public void ResetPasswordTest() { UserAccountRecoveryController usersController = CreateFakeUserAccountRecoveryController(); //Set up recovery token on user TokenCreatorValidator tokenCreatorValidator = new TokenCreatorValidator(_testApiSecret); TokenCreationParams tokenCreationParams = tokenCreatorValidator.CreateToken(_users[0].Id, 30); _users[0].RecoverySalt = tokenCreationParams.SaltBytes; _usersService.Update(_users[0]); //Call endpoint with wrong token var response = usersController.ResetPassword(new PasswordResetModel( _users[0].Email, "wrong-token", "new-password-u1") ); Assert.IsType <BadRequestObjectResult>(response); Assert.True(PasswordVerifier.VerifyPasswordHash("password-u1", _users[0].PasswordHash, _users[0].PasswordSalt)); //Call endpoint and check Ok and user modifications response = usersController.ResetPassword(new PasswordResetModel( _users[0].Email, tokenCreationParams.TokenStr, "new-password-u1") ); Assert.IsType <OkResult>(response); Assert.True(PasswordVerifier.VerifyPasswordHash("new-password-u1", _users[0].PasswordHash, _users[0].PasswordSalt)); Assert.Null(_users[0].RecoverySalt); }
public ActionResult <PasswordEmailModel> SendPasswordEmail([FromBody] PasswordEmailModel passwordEmailModel) { User user; try { user = _userService.GetByEmail(passwordEmailModel.Email); } catch (RequestException) { return(BadRequest(new { message = "Email is not found" })); } TokenCreationParams tokenCreationParams = _tokenCreatorValidator.CreateToken(user.Id, 30); user.RecoverySalt = tokenCreationParams.SaltBytes; _userService.Update(user); MailSender.SendRecoveryMail(user, tokenCreationParams.TokenStr); return(Ok(new PasswordEmailModel(user.Email))); }
public ActionResult <SendLoginUserModel> Authenticate([FromBody] ReceiveLoginUserModel userModel) { User user; try { user = _userService.Authenticate(userModel.Email, userModel.Password); } catch (RequestException) { return(BadRequest(new { message = "Email or password is incorrect" })); } TokenCreationParams tokenCreationParams = _tokenCreatorValidator.CreateToken(user.Id, 60 * 24 * 7); user.AuthSalt = tokenCreationParams.SaltBytes; _userService.Update(user); SendLoginUserModel sendLoginUserModel = _mapper.Map <SendLoginUserModel>(user); sendLoginUserModel.Token = tokenCreationParams.TokenStr; return(Ok(sendLoginUserModel)); }
public void CreateAndValidateTokenTest() { TokenCreatorValidator tokenCreatorValidator = new TokenCreatorValidator( RandomString(1024) ); int userId; for (int i = 0; i < 100; i++) { userId = Random.Next(1, Int32.MaxValue); TokenCreationParams tokenCreationParams = tokenCreatorValidator.CreateToken(userId, 30); TokenValidationParams tokenValidationParams = tokenCreatorValidator.ValidateToken(tokenCreationParams.TokenStr); Assert.Equal(userId, tokenValidationParams.UserId); Assert.Equal( Encoding.Default.GetString(tokenCreationParams.SaltBytes), Encoding.Default.GetString(tokenValidationParams.SaltBytes) ); } }