public void ResetPasswordTest()
        {
            UserAccountRecoveryController usersController = CreateFakeUserAccountRecoveryController();

            //Set up recovery token on user
            TokenCreatorValidator tokenCreatorValidator = new TokenCreatorValidator(_testApiSecret);
            TokenCreationParams   tokenCreationParams   = tokenCreatorValidator.CreateToken(_users[0].Id, 30);

            _users[0].RecoverySalt = tokenCreationParams.SaltBytes;
            _usersService.Update(_users[0]);

            //Call endpoint with wrong token
            var response = usersController.ResetPassword(new PasswordResetModel(
                                                             _users[0].Email, "wrong-token", "new-password-u1")
                                                         );

            Assert.IsType <BadRequestObjectResult>(response);
            Assert.True(PasswordVerifier.VerifyPasswordHash("password-u1", _users[0].PasswordHash, _users[0].PasswordSalt));

            //Call endpoint and check Ok and user modifications
            response = usersController.ResetPassword(new PasswordResetModel(
                                                         _users[0].Email, tokenCreationParams.TokenStr, "new-password-u1")
                                                     );
            Assert.IsType <OkResult>(response);
            Assert.True(PasswordVerifier.VerifyPasswordHash("new-password-u1", _users[0].PasswordHash, _users[0].PasswordSalt));
            Assert.Null(_users[0].RecoverySalt);
        }
Esempio n. 2
0
        public ActionResult <PasswordEmailModel> SendPasswordEmail([FromBody] PasswordEmailModel passwordEmailModel)
        {
            User user;

            try {
                user = _userService.GetByEmail(passwordEmailModel.Email);
            } catch (RequestException) {
                return(BadRequest(new { message = "Email is not found" }));
            }

            TokenCreationParams tokenCreationParams = _tokenCreatorValidator.CreateToken(user.Id, 30);

            user.RecoverySalt = tokenCreationParams.SaltBytes;
            _userService.Update(user);

            MailSender.SendRecoveryMail(user, tokenCreationParams.TokenStr);


            return(Ok(new PasswordEmailModel(user.Email)));
        }
        public ActionResult <SendLoginUserModel> Authenticate([FromBody] ReceiveLoginUserModel userModel)
        {
            User user;

            try {
                user = _userService.Authenticate(userModel.Email, userModel.Password);
            } catch (RequestException) {
                return(BadRequest(new { message = "Email or password is incorrect" }));
            }

            TokenCreationParams tokenCreationParams = _tokenCreatorValidator.CreateToken(user.Id, 60 * 24 * 7);

            user.AuthSalt = tokenCreationParams.SaltBytes;

            _userService.Update(user);

            SendLoginUserModel sendLoginUserModel = _mapper.Map <SendLoginUserModel>(user);

            sendLoginUserModel.Token = tokenCreationParams.TokenStr;
            return(Ok(sendLoginUserModel));
        }
        public void CreateAndValidateTokenTest()
        {
            TokenCreatorValidator tokenCreatorValidator = new TokenCreatorValidator(
                RandomString(1024)
                );
            int userId;

            for (int i = 0; i < 100; i++)
            {
                userId = Random.Next(1, Int32.MaxValue);
                TokenCreationParams   tokenCreationParams   = tokenCreatorValidator.CreateToken(userId, 30);
                TokenValidationParams tokenValidationParams =
                    tokenCreatorValidator.ValidateToken(tokenCreationParams.TokenStr);

                Assert.Equal(userId, tokenValidationParams.UserId);
                Assert.Equal(
                    Encoding.Default.GetString(tokenCreationParams.SaltBytes),
                    Encoding.Default.GetString(tokenValidationParams.SaltBytes)
                    );
            }
        }