Exemple #1
0
        private async Task <Result <ValidateAppMfaCodeAgainstCurrentUserCommandResult, ErrorData> > Process(
            ValidateAppMfaCodeAgainstCurrentUserCommand request,
            CancellationToken cancellationToken)
        {
            var currentUserMaybe = this._currentAuthenticatedUserProvider.CurrentAuthenticatedUser;

            if (currentUserMaybe.HasNoValue)
            {
                return(Result.Fail <ValidateAppMfaCodeAgainstCurrentUserCommandResult, ErrorData>(new ErrorData(ErrorCodes.UserNotFound)));
            }

            var userMaybe = await this._userRepository.Find(currentUserMaybe.Value.UserId, cancellationToken);

            if (userMaybe.HasNoValue)
            {
                return(Result.Fail <ValidateAppMfaCodeAgainstCurrentUserCommandResult, ErrorData>(new ErrorData(ErrorCodes.UserNotFound)));
            }

            var user = userMaybe.Value;

            var authApp = user.AuthenticatorApps.SingleOrDefault(x => x.WhenRevoked == null);

            if (authApp == null)
            {
                return(Result.Fail <ValidateAppMfaCodeAgainstCurrentUserCommandResult, ErrorData>(new ErrorData(ErrorCodes.NoAuthenticatorAppEnrolled)));
            }

            var secretBytes = Base32Encoding.ToBytes(authApp.Key);
            var topt        = new Totp(secretBytes);
            var isVerified  = topt.VerifyTotp(request.Code, out _);

            return(isVerified
                ? Result.Ok <ValidateAppMfaCodeAgainstCurrentUserCommandResult, ErrorData>(new ValidateAppMfaCodeAgainstCurrentUserCommandResult(user.Id))
                : Result.Fail <ValidateAppMfaCodeAgainstCurrentUserCommandResult, ErrorData>(new ErrorData(ErrorCodes.MfaCodeNotValid)));
        }
Exemple #2
0
        public async Task Handle_GivenSavingSucceeds_ExpectSuccessfulResult()
        {
            var user = new Mock <IUser>();

            user.Setup(x => x.Profile).Returns(new Profile(TestVariables.UserId, "first-name", "last-name"));
            user.Setup(x => x.AuthenticatorApps).Returns(new List <AuthenticatorApp>
            {
                new AuthenticatorApp(Guid.NewGuid(), "key", DateTime.UtcNow),
            });
            var userRepository = new Mock <IUserRepository>();
            var unitOfWork     = new Mock <IUnitOfWork>();

            unitOfWork.Setup(x => x.SaveEntitiesAsync(It.IsAny <CancellationToken>())).ReturnsAsync(() => true);
            userRepository.Setup(x => x.UnitOfWork).Returns(unitOfWork.Object);
            userRepository.Setup(x => x.Find(It.IsAny <Guid>(), It.IsAny <CancellationToken>()))
            .ReturnsAsync(() => Maybe.From(user.Object));
            var currentAuthenticatedUserProvider = new Mock <ICurrentAuthenticatedUserProvider>();

            currentAuthenticatedUserProvider.Setup(x => x.CurrentAuthenticatedUser)
            .Returns(Maybe.From(new UnauthenticatedUser(TestVariables.UserId, MfaProvider.None) as ISystemUser));

            var handler = new ValidateAppMfaCodeAgainstCurrentUserCommandHandler(
                userRepository.Object, currentAuthenticatedUserProvider.Object);

            var totp = new Totp(Base32Encoding.ToBytes("key"));

            var code = totp.ComputeTotp();

            var cmd    = new ValidateAppMfaCodeAgainstCurrentUserCommand(code);
            var result = await handler.Handle(cmd, CancellationToken.None);

            Assert.True(result.IsSuccess);
        }
Exemple #3
0
        public async Task Handle_GiveUserDoesExistButHasNoAuthApp_ExpectFailedResult()
        {
            var user   = new Mock <IUser>();
            var userId = Guid.NewGuid();

            user.Setup(x => x.Id).Returns(userId);
            user.Setup(x => x.AuthenticatorApps).Returns(new List <AuthenticatorApp>());
            var userRepository = new Mock <IUserRepository>();
            var unitOfWork     = new Mock <IUnitOfWork>();

            unitOfWork.Setup(x => x.SaveEntitiesAsync(It.IsAny <CancellationToken>())).ReturnsAsync(() => true);
            userRepository.Setup(x => x.UnitOfWork).Returns(unitOfWork.Object);
            userRepository.Setup(x => x.Find(It.IsAny <Guid>(), It.IsAny <CancellationToken>()))
            .ReturnsAsync(() => Maybe.From(user.Object));
            var currentAuthenticatedUserProvider = new Mock <ICurrentAuthenticatedUserProvider>();

            currentAuthenticatedUserProvider.Setup(x => x.CurrentAuthenticatedUser)
            .Returns(Maybe.From(new UnauthenticatedUser(TestVariables.UserId, MfaProvider.None) as ISystemUser));

            var handler = new ValidateAppMfaCodeAgainstCurrentUserCommandHandler(
                userRepository.Object, currentAuthenticatedUserProvider.Object);

            var totp = new Totp(Base32Encoding.ToBytes("key"));

            var code = totp.ComputeTotp();

            var cmd    = new ValidateAppMfaCodeAgainstCurrentUserCommand(code);
            var result = await handler.Handle(cmd, CancellationToken.None);

            Assert.True(result.IsFailure);
            Assert.Equal(ErrorCodes.NoAuthenticatorAppEnrolled, result.Error.Code);
        }
        public async Task Handle_GivenResponseIsResultAndIsSuccessful_ExpectInformationLogged()
        {
            var auditLogger = new Mock <ILogger>();
            var authenticatedUserProvider = new Mock <ICurrentAuthenticatedUserProvider>();

            authenticatedUserProvider.Setup(x => x.CurrentAuthenticatedUser).Returns(
                Maybe.From <ISystemUser>(new UnauthenticatedUser(TestVariables.UserId, MfaProvider.None)));
            var request = new ValidateAppMfaCodeAgainstCurrentUserCommand("code");

            var auditBehavior =
                new AuditBehavior <ValidateAppMfaCodeAgainstCurrentUserCommand,
                                   Result <ValidateAppMfaCodeAgainstCurrentUserCommandResult, ErrorData> >(
                    auditLogger.Object, authenticatedUserProvider.Object);

            var requestHandlerDelegate =
                new Mock <RequestHandlerDelegate <Result <ValidateAppMfaCodeAgainstCurrentUserCommandResult, ErrorData>
                                                  > >();

            requestHandlerDelegate.Setup(x => x())
            .ReturnsAsync(Result.Ok <ValidateAppMfaCodeAgainstCurrentUserCommandResult, ErrorData>(
                              new ValidateAppMfaCodeAgainstCurrentUserCommandResult(TestVariables.UserId)));

            await auditBehavior.Handle(request, CancellationToken.None, requestHandlerDelegate.Object);

            auditLogger.Verify(x => x.Information(It.IsAny <string>(), It.IsAny <string>(),
                                                  It.IsAny <ValidateAppMfaCodeAgainstCurrentUserCommand>(),
                                                  It.Is <string>(x => x == TestVariables.UserId.ToString())));
        }
        public void Validate_GivenAllPropertiesAreValid_ExpectValidationSuccess()
        {
            var cmd       = new ValidateAppMfaCodeAgainstCurrentUserCommand("code");
            var validator = new ValidateAppMfaCodeAgainstCurrentUserCommandValidator();
            var result    = validator.Validate(cmd);

            Assert.True(result.IsValid);
        }
        public void Validate_GivenCodeIsEmpty_ExpectValidationFailure()
        {
            var cmd       = new ValidateAppMfaCodeAgainstCurrentUserCommand(string.Empty);
            var validator = new ValidateAppMfaCodeAgainstCurrentUserCommandValidator();
            var result    = validator.Validate(cmd);

            Assert.False(result.IsValid);
            Assert.Contains(
                result.Errors,
                failure => failure.ErrorCode.Equals(ValidationCodes.FieldIsRequired) &&
                failure.PropertyName == "Code");
        }
Exemple #7
0
        public async Task <Result <ValidateAppMfaCodeAgainstCurrentUserCommandResult, ErrorData> > Handle(
            ValidateAppMfaCodeAgainstCurrentUserCommand request,
            CancellationToken cancellationToken)
        {
            var result = await this.Process(request, cancellationToken);

            var dbResult = await this._userRepository.UnitOfWork.SaveEntitiesAsync(cancellationToken);

            if (!dbResult)
            {
                return(Result.Fail <ValidateAppMfaCodeAgainstCurrentUserCommandResult, ErrorData>(new ErrorData(
                                                                                                      ErrorCodes.SavingChanges, "Failed To Save Database")));
            }

            return(result);
        }
Exemple #8
0
        public async Task Handle_GivenNoUserAppearsToBeAuthenticate_ExpectFailedResult()
        {
            var userRepository = new Mock <IUserRepository>();
            var unitOfWork     = new Mock <IUnitOfWork>();

            unitOfWork.Setup(x => x.SaveEntitiesAsync(It.IsAny <CancellationToken>())).ReturnsAsync(() => true);
            userRepository.Setup(x => x.UnitOfWork).Returns(unitOfWork.Object);
            var currentAuthenticatedUserProvider = new Mock <ICurrentAuthenticatedUserProvider>();

            currentAuthenticatedUserProvider.Setup(x => x.CurrentAuthenticatedUser)
            .Returns(Maybe <ISystemUser> .Nothing);

            var handler = new ValidateAppMfaCodeAgainstCurrentUserCommandHandler(
                userRepository.Object, currentAuthenticatedUserProvider.Object);

            var cmd    = new ValidateAppMfaCodeAgainstCurrentUserCommand("code");
            var result = await handler.Handle(cmd, CancellationToken.None);

            Assert.True(result.IsFailure);
            Assert.Equal(ErrorCodes.UserNotFound, result.Error.Code);
        }
Exemple #9
0
        public void Constructor_GiveValidArguments_PropertiesAreSet()
        {
            var command = new ValidateAppMfaCodeAgainstCurrentUserCommand("code");

            Assert.Equal("code", command.Code);
        }