private static JwtSignInManager <PocoUser> SetupSignInManager(UserManager <PocoUser> manager, HttpContext context, ILogger logger = null, IdentityOptions identityOptions = null, IAuthenticationSchemeProvider schemeProvider = null)
{
var contextAccessor = new Mock <IHttpContextAccessor>();
contextAccessor.Setup(a => a.HttpContext).Returns(context);
var roleManager = MockHelpers.MockRoleManager <PocoRole>();
identityOptions = identityOptions ?? new IdentityOptions();
var options = new Mock <IOptions <IdentityOptions> >();
options.Setup(a => a.Value).Returns(identityOptions);
var claimsFactory = new UserClaimsPrincipalFactory <PocoUser, PocoRole>(manager, roleManager.Object, options.Object);
schemeProvider = schemeProvider ?? new Mock <IAuthenticationSchemeProvider>().Object;
//news
var jwtOptions = OptionsHelpers.Default;
var jwtIOptions = new Mock <IOptions <JwtAuthenticationOptions> >();
jwtIOptions.Setup(a => a.Value).Returns(jwtOptions);
var tokenfactoryLogger = new TestLogger <TokenFactoryService <PocoUser> >();
var tokenfactory = new TokenFactoryService <PocoUser>(claimsFactory, jwtIOptions.Object, options.Object, tokenfactoryLogger);
var sm = new JwtSignInManager <PocoUser>(manager, contextAccessor.Object, options.Object, null, schemeProvider, new DefaultUserConfirmation <PocoUser>(), tokenfactory);
sm.Logger = logger ?? NullLogger <JwtSignInManager <PocoUser> > .Instance;
return(sm);
}
public AuthController(JwtSignInManager <IdentityUser> jwtSignInManager,
UserManager <IdentityUser> userManager,
ILogger <AuthController <IdentityUser> > logger
) :
base(jwtSignInManager, userManager, logger)
{
}
public RoleController(SignInManager <IdentityUser> signInManager,
ILogger <RoleController> logger,
UserManager <IdentityUser> userManager,
RoleManager <IdentityRole> roleManager,
JwtSignInManager <IdentityUser> jwtSignInManager)
{
_userManager = userManager;
_roleManager = roleManager;
_jwtSignInManager = jwtSignInManager;
_signInManager = signInManager;
_logger = logger;
}
public async Task CanTwoFactorRecoveryCodeSignIn(bool supportsLockout, bool externalLogin)
{
// Setup
var user = new PocoUser {
UserName = "******"
};
const string bypassCode = "someCode";
var manager = SetupUserManager(user);
manager.Setup(m => m.SupportsUserLockout).Returns(supportsLockout).Verifiable();
manager.Setup(m => m.RedeemTwoFactorRecoveryCodeAsync(user, bypassCode)).ReturnsAsync(IdentityResult.Success).Verifiable();
if (supportsLockout)
{
manager.Setup(m => m.ResetAccessFailedCountAsync(user)).ReturnsAsync(IdentityResult.Success).Verifiable();
}
var context = new DefaultHttpContext();
var auth = MockAuth(context);
var helper = SetupSignInManager(manager.Object, context);
var twoFactorInfo = new JwtSignInManager <PocoUser> .TwoFactorAuthenticationInfo {
UserId = user.Id
};
var loginProvider = "loginprovider";
var twoFactureToken = helper.StoreTwoFactorInfo(user.Id, externalLogin ? loginProvider : null);
ClaimsPrincipal twoFactureClaimsPrincipal = null;// read from twoFactureToken
if (externalLogin)
{
auth.Setup(a => a.SignInAsync(context,
IdentityConstants.ApplicationScheme,
It.Is <ClaimsPrincipal>(i => i.FindFirstValue(ClaimTypes.AuthenticationMethod) == loginProvider &&
i.FindFirstValue(ClaimTypes.NameIdentifier) == user.Id),
It.IsAny <AuthenticationProperties>())).Returns(Task.FromResult(0)).Verifiable();
auth.Setup(a => a.SignOutAsync(context, IdentityConstants.ExternalScheme, It.IsAny <AuthenticationProperties>())).Returns(Task.FromResult(0)).Verifiable();
auth.Setup(a => a.SignOutAsync(context, IdentityConstants.TwoFactorUserIdScheme, It.IsAny <AuthenticationProperties>())).Returns(Task.FromResult(0)).Verifiable();
}
else
{
SetupSignIn(context, auth, user.Id);
}
auth.Setup(a => a.AuthenticateAsync(context, IdentityConstants.TwoFactorUserIdScheme))
.ReturnsAsync(AuthenticateResult.Success(new AuthenticationTicket(twoFactureClaimsPrincipal, null, IdentityConstants.TwoFactorUserIdScheme))).Verifiable();
// Act
var result = await helper.TwoFactorRecoveryCodeSignInAsync(bypassCode);
// Assert
Assert.True(result.Succeeded);
manager.Verify();
auth.Verify();
}
public async Task CanTwoFactorAuthenticatorSignIn(string providerName, bool isPersistent, bool rememberClient)
{
// Setup
var user = new PocoUser {
UserName = "******"
};
const string code = "3123";
var manager = SetupUserManager(user);
manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable();
manager.Setup(m => m.VerifyTwoFactorTokenAsync(user, providerName ?? TokenOptions.DefaultAuthenticatorProvider, code)).ReturnsAsync(true).Verifiable();
manager.Setup(m => m.ResetAccessFailedCountAsync(user)).ReturnsAsync(IdentityResult.Success).Verifiable();
var context = new DefaultHttpContext();
var auth = MockAuth(context);
var helper = SetupSignInManager(manager.Object, context);
var twoFactorInfo = new JwtSignInManager <PocoUser> .TwoFactorAuthenticationInfo {
UserId = user.Id
};
if (providerName != null)
{
helper.Options.Tokens.AuthenticatorTokenProvider = providerName;
}
var twoFactureToken = helper.StoreTwoFactorInfo(user.Id, null);
ClaimsPrincipal twoFactureClaimsPrincipal = null;// read from twoFactureToken
SetupSignIn(context, auth, user.Id, isPersistent);
auth.Setup(a => a.AuthenticateAsync(context, IdentityConstants.TwoFactorUserIdScheme))
.ReturnsAsync(AuthenticateResult.Success(new AuthenticationTicket(twoFactureClaimsPrincipal, null, IdentityConstants.TwoFactorUserIdScheme))).Verifiable();
if (rememberClient)
{
auth.Setup(a => a.SignInAsync(context,
IdentityConstants.TwoFactorRememberMeScheme,
It.Is <ClaimsPrincipal>(i => i.FindFirstValue(ClaimTypes.Name) == user.Id &&
i.Identities.First().AuthenticationType == IdentityConstants.TwoFactorRememberMeScheme),
It.IsAny <AuthenticationProperties>())).Returns(Task.FromResult(0)).Verifiable();
}
// Act
var result = await helper.TwoFactorAuthenticatorSignInAsync(code, rememberClient);
// Assert
Assert.True(result.Succeeded);
manager.Verify();
auth.Verify();
}
public async Task PasswordSignInReturnsLockedOutWhenLockedOut()
{
// Setup
var user = new PocoUser {
UserName = "******"
};
var manager = SetupUserManager(user);
manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable();
manager.Setup(m => m.IsLockedOutAsync(user)).ReturnsAsync(true).Verifiable();
var context = new Mock <HttpContext>();
var contextAccessor = new Mock <IHttpContextAccessor>();
contextAccessor.Setup(a => a.HttpContext).Returns(context.Object);
var roleManager = MockHelpers.MockRoleManager <PocoRole>();
var identityOptions = new IdentityOptions();
var options = new Mock <IOptions <IdentityOptions> >();
options.Setup(a => a.Value).Returns(identityOptions);
var claimsFactory = new UserClaimsPrincipalFactory <PocoUser, PocoRole>(manager.Object, roleManager.Object, options.Object);
var logger = new TestLogger <JwtSignInManager <PocoUser> >();
//news
var jwtOptions = OptionsHelpers.Default;
var jwtIOptions = new Mock <IOptions <JwtAuthenticationOptions> >();
jwtIOptions.Setup(a => a.Value).Returns(jwtOptions);
var tokenfactoryLogger = new TestLogger <TokenFactoryService <PocoUser> >();
var tokenfactory = new TokenFactoryService <PocoUser>(claimsFactory, jwtIOptions.Object, options.Object, tokenfactoryLogger);
var helper = new JwtSignInManager <PocoUser>(manager.Object, contextAccessor.Object, options.Object, logger,
new Mock <IAuthenticationSchemeProvider>().Object, new DefaultUserConfirmation <PocoUser>(), tokenfactory);
// Act
var result = await helper.PasswordSignInAsync(user.UserName, "bogus", false, false);
// Assert
Assert.False(result.Succeeded);
Assert.True(result.IsLockedOut);
//Assert.Contains($"User {user.Id} is currently locked out.", logger.LogMessages);
Assert.Contains($"User is currently locked out.", logger.LogMessages);
manager.Verify();
}
public async Task CanTwoFactorSignIn(bool isPersistent, bool supportsLockout, bool externalLogin, bool rememberClient)
{
// Setup
var user = new PocoUser {
UserName = "******"
};
var manager = SetupUserManager(user);
var provider = "twofactorprovider";
var code = "123456";
manager.Setup(m => m.SupportsUserLockout).Returns(supportsLockout).Verifiable();
if (supportsLockout)
{
manager.Setup(m => m.IsLockedOutAsync(user)).ReturnsAsync(false).Verifiable();
manager.Setup(m => m.ResetAccessFailedCountAsync(user)).ReturnsAsync(IdentityResult.Success).Verifiable();
}
manager.Setup(m => m.VerifyTwoFactorTokenAsync(user, provider, code)).ReturnsAsync(true).Verifiable();
var context = new DefaultHttpContext();
var auth = MockAuth(context);
var helper = SetupSignInManager(manager.Object, context);
var twoFactorInfo = new JwtSignInManager <PocoUser> .TwoFactorAuthenticationInfo {
UserId = user.Id
};
var loginProvider = "loginprovider";
var twoFactureToken = helper.StoreTwoFactorInfo(user.Id, externalLogin ? loginProvider : null);
ClaimsPrincipal twoFactureClaimsPrincipal = null;// read from twoFactureToken
if (externalLogin)
{
auth.Setup(a => a.SignInAsync(context,
IdentityConstants.ApplicationScheme,
It.Is <ClaimsPrincipal>(i => i.FindFirstValue(ClaimTypes.AuthenticationMethod) == loginProvider &&
i.FindFirstValue("amr") == "mfa" &&
i.FindFirstValue(ClaimTypes.NameIdentifier) == user.Id),
It.IsAny <AuthenticationProperties>())).Returns(Task.FromResult(0)).Verifiable();
// REVIEW: restore ability to test is persistent
//It.Is<AuthenticationProperties>(v => v.IsPersistent == isPersistent))).Verifiable();
auth.Setup(a => a.SignOutAsync(context, IdentityConstants.ExternalScheme, It.IsAny <AuthenticationProperties>())).Returns(Task.FromResult(0)).Verifiable();
auth.Setup(a => a.SignOutAsync(context, IdentityConstants.TwoFactorUserIdScheme, It.IsAny <AuthenticationProperties>())).Returns(Task.FromResult(0)).Verifiable();
}
else
{
SetupSignIn(context, auth, user.Id, isPersistent, null, "mfa");
}
if (rememberClient)
{
auth.Setup(a => a.SignInAsync(context,
IdentityConstants.TwoFactorRememberMeScheme,
It.Is <ClaimsPrincipal>(i => i.FindFirstValue(ClaimTypes.Name) == user.Id &&
i.Identities.First().AuthenticationType == IdentityConstants.TwoFactorRememberMeScheme),
It.IsAny <AuthenticationProperties>())).Returns(Task.FromResult(0)).Verifiable();
//It.Is<AuthenticationProperties>(v => v.IsPersistent == true))).Returns(Task.FromResult(0)).Verifiable();
}
auth.Setup(a => a.AuthenticateAsync(context, IdentityConstants.TwoFactorUserIdScheme))
.ReturnsAsync(AuthenticateResult.Success(new AuthenticationTicket(twoFactureClaimsPrincipal, null, IdentityConstants.TwoFactorUserIdScheme))).Verifiable();
// Act
var result = await helper.TwoFactorSignInAsync(provider, code, rememberClient);
// Assert
Assert.True(result.Succeeded);
manager.Verify();
auth.Verify();
}