public void MfaAuthorizationSuccessfulTest_ChecksThatServiceReturnsTrueIfNoMfaSubscriptionIsSubscribed_VerifiesThroughReturnsValue()
{
IIdentityAccessPersistenceRepository persistenceRepository = (IIdentityAccessPersistenceRepository)ContextRegistry.GetContext()["IdentityAccessPersistenceRepository"];
IUserRepository userRepository = (IUserRepository)ContextRegistry.GetContext()["UserRepository"];
ISecurityKeysRepository securityKeysPairRepository = (ISecurityKeysRepository)ContextRegistry.GetContext()["SecurityKeysPairRepository"];
IMfaCodeSenderService mfaSmsService = (IMfaCodeSenderService)ContextRegistry.GetContext()["MfaSmsService"];
IMfaCodeSenderService mfaEmailService = (IMfaCodeSenderService)ContextRegistry.GetContext()["MfaEmailService"];
IMfaCodeGenerationService mfaCodeGenerationService = (IMfaCodeGenerationService)ContextRegistry.GetContext()["MfaCodeGenerationService"];
IMfaAuthorizationService mfaAuthorizationService = new MfaAuthorizationService(persistenceRepository,
userRepository, securityKeysPairRepository, mfaSmsService, mfaEmailService, mfaCodeGenerationService);
string apiKey = "123";
string userName = "******";
string phoneNumber = "2233344";
string email = "*****@*****.**";
User user = new User(userName, "asdf", "12345", "xyz", email, Language.English, TimeZone.CurrentTimeZone,
new TimeSpan(1, 1, 1, 1), DateTime.Now, "Pakistan", "", phoneNumber, "1234");
persistenceRepository.SaveUpdate(user);
user = userRepository.GetUserByUserName(userName);
Assert.IsNotNull(user);
SecurityKeysPair securityKeysPair = new SecurityKeysPair(user.Id, apiKey, "secret123", true, "#1");
persistenceRepository.SaveUpdate(securityKeysPair);
Tuple <bool, string> authorizeAccess = mfaAuthorizationService.AuthorizeAccess(apiKey, MfaConstants.Deposit, "");
Assert.IsTrue(authorizeAccess.Item1);
}
/// <summary>
/// Initializes a new instance of the <see cref="T:System.Object"/> class.
/// </summary>
public MfaAuthorizationService(IIdentityAccessPersistenceRepository persistenceRepository, IUserRepository userRepository,
ISecurityKeysRepository securityKeysRepository, IMfaCodeSenderService smsService, IMfaCodeSenderService emailService,
IMfaCodeGenerationService codeGenerationService)
{
_persistenceRepository = persistenceRepository;
_userRepository = userRepository;
_securityKeysRepository = securityKeysRepository;
_smsService = smsService;
_emailService = emailService;
_codeGenerationService = codeGenerationService;
}
public void MfaAuthorizationFailTest_ChecksThatServiceReturnsTrueIfMfaCodesDontMatch_VerifiesThroughReturnsValue()
{
IIdentityAccessPersistenceRepository persistenceRepository = (IIdentityAccessPersistenceRepository)ContextRegistry.GetContext()["IdentityAccessPersistenceRepository"];
IUserRepository userRepository = (IUserRepository)ContextRegistry.GetContext()["UserRepository"];
ISecurityKeysRepository securityKeysPairRepository = (ISecurityKeysRepository)ContextRegistry.GetContext()["SecurityKeysPairRepository"];
IMfaCodeSenderService mfaSmsService = (IMfaCodeSenderService)ContextRegistry.GetContext()["MfaSmsService"];
IMfaCodeSenderService mfaEmailService = (IMfaCodeSenderService)ContextRegistry.GetContext()["MfaEmailService"];
IMfaCodeGenerationService mfaCodeGenerationService = (IMfaCodeGenerationService)ContextRegistry.GetContext()["MfaCodeGenerationService"];
IMfaSubscriptionRepository mfaSubscriptionRepository = (IMfaSubscriptionRepository)ContextRegistry.GetContext()["MfaSubscriptionRepository"];
IMfaAuthorizationService mfaAuthorizationService = new MfaAuthorizationService(persistenceRepository,
userRepository, securityKeysPairRepository, mfaSmsService, mfaEmailService, mfaCodeGenerationService);
string apiKey = "123";
string userName = "******";
string phoneNumber = "2233344";
string email = "*****@*****.**";
User user = new User(userName, "asdf", "12345", "xyz", email, Language.English, TimeZone.CurrentTimeZone,
new TimeSpan(1, 1, 1, 1), DateTime.Now, "Pakistan", "", phoneNumber, "1234");
persistenceRepository.SaveUpdate(user);
user = userRepository.GetUserByUserName(userName);
Assert.IsNotNull(user);
SecurityKeysPair securityKeysPair = new SecurityKeysPair(user.Id, apiKey, "secret123", true, "#1");
persistenceRepository.SaveUpdate(securityKeysPair);
Tuple <bool, string> authorizeAccess = mfaAuthorizationService.AuthorizeAccess(apiKey, MfaConstants.Deposit, "");
Assert.IsTrue(authorizeAccess.Item1);
IList <MfaSubscription> allSubscriptions = mfaSubscriptionRepository.GetAllSubscriptions();
IList <Tuple <string, string, bool> > mfaSubscriptions = new List <Tuple <string, string, bool> >();
foreach (var subscription in allSubscriptions)
{
mfaSubscriptions.Add(new Tuple <string, string, bool>(subscription.MfaSubscriptionId,
subscription.MfaSubscriptionName, true));
}
user.AssignMfaSubscriptions(mfaSubscriptions);
persistenceRepository.SaveUpdate(user);
authorizeAccess = mfaAuthorizationService.AuthorizeAccess(apiKey, MfaConstants.Deposit, null);
Assert.IsFalse(authorizeAccess.Item1);
// The Stub Implementation always generates and returns the same MFA Code. We manuipulate it so that the code is
// incorrect
string mfaCode = mfaCodeGenerationService.GenerateCode();
authorizeAccess = mfaAuthorizationService.AuthorizeAccess(apiKey, MfaConstants.Deposit, mfaCode + "1");
Assert.IsFalse(authorizeAccess.Item1);
}
public void InitializationTest_TestsThatTheServiceIsInitializedUsingSpringDi_VerifiesThroughInstanceVariable()
{
IMfaCodeSenderService smsService = (IMfaCodeSenderService)ContextRegistry.GetContext()["MfaSmsService"];
Assert.IsNotNull(smsService);
}
/// <summary>
/// Check and validate Mfa Subscription for the given user action in the case of a system generated key
/// </summary>
/// <param name="user"></param>
/// <param name="userId"></param>
/// <param name="currentAction"></param>
/// <param name="mfaCode"></param>
/// <returns></returns>
private Tuple <bool, string> CheckSystemGeneratedKeySubscription(User user, int userId, string currentAction, string mfaCode)
{
if (user != null)
{
// Check if the user has asked for the TFA for the current given action
if (user.CheckMfaSubscriptions(currentAction))
{
// If yes, check if the user contains a TFA code. If he does, verify the code
if (!string.IsNullOrEmpty(user.MfaCode))
{
// If the given code is not null or empty
if (!string.IsNullOrEmpty(mfaCode))
{
// If the given code matches the user's stored mfa code, then return true
if (user.VerifyMfaCode(mfaCode))
{
return(new Tuple <bool, string>(true, "Verification Successful"));
}
else
{
Log.Error(
string.Format("MFA code could not be verified: User ID = {0}, Action = {1}",
userId,
currentAction));
//throw new InvalidOperationException("MFA code could not be verified");
return(new Tuple <bool, string>(false, "Mfa Code is incorrect"));
}
}
else
{
Log.Error(string.Format("MFA code is null: User ID = {0}, Action = {1}", userId,
currentAction));
//throw new NullReferenceException(string.Format("Given MFA code is null: User ID = {0}", userId));
return(new Tuple <bool, string>(false, string.Format("Given MFA code is null: User ID = {0}",
userId)));
}
}
// Else, send the user a new code, via email or SMS, to whichever the user has subscribed to
else
{
// Generate a new one time pass code
string theCode = _codeGenerationService.GenerateCode();
// Returns if email is enabled or not, and Email Address/Phone Number respectively
Tuple <bool, string> isEmailMfaEnabled = user.IsEmailMfaEnabled();
// Assign the MFA code to the user instance
user.AssignMfaCode(theCode);
// Save user instance with changes
_persistenceRepository.SaveUpdate(user);
// Get the service to which the user has subscribed to, Email or SMS
IMfaCodeSenderService mfaCodeSenderService = GetService(isEmailMfaEnabled.Item1);
// Send the user an MFA Code and assign it to the current user
mfaCodeSenderService.SendCode(isEmailMfaEnabled.Item2, theCode);
return(new Tuple <bool, string>(false, "Enter TFA"));
}
}
// If the user has not subscribed TFA for any action, then let the user go ahead without any more checks
else
{
Log.Debug(string.Format("MFA not enabled: User ID = {0} | Action = {1}. Request will proceed",
userId, currentAction));
return(new Tuple <bool, string>(true, "No MFA subscription enabled"));
}
}
// If no user instance is found
else
{
Log.Error(string.Format("No User found during MFA verification: User ID = {0}, Action = {1}", userId,
currentAction));
//throw new NullReferenceException(string.Format("No User found for ID = {0}", userId));
return(new Tuple <bool, string>(false, string.Format("No User found for ID = {0}", userId)));
}
}
