Esempio n. 1
0
            public void FindsUsersByEmailAddress()
            {
                var user = new User
                {
                    Username              = "******",
                    HashedPassword        = "******",
                    EmailAddress          = "*****@*****.**",
                    PasswordHashAlgorithm = "PBKDF2"
                };

                var service = new TestableUserService();

                service.MockUserRepository
                .Setup(r => r.GetAll())
                .Returns(new[] { user }.AsQueryable());

                service.MockCrypto
                .Setup(c => c.ValidateSaltedHash(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <string>()))
                .Returns(true);

                var foundByEmailAddress = service.FindByUsernameOrEmailAddressAndPassword("*****@*****.**", "thePassword");

                Assert.NotNull(foundByEmailAddress);
                Assert.Same(user, foundByEmailAddress);
            }
Esempio n. 2
0
            public void FindsUsersUpdatesPasswordIfUsingLegacyHashAlgorithm()
            {
                var user = new User
                {
                    Username              = "******",
                    HashedPassword        = "******",
                    EmailAddress          = "*****@*****.**",
                    PasswordHashAlgorithm = "SHA1"
                };

                var service = new TestableUserService();

                service.MockUserRepository
                .Setup(r => r.GetAll())
                .Returns(new[] { user }.AsQueryable());
                service.MockUserRepository
                .Setup(r => r.CommitChanges())
                .Verifiable();
                service.MockCrypto
                .Setup(c => c.ValidateSaltedHash("theHashedPassword", "thePassword", "SHA1"))
                .Returns(true);
                service.MockCrypto
                .Setup(c => c.GenerateSaltedHash("thePassword", "PBKDF2"))
                .Returns("theBetterHashedPassword");


                service.FindByUsernameOrEmailAddressAndPassword("*****@*****.**", "thePassword");
                Assert.Equal("PBKDF2", user.PasswordHashAlgorithm);
                Assert.Equal("theBetterHashedPassword", user.HashedPassword);
                service.MockUserRepository.Verify(r => r.CommitChanges(), Times.Once());
            }
Esempio n. 3
0
            public void FindsUsersByEmailAddress()
            {
                var user = new User
                {
                    Username              = "******",
                    HashedPassword        = CryptographyService.GenerateSaltedHash("thePassword", Constants.PBKDF2HashAlgorithmId),
                    EmailAddress          = "*****@*****.**",
                    PasswordHashAlgorithm = "PBKDF2"
                };

                var service = new TestableUserService();

                service.MockUserRepository
                .Setup(r => r.GetAll())
                .Returns(new[] { user }.AsQueryable());

                var foundByEmailAddress = service.FindByUsernameOrEmailAddressAndPassword("*****@*****.**", "thePassword");

                Assert.NotNull(foundByEmailAddress);
                Assert.Same(user, foundByEmailAddress);
            }
Esempio n. 4
0
            public void FindsUsersByEmailAddress()
            {
                var user = new User
                {
                    Username = "******",
                    HashedPassword = CryptographyService.GenerateSaltedHash("thePassword", Constants.PBKDF2HashAlgorithmId),
                    EmailAddress = "*****@*****.**",
                    PasswordHashAlgorithm = "PBKDF2"
                };

                var service = new TestableUserService();
                service.MockUserRepository
                       .Setup(r => r.GetAll())
                       .Returns(new[] { user }.AsQueryable());

                var foundByEmailAddress = service.FindByUsernameOrEmailAddressAndPassword("*****@*****.**", "thePassword");
                Assert.NotNull(foundByEmailAddress);
                Assert.Same(user, foundByEmailAddress);
            }
Esempio n. 5
0
            public void FindsUsersUpdatesPasswordIfUsingLegacyHashAlgorithm()
            {
                var user = new User
                {
                    Username = "******",
                    HashedPassword = CryptographyService.GenerateSaltedHash("thePassword", "SHA1"),
                    PasswordHashAlgorithm = "SHA1",
                    EmailAddress = "*****@*****.**",
                };

                var service = new TestableUserService();
                service.MockUserRepository
                       .Setup(r => r.GetAll())
                       .Returns(new[] { user }.AsQueryable());
                service.MockUserRepository
                       .Setup(r => r.CommitChanges())
                       .Verifiable();

                service.FindByUsernameOrEmailAddressAndPassword("*****@*****.**", "thePassword");
                Assert.Equal("PBKDF2", user.PasswordHashAlgorithm);
                Assert.True(VerifyPasswordHash(user, "thePassword"));
                service.MockUserRepository.Verify(r => r.CommitChanges(), Times.Once());
            }
Esempio n. 6
0
            public void FindsUsersByEmailAddress()
            {
                var user = new User
                {
                    Username = "******",
                    HashedPassword = "******",
                    EmailAddress = "*****@*****.**",
                    PasswordHashAlgorithm = "PBKDF2"
                };

                var service = new TestableUserService();
                service.MockUserRepository
                       .Setup(r => r.GetAll())
                       .Returns(new[] { user }.AsQueryable());

                service.MockCrypto
                       .Setup(c => c.ValidateSaltedHash(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<string>()))
                       .Returns(true);

                var foundByEmailAddress = service.FindByUsernameOrEmailAddressAndPassword("*****@*****.**", "thePassword");
                Assert.NotNull(foundByEmailAddress);
                Assert.Same(user, foundByEmailAddress);
            }
            public void GivenASHA1AndAPBKDF2CredentialItAuthenticatesUserAndRemovesTheSHA1Cred()
            {
                var user = CreateAUser("theUsername", password: null, emailAddress: "*****@*****.**");
                user.Credentials.Add(CredentialBuilder.CreateSha1Password("thePassword"));
                user.Credentials.Add(CredentialBuilder.CreatePbkdf2Password("thePassword"));
                var service = new TestableUserService();
                service.MockUserRepository.HasData(user);
                service.MockCredentialRepository.HasData(user.Credentials);

                var foundByUserName = service.FindByUsernameOrEmailAddressAndPassword("*****@*****.**", "thePassword");

                var cred = foundByUserName.Credentials.Single();
                Assert.Same(user, foundByUserName);
                Assert.Equal(CredentialTypes.Password.Pbkdf2, cred.Type);
                Assert.True(CryptographyService.ValidateSaltedHash(cred.Value, "thePassword", Constants.PBKDF2HashAlgorithmId));
            }
            public void GivenASHA1AndAPBKDF2CredentialItAuthenticatesUserWithEitherCredential()
            {
                var user = CreateAUser("*****@*****.**", password: null, emailAddress: "*****@*****.**");
                user.Credentials.Add(CredentialBuilder.CreateSha1Password("thePassword1"));
                user.Credentials.Add(CredentialBuilder.CreatePbkdf2Password("thePassword2"));
                var service = new TestableUserService();
                service.MockUserRepository.HasData(user);
                service.MockCredentialRepository.HasData(user.Credentials);

                var foundByPassword1 = service.FindByUsernameOrEmailAddressAndPassword("*****@*****.**", "thePassword1");
                var foundByPassword2 = service.FindByUsernameOrEmailAddressAndPassword("*****@*****.**", "thePassword2");
                Assert.Same(user, foundByPassword1);
                Assert.Same(foundByPassword1, foundByPassword2);
            }
            public void GivenAPBKDF2PasswordColumnAndNoCredentialsItAuthenticatesUser()
            {
                var user = CreateAUser("*****@*****.**", "thePassword", "*****@*****.**", hashAlgorithm: Constants.PBKDF2HashAlgorithmId);
                var service = new TestableUserService();
                service.MockUserRepository.HasData(user);

                var foundByUserName = service.FindByUsernameOrEmailAddressAndPassword("*****@*****.**", "thePassword");

                Assert.Same(user, foundByUserName);
                Assert.Empty(user.Credentials);
            }
Esempio n. 10
0
            public void IfSomehowBothPasswordsExistItFindsUserBasedOnPasswordInCredentialsTable()
            {
                var user = CreateAUser("theUsername", "theWrongPassword", "*****@*****.**");
                user.Credentials.Add(CreatePasswordCredential("thePassword"));
                var service = new TestableUserService();
                service.MockUserRepository.HasData(user);
                service.MockCredentialRepository.HasData(user.Credentials);

                var foundByUserName = service.FindByUsernameOrEmailAddressAndPassword("*****@*****.**", "thePassword");

                Assert.NotNull(foundByUserName);
                Assert.Same(user, foundByUserName);
            }