public async Task ResetPassword() { var userInfo1 = await CreateTestUser(); var token = new OneTimeToken(userInfo1.Id); await Database.Save(token); var pathPrefix = "/v1/auth/username/password_reset"; JobClient.Job = null; // Fail: missing password var request = new HttpRequestMessage(HttpMethod.Post, $"{pathPrefix}/{token.GetUnhashedToken()}"); var content = new Dictionary <string, object>(); request.Content = new StringContent(JsonSerializer.Serialize(content), Encoding.UTF8, JsonMediaType); var response = await Client.SendAsync(request); var error = await assertJsonError(response, HttpStatusCode.BadRequest, "missing_required"); assertMissingRequired(error, new List <string> { "new_password" }); // Fail: crappy passwords request = new HttpRequestMessage(HttpMethod.Post, $"{pathPrefix}/{token.GetUnhashedToken()}"); content = new Dictionary <string, object>(); content.Add("new_password", "password"); request.Content = new StringContent(JsonSerializer.Serialize(content), Encoding.UTF8, JsonMediaType); response = await Client.SendAsync(request); await assertJsonError(response, HttpStatusCode.BadRequest, "bad_password"); request = new HttpRequestMessage(HttpMethod.Post, $"{pathPrefix}/{token.GetUnhashedToken()}"); content = new Dictionary <string, object>(); content.Add("new_password", ""); request.Content = new StringContent(JsonSerializer.Serialize(content), Encoding.UTF8, JsonMediaType); response = await Client.SendAsync(request); await assertJsonError(response, HttpStatusCode.BadRequest, "missing_required"); assertMissingRequired(error, new List <string> { "new_password" }); Assert.Null(JobClient.Job); // Success request = new HttpRequestMessage(HttpMethod.Post, $"{pathPrefix}/{token.GetUnhashedToken()}"); content = new Dictionary <string, object>(); content.Add("new_password", "something new"); request.Content = new StringContent(JsonSerializer.Serialize(content), Encoding.UTF8, JsonMediaType); response = await Client.SendAsync(request); Assert.Equal(HttpStatusCode.OK, response.StatusCode); Assert.NotNull(JobClient.Job); Assert.Equal("Morphic.Server.Auth.ChangePasswordEmail", JobClient.Job.Type.FullName); }
public void OneTimeTokenConstructor() { var token = new OneTimeToken { Email = "*****@*****.**", Id = 5, Token = "tokenstring", ValidUntil = new DateTime(2020, 3, 4), TokenType = (byte)OneTimeTokenType.AccountVerification }; Assert.AreEqual("*****@*****.**", token.Email); Assert.AreEqual(5, token.Id); Assert.AreEqual("tokenstring", token.Token); Assert.AreEqual(new DateTime(2020, 3, 4), token.ValidUntil); Assert.AreEqual(OneTimeTokenType.AccountVerification, (OneTimeTokenType)token.TokenType); }
public string GenerateSingleUseAuthToken(DocumentDatabase db, IPrincipal user) { var token = new OneTimeToken { DatabaseName = TenantId, User = user }; var tokenString = Guid.NewGuid().ToString(); singleUseAuthTokens.TryAdd(tokenString, token); if (singleUseAuthTokens.Count > 25) { foreach (var oneTimeToken in singleUseAuthTokens.Where(x => x.Value.Age.TotalMinutes > 3)) { OneTimeToken value; singleUseAuthTokens.TryRemove(oneTimeToken.Key, out value); } } return(tokenString); }
public string GenerateSingleUseAuthToken(string resourceName, IPrincipal user) { var token = new OneTimeToken { ResourceName = string.IsNullOrEmpty(resourceName)?"<system>":resourceName, User = user }; var tokenString = Guid.NewGuid().ToString(); singleUseAuthTokens.TryAdd(tokenString, token); if (singleUseAuthTokens.Count > 25) { foreach (var oneTimeToken in singleUseAuthTokens.Where(x => x.Value.Age.TotalMinutes > 3)) { OneTimeToken value; singleUseAuthTokens.TryRemove(oneTimeToken.Key, out value); } } return(tokenString); }
public string GenerateSingleUseAuthToken(DocumentDatabase db, IPrincipal user) { var token = new OneTimeToken { Database = db, GeneratedAt = SystemTime.UtcNow, User = user }; var tokenString = Guid.NewGuid().ToString(); singleUseAuthTokens.TryAdd(tokenString, token); if (singleUseAuthTokens.Count > 25) { foreach (var oneTimeToken in singleUseAuthTokens.Where(x => (x.Value.GeneratedAt - SystemTime.UtcNow).TotalMinutes > 5)) { OneTimeToken value; singleUseAuthTokens.TryRemove(oneTimeToken.Key, out value); } } return(tokenString); }
public string GenerateSingleUseAuthToken(string resourceName, IPrincipal user) { var token = new OneTimeToken { ResourceName = string.IsNullOrEmpty(resourceName)?"<system>":resourceName, User = user }; var tokenString = Guid.NewGuid().ToString(); singleUseAuthTokens.TryAdd(tokenString, token); if (singleUseAuthTokens.Count > 25) { foreach (var oneTimeToken in singleUseAuthTokens.Where(x => x.Value.Age.TotalMinutes > 3)) { OneTimeToken value; singleUseAuthTokens.TryRemove(oneTimeToken.Key, out value); } } return tokenString; }
public string GenerateSingleUseAuthToken(DocumentDatabase db, IPrincipal user) { var token = new OneTimeToken { DatabaseName = TenantId, GeneratedAt = SystemTime.UtcNow, User = user }; var tokenString = Guid.NewGuid().ToString(); singleUseAuthTokens.TryAdd(tokenString, token); if (singleUseAuthTokens.Count > 25) { foreach (var oneTimeToken in singleUseAuthTokens.Where(x => (x.Value.GeneratedAt - SystemTime.UtcNow).TotalMinutes > 5)) { OneTimeToken value; singleUseAuthTokens.TryRemove(oneTimeToken.Key, out value); } } return tokenString; }
public async Task TestEmailValidationApi() { this.JobClient.Job = null; // create user var user = new User(); user.Id = Guid.NewGuid().ToString(); user.Email.PlainText = "*****@*****.**"; await Database.Save(user); Assert.False(user.EmailVerified); Assert.Null(await Database.Get <OneTimeToken>(t => t.UserId == user.Id)); // create OTP var oneTimeToken = new OneTimeToken(user.Id); await Database.Save(oneTimeToken); // check the various fields and hashes var token = oneTimeToken.GetUnhashedToken(); Assert.NotEqual(token, oneTimeToken.Token.ToCombinedString()); Assert.Null(oneTimeToken.UsedAt); // GET, bad token (we're sending the token hash (the ID)) var path = $"/v1/users/{user.Id}/verify_email/{oneTimeToken.Id}"; var request = new HttpRequestMessage(HttpMethod.Post, path); var response = await Client.SendAsync(request); Assert.Equal(HttpStatusCode.NotFound, response.StatusCode); Assert.NotNull(await Database.Get <OneTimeToken>(t => t.UserId == user.Id)); var sameUser = await Database.Get <User>(user.Id); Assert.NotNull(sameUser); Assert.False(sameUser.EmailVerified); // Email should not be sent. Assert.Null(this.JobClient.Job); // GET, Good token sameUser = await Database.Get <User>(user.Id); Assert.NotNull(sameUser); Assert.False(sameUser.EmailVerified); path = $"/v1/users/{user.Id}/verify_email/{token}"; request = new HttpRequestMessage(HttpMethod.Post, path); response = await Client.SendAsync(request); Assert.Equal(HttpStatusCode.OK, response.StatusCode); oneTimeToken = await Database.Get <OneTimeToken>(t => t.UserId == user.Id); Assert.NotNull(oneTimeToken); Assert.NotNull(oneTimeToken.UsedAt); // Check an email was sent. Assert.NotNull(this.JobClient.Job); Assert.Equal(typeof(SignupConfirmationEmail).FullName, this.JobClient.Job.Type.FullName); // try the same request again. Will fail this.JobClient.Job = null; request = new HttpRequestMessage(HttpMethod.Post, path); response = await Client.SendAsync(request); await assertJsonError(response, HttpStatusCode.NotFound, "invalid_token"); Assert.Equal(HttpStatusCode.NotFound, response.StatusCode); sameUser = await Database.Get <User>(user.Id); Assert.NotNull(sameUser); Assert.True(sameUser.EmailVerified); // Email should not be sent. Assert.Null(this.JobClient.Job); }