public async Task ResetPassword()
{
var userInfo1 = await CreateTestUser();
var token = new OneTimeToken(userInfo1.Id);
await Database.Save(token);
var pathPrefix = "/v1/auth/username/password_reset";
JobClient.Job = null;
// Fail: missing password
var request = new HttpRequestMessage(HttpMethod.Post, $"{pathPrefix}/{token.GetUnhashedToken()}");
var content = new Dictionary <string, object>();
request.Content = new StringContent(JsonSerializer.Serialize(content), Encoding.UTF8, JsonMediaType);
var response = await Client.SendAsync(request);
var error = await assertJsonError(response, HttpStatusCode.BadRequest, "missing_required");
assertMissingRequired(error, new List <string> {
"new_password"
});
// Fail: crappy passwords
request = new HttpRequestMessage(HttpMethod.Post, $"{pathPrefix}/{token.GetUnhashedToken()}");
content = new Dictionary <string, object>();
content.Add("new_password", "password");
request.Content = new StringContent(JsonSerializer.Serialize(content), Encoding.UTF8, JsonMediaType);
response = await Client.SendAsync(request);
await assertJsonError(response, HttpStatusCode.BadRequest, "bad_password");
request = new HttpRequestMessage(HttpMethod.Post, $"{pathPrefix}/{token.GetUnhashedToken()}");
content = new Dictionary <string, object>();
content.Add("new_password", "");
request.Content = new StringContent(JsonSerializer.Serialize(content), Encoding.UTF8, JsonMediaType);
response = await Client.SendAsync(request);
await assertJsonError(response, HttpStatusCode.BadRequest, "missing_required");
assertMissingRequired(error, new List <string> {
"new_password"
});
Assert.Null(JobClient.Job);
// Success
request = new HttpRequestMessage(HttpMethod.Post, $"{pathPrefix}/{token.GetUnhashedToken()}");
content = new Dictionary <string, object>();
content.Add("new_password", "something new");
request.Content = new StringContent(JsonSerializer.Serialize(content), Encoding.UTF8, JsonMediaType);
response = await Client.SendAsync(request);
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.NotNull(JobClient.Job);
Assert.Equal("Morphic.Server.Auth.ChangePasswordEmail", JobClient.Job.Type.FullName);
}
public void OneTimeTokenConstructor()
{
var token = new OneTimeToken
{
Email = "*****@*****.**",
Id = 5,
Token = "tokenstring",
ValidUntil = new DateTime(2020, 3, 4),
TokenType = (byte)OneTimeTokenType.AccountVerification
};
Assert.AreEqual("*****@*****.**", token.Email);
Assert.AreEqual(5, token.Id);
Assert.AreEqual("tokenstring", token.Token);
Assert.AreEqual(new DateTime(2020, 3, 4), token.ValidUntil);
Assert.AreEqual(OneTimeTokenType.AccountVerification, (OneTimeTokenType)token.TokenType);
}
public string GenerateSingleUseAuthToken(DocumentDatabase db, IPrincipal user)
{
var token = new OneTimeToken
{
DatabaseName = TenantId,
User = user
};
var tokenString = Guid.NewGuid().ToString();
singleUseAuthTokens.TryAdd(tokenString, token);
if (singleUseAuthTokens.Count > 25)
{
foreach (var oneTimeToken in singleUseAuthTokens.Where(x => x.Value.Age.TotalMinutes > 3))
{
OneTimeToken value;
singleUseAuthTokens.TryRemove(oneTimeToken.Key, out value);
}
}
return(tokenString);
}
public string GenerateSingleUseAuthToken(string resourceName, IPrincipal user)
{
var token = new OneTimeToken
{
ResourceName = string.IsNullOrEmpty(resourceName)?"<system>":resourceName,
User = user
};
var tokenString = Guid.NewGuid().ToString();
singleUseAuthTokens.TryAdd(tokenString, token);
if (singleUseAuthTokens.Count > 25)
{
foreach (var oneTimeToken in singleUseAuthTokens.Where(x => x.Value.Age.TotalMinutes > 3))
{
OneTimeToken value;
singleUseAuthTokens.TryRemove(oneTimeToken.Key, out value);
}
}
return(tokenString);
}
public string GenerateSingleUseAuthToken(DocumentDatabase db, IPrincipal user)
{
var token = new OneTimeToken
{
Database = db,
GeneratedAt = SystemTime.UtcNow,
User = user
};
var tokenString = Guid.NewGuid().ToString();
singleUseAuthTokens.TryAdd(tokenString, token);
if (singleUseAuthTokens.Count > 25)
{
foreach (var oneTimeToken in singleUseAuthTokens.Where(x => (x.Value.GeneratedAt - SystemTime.UtcNow).TotalMinutes > 5))
{
OneTimeToken value;
singleUseAuthTokens.TryRemove(oneTimeToken.Key, out value);
}
}
return(tokenString);
}
public string GenerateSingleUseAuthToken(string resourceName, IPrincipal user)
{
var token = new OneTimeToken
{
ResourceName = string.IsNullOrEmpty(resourceName)?"<system>":resourceName,
User = user
};
var tokenString = Guid.NewGuid().ToString();
singleUseAuthTokens.TryAdd(tokenString, token);
if (singleUseAuthTokens.Count > 25)
{
foreach (var oneTimeToken in singleUseAuthTokens.Where(x => x.Value.Age.TotalMinutes > 3))
{
OneTimeToken value;
singleUseAuthTokens.TryRemove(oneTimeToken.Key, out value);
}
}
return tokenString;
}
public string GenerateSingleUseAuthToken(DocumentDatabase db, IPrincipal user)
{
var token = new OneTimeToken
{
DatabaseName = TenantId,
GeneratedAt = SystemTime.UtcNow,
User = user
};
var tokenString = Guid.NewGuid().ToString();
singleUseAuthTokens.TryAdd(tokenString, token);
if (singleUseAuthTokens.Count > 25)
{
foreach (var oneTimeToken in singleUseAuthTokens.Where(x => (x.Value.GeneratedAt - SystemTime.UtcNow).TotalMinutes > 5))
{
OneTimeToken value;
singleUseAuthTokens.TryRemove(oneTimeToken.Key, out value);
}
}
return tokenString;
}
public async Task TestEmailValidationApi()
{
this.JobClient.Job = null;
// create user
var user = new User();
user.Id = Guid.NewGuid().ToString();
user.Email.PlainText = "*****@*****.**";
await Database.Save(user);
Assert.False(user.EmailVerified);
Assert.Null(await Database.Get <OneTimeToken>(t => t.UserId == user.Id));
// create OTP
var oneTimeToken = new OneTimeToken(user.Id);
await Database.Save(oneTimeToken);
// check the various fields and hashes
var token = oneTimeToken.GetUnhashedToken();
Assert.NotEqual(token, oneTimeToken.Token.ToCombinedString());
Assert.Null(oneTimeToken.UsedAt);
// GET, bad token (we're sending the token hash (the ID))
var path = $"/v1/users/{user.Id}/verify_email/{oneTimeToken.Id}";
var request = new HttpRequestMessage(HttpMethod.Post, path);
var response = await Client.SendAsync(request);
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
Assert.NotNull(await Database.Get <OneTimeToken>(t => t.UserId == user.Id));
var sameUser = await Database.Get <User>(user.Id);
Assert.NotNull(sameUser);
Assert.False(sameUser.EmailVerified);
// Email should not be sent.
Assert.Null(this.JobClient.Job);
// GET, Good token
sameUser = await Database.Get <User>(user.Id);
Assert.NotNull(sameUser);
Assert.False(sameUser.EmailVerified);
path = $"/v1/users/{user.Id}/verify_email/{token}";
request = new HttpRequestMessage(HttpMethod.Post, path);
response = await Client.SendAsync(request);
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
oneTimeToken = await Database.Get <OneTimeToken>(t => t.UserId == user.Id);
Assert.NotNull(oneTimeToken);
Assert.NotNull(oneTimeToken.UsedAt);
// Check an email was sent.
Assert.NotNull(this.JobClient.Job);
Assert.Equal(typeof(SignupConfirmationEmail).FullName, this.JobClient.Job.Type.FullName);
// try the same request again. Will fail
this.JobClient.Job = null;
request = new HttpRequestMessage(HttpMethod.Post, path);
response = await Client.SendAsync(request);
await assertJsonError(response, HttpStatusCode.NotFound, "invalid_token");
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
sameUser = await Database.Get <User>(user.Id);
Assert.NotNull(sameUser);
Assert.True(sameUser.EmailVerified);
// Email should not be sent.
Assert.Null(this.JobClient.Job);
}
