public void VerifyPasswordCreation()
{
var randomText = Guid.NewGuid().ToString();
PasswordUtils.CreatePasswordHash(randomText, out var passwordHash, out var passwordSalt);
Assert.IsTrue(PasswordUtils.VerifyPasswordHash(randomText, passwordHash, passwordSalt));
}
public User Create(User user, string password, int groupId)
{
// validation
if (string.IsNullOrWhiteSpace(password))
{
throw new AppException("Password is required");
}
if (_context.Users.Any(x => x.Username == user.Username))
{
throw new AppException("Username \"" + user.Username + "\" is already taken");
}
PasswordUtils.CreatePasswordHash(password, out var passwordHash, out var passwordSalt);
user.PasswordHash = passwordHash;
user.PasswordSalt = passwordSalt;
user.GroupId = groupId;
_context.Users.Add(user);
_context.SaveChanges();
return(user);
}
public void Update(User userParam, string password = null)
{
var user = _context.Users.Find(userParam.Id);
if (user == null)
{
throw new AppException("User not found");
}
if (userParam.Username != user.Username)
{
// username has changed so check if the new username is already taken
if (_context.Users.Any(x => x.Username == userParam.Username))
{
throw new AppException("Username " + userParam.Username + " is already taken");
}
}
// update user properties
user.FirstName = userParam.FirstName;
user.LastName = userParam.LastName;
user.Username = userParam.Username;
// update password if it was entered
if (!string.IsNullOrWhiteSpace(password))
{
PasswordUtils.CreatePasswordHash(password, out var passwordHash, out var passwordSalt);
user.PasswordHash = passwordHash;
user.PasswordSalt = passwordSalt;
}
_context.Users.Update(user);
_context.SaveChanges();
}
public void Username_Supplied_Is_Case_Insensitive_And_Trimmed()
{
// Setup
User user1 = new User {
Email = "user1", Password = PasswordUtils.CreatePasswordHash("user1", "pass1")
};
User user2 = new User {
Email = "user2", Password = PasswordUtils.CreatePasswordHash("user2", "pass2")
};
User user3 = new User {
Email = "user3", Password = PasswordUtils.CreatePasswordHash("user3", "pass3")
};
_unitOfWork.Users.Add(user1);
_unitOfWork.Users.Add(user2);
_unitOfWork.Users.Add(user3);
_unitOfWork.Commit();
// Act
User result = new UserByCredentialsQuery(_unitOfWork).WithEmail(" USER2 ")
.WithPassword("pass2")
.Execute();
// Verify
Assert.IsNotNull(result, "Query returned a null user");
Assert.AreEqual(user2.Id, result.Id, "Query returned the wrong user");
Assert.AreEqual(user2.Email, result.Email, "Query returned a user with an incorrect email");
}
public void Can_Retrieve_User_With_Correct_Credentials()
{
// Setup
User user1 = new User {
Email = "user1", Password = PasswordUtils.CreatePasswordHash("user1", "pass1")
};
User user2 = new User {
Email = "user2", Password = PasswordUtils.CreatePasswordHash("user2", "pass2")
};
User user3 = new User {
Email = "user3", Password = PasswordUtils.CreatePasswordHash("user3", "pass3")
};
_unitOfWork.Users.Add(user1);
_unitOfWork.Users.Add(user2);
_unitOfWork.Users.Add(user3);
_unitOfWork.Commit();
// Act
User result = new UserByCredentialsQuery(_unitOfWork).WithEmail("user2")
.WithPassword("pass2")
.Execute();
// Verify
Assert.IsNotNull(result, "Query returned a null user");
Assert.AreEqual(user2.Id, result.Id, "Query returned the wrong user");
Assert.AreEqual(user2.Email, result.Email, "Query returned a user with an incorrect email");
}
/// <summary>
/// Seeds the data context with default data when database is created
/// </summary>
/// <param name="context"></param>
protected override void Seed(MyJobLeadsDbContext context)
{
// Additional schema generation
GenerateElmahSchema(context);
// Seed data
context.Users.Add(new User
{
Email = "*****@*****.**",
Password = PasswordUtils.CreatePasswordHash("*****@*****.**", "test"),
LastVisitedJobSearchId = null,
IsOrganizationAdmin = true,
FullName = "Test Account",
Organization = new Organization
{
RegistrationToken = Guid.NewGuid(),
Name = "Seed Organization"
}
});
context.Users.Add(new User
{
Email = "*****@*****.**",
Password = PasswordUtils.CreatePasswordHash("*****@*****.**", "test"),
LastVisitedJobSearchId = null,
IsOrganizationAdmin = true,
FullName = "Site Admin",
IsSiteAdmin = true,
Organization = new Organization
{
RegistrationToken = Guid.NewGuid(),
Name = "Seed Organization"
}
});
context.OfficialDocuments.Add(new OfficialDocument
{
MeantForMembers = false,
DownloadUrl = "http://interviewtools.net",
Name = "Non-member document"
});
context.OfficialDocuments.Add(new OfficialDocument
{
MeantForMembers = true,
DownloadUrl = "http://myleads.interviewtools.net",
Name = "Member document"
});
context.SaveChanges();
}
private void InitializeTestEntities()
{
_search = new JobSearch();
_user = new User
{
Email = _startingEmail,
Password = PasswordUtils.CreatePasswordHash(_startingEmail, _oldPassword),
LastVisitedJobSearch = _search,
FullName = "starting name"
};
_unitOfWork.Users.Add(_user);
_unitOfWork.Commit();
}
public void Incorrect_Password_Returns_Null_User()
{
// Setup
User user = new User {
Email = "user", Password = PasswordUtils.CreatePasswordHash("user", "pass")
};
_unitOfWork.Users.Add(user);
_unitOfWork.Commit();
// Act
User result = new UserByCredentialsQuery(_unitOfWork).WithEmail("user")
.WithPassword("password")
.Execute();
// Verify
Assert.IsNull(result, "Query returned a valid user, when none should have been returned");
}
/// <summary>
/// Edits the user details
/// </summary>
/// <param name="procParams"></param>
/// <returns></returns>
public bool Execute(EditUserDetailsParams procParams)
{
// Validate parameters
var validationResults = _editUserDetailsValidator.Validate(procParams);
var currentUser = _userCredentialsQuery.WithEmail(procParams.CurrentEmail).WithPassword(procParams.CurrentPassword).Execute();
var userWithEmail = _userEmailQuery.WithEmail(procParams.NewEmail).Execute();
if (currentUser == null)
{
validationResults.Errors.Add(new ValidationFailure("", "Current password was not correct"));
}
if (userWithEmail != null && currentUser == userWithEmail)
{
validationResults.Errors.Add(new ValidationFailure("", "A user with the specified email address already exists"));
}
if (!validationResults.IsValid)
{
throw new ValidationException(validationResults.Errors);
}
// Update details
currentUser.Email = procParams.NewEmail.ToLower().Trim();
currentUser.FullName = procParams.FullName.Trim();
// Update the password, either from the old password or new one if specified
if (!string.IsNullOrWhiteSpace(procParams.NewPassword))
{
currentUser.Password = PasswordUtils.CreatePasswordHash(currentUser.Email, procParams.NewPassword);
}
else
{
currentUser.Password = PasswordUtils.CreatePasswordHash(currentUser.Email, procParams.CurrentPassword);
}
_unitOfWork.Commit();
return(true);
}
/// <summary>
/// Executes the command
/// </summary>
/// <returns></returns>
/// <exception cref="MJLEntityNotFoundException">Thrown when the specified user isn't found</exception>
public virtual User Execute()
{
// Retrieve the user
var user = new UserByIdQuery(_unitOfWork).WithUserId(_userId).Execute();
if (user == null)
{
throw new MJLEntityNotFoundException(typeof(User), _userId);
}
// Only check the current password if the user is only changing the last visited job search
if (!string.IsNullOrWhiteSpace(_newPassword) || !string.IsNullOrWhiteSpace(_newName))
{
// Verify the user's current password is correct
if (new UserByCredentialsQuery(_unitOfWork).WithEmail(user.Email).WithPassword(_oldPassword).Execute() == null)
{
throw new MJLIncorrectPasswordException(_userId);
}
}
// Edit the properties
if (!string.IsNullOrWhiteSpace(_newPassword))
{
user.Password = PasswordUtils.CreatePasswordHash(user.Email, _newPassword);
}
if (_newName != null)
{
user.FullName = _newName.Trim();
}
if (_updateLastJobSearch)
{
user.LastVisitedJobSearchId = _lastJobSearchId;
}
// Save
_unitOfWork.Commit();
return(user);
}
private async Task SetPassword(Users idata, string password)
{
byte[] passwordHash, passwordSalt;
PasswordUtils.CreatePasswordHash(idata.email, password, out passwordHash, out passwordSalt);
var cred = new User_Credential()
{
user_id = idata.id,
password_hash = passwordHash,
password_salt = passwordSalt
};
var cred_context = this.storageContext.Set <User_Credential>();
var cred_data = await cred_context.FirstOrDefaultAsync(x => x.user_id == idata.id);
if (cred_data != null)
{
cred_context.Update(cred);
}
else
{
await cred_context.AddAsync(cred);
}
}
/// <summary>
/// Executes the command
/// </summary>
/// <returns>Returns the generated password for the user</returns>
/// <exception cref="MJLEntityNotFoundException">Thrown when the specified user is not found</exception>
public virtual string Execute()
{
// Retrieve the user
var user = new UserByEmailQuery(_unitOfWork).WithEmail(_email).Execute();
if (user == null)
{
throw new MJLUserNotFoundException(MJLUserNotFoundException.SearchPropertyType.Email, _email);
}
// Generate a new password for the user
string newPassword = PasswordUtils.GenerateRandomPassword();
user.Password = PasswordUtils.CreatePasswordHash(user.Email, newPassword);
_unitOfWork.Commit();
// Send out an email
EmailProvider.Send(user.Email, "Password Recovery", "Your new MyJobLeads password is: " + newPassword);
return(newPassword);
}
/// <summary>
/// Executes the command
/// </summary>
/// <returns></returns>
/// <exception cref="MJLDuplicateUsernameException">Thrown when the requested username is already taken</exception>
/// <exception cref="MJLDuplicateEmailException">Thrown when the requested user's email is already used on another account</exception>
public virtual User Execute(CreateUserCommandParams cmdParams)
{
var unitOfWork = _serviceFactory.GetService <IUnitOfWork>();
// Convert the email and username to lower case and trim it
cmdParams.Email = cmdParams.Email.Trim().ToLower();
// Check if any user is using this email already
if (_serviceFactory.GetService <UserByEmailQuery>().WithEmail(cmdParams.Email).Execute() != null)
{
throw new MJLDuplicateEmailException(cmdParams.Email);
}
// If a registration token was specified, retrieve the organization for it
Organization org = null;
if (cmdParams.RegistrationToken != null)
{
org = _serviceFactory.GetService <OrganizationByRegistrationTokenQuery>()
.Execute(new OrganizationByRegistrationTokenQueryParams {
RegistrationToken = (Guid)cmdParams.RegistrationToken
});
if (org == null)
{
throw new InvalidOrganizationRegistrationTokenException((Guid)cmdParams.RegistrationToken);
}
// Check if this organization is restricted to specific email domains
if (org.IsEmailDomainRestricted)
{
int atIndex = cmdParams.Email.LastIndexOf('@');
string domain = cmdParams.Email.Substring(atIndex + 1, cmdParams.Email.Length - atIndex - 1).ToLower().Trim();
bool domainFound = false;
foreach (var orgDomain in org.EmailDomains)
{
if (cmdParams.Email.ToLower().Contains(orgDomain.Domain.ToLower().Trim()))
{
domainFound = true;
}
}
if (!domainFound)
{
throw new InvalidEmailDomainForOrganizationException(domain);
}
}
}
// Create the user
var user = new User
{
Email = cmdParams.Email,
Password = PasswordUtils.CreatePasswordHash(cmdParams.Email, cmdParams.PlainTextPassword),
Organization = org,
FullName = cmdParams.FullName,
JobSearches = new List <JobSearch>()
};
unitOfWork.Users.Add(user);
unitOfWork.Commit();
return(user);
}
