/// <summary>
/// Resolve verification to create an account on the backend
/// and authenticate via tokens.
/// </summary>
/// <param name="verificationCode">Verification code from the server send via SMS.</param>
/// <param name="phoneNumber">Country code and phonenumber concatenated</param>
/// <param name="password">Password which should be a GIUD uppercase</param>
/// <returns></returns>
public async Task <bool> ResolveVerificationCodeAsync(string verificationCode, string phoneNumber, string password)
{
if (string.IsNullOrWhiteSpace(verificationCode) ||
string.IsNullOrWhiteSpace(phoneNumber) ||
string.IsNullOrWhiteSpace(password))
{
throw new ArgumentNullException("You must provide all parameters");
}
using (var client = new HttpClient(new NativeMessageHandler()))
{
client.Timeout = _timeOut;
var dto = new VerificationResolveDto
{
VerificationCode = verificationCode,
PhoneNumber = phoneNumber,
Password = password
};
var encodedContent = new FormUrlEncodedContent(dto.ToDictionary());
try
{
var response = await client.PostAsync(_resolveAddress, encodedContent);
return(response.IsSuccessStatusCode);
}
catch (Exception)
{
return(false);
}
}
}
public async void ResolveVerification_OnNotMatchingCode_BadRequest()
{
//Arrange
var resolveDto = new VerificationResolveDto
{
PhoneNumber = "491736890",
Password = "******",
VerificationCode = "123456"
};
var token = new VerificationToken {
Expires = DateTime.MaxValue
};
var userManagerMock = MockHelpers.GetMockUserManager();
var persistenceMock = new Mock <IIdentityPersistence>();
persistenceMock
.Setup(r => r.VerificationTokens
.FindByUserAsync(It.IsAny <string>()))
.ReturnsAsync(token);
var messageSenderMock = new Mock <ISmsSender>();
var configurationMock = new Mock <IConfigurationService>();
//Act
var controller = new VerificationController(_logger, persistenceMock.Object,
messageSenderMock.Object, configurationMock.Object, userManagerMock.Object);
var response = await controller.ResolveVerification(resolveDto);
//Assert
Assert.IsType <BadRequestObjectResult>(response);
}
public async void ResolveVerification_OnNullVerificationRequests_BadRequest()
{
//Arrange
var verificationResponseDto = new VerificationResolveDto
{
PhoneNumber = "491736890",
Password = "******",
VerificationCode = "789-789"
};
var userManagerMock = MockHelpers.GetMockUserManager();
var persistenceMock = new Mock <IIdentityPersistence>();
persistenceMock
.Setup(r => r.VerificationTokens
.FindByUserAsync(It.IsAny <string>()))
.Returns(Task.FromResult <VerificationToken>(null));
var messageSenderMock = new Mock <ISmsSender>();
var configurationMock = new Mock <IConfigurationService>();
//Act
var controller = new VerificationController(_logger, persistenceMock.Object,
messageSenderMock.Object, configurationMock.Object, userManagerMock.Object);
var response = await controller.ResolveVerification(verificationResponseDto);
//Assert
Assert.IsType <BadRequestObjectResult>(response);
}
public static bool ResolveTokenWithDto(this VerificationToken token, VerificationResolveDto dto)
{
if (dto == null)
{
throw new ArgumentNullException();
}
if (string.CompareOrdinal(token.User, dto.PhoneNumber) != 0 ||
string.CompareOrdinal(token.Code, dto.VerificationCode) != 0)
{
return(false);
}
return(true);
}
public async Task <IActionResult> ResolveVerification([FromForm] VerificationResolveDto dto)
{
if (!ModelState.IsValid)
{
return(BadRequest());
}
//Retrieve request from db
var request = await _dataWorker
.VerificationTokens
.FindByUserAsync(dto.PhoneNumber);
if (request == null)
{
return(BadRequest($"No verification request found for {dto.PhoneNumber}."));
}
//Verify if code matches
if (!request.ResolveTokenWithDto(dto))
{
_logger.LogInformation($"Code verification failed for [+{dto.PhoneNumber}.\nExpected ({request.Code}) but got ({dto.VerificationCode}).]");
return(BadRequest("Verification code does not match."));
}
if (request.IsExpired())
{
_logger.LogWarning($"Token has expired, challenge again.");
_dataWorker.VerificationTokens.Remove(request);
await _dataWorker.CompleteAsync();
return(BadRequest("Token expired"));
}
//Check if the user already has an account, otherwise create and persist a new one
var user = await _userManager.FindByNameAsync(dto.PhoneNumber);
if (user == null)
{
user = new ApplicationUser {
UserName = dto.PhoneNumber, Nickname = string.Empty
};
var creationResult = await _userManager.CreateAsync(user, dto.Password);
if (!creationResult.Succeeded)
{
return(StatusCode(500));
}
_logger.LogInformation($"A new User have been created [{user.UserName}].");
}
else
{
await _userManager.RemovePasswordAsync(user);
await _userManager.AddPasswordAsync(user, dto.Password);
}
//At this step the user is verified and persistet, remove obsolet request from db
_dataWorker.VerificationTokens.Remove(request);
await _dataWorker.CompleteAsync();
_logger.LogInformation($"Verification was succesfull for User [{user.UserName}.]");
return(Ok());
}
