public void SignOutCallsContextResponseSignOut(string authenticationType)
{
// Setup
var manager = MockHelpers.MockUserManager <TestUser>();
var context = new Mock <HttpContext>();
var response = new Mock <HttpResponse>();
context.Setup(c => c.Response).Returns(response.Object).Verifiable();
response.Setup(r => r.SignOut(authenticationType)).Verifiable();
response.Setup(r => r.SignOut(IdentityOptions.TwoFactorUserIdCookieAuthenticationType)).Verifiable();
response.Setup(r => r.SignOut(IdentityOptions.ExternalCookieAuthenticationType)).Verifiable();
var contextAccessor = new Mock <IContextAccessor <HttpContext> >();
contextAccessor.Setup(a => a.Value).Returns(context.Object);
var roleManager = MockHelpers.MockRoleManager <TestRole>();
var identityOptions = new IdentityOptions();
var options = new Mock <IOptions <IdentityOptions> >();
options.Setup(a => a.Options).Returns(identityOptions);
IdentityOptions.ApplicationCookieAuthenticationType = authenticationType;
var claimsFactory = new Mock <ClaimsIdentityFactory <TestUser, TestRole> >(manager.Object, roleManager.Object, options.Object);
var helper = new SignInManager <TestUser>(manager.Object, contextAccessor.Object, claimsFactory.Object, options.Object);
// Act
helper.SignOut();
// Assert
context.VerifyAll();
response.VerifyAll();
contextAccessor.VerifyAll();
claimsFactory.VerifyAll();
}
public async Task PasswordSignInFailsWithUnknownUser()
{
// Setup
var manager = MockHelpers.MockUserManager <TestUser>();
manager.Setup(m => m.FindByNameAsync("bogus", CancellationToken.None)).ReturnsAsync(null).Verifiable();
var context = new Mock <HttpContext>();
var contextAccessor = new Mock <IContextAccessor <HttpContext> >();
contextAccessor.Setup(a => a.Value).Returns(context.Object);
var roleManager = MockHelpers.MockRoleManager <TestRole>();
var identityOptions = new IdentityOptions();
var options = new Mock <IOptions <IdentityOptions> >();
options.Setup(a => a.Options).Returns(identityOptions);
var claimsFactory = new Mock <ClaimsIdentityFactory <TestUser, TestRole> >(manager.Object, roleManager.Object, options.Object);
var helper = new SignInManager <TestUser>(manager.Object, contextAccessor.Object, claimsFactory.Object, options.Object);
// Act
var result = await helper.PasswordSignInAsync("bogus", "bogus", false, false);
// Assert
Assert.Equal(SignInStatus.Failure, result);
manager.VerifyAll();
context.VerifyAll();
contextAccessor.VerifyAll();
}
public async Task PasswordSignInReturnsLockedOutWhenLockedOut()
{
// Setup
var user = new TestUser {
UserName = "******"
};
var manager = SetupUserManager(user);
manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable();
manager.Setup(m => m.IsLockedOutAsync(user)).ReturnsAsync(true).Verifiable();
var context = new Mock <HttpContext>();
var contextAccessor = new Mock <IHttpContextAccessor>();
contextAccessor.Setup(a => a.HttpContext).Returns(context.Object);
var roleManager = MockHelpers.MockRoleManager <TestRole>();
var identityOptions = new IdentityOptions();
var options = new Mock <IOptions <IdentityOptions> >();
options.Setup(a => a.Options).Returns(identityOptions);
var claimsFactory = new UserClaimsPrincipalFactory <TestUser, TestRole>(manager.Object, roleManager.Object, options.Object);
var logStore = new StringBuilder();
var logger = MockHelpers.MockILogger <SignInManager <TestUser> >(logStore);
var helper = new SignInManager <TestUser>(manager.Object, contextAccessor.Object, claimsFactory, options.Object, logger.Object);
// Act
var result = await helper.PasswordSignInAsync(user.UserName, "bogus", false, false);
// Assert
Assert.False(result.Succeeded);
Assert.True(result.IsLockedOut);
Assert.True(logStore.ToString().Contains($"User {user.Id} is currently locked out."));
manager.Verify();
}
public async Task PasswordSignInReturnsLockedOutWhenLockedOut()
{
// Setup
var user = new TestUser {
UserName = "******"
};
var manager = MockHelpers.MockUserManager <TestUser>();
manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable();
manager.Setup(m => m.IsLockedOutAsync(user, CancellationToken.None)).ReturnsAsync(true).Verifiable();
manager.Setup(m => m.FindByNameAsync(user.UserName, CancellationToken.None)).ReturnsAsync(user).Verifiable();
var context = new Mock <HttpContext>();
var contextAccessor = new Mock <IContextAccessor <HttpContext> >();
contextAccessor.Setup(a => a.Value).Returns(context.Object);
var roleManager = MockHelpers.MockRoleManager <TestRole>();
var identityOptions = new IdentityOptions();
var options = new Mock <IOptions <IdentityOptions> >();
options.Setup(a => a.Options).Returns(identityOptions);
var claimsFactory = new Mock <ClaimsIdentityFactory <TestUser, TestRole> >(manager.Object, roleManager.Object, options.Object);
var helper = new SignInManager <TestUser>(manager.Object, contextAccessor.Object, claimsFactory.Object, options.Object);
// Act
var result = await helper.PasswordSignInAsync(user.UserName, "bogus", false, false);
// Assert
Assert.Equal(SignInStatus.LockedOut, result);
manager.VerifyAll();
}
public async Task PasswordSignInRequiresVerification(bool supportsLockout)
{
// Setup
var user = new TestUser {
UserName = "******"
};
var manager = MockHelpers.MockUserManager <TestUser>();
manager.Setup(m => m.SupportsUserLockout).Returns(supportsLockout).Verifiable();
if (supportsLockout)
{
manager.Setup(m => m.IsLockedOutAsync(user, CancellationToken.None)).ReturnsAsync(false).Verifiable();
}
IList <string> providers = new List <string>();
providers.Add("PhoneNumber");
manager.Setup(m => m.GetValidTwoFactorProvidersAsync(user, CancellationToken.None)).Returns(Task.FromResult(providers)).Verifiable();
manager.Setup(m => m.SupportsUserTwoFactor).Returns(true).Verifiable();
manager.Setup(m => m.GetTwoFactorEnabledAsync(user, CancellationToken.None)).ReturnsAsync(true).Verifiable();
manager.Setup(m => m.FindByNameAsync(user.UserName, CancellationToken.None)).ReturnsAsync(user).Verifiable();
manager.Setup(m => m.GetUserIdAsync(user, CancellationToken.None)).ReturnsAsync(user.Id).Verifiable();
manager.Setup(m => m.CheckPasswordAsync(user, "password", CancellationToken.None)).ReturnsAsync(true).Verifiable();
if (supportsLockout)
{
manager.Setup(m => m.ResetAccessFailedCountAsync(user, CancellationToken.None)).ReturnsAsync(IdentityResult.Success).Verifiable();
}
var context = new Mock <HttpContext>();
var response = new Mock <HttpResponse>();
response.Setup(r => r.SignIn(It.Is <ClaimsIdentity>(id => id.Name == user.Id))).Verifiable();
context.Setup(c => c.Response).Returns(response.Object).Verifiable();
var contextAccessor = new Mock <IHttpContextAccessor>();
contextAccessor.Setup(a => a.Value).Returns(context.Object);
var roleManager = MockHelpers.MockRoleManager <TestRole>();
var identityOptions = new IdentityOptions();
var options = new Mock <IOptions <IdentityOptions> >();
options.Setup(a => a.Options).Returns(identityOptions);
var logStore = new StringBuilder();
var loggerFactory = MockHelpers.MockILoggerFactory(MockHelpers.MockILogger(logStore).Object);
var helper = new SignInManager <TestUser>(manager.Object, contextAccessor.Object, new ClaimsIdentityFactory <TestUser, TestRole>(manager.Object, roleManager.Object, options.Object), options.Object, loggerFactory.Object);
string expected = string.Format("{0} for user: {1} : Result : {2}", "PasswordSignInAsync", user.Id, "RequiresTwoFactor");
// Act
var result = await helper.PasswordSignInAsync(user.UserName, "password", false, false);
// Assert
Assert.False(result.Succeeded);
Assert.True(result.RequiresTwoFactor);
Assert.NotEqual(-1, logStore.ToString().IndexOf(expected));
manager.VerifyAll();
context.VerifyAll();
response.VerifyAll();
contextAccessor.VerifyAll();
}
public async Task CanExternalSignIn(bool isPersistent, bool supportsLockout)
{
// Setup
var user = new TestUser {
UserName = "******"
};
const string loginProvider = "login";
const string providerKey = "fookey";
var manager = MockHelpers.MockUserManager <TestUser>();
manager.Setup(m => m.SupportsUserLockout).Returns(supportsLockout).Verifiable();
if (supportsLockout)
{
manager.Setup(m => m.IsLockedOutAsync(user, CancellationToken.None)).ReturnsAsync(false).Verifiable();
}
manager.Setup(m => m.FindByLoginAsync(loginProvider, providerKey, CancellationToken.None)).ReturnsAsync(user).Verifiable();
manager.Setup(m => m.GetUserIdAsync(user, CancellationToken.None)).ReturnsAsync(user.Id.ToString()).Verifiable();
var context = new Mock <HttpContext>();
var response = new Mock <HttpResponse>();
context.Setup(c => c.Response).Returns(response.Object).Verifiable();
response.Setup(r => r.SignIn(
It.Is <AuthenticationProperties>(v => v.IsPersistent == isPersistent),
It.Is <ClaimsIdentity>(i => i.FindFirstValue(ClaimTypes.AuthenticationMethod) == loginProvider))).Verifiable();
var contextAccessor = new Mock <IHttpContextAccessor>();
contextAccessor.Setup(a => a.Value).Returns(context.Object);
var roleManager = MockHelpers.MockRoleManager <TestRole>();
var identityOptions = new IdentityOptions();
response.Setup(r => r.SignOut(IdentityOptions.ExternalCookieAuthenticationType)).Verifiable();
var options = new Mock <IOptions <IdentityOptions> >();
options.Setup(a => a.Options).Returns(identityOptions);
var claimsFactory = new Mock <ClaimsIdentityFactory <TestUser, TestRole> >(manager.Object, roleManager.Object, options.Object);
claimsFactory.Setup(m => m.CreateAsync(user, CancellationToken.None)).ReturnsAsync(new ClaimsIdentity("Microsoft.AspNet.Identity")).Verifiable();
var logStore = new StringBuilder();
var loggerFactory = MockHelpers.MockILoggerFactory(MockHelpers.MockILogger(logStore).Object);
var helper = new SignInManager <TestUser>(manager.Object, contextAccessor.Object, claimsFactory.Object, options.Object, loggerFactory.Object);
string expected = string.Format("{0} for user: {1} : Result : {2}", "ExternalLoginSignInAsync", user.Id.ToString(), "Succeeded");
// Act
var result = await helper.ExternalLoginSignInAsync(loginProvider, providerKey, isPersistent);
// Assert
Assert.True(result.Succeeded);
Assert.NotEqual(-1, logStore.ToString().IndexOf(expected));
manager.VerifyAll();
context.VerifyAll();
response.VerifyAll();
contextAccessor.VerifyAll();
claimsFactory.VerifyAll();
}
public async Task CreateIdentityNullChecks()
{
var userManager = MockHelpers.MockUserManager <TestUser>().Object;
var roleManager = MockHelpers.MockRoleManager <TestRole>().Object;
var factory = new ClaimsIdentityFactory <TestUser, TestRole>(userManager, roleManager);
await Assert.ThrowsAsync <ArgumentNullException>("user",
async() => await factory.CreateAsync(null, new ClaimsIdentityOptions()));
await Assert.ThrowsAsync <ArgumentNullException>("options",
async() => await factory.CreateAsync(new TestUser(), null));
}
public async Task RememberBrowserSkipsTwoFactorVerificationSignIn(bool isPersistent)
{
// Setup
var user = new TestUser {
UserName = "******"
};
var manager = MockHelpers.MockUserManager <TestUser>();
manager.Setup(m => m.GetTwoFactorEnabledAsync(user, CancellationToken.None)).ReturnsAsync(true).Verifiable();
IList <string> providers = new List <string>();
providers.Add("PhoneNumber");
manager.Setup(m => m.GetValidTwoFactorProvidersAsync(user, CancellationToken.None)).Returns(Task.FromResult(providers)).Verifiable();
manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable();
manager.Setup(m => m.SupportsUserTwoFactor).Returns(true).Verifiable();
manager.Setup(m => m.IsLockedOutAsync(user, CancellationToken.None)).ReturnsAsync(false).Verifiable();
manager.Setup(m => m.FindByNameAsync(user.UserName, CancellationToken.None)).ReturnsAsync(user).Verifiable();
manager.Setup(m => m.GetUserIdAsync(user, CancellationToken.None)).ReturnsAsync(user.Id).Verifiable();
manager.Setup(m => m.CheckPasswordAsync(user, "password", CancellationToken.None)).ReturnsAsync(true).Verifiable();
var context = new Mock <HttpContext>();
var response = new Mock <HttpResponse>();
context.Setup(c => c.Response).Returns(response.Object).Verifiable();
response.Setup(r => r.SignIn(It.Is <AuthenticationProperties>(v => v.IsPersistent == isPersistent), It.Is <ClaimsIdentity>(i => i.AuthenticationType == IdentityOptions.ApplicationCookieAuthenticationType))).Verifiable();
var id = new ClaimsIdentity(IdentityOptions.TwoFactorRememberMeCookieAuthenticationType);
id.AddClaim(new Claim(ClaimTypes.Name, user.Id));
var authResult = new AuthenticationResult(id, new AuthenticationProperties(), new AuthenticationDescription());
context.Setup(c => c.AuthenticateAsync(IdentityOptions.TwoFactorRememberMeCookieAuthenticationType)).ReturnsAsync(authResult).Verifiable();
var contextAccessor = new Mock <IContextAccessor <HttpContext> >();
contextAccessor.Setup(a => a.Value).Returns(context.Object);
var roleManager = MockHelpers.MockRoleManager <TestRole>();
var identityOptions = new IdentityOptions();
var options = new Mock <IOptions <IdentityOptions> >();
options.Setup(a => a.Options).Returns(identityOptions);
var claimsFactory = new Mock <ClaimsIdentityFactory <TestUser, TestRole> >(manager.Object, roleManager.Object, options.Object);
claimsFactory.Setup(m => m.CreateAsync(user, CancellationToken.None)).ReturnsAsync(new ClaimsIdentity(IdentityOptions.ApplicationCookieAuthenticationType)).Verifiable();
var helper = new SignInManager <TestUser>(manager.Object, contextAccessor.Object, claimsFactory.Object, options.Object);
// Act
var result = await helper.PasswordSignInAsync(user.UserName, "password", isPersistent, false);
// Assert
Assert.Equal(SignInStatus.Success, result);
manager.VerifyAll();
context.VerifyAll();
response.VerifyAll();
contextAccessor.VerifyAll();
claimsFactory.VerifyAll();
}
public async Task CanRequireConfirmedEmailForPasswordSignIn(bool confirmed)
{
// Setup
var user = new TestUser {
UserName = "******"
};
var manager = MockHelpers.MockUserManager <TestUser>();
manager.Setup(m => m.IsEmailConfirmedAsync(user, CancellationToken.None)).ReturnsAsync(confirmed).Verifiable();
if (confirmed)
{
manager.Setup(m => m.CheckPasswordAsync(user, "password", CancellationToken.None)).ReturnsAsync(true).Verifiable();
}
manager.Setup(m => m.GetUserIdAsync(user, CancellationToken.None)).ReturnsAsync(user.Id.ToString()).Verifiable();
var context = new Mock <HttpContext>();
var response = new Mock <HttpResponse>();
if (confirmed)
{
manager.Setup(m => m.CheckPasswordAsync(user, "password", CancellationToken.None)).ReturnsAsync(true).Verifiable();
context.Setup(c => c.Response).Returns(response.Object).Verifiable();
response.Setup(r => r.SignIn(It.Is <AuthenticationProperties>(v => v.IsPersistent == false), It.IsAny <ClaimsIdentity>())).Verifiable();
}
var contextAccessor = new Mock <IHttpContextAccessor>();
contextAccessor.Setup(a => a.Value).Returns(context.Object);
var roleManager = MockHelpers.MockRoleManager <TestRole>();
var identityOptions = new IdentityOptions();
identityOptions.SignIn.RequireConfirmedEmail = true;
var options = new Mock <IOptions <IdentityOptions> >();
options.Setup(a => a.Options).Returns(identityOptions);
var claimsFactory = new Mock <ClaimsIdentityFactory <TestUser, TestRole> >(manager.Object, roleManager.Object, options.Object);
var logStore = new StringBuilder();
var loggerFactory = MockHelpers.MockILoggerFactory(MockHelpers.MockILogger(logStore).Object);
var helper = new SignInManager <TestUser>(manager.Object, contextAccessor.Object, claimsFactory.Object, options.Object, loggerFactory.Object);
string expected = string.Format("{0} for user: {1} : Result : {2}", "CanSignInAsync", user.Id.ToString(), confirmed.ToString());
// Act
var result = await helper.PasswordSignInAsync(user, "password", false, false);
// Assert
Assert.Equal(confirmed, result.Succeeded);
Assert.NotEqual(confirmed, result.IsNotAllowed);
Assert.NotEqual(-1, logStore.ToString().IndexOf(expected));
manager.VerifyAll();
context.VerifyAll();
response.VerifyAll();
contextAccessor.VerifyAll();
}
public async Task PasswordSignInRequiresVerification(bool supportsLockout)
{
// Setup
var user = new TestUser {
UserName = "******"
};
var manager = MockHelpers.MockUserManager <TestUser>();
manager.Setup(m => m.SupportsUserLockout).Returns(supportsLockout).Verifiable();
if (supportsLockout)
{
manager.Setup(m => m.IsLockedOutAsync(user, CancellationToken.None)).ReturnsAsync(false).Verifiable();
}
IList <string> providers = new List <string>();
providers.Add("PhoneNumber");
manager.Setup(m => m.GetValidTwoFactorProvidersAsync(user, CancellationToken.None)).Returns(Task.FromResult(providers)).Verifiable();
manager.Setup(m => m.SupportsUserTwoFactor).Returns(true).Verifiable();
manager.Setup(m => m.GetTwoFactorEnabledAsync(user, CancellationToken.None)).ReturnsAsync(true).Verifiable();
manager.Setup(m => m.FindByNameAsync(user.UserName, CancellationToken.None)).ReturnsAsync(user).Verifiable();
manager.Setup(m => m.GetUserIdAsync(user, CancellationToken.None)).ReturnsAsync(user.Id).Verifiable();
manager.Setup(m => m.CheckPasswordAsync(user, "password", CancellationToken.None)).ReturnsAsync(true).Verifiable();
if (supportsLockout)
{
manager.Setup(m => m.ResetAccessFailedCountAsync(user, CancellationToken.None)).ReturnsAsync(IdentityResult.Success).Verifiable();
}
var context = new Mock <HttpContext>();
var response = new Mock <HttpResponse>();
response.Setup(r => r.SignIn(It.Is <ClaimsIdentity>(id => id.Name == user.Id))).Verifiable();
context.Setup(c => c.Response).Returns(response.Object).Verifiable();
var contextAccessor = new Mock <IContextAccessor <HttpContext> >();
contextAccessor.Setup(a => a.Value).Returns(context.Object);
var roleManager = MockHelpers.MockRoleManager <TestRole>();
var identityOptions = new IdentityOptions();
var options = new Mock <IOptions <IdentityOptions> >();
options.Setup(a => a.Options).Returns(identityOptions);
var helper = new SignInManager <TestUser>(manager.Object, contextAccessor.Object, new ClaimsIdentityFactory <TestUser, TestRole>(manager.Object, roleManager.Object, options.Object), options.Object);
// Act
var result = await helper.PasswordSignInAsync(user.UserName, "password", false, false);
// Assert
Assert.Equal(SignInStatus.RequiresVerification, result);
manager.VerifyAll();
context.VerifyAll();
response.VerifyAll();
contextAccessor.VerifyAll();
}
public async Task CreateIdentityNullChecks()
{
var userManager = MockHelpers.MockUserManager <TestUser>().Object;
var roleManager = MockHelpers.MockRoleManager <TestRole>().Object;
var options = new Mock <IOptions <IdentityOptions> >();
Assert.Throws <ArgumentNullException>("optionsAccessor",
() => new UserClaimsPrincipalFactory <TestUser, TestRole>(userManager, roleManager, options.Object));
var identityOptions = new IdentityOptions();
options.Setup(a => a.Options).Returns(identityOptions);
var factory = new UserClaimsPrincipalFactory <TestUser, TestRole>(userManager, roleManager, options.Object);
await Assert.ThrowsAsync <ArgumentNullException>("user",
async() => await factory.CreateAsync(null));
}
public async Task CanPasswordSignIn(bool isPersistent)
{
// Setup
var user = new TestUser {
UserName = "******"
};
var manager = MockHelpers.MockUserManager <TestUser>();
manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable();
manager.Setup(m => m.IsLockedOutAsync(user, CancellationToken.None)).ReturnsAsync(false).Verifiable();
manager.Setup(m => m.FindByNameAsync(user.UserName, CancellationToken.None)).ReturnsAsync(user).Verifiable();
manager.Setup(m => m.CheckPasswordAsync(user, "password", CancellationToken.None)).ReturnsAsync(true).Verifiable();
manager.Setup(m => m.ResetAccessFailedCountAsync(user, CancellationToken.None)).ReturnsAsync(IdentityResult.Success).Verifiable();
manager.Setup(m => m.GetUserIdAsync(user, CancellationToken.None)).ReturnsAsync(user.Id.ToString()).Verifiable();
var context = new Mock <HttpContext>();
var response = new Mock <HttpResponse>();
context.Setup(c => c.Response).Returns(response.Object).Verifiable();
response.Setup(r => r.SignIn(It.Is <AuthenticationProperties>(v => v.IsPersistent == isPersistent), It.IsAny <ClaimsIdentity>())).Verifiable();
var contextAccessor = new Mock <IHttpContextAccessor>();
contextAccessor.Setup(a => a.Value).Returns(context.Object);
var roleManager = MockHelpers.MockRoleManager <TestRole>();
var identityOptions = new IdentityOptions();
var options = new Mock <IOptions <IdentityOptions> >();
options.Setup(a => a.Options).Returns(identityOptions);
var claimsFactory = new Mock <ClaimsIdentityFactory <TestUser, TestRole> >(manager.Object, roleManager.Object, options.Object);
claimsFactory.Setup(m => m.CreateAsync(user, CancellationToken.None)).ReturnsAsync(new ClaimsIdentity("Microsoft.AspNet.Identity")).Verifiable();
var logStore = new StringBuilder();
var loggerFactory = MockHelpers.MockILoggerFactory(MockHelpers.MockILogger(logStore).Object);
var helper = new SignInManager <TestUser>(manager.Object, contextAccessor.Object, claimsFactory.Object, options.Object, loggerFactory.Object);
string expected = string.Format("{0} for user: {1} : Result : {2}", "PasswordSignInAsync", user.Id, "Succeeded");
// Act
var result = await helper.PasswordSignInAsync(user.UserName, "password", isPersistent, false);
// Assert
Assert.True(result.Succeeded);
Assert.NotEqual(-1, logStore.ToString().IndexOf(expected));
manager.VerifyAll();
context.VerifyAll();
response.VerifyAll();
contextAccessor.VerifyAll();
claimsFactory.VerifyAll();
}
private static SignInManager <TestUser> SetupSignInManager(UserManager <TestUser> manager, HttpContext context, StringBuilder logStore = null, IdentityOptions identityOptions = null)
{
var contextAccessor = new Mock <IHttpContextAccessor>();
contextAccessor.Setup(a => a.HttpContext).Returns(context);
var roleManager = MockHelpers.MockRoleManager <TestRole>();
identityOptions = identityOptions ?? new IdentityOptions();
var options = new Mock <IOptions <IdentityOptions> >();
options.Setup(a => a.Options).Returns(identityOptions);
var claimsFactory = new UserClaimsPrincipalFactory <TestUser, TestRole>(manager, roleManager.Object, options.Object);
var sm = new SignInManager <TestUser>(manager, contextAccessor.Object, claimsFactory, options.Object, null);
sm.Logger = MockHelpers.MockILogger <SignInManager <TestUser> >(logStore ?? new StringBuilder()).Object;
return(sm);
}
public async Task CanRequireConfirmedEmailForPasswordSignIn(bool confirmed)
{
// Setup
var user = new TestUser {
UserName = "******"
};
var manager = MockHelpers.MockUserManager <TestUser>();
manager.Setup(m => m.IsEmailConfirmedAsync(user, CancellationToken.None)).ReturnsAsync(confirmed).Verifiable();
if (confirmed)
{
manager.Setup(m => m.CheckPasswordAsync(user, "password", CancellationToken.None)).ReturnsAsync(true).Verifiable();
}
var context = new Mock <HttpContext>();
var response = new Mock <HttpResponse>();
if (confirmed)
{
manager.Setup(m => m.CheckPasswordAsync(user, "password", CancellationToken.None)).ReturnsAsync(true).Verifiable();
context.Setup(c => c.Response).Returns(response.Object).Verifiable();
response.Setup(r => r.SignIn(It.Is <AuthenticationProperties>(v => v.IsPersistent == false), It.IsAny <ClaimsIdentity>())).Verifiable();
}
var contextAccessor = new Mock <IContextAccessor <HttpContext> >();
contextAccessor.Setup(a => a.Value).Returns(context.Object);
var roleManager = MockHelpers.MockRoleManager <TestRole>();
var identityOptions = new IdentityOptions();
identityOptions.SignIn.RequireConfirmedEmail = true;
var options = new Mock <IOptions <IdentityOptions> >();
options.Setup(a => a.Options).Returns(identityOptions);
var claimsFactory = new Mock <ClaimsIdentityFactory <TestUser, TestRole> >(manager.Object, roleManager.Object, options.Object);
var helper = new SignInManager <TestUser>(manager.Object, contextAccessor.Object, claimsFactory.Object, options.Object);
// Act
var result = await helper.PasswordSignInAsync(user, "password", false, false);
// Assert
Assert.Equal(confirmed ? SignInStatus.Success : SignInStatus.NotAllowed, result);
manager.VerifyAll();
context.VerifyAll();
response.VerifyAll();
contextAccessor.VerifyAll();
}
public async Task CanPasswordSignIn(bool isPersistent)
{
// Setup
var user = new TestUser {
UserName = "******"
};
var manager = MockHelpers.MockUserManager <TestUser>();
manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable();
manager.Setup(m => m.IsLockedOutAsync(user, CancellationToken.None)).ReturnsAsync(false).Verifiable();
manager.Setup(m => m.FindByNameAsync(user.UserName, CancellationToken.None)).ReturnsAsync(user).Verifiable();
manager.Setup(m => m.CheckPasswordAsync(user, "password", CancellationToken.None)).ReturnsAsync(true).Verifiable();
manager.Setup(m => m.ResetAccessFailedCountAsync(user, CancellationToken.None)).ReturnsAsync(IdentityResult.Success).Verifiable();
var context = new Mock <HttpContext>();
var response = new Mock <HttpResponse>();
context.Setup(c => c.Response).Returns(response.Object).Verifiable();
response.Setup(r => r.SignIn(It.Is <AuthenticationProperties>(v => v.IsPersistent == isPersistent), It.IsAny <ClaimsIdentity>())).Verifiable();
var contextAccessor = new Mock <IContextAccessor <HttpContext> >();
contextAccessor.Setup(a => a.Value).Returns(context.Object);
var roleManager = MockHelpers.MockRoleManager <TestRole>();
var identityOptions = new IdentityOptions();
var options = new Mock <IOptions <IdentityOptions> >();
options.Setup(a => a.Options).Returns(identityOptions);
var claimsFactory = new Mock <ClaimsIdentityFactory <TestUser, TestRole> >(manager.Object, roleManager.Object, options.Object);
claimsFactory.Setup(m => m.CreateAsync(user, CancellationToken.None)).ReturnsAsync(new ClaimsIdentity("Microsoft.AspNet.Identity")).Verifiable();
var helper = new SignInManager <TestUser>(manager.Object, contextAccessor.Object, claimsFactory.Object, options.Object);
// Act
var result = await helper.PasswordSignInAsync(user.UserName, "password", isPersistent, false);
// Assert
Assert.Equal(SignInStatus.Success, result);
manager.VerifyAll();
context.VerifyAll();
response.VerifyAll();
contextAccessor.VerifyAll();
claimsFactory.VerifyAll();
}
public async Task PasswordSignInWorksWithNonTwoFactorStore()
{
// Setup
var user = new TestUser {
UserName = "******"
};
var manager = MockHelpers.MockUserManager <TestUser>();
manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable();
manager.Setup(m => m.IsLockedOutAsync(user, CancellationToken.None)).ReturnsAsync(false).Verifiable();
manager.Setup(m => m.FindByNameAsync(user.UserName, CancellationToken.None)).ReturnsAsync(user).Verifiable();
manager.Setup(m => m.CheckPasswordAsync(user, "password", CancellationToken.None)).ReturnsAsync(true).Verifiable();
manager.Setup(m => m.ResetAccessFailedCountAsync(user, CancellationToken.None)).ReturnsAsync(IdentityResult.Success).Verifiable();
manager.Setup(m => m.GetUserIdAsync(user, CancellationToken.None)).ReturnsAsync(user.Id.ToString()).Verifiable();
var context = new Mock <HttpContext>();
var response = new Mock <HttpResponse>();
response.Setup(r => r.SignIn(It.IsAny <AuthenticationProperties>(), It.IsAny <ClaimsIdentity>())).Verifiable();
context.Setup(c => c.Response).Returns(response.Object).Verifiable();
var contextAccessor = new Mock <IHttpContextAccessor>();
contextAccessor.Setup(a => a.Value).Returns(context.Object);
var roleManager = MockHelpers.MockRoleManager <TestRole>();
var identityOptions = new IdentityOptions();
var options = new Mock <IOptions <IdentityOptions> >();
options.Setup(a => a.Options).Returns(identityOptions);
var claimsFactory = new Mock <ClaimsIdentityFactory <TestUser, TestRole> >(manager.Object, roleManager.Object, options.Object);
var helper = new SignInManager <TestUser>(manager.Object, contextAccessor.Object, claimsFactory.Object, options.Object);
// Act
var result = await helper.PasswordSignInAsync(user.UserName, "password", false, false);
// Assert
Assert.True(result.Succeeded);
manager.VerifyAll();
context.VerifyAll();
response.VerifyAll();
contextAccessor.VerifyAll();
}
public async Task PasswordSignInReturnsLockedOutWhenLockedOut()
{
// Setup
var user = new TestUser {
UserName = "******"
};
var manager = SetupUserManager(user);
manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable();
manager.Setup(m => m.IsLockedOutAsync(user)).ReturnsAsync(true).Verifiable();
var context = new Mock <HttpContext>();
var contextAccessor = new Mock <IHttpContextAccessor>();
contextAccessor.Setup(a => a.HttpContext).Returns(context.Object);
var roleManager = MockHelpers.MockRoleManager <TestRole>();
var identityOptions = new IdentityOptions();
var options = new Mock <IOptions <IdentityOptions> >();
options.Setup(a => a.Options).Returns(identityOptions);
var claimsFactory = new UserClaimsPrincipalFactory <TestUser, TestRole>(manager.Object, roleManager.Object, options.Object);
var logStore = new StringBuilder();
var logger = MockHelpers.MockILogger <SignInManager <TestUser> >(logStore);
var helper = new SignInManager <TestUser>(manager.Object, contextAccessor.Object, claimsFactory, options.Object, null);
helper.Logger = logger.Object;
var expectedScope = string.Format("{0} for {1}: {2}", "PasswordSignInAsync", "user", user.Id);
var expectedLog = string.Format("{0} : {1}", "PasswordSignInAsync", "Lockedout");
// Act
var result = await helper.PasswordSignInAsync(user.UserName, "bogus", false, false);
// Assert
Assert.False(result.Succeeded);
Assert.True(result.IsLockedOut);
Assert.NotEqual(-1, logStore.ToString().IndexOf(expectedLog));
Assert.NotEqual(-1, logStore.ToString().IndexOf(expectedScope));
manager.Verify();
}
public async Task PasswordSignInFailsWithWrongPasswordCanAccessFailedAndLockout()
{
// Setup
var user = new TestUser {
UserName = "******"
};
var manager = MockHelpers.MockUserManager <TestUser>();
var lockedout = false;
manager.Setup(m => m.AccessFailedAsync(user, CancellationToken.None)).Returns(() =>
{
lockedout = true;
return(Task.FromResult(IdentityResult.Success));
}).Verifiable();
manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable();
manager.Setup(m => m.IsLockedOutAsync(user, CancellationToken.None)).Returns(() => Task.FromResult(lockedout));
manager.Setup(m => m.FindByNameAsync(user.UserName, CancellationToken.None)).ReturnsAsync(user).Verifiable();
manager.Setup(m => m.CheckPasswordAsync(user, "bogus", CancellationToken.None)).ReturnsAsync(false).Verifiable();
var context = new Mock <HttpContext>();
var contextAccessor = new Mock <IHttpContextAccessor>();
contextAccessor.Setup(a => a.Value).Returns(context.Object);
var roleManager = MockHelpers.MockRoleManager <TestRole>();
var identityOptions = new IdentityOptions();
var options = new Mock <IOptions <IdentityOptions> >();
options.Setup(a => a.Options).Returns(identityOptions);
var claimsFactory = new Mock <ClaimsIdentityFactory <TestUser, TestRole> >(manager.Object, roleManager.Object, options.Object);
var helper = new SignInManager <TestUser>(manager.Object, contextAccessor.Object, claimsFactory.Object, options.Object);
// Act
var result = await helper.PasswordSignInAsync(user.UserName, "bogus", false, true);
// Assert
Assert.False(result.Succeeded);
Assert.True(result.IsLockedOut);
manager.VerifyAll();
}
public async Task RememberClientStoresUserId()
{
// Setup
var user = new TestUser {
UserName = "******"
};
var manager = MockHelpers.MockUserManager <TestUser>();
var context = new Mock <HttpContext>();
var response = new Mock <HttpResponse>();
var contextAccessor = new Mock <IContextAccessor <HttpContext> >();
var roleManager = MockHelpers.MockRoleManager <TestRole>();
var identityOptions = new IdentityOptions();
var options = new Mock <IOptions <IdentityOptions> >();
options.Setup(a => a.Options).Returns(identityOptions);
var claimsFactory = new ClaimsIdentityFactory <TestUser, TestRole>(manager.Object, roleManager.Object, options.Object);
manager.Setup(m => m.GetUserIdAsync(user, CancellationToken.None)).ReturnsAsync(user.Id).Verifiable();
context.Setup(c => c.Response).Returns(response.Object).Verifiable();
response.Setup(r => r.SignIn(
It.Is <AuthenticationProperties>(v => v.IsPersistent == true),
It.Is <ClaimsIdentity>(i => i.FindFirstValue(ClaimTypes.Name) == user.Id &&
i.AuthenticationType == IdentityOptions.TwoFactorRememberMeCookieAuthenticationType))).Verifiable();
contextAccessor.Setup(a => a.Value).Returns(context.Object).Verifiable();
options.Setup(a => a.Options).Returns(identityOptions).Verifiable();
var helper = new SignInManager <TestUser>(manager.Object, contextAccessor.Object, claimsFactory, options.Object);
// Act
await helper.RememberTwoFactorClientAsync(user);
// Assert
manager.VerifyAll();
context.VerifyAll();
response.VerifyAll();
contextAccessor.VerifyAll();
options.VerifyAll();
}
public async Task PasswordSignInFailsWithWrongPassword()
{
// Setup
var user = new TestUser {
UserName = "******"
};
var manager = MockHelpers.MockUserManager <TestUser>();
manager.Setup(m => m.SupportsUserLockout).Returns(true).Verifiable();
manager.Setup(m => m.IsLockedOutAsync(user, CancellationToken.None)).ReturnsAsync(false).Verifiable();
manager.Setup(m => m.FindByNameAsync(user.UserName, CancellationToken.None)).ReturnsAsync(user).Verifiable();
manager.Setup(m => m.CheckPasswordAsync(user, "bogus", CancellationToken.None)).ReturnsAsync(false).Verifiable();
manager.Setup(m => m.GetUserIdAsync(user, CancellationToken.None)).ReturnsAsync(user.Id.ToString()).Verifiable();
var context = new Mock <HttpContext>();
var contextAccessor = new Mock <IHttpContextAccessor>();
contextAccessor.Setup(a => a.Value).Returns(context.Object);
var roleManager = MockHelpers.MockRoleManager <TestRole>();
var identityOptions = new IdentityOptions();
var options = new Mock <IOptions <IdentityOptions> >();
options.Setup(a => a.Options).Returns(identityOptions);
var claimsFactory = new Mock <ClaimsIdentityFactory <TestUser, TestRole> >(manager.Object, roleManager.Object, options.Object);
var logStore = new StringBuilder();
var loggerFactory = MockHelpers.MockILoggerFactory(MockHelpers.MockILogger(logStore).Object);
var helper = new SignInManager <TestUser>(manager.Object, contextAccessor.Object, claimsFactory.Object, options.Object, loggerFactory.Object);
string expected = string.Format("{0} for user: {1} : Result : {2}", "PasswordSignInAsync", user.Id.ToString(), "Failed");
// Act
var result = await helper.PasswordSignInAsync(user.UserName, "bogus", false, false);
// Assert
Assert.False(result.Succeeded);
Assert.NotEqual(-1, logStore.ToString().IndexOf(expected));
manager.VerifyAll();
context.VerifyAll();
contextAccessor.VerifyAll();
}
public async Task CanTwoFactorSignIn(bool isPersistent, bool supportsLockout, bool externalLogin, bool rememberClient)
{
// Setup
var user = new TestUser {
UserName = "******"
};
var manager = MockHelpers.MockUserManager <TestUser>();
var provider = "twofactorprovider";
var code = "123456";
manager.Setup(m => m.SupportsUserLockout).Returns(supportsLockout).Verifiable();
if (supportsLockout)
{
manager.Setup(m => m.IsLockedOutAsync(user, CancellationToken.None)).ReturnsAsync(false).Verifiable();
manager.Setup(m => m.ResetAccessFailedCountAsync(user, CancellationToken.None)).ReturnsAsync(IdentityResult.Success).Verifiable();
}
manager.Setup(m => m.FindByIdAsync(user.Id, CancellationToken.None)).ReturnsAsync(user).Verifiable();
manager.Setup(m => m.VerifyTwoFactorTokenAsync(user, provider, code, CancellationToken.None)).ReturnsAsync(true).Verifiable();
manager.Setup(m => m.GetUserIdAsync(user, CancellationToken.None)).ReturnsAsync(user.Id).Verifiable();
manager.Setup(m => m.GetUserNameAsync(user, CancellationToken.None)).ReturnsAsync(user.UserName).Verifiable();
var context = new Mock <HttpContext>();
var response = new Mock <HttpResponse>();
var contextAccessor = new Mock <IContextAccessor <HttpContext> >();
var twoFactorInfo = new SignInManager <TestUser> .TwoFactorAuthenticationInfo {
UserId = user.Id
};
var loginProvider = "loginprovider";
var id = SignInManager <TestUser> .StoreTwoFactorInfo(user.Id, externalLogin?loginProvider : null);
var authResult = new AuthenticationResult(id, new AuthenticationProperties(), new AuthenticationDescription());
var roleManager = MockHelpers.MockRoleManager <TestRole>();
var identityOptions = new IdentityOptions();
var options = new Mock <IOptions <IdentityOptions> >();
options.Setup(a => a.Options).Returns(identityOptions);
var claimsFactory = new ClaimsIdentityFactory <TestUser, TestRole>(manager.Object, roleManager.Object, options.Object);
if (externalLogin)
{
response.Setup(r => r.SignIn(
It.Is <AuthenticationProperties>(v => v.IsPersistent == isPersistent),
It.Is <ClaimsIdentity>(i => i.FindFirstValue(ClaimTypes.NameIdentifier) == user.Id &&
i.FindFirstValue(ClaimTypes.AuthenticationMethod) == loginProvider))).Verifiable();
response.Setup(r => r.SignOut(IdentityOptions.ExternalCookieAuthenticationType)).Verifiable();
}
else
{
response.Setup(r => r.SignIn(
It.Is <AuthenticationProperties>(v => v.IsPersistent == isPersistent),
It.Is <ClaimsIdentity>(i => i.FindFirstValue(ClaimTypes.NameIdentifier) == user.Id))).Verifiable();
}
if (rememberClient)
{
response.Setup(r => r.SignIn(
It.Is <AuthenticationProperties>(v => v.IsPersistent == true),
It.Is <ClaimsIdentity>(i => i.FindFirstValue(ClaimTypes.Name) == user.Id &&
i.AuthenticationType == IdentityOptions.TwoFactorRememberMeCookieAuthenticationType))).Verifiable();
}
context.Setup(c => c.Response).Returns(response.Object).Verifiable();
context.Setup(c => c.AuthenticateAsync(IdentityOptions.TwoFactorUserIdCookieAuthenticationType)).ReturnsAsync(authResult).Verifiable();
contextAccessor.Setup(a => a.Value).Returns(context.Object);
var helper = new SignInManager <TestUser>(manager.Object, contextAccessor.Object, claimsFactory, options.Object);
// Act
var result = await helper.TwoFactorSignInAsync(provider, code, isPersistent, rememberClient);
// Assert
Assert.Equal(SignInStatus.Success, result);
manager.VerifyAll();
context.VerifyAll();
response.VerifyAll();
contextAccessor.VerifyAll();
}
public async Task EnsureClaimsIdentityHasExpectedClaims(bool supportRoles, bool supportClaims, bool supportRoleClaims)
{
// Setup
var userManager = MockHelpers.MockUserManager <TestUser>();
var roleManager = MockHelpers.MockRoleManager <TestRole>();
var user = new TestUser {
UserName = "******"
};
userManager.Setup(m => m.SupportsUserClaim).Returns(supportClaims);
userManager.Setup(m => m.SupportsUserRole).Returns(supportRoles);
userManager.Setup(m => m.GetUserIdAsync(user)).ReturnsAsync(user.Id);
userManager.Setup(m => m.GetUserNameAsync(user)).ReturnsAsync(user.UserName);
var roleClaims = new[] { "Admin", "Local" };
if (supportRoles)
{
userManager.Setup(m => m.GetRolesAsync(user)).ReturnsAsync(roleClaims);
roleManager.Setup(m => m.SupportsRoleClaims).Returns(supportRoleClaims);
}
var userClaims = new[] { new Claim("Whatever", "Value"), new Claim("Whatever2", "Value2") };
if (supportClaims)
{
userManager.Setup(m => m.GetClaimsAsync(user)).ReturnsAsync(userClaims);
}
userManager.Object.Options = new IdentityOptions();
var admin = new TestRole()
{
Name = "Admin"
};
var local = new TestRole()
{
Name = "Local"
};
var adminClaims = new[] { new Claim("AdminClaim1", "Value1"), new Claim("AdminClaim2", "Value2") };
var localClaims = new[] { new Claim("LocalClaim1", "Value1"), new Claim("LocalClaim2", "Value2") };
if (supportRoleClaims)
{
roleManager.Setup(m => m.FindByNameAsync("Admin")).ReturnsAsync(admin);
roleManager.Setup(m => m.FindByNameAsync("Local")).ReturnsAsync(local);
roleManager.Setup(m => m.GetClaimsAsync(admin)).ReturnsAsync(adminClaims);
roleManager.Setup(m => m.GetClaimsAsync(local)).ReturnsAsync(localClaims);
}
var options = new Mock <IOptions <IdentityOptions> >();
var identityOptions = new IdentityOptions();
options.Setup(a => a.Options).Returns(identityOptions);
var factory = new UserClaimsPrincipalFactory <TestUser, TestRole>(userManager.Object, roleManager.Object, options.Object);
// Act
var principal = await factory.CreateAsync(user);
var identity = principal.Identities.First();
// Assert
var manager = userManager.Object;
Assert.NotNull(identity);
Assert.Equal(1, principal.Identities.Count());
Assert.Equal(IdentityOptions.ApplicationCookieAuthenticationType, identity.AuthenticationType);
var claims = identity.Claims.ToList();
Assert.NotNull(claims);
Assert.True(
claims.Any(c => c.Type == manager.Options.ClaimsIdentity.UserNameClaimType && c.Value == user.UserName));
Assert.True(claims.Any(c => c.Type == manager.Options.ClaimsIdentity.UserIdClaimType && c.Value == user.Id));
Assert.Equal(supportRoles, claims.Any(c => c.Type == manager.Options.ClaimsIdentity.RoleClaimType && c.Value == "Admin"));
Assert.Equal(supportRoles, claims.Any(c => c.Type == manager.Options.ClaimsIdentity.RoleClaimType && c.Value == "Local"));
foreach (var cl in userClaims)
{
Assert.Equal(supportClaims, claims.Any(c => c.Type == cl.Type && c.Value == cl.Value));
}
foreach (var cl in adminClaims)
{
Assert.Equal(supportRoleClaims, claims.Any(c => c.Type == cl.Type && c.Value == cl.Value));
}
foreach (var cl in localClaims)
{
Assert.Equal(supportRoleClaims, claims.Any(c => c.Type == cl.Type && c.Value == cl.Value));
}
userManager.VerifyAll();
roleManager.VerifyAll();
}
