public async Task GivenValidRequest_ItRemovesCredAndSendsNotificationToUser()
{
// Arrange
var cred = CredentialBuilder.CreateExternalCredential("MicrosoftAccount", "blorg", "bloog");
var user = Fakes.CreateUser("test",
cred,
CredentialBuilder.CreatePbkdf2Password("password"));
GetMock <AuthenticationService>()
.Setup(a => a.RemoveCredential(user, cred))
.Completes()
.Verifiable();
GetMock <IMessageService>()
.Setup(m => m.SendCredentialRemovedNotice(user, cred))
.Verifiable();
var controller = GetController <UsersController>();
controller.SetCurrentUser(user);
// Act
var result = await controller.RemoveCredential(cred.Type);
// Assert
ResultAssert.IsRedirectToRoute(result, new { action = "Account" });
GetMock <AuthenticationService>().VerifyAll();
GetMock <IMessageService>().VerifyAll();
}
public async Task GivenAssociatedLocalUser_ItCreatesASessionAndSafeRedirectsToReturnUrl()
{
// Arrange
GetMock <AuthenticationService>(); // Force a mock to be created
var controller = GetController <AuthenticationController>();
var cred = CredentialBuilder.CreateExternalCredential("MicrosoftAccount", "blorg", "Bloog");
var authUser = new AuthenticatedUser(
Fakes.CreateUser("test", cred),
cred);
GetMock <AuthenticationService>()
.Setup(x => x.AuthenticateExternalLogin(controller.OwinContext))
.CompletesWith(new AuthenticateExternalLoginResult()
{
ExternalIdentity = new ClaimsIdentity(),
Authentication = authUser
});
// Act
var result = await controller.LinkExternalAccount("theReturnUrl");
// Assert
ResultAssert.IsSafeRedirectTo(result, "theReturnUrl");
GetMock <AuthenticationService>()
.Verify(x => x.CreateSession(controller.OwinContext, authUser.User));
}
public async Task GivenNoOldPassword_ItSendsAPasswordSetEmail()
{
// Arrange
var user = Fakes.CreateUser("test");
user.EmailAddress = "*****@*****.**";
GetMock <AuthenticationService>()
.Setup(a => a.GeneratePasswordResetToken(user, It.IsAny <int>()))
.Callback <User, int>((u, _) => u.PasswordResetToken = "t0k3n")
.Completes();
string actualConfirmUrl = null;
GetMock <IMessageService>()
.Setup(a => a.SendPasswordResetInstructions(user, It.IsAny <string>(), false))
.Callback <User, string, bool>((_, url, __) => actualConfirmUrl = url)
.Verifiable();
var controller = GetController <UsersController>();
controller.SetCurrentUser(user);
// Act
await controller.ChangePassword(new AccountViewModel());
// Assert
Assert.Equal("https://nuget.local/account/setpassword/test/t0k3n", actualConfirmUrl);
GetMock <IMessageService>().VerifyAll();
}
public async Task GivenAssociatedLocalAdminUser_ItChallengesWhenNotUsingRequiredExternalProvider(string providerUsedForLogin, bool shouldChallenge)
{
// Arrange
var enforcedProvider = "AzureActiveDirectory";
var config = Get <ConfigurationService>();
config.Current = new AppConfiguration()
{
ConfirmEmailAddresses = false,
EnforcedAuthProviderForAdmin = enforcedProvider
};
GetMock <AuthenticationService>(); // Force a mock to be created
var controller = GetController <AuthenticationController>();
var cred = CredentialBuilder.CreateExternalCredential(providerUsedForLogin, "blorg", "Bloog");
var authUser = new AuthenticatedUser(
Fakes.CreateUser("test", cred),
cred);
authUser.User.Roles.Add(new Role {
Name = Constants.AdminRoleName
});
GetMock <AuthenticationService>()
.Setup(x => x.AuthenticateExternalLogin(controller.OwinContext))
.CompletesWith(new AuthenticateExternalLoginResult()
{
ExternalIdentity = new ClaimsIdentity(),
Authentication = authUser
});
if (shouldChallenge)
{
GetMock <AuthenticationService>()
.Setup(x => x.Challenge(enforcedProvider, It.IsAny <string>()))
.Returns(new ChallengeResult(enforcedProvider, null))
.Verifiable();
}
else
{
GetMock <AuthenticationService>()
.Setup(x => x.CreateSession(controller.OwinContext, authUser.User))
.Verifiable();
}
// Act
var result = await controller.LinkExternalAccount("theReturnUrl");
// Assert
if (shouldChallenge)
{
ResultAssert.IsChallengeResult(result, enforcedProvider);
}
else
{
ResultAssert.IsSafeRedirectTo(result, "theReturnUrl");
GetMock <AuthenticationService>().VerifyAll();
}
}
public async Task GivenNoCredential_ItRedirectsBackWithNoChangesMade()
{
// Arrange
var user = Fakes.CreateUser("test",
CredentialBuilder.CreatePbkdf2Password("password"));
var controller = GetController <UsersController>();
controller.SetCurrentUser(user);
// Act
var result = await controller.RemoveCredential(CredentialTypes.ExternalPrefix + "MicrosoftAccount");
// Assert
ResultAssert.IsRedirectToRoute(result, new { action = "Account" });
Assert.Equal(1, user.Credentials.Count);
}
public void GivenOnlyASHA1PasswordItAuthenticatesUserAndReplacesItWithAPBKDF2Password()
{
var user = Fakes.CreateUser("tempUser", CredentialBuilder.CreateSha1Password("thePassword"));
var service = Get <AuthenticationService>();
service.Entities.Users.Add(user);
var foundByUserName = service.Authenticate("tempUser", "thePassword");
var cred = foundByUserName.User.Credentials.Single();
Assert.Same(user, foundByUserName.User);
Assert.Equal(CredentialTypes.Password.Pbkdf2, cred.Type);
Assert.True(CryptographyService.ValidateSaltedHash(cred.Value, "thePassword", Constants.PBKDF2HashAlgorithmId));
service.Entities.VerifyCommitChanges();
}
public async Task GivenNoOtherLoginCredentials_ItRedirectsBackWithAnErrorMessage()
{
// Arrange
var cred = CredentialBuilder.CreateExternalCredential("MicrosoftAccount", "blorg", "bloog");
var user = Fakes.CreateUser("test", cred);
var controller = GetController <UsersController>();
controller.SetCurrentUser(user);
// Act
var result = await controller.RemoveCredential(cred.Type);
// Assert
ResultAssert.IsRedirectToRoute(result, new { action = "Account" });
Assert.Equal(Strings.CannotRemoveOnlyLoginCredential, controller.TempData["Message"]);
Assert.Equal(1, user.Credentials.Count);
}
public async Task GivenNoOtherLoginCredentials_ItRedirectsBackWithAnErrorMessage()
{
// Arrange
var user = Fakes.CreateUser("test",
CredentialBuilder.CreatePbkdf2Password("password"));
var controller = GetController <UsersController>();
controller.SetCurrentUser(user);
// Act
var result = await controller.RemovePassword();
// Assert
ResultAssert.IsRedirectToRoute(result, new { action = "Account" });
Assert.Equal(Strings.CannotRemoveOnlyLoginCredential, controller.TempData["Message"]);
Assert.Equal(1, user.Credentials.Count);
}
public void AddsNewCredentialIfNoneWithSameTypeForUser()
{
// Arrange
var existingCred = new Credential("foo", "bar");
var newCred = new Credential("baz", "boz");
var user = Fakes.CreateUser("foo", existingCred);
var service = Get <AuthenticationService>();
service.Entities.Users.Add(user);
// Act
service.ReplaceCredential(user.Username, newCred);
// Assert
Assert.Equal(new[] { existingCred, newCred }, user.Credentials.ToArray());
service.Entities.VerifyCommitChanges();
}
public void ReturnsFalseIfPasswordDoesNotMatchUser_PBKDF2()
{
// Arrange
var service = Get <AuthenticationService>();
var user = Fakes.CreateUser("tempUser",
CredentialBuilder.CreatePbkdf2Password("oldpwd"));
service.Entities
.Set <User>()
.Add(user);
// Act
var changed = service.ChangePassword(user.Username, "not_the_password", "newpwd");
// Assert
Assert.False(changed);
}
public void ReturnsTrueWhenSuccessful()
{
// Arrange
var service = Get <AuthenticationService>();
var user = Fakes.CreateUser(
"tempUser",
CredentialBuilder.CreateSha1Password("oldpwd"));
service.Entities
.Set <User>()
.Add(user);
// Act
var changed = service.ChangePassword(user.Username, "oldpwd", "newpwd");
// Assert
Assert.True(changed);
}
public async Task GivenNoLinkButEmailMatchingLocalUser_ItDisplaysLogOnViewPresetForSignIn()
{
// Arrange
var existingUser = new User("existingUser")
{
EmailAddress = "*****@*****.**"
};
var cred = CredentialBuilder.CreateExternalCredential("MicrosoftAccount", "blorg", "Bloog");
var msAuther = new MicrosoftAccountAuthenticator();
var msaUI = msAuther.GetUI();
var authUser = new AuthenticatedUser(
Fakes.CreateUser("test", cred),
cred);
GetMock <AuthenticationService>(); // Force a mock to be created
GetMock <IUserService>()
.Setup(u => u.FindByEmailAddress(existingUser.EmailAddress))
.Returns(existingUser);
var controller = GetController <AuthenticationController>();
GetMock <AuthenticationService>()
.Setup(x => x.AuthenticateExternalLogin(controller.OwinContext))
.CompletesWith(new AuthenticateExternalLoginResult()
{
ExternalIdentity = new ClaimsIdentity(new [] {
new Claim(ClaimTypes.Email, existingUser.EmailAddress)
}),
Authenticator = msAuther
});
// Act
var result = await controller.LinkExternalAccount("theReturnUrl");
// Assert
var model = ResultAssert.IsView <LogOnViewModel>(result, viewName: "LogOn");
Assert.Equal(msaUI.AccountNoun, model.External.ProviderAccountNoun);
Assert.Null(model.External.AccountName);
Assert.True(model.External.FoundExistingUser);
Assert.Equal(existingUser.EmailAddress, model.SignIn.UserNameOrEmail);
Assert.Equal(existingUser.EmailAddress, model.Register.EmailAddress);
}
public void ReplacesExistingCredentialIfOneWithSameTypeExistsForUser()
{
// Arrange
var frozenCred = new Credential("foo", "bar");
var existingCred = new Credential("baz", "bar");
var newCred = new Credential("baz", "boz");
var user = Fakes.CreateUser("foo", existingCred, frozenCred);
var service = Get <AuthenticationService>();
service.Entities.Users.Add(user);
// Act
service.ReplaceCredential(user.Username, newCred);
// Assert
Assert.Equal(new[] { frozenCred, newCred }, user.Credentials.ToArray());
Assert.DoesNotContain(existingCred, service.Entities.Credentials);
service.Entities.VerifyCommitChanges();
}
public void MigratesPasswordIfHashAlgorithmIsNotPBKDF2()
{
// Arrange
var service = Get <AuthenticationService>();
var user = Fakes.CreateUser(
"tempUser",
CredentialBuilder.CreateSha1Password("oldpwd"));
service.Entities
.Set <User>()
.Add(user);
// Act
var changed = service.ChangePassword(user.Username, "oldpwd", "newpwd");
// Assert
var cred = user.Credentials.Single(c => c.Type.StartsWith(CredentialTypes.Password.Prefix, StringComparison.OrdinalIgnoreCase));
Assert.Equal(CredentialTypes.Password.Pbkdf2, cred.Type);
Assert.True(VerifyPasswordHash(cred.Value, Constants.PBKDF2HashAlgorithmId, "newpwd"));
service.Entities.VerifyCommitChanges();
}
public void UpdatesThePasswordCredential()
{
// Arrange
var service = Get <AuthenticationService>();
var user = Fakes.CreateUser(
"tempUser",
CredentialBuilder.CreatePbkdf2Password("oldpwd"));
service.Entities
.Set <User>()
.Add(user);
// Act
var changed = service.ChangePassword(user.Username, "oldpwd", "newpwd");
// Assert
var cred = user.Credentials.Single();
Assert.Equal(CredentialTypes.Password.Pbkdf2, cred.Type);
Assert.True(VerifyPasswordHash(cred.Value, Constants.PBKDF2HashAlgorithmId, "newpwd"));
service.Entities.VerifyCommitChanges();
}
public void LoadsDescriptionsOfCredentialsInToViewModel()
{
// Arrange
var user = Fakes.CreateUser(
"test",
CredentialBuilder.CreatePbkdf2Password("hunter2"),
CredentialBuilder.CreateV1ApiKey(Guid.NewGuid()),
CredentialBuilder.CreateExternalCredential("MicrosoftAccount", "blarg", "Bloog"));
var controller = GetController <UsersController>();
controller.SetCurrentUser(user);
// Act
var result = controller.Account();
// Assert
var model = ResultAssert.IsView <AccountViewModel>(result, viewName: "Account");
var descs = model.Credentials.ToDictionary(c => c.Kind); // Should only be one of each kind
Assert.Equal(3, descs.Count);
Assert.Equal(Strings.CredentialType_Password, descs[CredentialKind.Password].TypeCaption);
Assert.Equal(Strings.CredentialType_ApiKey, descs[CredentialKind.Token].TypeCaption);
Assert.Equal(Strings.MicrosoftAccount_Caption, descs[CredentialKind.External].TypeCaption);
}