Setup
var user = new TestUser { UserName = "******" };
var manager = SetupUserManager(user);
var provider = "twofactorprovider";
var code = "123456";
manager.Setup(m => m.SupportsUserLockout).Returns(supportsLockout).Verifiable();
if (supportsLockout)
{
manager.Setup(m => m.IsLockedOutAsync(user)).ReturnsAsync(false).Verifiable();
manager.Setup(m => m.ResetAccessFailedCountAsync(user)).ReturnsAsync(IdentityResult.Success).Verifiable();
}
manager.Setup(m => m.VerifyTwoFactorTokenAsync(user, provider, code)).ReturnsAsync(true).Verifiable();
var context = new Mock<HttpContext>();
var response = new Mock<HttpResponse>();
var contextAccessor = new Mock<IHttpContextAccessor>();
var twoFactorInfo = new SignInManager<TestUser>.TwoFactorAuthenticationInfo { UserId = user.Id };
var loginProvider = "loginprovider";
var id = SignInManager<TestUser>.StoreTwoFactorInfo(user.Id, externalLogin ? loginProvider : null);
var authResult = new AuthenticationResult(id, new AuthenticationProperties(), new AuthenticationDescription());
var roleManager = MockHelpers.MockRoleManager<TestRole>();
var identityOptions = new IdentityOptions();
var options = new Mock<IOptions<IdentityOptions>>();
options.Setup(a => a.Options).Returns(identityOptions);
var claimsFactory = new UserClaimsPrincipalFactory<TestUser, TestRole>(manager.Object, roleManager.Object, options.Object);
if (externalLogin)
{
response.Setup(r => r.SignIn(
IdentityOptions.ApplicationCookieAuthenticationScheme,
It.Is<ClaimsPrincipal>(i => i.FindFirstValue(ClaimTypes.AuthenticationMethod) == loginProvider
&& i.FindFirstValue(ClaimTypes.NameIdentifier) == user.Id),
It.Is<AuthenticationProperties>(v => v.IsPersistent == isPersistent))).Verifiable();
response.Setup(r => r.SignOut(IdentityOptions.ExternalCookieAuthenticationScheme)).Verifiable();
}
else
{
SetupSignIn(response, user.Id);
}
if (rememberClient)
{
response.Setup(r => r.SignIn(
IdentityOptions.TwoFactorRememberMeCookieAuthenticationScheme,
It.Is<ClaimsPrincipal>(i => i.FindFirstValue(ClaimTypes.Name) == user.Id
&& i.Identities.First().AuthenticationType == IdentityOptions.TwoFactorRememberMeCookieAuthenticationType),
It.Is<AuthenticationProperties>(v => v.IsPersistent == true))).Verifiable();
}
context.Setup(c => c.Response).Returns(response.Object).Verifiable();
context.Setup(c => c.AuthenticateAsync(IdentityOptions.TwoFactorUserIdCookieAuthenticationScheme)).ReturnsAsync(authResult).Verifiable();
contextAccessor.Setup(a => a.HttpContext).Returns(context.Object);
var logStore = new StringBuilder();
var logger = MockHelpers.MockILogger<SignInManager<TestUser>>(logStore);
var helper = new SignInManager<TestUser>(manager.Object, contextAccessor.Object, claimsFactory, options.Object, null);
helper.Logger = logger.Object;
string expectedScope = string.Format("{0} for {1}: {2}", "TwoFactorSignInAsync", "user", user.Id);
string expectedLog = string.Format("{0} : {1}", "TwoFactorSignInAsync", "Succeeded");
// Act
var result = await helper.TwoFactorSignInAsync(provider, code, isPersistent, rememberClient);
// Assert
Assert.True(result.Succeeded);
Assert.NotEqual(-1, logStore.ToString().IndexOf(expectedLog));
Assert.NotEqual(-1, logStore.ToString().IndexOf(expectedScope));
manager.Verify();
context.Verify();
response.Verify();
contextAccessor.Verify();
}
public async Task CanExternalSignIn(bool isPersistent, bool supportsLockout)
{
// Setup
var user = new TestUser { UserName = "******" };
const string loginProvider = "login";
const string providerKey = "fookey";
var manager = SetupUserManager(user);
manager.Setup(m => m.SupportsUserLockout).Returns(supportsLockout).Verifiable();
if (supportsLockout)
{
manager.Setup(m => m.IsLockedOutAsync(user)).ReturnsAsync(false).Verifiable();
}
manager.Setup(m => m.FindByLoginAsync(loginProvider, providerKey)).ReturnsAsync(user).Verifiable();
var context = new Mock<HttpContext>();
var response = new Mock<HttpResponse>();
context.Setup(c => c.Response).Returns(response.Object).Verifiable();
SetupSignIn(response, user.Id, isPersistent, loginProvider);
var contextAccessor = new Mock<IHttpContextAccessor>();
contextAccessor.Setup(a => a.HttpContext).Returns(context.Object);
var roleManager = MockHelpers.MockRoleManager<TestRole>();
var identityOptions = new IdentityOptions();
response.Setup(r => r.SignOut(IdentityOptions.ExternalCookieAuthenticationScheme)).Verifiable();
var options = new Mock<IOptions<IdentityOptions>>();
options.Setup(a => a.Options).Returns(identityOptions);
var claimsFactory = new UserClaimsPrincipalFactory<TestUser, TestRole>(manager.Object, roleManager.Object, options.Object);
var logStore = new StringBuilder();
var logger = MockHelpers.MockILogger<SignInManager<TestUser>>(logStore);
var helper = new SignInManager<TestUser>(manager.Object, contextAccessor.Object, claimsFactory, options.Object, null);
helper.Logger = logger.Object;
string expectedScope = string.Format("{0} for {1}: {2}", "ExternalLoginSignInAsync", "user", user.Id);
string expectedLog = string.Format("{0} : {1}", "ExternalLoginSignInAsync", "Succeeded");
// Act
var result = await helper.ExternalLoginSignInAsync(loginProvider, providerKey, isPersistent);
// Assert
Assert.True(result.Succeeded);
Assert.NotEqual(-1, logStore.ToString().IndexOf(expectedLog));
Assert.NotEqual(-1, logStore.ToString().IndexOf(expectedScope));
manager.Verify();
context.Verify();
response.Verify();
contextAccessor.Verify();
}
public async Task PasswordSignInWorksWithNonTwoFactorStore()
{
// Setup
var user = new TestUser { UserName = "******" };
var manager = SetupUserManager(user);
manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable();
manager.Setup(m => m.IsLockedOutAsync(user)).ReturnsAsync(false).Verifiable();
manager.Setup(m => m.CheckPasswordAsync(user, "password")).ReturnsAsync(true).Verifiable();
manager.Setup(m => m.ResetAccessFailedCountAsync(user)).ReturnsAsync(IdentityResult.Success).Verifiable();
var context = new Mock<HttpContext>();
var response = new Mock<HttpResponse>();
SetupSignIn(response);
context.Setup(c => c.Response).Returns(response.Object).Verifiable();
var contextAccessor = new Mock<IHttpContextAccessor>();
contextAccessor.Setup(a => a.HttpContext).Returns(context.Object);
var roleManager = MockHelpers.MockRoleManager<TestRole>();
var identityOptions = new IdentityOptions();
var options = new Mock<IOptions<IdentityOptions>>();
options.Setup(a => a.Options).Returns(identityOptions);
var claimsFactory = new UserClaimsPrincipalFactory<TestUser, TestRole>(manager.Object, roleManager.Object, options.Object);
var helper = new SignInManager<TestUser>(manager.Object, contextAccessor.Object, claimsFactory, options.Object);
// Act
var result = await helper.PasswordSignInAsync(user.UserName, "password", false, false);
// Assert
Assert.True(result.Succeeded);
manager.Verify();
context.Verify();
response.Verify();
contextAccessor.Verify();
}
public async Task CanPasswordSignIn(bool isPersistent)
{
// Setup
var user = new TestUser { UserName = "******" };
var manager = SetupUserManager(user);
manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable();
manager.Setup(m => m.IsLockedOutAsync(user)).ReturnsAsync(false).Verifiable();
manager.Setup(m => m.CheckPasswordAsync(user, "password")).ReturnsAsync(true).Verifiable();
var context = new Mock<HttpContext>();
var response = new Mock<HttpResponse>();
context.Setup(c => c.Response).Returns(response.Object).Verifiable();
SetupSignIn(response, user.Id, isPersistent);
var contextAccessor = new Mock<IHttpContextAccessor>();
contextAccessor.Setup(a => a.HttpContext).Returns(context.Object);
var roleManager = MockHelpers.MockRoleManager<TestRole>();
var identityOptions = new IdentityOptions();
var options = new Mock<IOptions<IdentityOptions>>();
options.Setup(a => a.Options).Returns(identityOptions);
var claimsFactory = new UserClaimsPrincipalFactory<TestUser, TestRole>(manager.Object, roleManager.Object, options.Object);
var logStore = new StringBuilder();
var logger = MockHelpers.MockILogger<SignInManager<TestUser>>(logStore);
var helper = new SignInManager<TestUser>(manager.Object, contextAccessor.Object, claimsFactory, options.Object, null);
helper.Logger = logger.Object;
string expectedScope = string.Format("{0} for {1}: {2}", "PasswordSignInAsync", "user", user.Id);
string expectedLog = string.Format("{0} : {1}", "PasswordSignInAsync", "Succeeded");
// Act
var result = await helper.PasswordSignInAsync(user.UserName, "password", isPersistent, false);
// Assert
Assert.True(result.Succeeded);
Assert.NotEqual(-1, logStore.ToString().IndexOf(expectedLog));
Assert.NotEqual(-1, logStore.ToString().IndexOf(expectedScope));
manager.Verify();
context.Verify();
response.Verify();
contextAccessor.Verify();
}
public async Task <ActionResult> CreateAdmin(AdminViewModel viewModel)
{
if (viewModel.AdminPassword != viewModel.ConfirmPassword)
{
ViewBag.Languages = new SelectList(SupportedCultures.Cultures.Select(x => new { Value = x.TwoLetterISOLanguageName, Text = x.DisplayName }).ToList(), "Value", "Text");
ModelState.AddModelError("ConfirmPassword", "Password does not match");
return(View(viewModel));
}
SetupHelper.InitilizeDatabase();
if (SetupHelper.IsDbCreateComplete == true && SetupHelper.IsAdminCreateComplete == false)
{
if (!ModelState.IsValid)
{
ViewBag.Languages = new SelectList(SupportedCultures.Cultures.Select(x => new { Value = x.TwoLetterISOLanguageName, Text = x.DisplayName }).ToList(), "Value", "Text");
return(View(viewModel));
}
var optionBuilder = new DbContextOptionsBuilder <NccDbContext>();
SupportedDatabases supportedDatabases = TypeConverter.TryParseDatabaseEnum(SetupHelper.SelectedDatabase);
switch (supportedDatabases)
{
case SupportedDatabases.MSSQL:
optionBuilder.UseSqlServer(SetupHelper.ConnectionString, opts => opts.MigrationsAssembly("NetCoreCMS.Framework"));
break;
case SupportedDatabases.MsSqlLocalStorage:
break;
case SupportedDatabases.MySql:
optionBuilder.UseMySql(SetupHelper.ConnectionString, opts => opts.MigrationsAssembly("NetCoreCMS.Framework"));
break;
case SupportedDatabases.SqLite:
optionBuilder.UseSqlite(SetupHelper.ConnectionString, opts => opts.MigrationsAssembly("NetCoreCMS.Framework"));
break;
case SupportedDatabases.PgSql:
break;
}
var nccDbConetxt = new NccDbContext(optionBuilder.Options);
var userStore = new NccUserStore(nccDbConetxt);
var identityOptions = Options.Create(new IdentityOptions());
var passwordHasher = new PasswordHasher <NccUser>();
var userValidatorList = new List <UserValidator <NccUser> >();
var passwordValidatorList = new List <PasswordValidator <NccUser> >();
var lookupNormalizer = new UpperInvariantLookupNormalizer();
var identityErrorDescriber = new IdentityErrorDescriber();
var logger = _loggerFactory.CreateLogger <UserManager <NccUser> >();
var authOption = new AuthenticationOptions();
var options = Options.Create <AuthenticationOptions>(authOption);
var scheme = new AuthenticationSchemeProvider(options);
var userManager = new UserManager <NccUser>(
userStore,
identityOptions,
passwordHasher,
userValidatorList,
passwordValidatorList,
lookupNormalizer,
identityErrorDescriber,
GlobalContext.App.ApplicationServices,
logger
);
var roleStore = new NccRoleStore(nccDbConetxt);
var roleValidatorList = new List <RoleValidator <NccRole> >();
var roleLogger = _loggerFactory.CreateLogger <RoleManager <NccRole> >();
var roleManager = new RoleManager <NccRole>(
roleStore,
roleValidatorList,
new UpperInvariantLookupNormalizer(),
new IdentityErrorDescriber(),
roleLogger
);
var claimsFactory = new UserClaimsPrincipalFactory <NccUser, NccRole>(userManager, roleManager, identityOptions);
var signInLogger = _loggerFactory.CreateLogger <SignInManager <NccUser> >();
var signInManager = new NccSignInManager <NccUser>(userManager, _httpContextAccessor, claimsFactory, identityOptions, signInLogger, scheme);
//nccDbConetxt.Database.Migrate();
var setupInfo = new WebSiteInfo()
{
SiteName = viewModel.SiteName,
Tagline = viewModel.Tagline,
AdminPassword = viewModel.AdminPassword,
AdminUserName = viewModel.AdminUserName,
ConnectionString = SetupHelper.ConnectionString,
Database = TypeConverter.TryParseDatabaseEnum(SetupHelper.SelectedDatabase),
Email = viewModel.Email,
Language = viewModel.Language,
TablePrefix = viewModel.TablePrefix
};
//SetupHelper.RegisterAuthServices(supportedDatabases);
var admin = await SetupHelper.CreateSuperAdminUser(nccDbConetxt, userManager, roleManager, signInManager, setupInfo);
if (admin != null)
{
SetupHelper.IsAdminCreateComplete = true;
SetupHelper.Language = viewModel.Language;
SetupHelper.SaveSetup();
SetupHelper.CrateNccWebSite(nccDbConetxt, setupInfo);
await SetupHelper.SaveBasicData(admin, nccDbConetxt, userManager, roleManager, signInManager, setupInfo);
return(Redirect("/Home/SetupSuccess"));
}
else
{
TempData["ErrorMessage"] = "Could not create Admin user and Roles.";
return(Redirect("/Home/Error"));
}
}
TempData["ErrorMessage"] = "Setup already completed.";
return(Redirect("/Home/Error"));
}
public async Task OnValidatePrincipalTestSuccess(bool isPersistent)
{
var user = new TestUser {
UserName = "******"
};
var manager = SetupUserManager(user);
manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable();
manager.Setup(m => m.IsLockedOutAsync(user)).ReturnsAsync(true).Verifiable();
var context = new Mock <HttpContext>();
var contextAccessor = new Mock <IHttpContextAccessor>();
contextAccessor.Setup(a => a.HttpContext).Returns(context.Object);
var roleManager = MockHelpers.MockRoleManager <TestRole>();
var options = new Mock <IOptions <IdentityOptions> >();
options.Setup(a => a.Value).Returns(new IdentityOptions());
var securityStampOptions = new Mock <IOptions <SecurityStampValidatorOptions> >();
securityStampOptions.Setup(a => a.Value).Returns(new SecurityStampValidatorOptions {
ValidationInterval = TimeSpan.Zero
});
var claimsFactory = new UserClaimsPrincipalFactory <TestUser, TestRole>(manager.Object, roleManager.Object, options.Object);
var loggerFactory = new MockLoggerFactory();
var logger = loggerFactory.CreateLogger <SignInManager <TestUser> >();
var helper = new Mock <SignInManager <TestUser> >(manager.Object, contextAccessor.Object, claimsFactory, options.Object, logger, new Mock <IAuthenticationSchemeProvider>().Object, new Mock <IUserConfirmation <TestUser> >().Object);
var properties = new AuthenticationProperties {
IssuedUtc = DateTimeOffset.UtcNow.AddSeconds(-1), IsPersistent = isPersistent
};
var id = new ClaimsIdentity(IdentityConstants.ApplicationScheme);
id.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.Id));
var principal = new ClaimsPrincipal(id);
helper.Setup(s => s.ValidateSecurityStampAsync(It.IsAny <ClaimsPrincipal>())).ReturnsAsync(user).Verifiable();
helper.Setup(s => s.CreateUserPrincipalAsync(user)).ReturnsAsync(principal).Verifiable();
var logFactory = new MockLoggerFactory();
var services = new ServiceCollection();
services.AddSingleton <ILoggerFactory>(loggerFactory);
services.AddSingleton(options.Object);
services.AddSingleton(helper.Object);
services.AddSingleton <ISecurityStampValidator>(new SecurityStampValidator <TestUser>(securityStampOptions.Object, helper.Object, new SystemClock()));
context.Setup(c => c.RequestServices).Returns(services.BuildServiceProvider());
contextAccessor.Setup(a => a.HttpContext).Returns(context.Object);
var ticket = new AuthenticationTicket(principal,
properties,
IdentityConstants.ApplicationScheme);
var cookieContext = new CookieValidatePrincipalContext(context.Object, new AuthenticationSchemeBuilder(IdentityConstants.ApplicationScheme)
{
HandlerType = typeof(NoopHandler)
}.Build(), new CookieAuthenticationOptions(), ticket);
Assert.NotNull(cookieContext.Properties);
Assert.NotNull(cookieContext.Options);
Assert.NotNull(cookieContext.Principal);
await
SecurityStampValidator.ValidatePrincipalAsync(cookieContext);
Assert.NotNull(cookieContext.Principal);
helper.VerifyAll();
}
public KanekoProfileService(AspNetAccountDbContext context,
UserClaimsPrincipalFactory <ApplicationUser> userClaimsPrincipalFactory)
{
_context = context;
_userClaimsPrincipalFactory = userClaimsPrincipalFactory;
}
/// <summary>
/// Create and init the context.
/// </summary>
/// <param name="dbctx"></param>
/// <param name="host"></param>
/// <param name="path"></param>
/// <param name="regionName"></param>
/// <param name="user"></param>
/// <param name="checkInitResults"></param>
/// <returns></returns>
protected async Task <WcmsAppContext> CreateAndInitAppContext(AppDbContext dbctx, string host, string path, string regionName, ApplicationUser user = null, bool checkInitResults = true)
{
// Check the service provider...
Assert.NotEqual(null, _serviceProvider);
// Create and init the http context...
var httpContext = new DefaultHttpContext();
Assert.NotEqual(null, httpContext);
// Configure the http context...
httpContext.RequestServices = _services.BuildServiceProvider();
Assert.NotEqual(null, httpContext.RequestServices);
httpContext.Request.Host = new HostString(host);
httpContext.Request.Path = new PathString(path);
// Add user to the http context...
if (user != null)
{
UserClaimsPrincipalFactory <ApplicationUser, IdentityRole> clmFact
= _GetRequiredServicee <UserClaimsPrincipalFactory <ApplicationUser, IdentityRole> >(httpContext.RequestServices);
Assert.NotEqual(null, clmFact);
httpContext.User = /*ClaimsPrincipal upp =*/ await clmFact.CreateAsync(user);
Assert.NotEqual(null, httpContext.User /*upp*/);
//httpContext.User = new ClaimsPrincipal(upp);
}
// Create and init the route context...
var routeContext = new RouteContext(httpContext);
Assert.NotEqual(null, routeContext);
// Configure the route context...
routeContext.RouteData = new RouteData();
Assert.NotEqual(null, routeContext.RouteData);
routeContext.RouteData.Values.Add(CRoute.RegionTagName, regionName);
// Build loger factory...
var logFactory =
_GetRequiredServicee <ILoggerFactory>(httpContext.RequestServices);
Assert.NotEqual(null, logFactory);
#if DEBUG
//logFactory.AddConsole(_LogFilter);
logFactory.AddDebug(_LogFilter);
#endif
// Create and init the context...
WcmsAppContext ctx =
_GetRequiredServicee <WcmsAppContext>(httpContext.RequestServices);
Assert.NotEqual(null, ctx);
Assert.Equal(null, ctx.User);
Assert.Equal(null, ctx.Site);
//ctx.UnitTestInit(dbctx);
int initSiteAsyncRes = await ctx.InitSiteAsync(httpContext,
_GetRequiredServicee <IAuthorizationService>(httpContext.RequestServices));
bool initRouteAsyncRes = await ctx.InitRouteAsync(routeContext);
if (checkInitResults == true)
{
Assert.Equal(3, initSiteAsyncRes); // No module registered.
Assert.Equal(true, initRouteAsyncRes);
}
return(ctx);
}
private Mock<SignInManager<AccountingUser>> BuildMockSignInManager(bool signIn = true)
{
var userManager = BuildMockUserRepo();
var context = new Mock<HttpContext>();
var contextAccessor = new Mock<IHttpContextAccessor>();
contextAccessor.Setup(a => a.HttpContext).Returns(context.Object);
var roleStore = new Mock<IRoleStore<string>>().Object;
var roles = new List<IRoleValidator<string>>();
var roleManager = new RoleManager<string>(roleStore, roles,
new UpperInvariantLookupNormalizer(),
new IdentityErrorDescriber(),
null,
null);
var identityOptions = new IdentityOptions();
var options = new Mock<IOptions<IdentityOptions>>();
options.Setup(a => a.Value).Returns(identityOptions);
var claimsFactory = new UserClaimsPrincipalFactory<AccountingUser, string>(userManager.Object, roleManager, options.Object);
var manager = new Mock<SignInManager<AccountingUser>>(userManager.Object, contextAccessor.Object, claimsFactory, null, null);
manager.Setup(mgr => mgr.PasswordSignInAsync(It.IsAny<AccountingUser>(), It.IsAny<string>(), true, false))
.Returns(Task.FromResult(signIn ? SignInResult.Success : SignInResult.Failed));
manager.Setup(mgr => mgr.SignOutAsync())
.Returns(Task.FromResult(0));
return manager;
}
public IdentityServiceFactory()
{
var dataProtectorTokenProvider = new DataProtectorTokenProvider <DbUser>(
new EphemeralDataProtectionProvider(new NullLoggerFactory()), null, new NullLogger <DataProtectorTokenProvider <DbUser> >());
// service provider
var serviceProviderMock = new Mock <IServiceProvider>();
var serviceScopeMock = new Mock <IServiceScope>();
serviceScopeMock.Setup(x => x.ServiceProvider).Returns(serviceProviderMock.Object);
var serviceScopeFactoryMock = new Mock <IServiceScopeFactory>();
serviceScopeFactoryMock.Setup(x => x.CreateScope()).Returns(serviceScopeMock.Object);
var authenticationServiceMock = new Mock <IAuthenticationService>();
serviceProviderMock.Setup(x => x.GetService(typeof(IServiceScopeFactory))).Returns(serviceScopeFactoryMock.Object);
serviceProviderMock.Setup(x => x.GetService(typeof(DataProtectorTokenProvider <DbUser>))).Returns(dataProtectorTokenProvider);
serviceProviderMock.Setup(x => x.GetService(typeof(IAuthenticationService))).Returns(authenticationServiceMock.Object);
// http context
var httpContextAccessorMock = new Mock <IHttpContextAccessor>();
var httpContext = new DefaultHttpContext {
ServiceScopeFactory = serviceScopeFactoryMock.Object
};
httpContextAccessorMock.Setup(x => x.HttpContext).Returns(httpContext);
var httpContextAccessor = httpContextAccessorMock.Object;
// identity services
var identityOptionsAccessorMock = new Mock <IOptions <IdentityOptions> >();
identityOptionsAccessorMock.Setup(x => x.Value).Returns(() => new IdentityOptions
{
Tokens = new TokenOptions
{
ProviderMap = new Dictionary <string, TokenProviderDescriptor>
{
{ TokenOptions.DefaultProvider, new TokenProviderDescriptor(typeof(DataProtectorTokenProvider <DbUser>)) },
// { TokenOptions.DefaultEmailProvider, new TokenProviderDescriptor(typeof(EmailTokenProvider<DbUser>)) }
}
},
User = new UserOptions
{
RequireUniqueEmail = true
}
});
var identityOptionsAccessor = identityOptionsAccessorMock.Object;
var identityErrorDescriber = new IdentityErrorDescriber();
var lookupNormalizer = new UpperInvariantLookupNormalizer();
var connectionFactory = new DbConnectionFactory();
var userStore = new UserStore <Guid, DbUser, DbRole>(connectionFactory, identityErrorDescriber);
var roleStore = new RoleStore <Guid, DbRole>(connectionFactory, identityErrorDescriber);
var userManager = new UserManager <DbUser>(userStore, identityOptionsAccessor, new PasswordHasher <DbUser>(), null, null,
lookupNormalizer, identityErrorDescriber, serviceProviderMock.Object, new NullLogger <UserManager <DbUser> >());
userManager.RegisterTokenProvider(TokenOptions.DefaultProvider, dataProtectorTokenProvider);
var roleManager = new AspNetRoleManager <DbRole>(roleStore, null, lookupNormalizer, identityErrorDescriber,
new NullLogger <RoleManager <DbRole> >(), httpContextAccessor);
var userClaimsPrincipalFactory = new UserClaimsPrincipalFactory <DbUser, DbRole>(userManager, roleManager, identityOptionsAccessor);
var signInManager = new SignInManager <DbUser>(userManager, httpContextAccessor, userClaimsPrincipalFactory, identityOptionsAccessor,
new NullLogger <SignInManager <DbUser> >(), null, null);
UserManager = userManager;
RoleManager = roleManager;
SignInManager = signInManager;
}
public async Task EnsureClaimsIdentityHasExpectedClaims(bool supportRoles, bool supportClaims, bool supportRoleClaims)
{
// Setup
var userManager = MockHelpers.MockUserManager<TestUser>();
var roleManager = MockHelpers.MockRoleManager<TestRole>();
var user = new TestUser { UserName = "******" };
userManager.Setup(m => m.SupportsUserClaim).Returns(supportClaims);
userManager.Setup(m => m.SupportsUserRole).Returns(supportRoles);
userManager.Setup(m => m.GetUserIdAsync(user)).ReturnsAsync(user.Id);
userManager.Setup(m => m.GetUserNameAsync(user)).ReturnsAsync(user.UserName);
var roleClaims = new[] { "Admin", "Local" };
if (supportRoles)
{
userManager.Setup(m => m.GetRolesAsync(user)).ReturnsAsync(roleClaims);
roleManager.Setup(m => m.SupportsRoleClaims).Returns(supportRoleClaims);
}
var userClaims = new[] { new Claim("Whatever", "Value"), new Claim("Whatever2", "Value2") };
if (supportClaims)
{
userManager.Setup(m => m.GetClaimsAsync(user)).ReturnsAsync(userClaims);
}
userManager.Object.Options = new IdentityOptions();
var admin = new TestRole() { Name = "Admin" };
var local = new TestRole() { Name = "Local" };
var adminClaims = new[] { new Claim("AdminClaim1", "Value1"), new Claim("AdminClaim2", "Value2") };
var localClaims = new[] { new Claim("LocalClaim1", "Value1"), new Claim("LocalClaim2", "Value2") };
if (supportRoleClaims)
{
roleManager.Setup(m => m.FindByNameAsync("Admin")).ReturnsAsync(admin);
roleManager.Setup(m => m.FindByNameAsync("Local")).ReturnsAsync(local);
roleManager.Setup(m => m.GetClaimsAsync(admin)).ReturnsAsync(adminClaims);
roleManager.Setup(m => m.GetClaimsAsync(local)).ReturnsAsync(localClaims);
}
var options = new Mock<IOptions<IdentityOptions>>();
var identityOptions = new IdentityOptions();
options.Setup(a => a.Options).Returns(identityOptions);
var factory = new UserClaimsPrincipalFactory<TestUser, TestRole>(userManager.Object, roleManager.Object, options.Object);
// Act
var principal = await factory.CreateAsync(user);
var identity = principal.Identities.First();
// Assert
var manager = userManager.Object;
Assert.NotNull(identity);
Assert.Equal(1, principal.Identities.Count());
Assert.Equal(IdentityOptions.ApplicationCookieAuthenticationType, identity.AuthenticationType);
var claims = identity.Claims.ToList();
Assert.NotNull(claims);
Assert.True(
claims.Any(c => c.Type == manager.Options.ClaimsIdentity.UserNameClaimType && c.Value == user.UserName));
Assert.True(claims.Any(c => c.Type == manager.Options.ClaimsIdentity.UserIdClaimType && c.Value == user.Id));
Assert.Equal(supportRoles, claims.Any(c => c.Type == manager.Options.ClaimsIdentity.RoleClaimType && c.Value == "Admin"));
Assert.Equal(supportRoles, claims.Any(c => c.Type == manager.Options.ClaimsIdentity.RoleClaimType && c.Value == "Local"));
foreach (var cl in userClaims)
{
Assert.Equal(supportClaims, claims.Any(c => c.Type == cl.Type && c.Value == cl.Value));
}
foreach (var cl in adminClaims)
{
Assert.Equal(supportRoleClaims, claims.Any(c => c.Type == cl.Type && c.Value == cl.Value));
}
foreach (var cl in localClaims)
{
Assert.Equal(supportRoleClaims, claims.Any(c => c.Type == cl.Type && c.Value == cl.Value));
}
userManager.VerifyAll();
roleManager.VerifyAll();
}
public async Task PasswordSignInReturnsLockedOutWhenLockedOut()
{
// Setup
var user = new TestUser { UserName = "******" };
var manager = SetupUserManager(user);
manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable();
manager.Setup(m => m.IsLockedOutAsync(user)).ReturnsAsync(true).Verifiable();
var context = new Mock<HttpContext>();
var contextAccessor = new Mock<IHttpContextAccessor>();
contextAccessor.Setup(a => a.HttpContext).Returns(context.Object);
var roleManager = MockHelpers.MockRoleManager<TestRole>();
var identityOptions = new IdentityOptions();
var options = new Mock<IOptions<IdentityOptions>>();
options.Setup(a => a.Value).Returns(identityOptions);
var claimsFactory = new UserClaimsPrincipalFactory<TestUser, TestRole>(manager.Object, roleManager.Object, options.Object);
var logStore = new StringBuilder();
var logger = MockHelpers.MockILogger<SignInManager<TestUser>>(logStore);
var helper = new SignInManager<TestUser>(manager.Object, contextAccessor.Object, claimsFactory, options.Object, logger.Object);
// Act
var result = await helper.PasswordSignInAsync(user.UserName, "bogus", false, false);
// Assert
Assert.False(result.Succeeded);
Assert.True(result.IsLockedOut);
Assert.True(logStore.ToString().Contains($"User {user.Id} is currently locked out."));
manager.Verify();
}
private static SignInManager<TestUser> SetupSignInManager(UserManager<TestUser> manager, HttpContext context, StringBuilder logStore = null, IdentityOptions identityOptions = null)
{
var contextAccessor = new Mock<IHttpContextAccessor>();
contextAccessor.Setup(a => a.HttpContext).Returns(context);
var roleManager = MockHelpers.MockRoleManager<TestRole>();
identityOptions = identityOptions ?? new IdentityOptions();
var options = new Mock<IOptions<IdentityOptions>>();
options.Setup(a => a.Value).Returns(identityOptions);
var claimsFactory = new UserClaimsPrincipalFactory<TestUser, TestRole>(manager, roleManager.Object, options.Object);
var sm = new SignInManager<TestUser>(manager, contextAccessor.Object, claimsFactory, options.Object, null);
sm.Logger = MockHelpers.MockILogger<SignInManager<TestUser>>(logStore ?? new StringBuilder()).Object;
return sm;
}
public CustomerLogInManager(CustomerManager userManager, IUnitOfWorkManager unitOfWorkManager, ISettingManager settingManager, IRepository <CustomerLoginAttempt, long> userLoginAttemptRepository, IIocResolver iocResolver, IPasswordHasher <Customer> passwordHasher, UserClaimsPrincipalFactory <Customer> claimsPrincipalFactory) : base(userManager, unitOfWorkManager, settingManager, userLoginAttemptRepository, iocResolver, passwordHasher, claimsPrincipalFactory)
{
}
public ClaimFactory(UserClaimsPrincipalFactory <User> defaultFactory, ProjectDbContext dbContext)
{
this.defaultFactory = defaultFactory;
this.dbContext = dbContext;
}
public async Task <ActionResult> CreateAdmin(AdminViewModel viewModel)
{
SetupHelper.InitilizeDatabase();
var optionBuilder = new DbContextOptionsBuilder <NccDbContext>();
DatabaseEngine dbe = TypeConverter.TryParseDatabaseEnum(SetupHelper.SelectedDatabase);
switch (dbe)
{
case DatabaseEngine.MSSQL:
optionBuilder.UseSqlServer(SetupHelper.ConnectionString, opts => opts.MigrationsAssembly("NetCoreCMS.Framework"));
break;
case DatabaseEngine.MsSqlLocalStorage:
break;
case DatabaseEngine.MySql:
optionBuilder.UseMySql(SetupHelper.ConnectionString, opts => opts.MigrationsAssembly("NetCoreCMS.Framework"));
break;
case DatabaseEngine.SqLite:
optionBuilder.UseSqlite(SetupHelper.ConnectionString, opts => opts.MigrationsAssembly("NetCoreCMS.Framework"));
break;
case DatabaseEngine.PgSql:
break;
}
var nccDbConetxt = new NccDbContext(optionBuilder.Options);
var userStore = new NccUserStore(nccDbConetxt);
var identityOptions = Options.Create(new IdentityOptions());
var passwordHasher = new PasswordHasher <NccUser>();
var userValidatorList = new List <UserValidator <NccUser> >();
var passwordValidatorList = new List <PasswordValidator <NccUser> >();
var lookupNormalizer = new UpperInvariantLookupNormalizer();
var identityErrorDescriber = new IdentityErrorDescriber();
var logger = _loggerFactory.CreateLogger <UserManager <NccUser> >();
var userManager = new UserManager <NccUser>(
userStore,
identityOptions,
passwordHasher,
userValidatorList,
passwordValidatorList,
lookupNormalizer,
identityErrorDescriber,
GlobalConfig.App.ApplicationServices,
logger
);
var roleStore = new NccRoleStore(nccDbConetxt);
var roleValidatorList = new List <RoleValidator <NccRole> >();
var roleLogger = _loggerFactory.CreateLogger <RoleManager <NccRole> >();
var roleManager = new RoleManager <NccRole>(
roleStore,
roleValidatorList,
new UpperInvariantLookupNormalizer(),
new IdentityErrorDescriber(),
roleLogger,
_httpContextAccessor
);
var claimsFactory = new UserClaimsPrincipalFactory <NccUser, NccRole>(userManager, roleManager, identityOptions);
var signInLogger = _loggerFactory.CreateLogger <SignInManager <NccUser> >();
var signInManager = new NccSignInManager <NccUser>(userManager, _httpContextAccessor, claimsFactory, identityOptions, signInLogger);
//nccDbConetxt.Database.Migrate();
var setupInfo = new WebSiteInfo()
{
SiteName = viewModel.SiteName,
Tagline = viewModel.Tagline,
AdminPassword = viewModel.AdminPassword,
AdminUserName = viewModel.AdminUserName,
ConnectionString = SetupHelper.ConnectionString,
Database = TypeConverter.TryParseDatabaseEnum(SetupHelper.SelectedDatabase),
Email = viewModel.Email
};
var admin = await SetupHelper.CreateSuperAdminUser(userManager, roleManager, signInManager, setupInfo);
SetupHelper.RegisterAuthServices();
SetupHelper.IsAdminCreateComplete = true;
SetupHelper.SaveSetup();
SetupHelper.CrateNccWebSite(nccDbConetxt, setupInfo);
return(Redirect("/Home/SetupSuccess"));
}
public async Task EnsureClaimsIdentityHasExpectedClaims(bool supportRoles, bool supportClaims, bool supportRoleClaims, bool supportsUserEmail)
{
// Setup
var userManager = MockHelpers.MockUserManager <PocoUser>();
var roleManager = MockHelpers.MockRoleManager <PocoRole>();
var user = new PocoUser {
UserName = "******", Email = "*****@*****.**"
};
userManager.Setup(m => m.SupportsUserClaim).Returns(supportClaims);
userManager.Setup(m => m.SupportsUserRole).Returns(supportRoles);
userManager.Setup(m => m.SupportsUserEmail).Returns(supportsUserEmail);
userManager.Setup(m => m.GetUserIdAsync(user)).ReturnsAsync(user.Id);
userManager.Setup(m => m.GetUserNameAsync(user)).ReturnsAsync(user.UserName);
if (supportsUserEmail)
{
userManager.Setup(m => m.GetEmailAsync(user)).ReturnsAsync(user.Email);
}
var roleClaims = new[] { "Admin", "Local" };
if (supportRoles)
{
userManager.Setup(m => m.GetRolesAsync(user)).ReturnsAsync(roleClaims);
roleManager.Setup(m => m.SupportsRoleClaims).Returns(supportRoleClaims);
}
var userClaims = new[] { new Claim("Whatever", "Value"), new Claim("Whatever2", "Value2") };
if (supportClaims)
{
userManager.Setup(m => m.GetClaimsAsync(user)).ReturnsAsync(userClaims);
}
userManager.Object.Options = new IdentityOptions();
var admin = new PocoRole()
{
Name = "Admin"
};
var local = new PocoRole()
{
Name = "Local"
};
var adminClaims = new[] { new Claim("AdminClaim1", "Value1"), new Claim("AdminClaim2", "Value2") };
var localClaims = new[] { new Claim("LocalClaim1", "Value1"), new Claim("LocalClaim2", "Value2") };
if (supportRoleClaims)
{
roleManager.Setup(m => m.FindByNameAsync("Admin")).ReturnsAsync(admin);
roleManager.Setup(m => m.FindByNameAsync("Local")).ReturnsAsync(local);
roleManager.Setup(m => m.GetClaimsAsync(admin)).ReturnsAsync(adminClaims);
roleManager.Setup(m => m.GetClaimsAsync(local)).ReturnsAsync(localClaims);
}
var options = new Mock <IOptions <IdentityOptions> >();
var identityOptions = new IdentityOptions();
options.Setup(a => a.Value).Returns(identityOptions);
var factory = new UserClaimsPrincipalFactory <PocoUser, PocoRole>(userManager.Object, roleManager.Object, options.Object);
// Act
var principal = await factory.CreateAsync(user);
var identity = principal.Identities.First();
// Assert
var manager = userManager.Object;
Assert.NotNull(identity);
Assert.Single(principal.Identities);
Assert.Equal(IdentityConstants.ApplicationScheme, identity.AuthenticationType);
var claims = identity.Claims.ToList();
Assert.NotNull(claims);
Assert.Contains(
claims, c => c.Type == manager.Options.ClaimsIdentity.UserNameClaimType && c.Value == user.UserName);
Assert.Contains(claims, c => c.Type == manager.Options.ClaimsIdentity.UserIdClaimType && c.Value == user.Id);
Assert.Equal(supportsUserEmail, claims.Any(c => c.Type == manager.Options.ClaimsIdentity.EmailClaimType && c.Value == user.Email));
Assert.Equal(supportRoles, claims.Any(c => c.Type == manager.Options.ClaimsIdentity.RoleClaimType && c.Value == "Admin"));
Assert.Equal(supportRoles, claims.Any(c => c.Type == manager.Options.ClaimsIdentity.RoleClaimType && c.Value == "Local"));
foreach (var cl in userClaims)
{
Assert.Equal(supportClaims, claims.Any(c => c.Type == cl.Type && c.Value == cl.Value));
}
foreach (var cl in adminClaims)
{
Assert.Equal(supportRoleClaims, claims.Any(c => c.Type == cl.Type && c.Value == cl.Value));
}
foreach (var cl in localClaims)
{
Assert.Equal(supportRoleClaims, claims.Any(c => c.Type == cl.Type && c.Value == cl.Value));
}
userManager.VerifyAll();
roleManager.VerifyAll();
}
public AuthenticationService(IUserClaimsPrincipalFactory <TUser> claimsPrincipalFactory, UserManager <TUser> userManager, SignInManager <TUser> signInManager)
{
_claimsPrincipalFactory = claimsPrincipalFactory as UserClaimsPrincipalFactory <TUser, TRole>;
_userManager = userManager;
_signInManager = signInManager;
}
