public void ChangePassword_PasswordValid_UpdatesAndSaves()
{
const string newPassword = "******";
const string oldPassword = "******";
string salt = Guid.NewGuid().ToString();
string newHashedPassword = Guid.NewGuid().ToString();
// setup
var currentUser = new UserIdentity()
{
Id = Guid.NewGuid(), UserName = "******"
};
var browser = new Browser((bootstrapper) =>
bootstrapper.Module(new UserModule(_userStore, _userValidator, _passwordProvider))
.RequestStartup((container, pipelines, context) => {
context.CurrentUser = currentUser;
})
);
UserModel user = new UserModel()
{
Id = currentUser.Id,
UserName = currentUser.UserName,
Password = oldPassword
};
List <UserModel> users = new List <UserModel>()
{
user
};
_userStore.Users.Returns(users);
_passwordProvider.GenerateSalt().Returns(salt);
_passwordProvider.HashPassword(newPassword, salt).Returns(newHashedPassword);
// execute
var response = browser.Post(Actions.User.ChangePassword, (with) =>
{
with.HttpRequest();
with.FormsAuth(currentUser.Id, new Nancy.Authentication.Forms.FormsAuthenticationConfiguration());
with.FormValue("Password", newPassword);
with.FormValue("ConfirmPassword", newPassword);
});
// assert
Assert.AreEqual(HttpStatusCode.OK, response.StatusCode);
// check the result
BasicResult result = JsonConvert.DeserializeObject <BasicResult>(response.Body.AsString());
Assert.IsTrue(result.Success);
Assert.AreEqual(0, result.Messages.Length);
// make sure the user was updated and saved
Assert.AreEqual(newHashedPassword, user.Password);
_userStore.Received(1).Save();
_passwordProvider.Received(1).GenerateSalt();
_passwordProvider.Received(1).HashPassword(newPassword, salt);
}
public UserModel Execute(string userName, string password, string role)
{
UserModel user = new UserModel();
user.UserName = userName;
user.Password = password;
user.Role = role;
// validate before we try to hash the password
ValidationResult result = _userValidator.Validate(user);
if (!result.Success)
{
throw new ValidationException(result.Messages);
}
// hash the password
user.Password = _passwordProvider.HashPassword(password, _passwordProvider.GenerateSalt());
// insert new record
string sql = @"INSERT INTO Users (Id, UserName, Password, Role) VALUES (@Id, @UserName, @Password, @Role)";
_dbContext.ExecuteNonQuery(sql, user);
return(user);
}
public dynamic ChangePassword()
{
string password = Request.Form["Password"];
string confirmPassword = Request.Form["ConfirmPassword"];
if (password.Length < 6)
{
return(Response.AsJson <BasicResult>(new BasicResult(false, "Passwords must be at least 6 characters in length")));
}
if (password != confirmPassword)
{
return(Response.AsJson <BasicResult>(new BasicResult(false, "Password and confirmation password do not match")));
}
// all ok - update the password
var currentUser = _userStore.Users.Where(x => x.UserName == this.Context.CurrentUser.UserName).Single();
currentUser.Password = _passwordProvider.HashPassword(password, _passwordProvider.GenerateSalt());
_userStore.Save();
return(Response.AsJson <BasicResult>(new BasicResult(true)));
}
public void Execute(string userName, string password)
{
if (String.IsNullOrEmpty(password))
{
throw new ValidationException("No password supplied");
}
var user = _userRepo.GetByUserName(userName);
string newPassword = _passwordProvider.HashPassword(password, _passwordProvider.GenerateSalt());
const string sql = "UPDATE Users SET Password = @Password WHERE Id = @Id";
_dbContext.ExecuteNonQuery(sql, new { Password = newPassword, Id = user.Id });
}
public void Execute_ValidationSucceeds_PasswordUpdated()
{
UserModel user = DataHelper.CreateUserModel();
_userRepo.GetByUserName(user.UserName).Returns(user);
string pwd = Guid.NewGuid().ToString();
string salt = Guid.NewGuid().ToString();
_passwordProvider.GenerateSalt().Returns(salt);
// execute
_updateUserPasswordCommand.Execute(user.UserName, pwd);
// assert
_passwordProvider.Received(1).HashPassword(pwd, salt);
_dbContext.Received(1).ExecuteNonQuery(Arg.Any <string>(), Arg.Any <object>());
}
public void Execute_ValidationSucceeds_PasswordIsHashed()
{
UserModel model = DataHelper.CreateUserModel();
string salt = Guid.NewGuid().ToString();
string hashedPassword = Guid.NewGuid().ToString();
_userValidator.Validate(Arg.Any <UserModel>()).Returns(new ValidationResult());
_passwordProvider.GenerateSalt().Returns(salt);
_passwordProvider.HashPassword(model.Password, salt).Returns(hashedPassword);
// execute
UserModel result = _createUserCommand.Execute(model.UserName, model.Password, model.Role);
// assert
_passwordProvider.Received(1).GenerateSalt();
_passwordProvider.Received(1).HashPassword(model.Password, salt);
Assert.AreEqual(model.UserName, result.UserName);
Assert.AreEqual(hashedPassword, result.Password);
Assert.AreEqual(model.Role, result.Role);
}
/// <summary>
/// Loads the users for the app from the file on disk.
/// </summary>
public void Load()
{
if (_fileWrap.Exists(this.FilePath))
{
string text = _fileWrap.ReadAllText(this.FilePath);
UserStore store = JsonConvert.DeserializeObject <UserStore>(text);
this.Users.AddRange(store.Users);
this.Connections.AddRange(store.Connections);
}
else
{
// first time - create a default admin user
UserModel user = new UserModel();
user.Id = Guid.NewGuid();
user.UserName = "******";
user.Password = _passwordProvider.HashPassword("admin", _passwordProvider.GenerateSalt());
user.Role = Roles.Admin;
Users.Add(user);
}
}