Esempio n. 1
0
            public void ResetsPasswordMigratesPasswordHash()
            {
                var oldCred = CredentialBuilder.CreateSha1Password("thePassword");
                var user    = new User
                {
                    Username           = "******",
                    EmailAddress       = "*****@*****.**",
                    PasswordResetToken = "some-token",
                    PasswordResetTokenExpirationDate = DateTime.UtcNow.AddDays(1),
                    Credentials = new List <Credential>()
                    {
                        oldCred
                    }
                };

                var authService = Get <AuthenticationService>();

                authService.Entities.Users.Add(user);

                bool result = authService.ResetPasswordWithToken("user", "some-token", "new-password");

                // Assert
                Assert.True(result);
                var newCred = user.Credentials.Single();

                Assert.Equal(CredentialTypes.Password.Pbkdf2, newCred.Type);
                Assert.True(VerifyPasswordHash(newCred.Value, Constants.PBKDF2HashAlgorithmId, "new-password"));
                authService.Entities.VerifyCommitChanges();
            }
Esempio n. 2
0
            public void GivenOnlyASHA1PasswordItAuthenticatesUserAndReplacesItWithAPBKDF2Password()
            {
                var user    = Fakes.CreateUser("tempUser", CredentialBuilder.CreateSha1Password("thePassword"));
                var service = Get <AuthenticationService>();

                service.Entities.Users.Add(user);

                var foundByUserName = service.Authenticate("tempUser", "thePassword");

                var cred = foundByUserName.User.Credentials.Single();

                Assert.Same(user, foundByUserName.User);
                Assert.Equal(CredentialTypes.Password.Pbkdf2, cred.Type);
                Assert.True(CryptographyService.ValidateSaltedHash(cred.Value, "thePassword", Constants.PBKDF2HashAlgorithmId));
                service.Entities.VerifyCommitChanges();
            }
Esempio n. 3
0
            public void ReturnsFalseIfPasswordDoesNotMatchUser_SHA1()
            {
                // Arrange
                var service = Get <AuthenticationService>();
                var user    = Fakes.CreateUser("tempUser",
                                               CredentialBuilder.CreateSha1Password("oldpwd"));

                service.Entities
                .Set <User>()
                .Add(user);

                // Act
                var changed = service.ChangePassword(user.Username, "not_the_password", "newpwd");

                // Assert
                Assert.False(changed);
            }
Esempio n. 4
0
            public void ReturnsTrueWhenSuccessful()
            {
                // Arrange
                var service = Get <AuthenticationService>();
                var user    = Fakes.CreateUser(
                    "tempUser",
                    CredentialBuilder.CreateSha1Password("oldpwd"));

                service.Entities
                .Set <User>()
                .Add(user);

                // Act
                var changed = service.ChangePassword(user.Username, "oldpwd", "newpwd");

                // Assert
                Assert.True(changed);
            }
Esempio n. 5
0
            public void MigratesPasswordIfHashAlgorithmIsNotPBKDF2()
            {
                // Arrange
                var service = Get <AuthenticationService>();
                var user    = Fakes.CreateUser(
                    "tempUser",
                    CredentialBuilder.CreateSha1Password("oldpwd"));

                service.Entities
                .Set <User>()
                .Add(user);

                // Act
                var changed = service.ChangePassword(user.Username, "oldpwd", "newpwd");

                // Assert
                var cred = user.Credentials.Single(c => c.Type.StartsWith(CredentialTypes.Password.Prefix, StringComparison.OrdinalIgnoreCase));

                Assert.Equal(CredentialTypes.Password.Pbkdf2, cred.Type);
                Assert.True(VerifyPasswordHash(cred.Value, Constants.PBKDF2HashAlgorithmId, "newpwd"));
                service.Entities.VerifyCommitChanges();
            }
Esempio n. 6
0
        public Fakes()
        {
            User = new User("testUser")
            {
                Key          = 42,
                EmailAddress = "*****@*****.**",
                Credentials  = new List <Credential>
                {
                    CredentialBuilder.CreatePbkdf2Password(Password),
                    CredentialBuilder.CreateV1ApiKey(Guid.Parse("519e180e-335c-491a-ac26-e83c4bd31d65"),
                                                     ExpirationForApiKeyV1)
                }
            };

            ShaUser = new User("testShaUser")
            {
                Key          = 42,
                EmailAddress = "*****@*****.**",
                Credentials  = new List <Credential>
                {
                    CredentialBuilder.CreateSha1Password(Password),
                    CredentialBuilder.CreateV1ApiKey(Guid.Parse("b9704a41-4107-4cd2-bcfa-70d84e021ab2"),
                                                     ExpirationForApiKeyV1)
                }
            };

            Admin = new User("testAdmin")
            {
                Key          = 43,
                EmailAddress = "*****@*****.**",
                Credentials  = new List <Credential> {
                    CredentialBuilder.CreatePbkdf2Password(Password)
                },
                Roles = new List <Role> {
                    new Role {
                        Name = Constants.AdminRoleName
                    }
                }
            };

            Owner = new User("testPackageOwner")
            {
                Key         = 44,
                Credentials = new List <Credential> {
                    CredentialBuilder.CreatePbkdf2Password(Password)
                },
                EmailAddress = "*****@*****.**" //package owners need confirmed email addresses, obviously.
            };

            Package = new PackageRegistration
            {
                Id     = "FakePackage",
                Owners = new List <User> {
                    Owner
                },
                Packages = new List <Package>
                {
                    new Package {
                        Version = "1.0"
                    },
                    new Package {
                        Version = "2.0"
                    }
                }
            };
        }