public void MfaAuthorizationNotSubscribedTest_TestsIfResultIsTrueWhenMfaIsNotSubscribedForAnyAction_VerifiesByReturnValue()
{
MockPersistenceRepository mockPersistenceRepository = new MockPersistenceRepository(true);
MockUserRepository mockUserRepository = new MockUserRepository();
MockMfaEmailService mockMfaEmailService = new MockMfaEmailService();
MockSmsService mockSmsService = new MockSmsService();
MockMfaCodeGenerationService mockMfaCodeGenerationService = new MockMfaCodeGenerationService();
string userName = "******";
string phoneNumber = "2233344";
string email = "*****@*****.**";
User user = new User(userName, "asdf", "12345", "xyz", email, Language.English, TimeZone.CurrentTimeZone,
new TimeSpan(1, 1, 1, 1), DateTime.Now, "Pakistan", "", phoneNumber, "1234");
MockSecurityKeysRepository mockSecurityKeysRepository = new MockSecurityKeysRepository();
string apiKey = "apikey123";
// Add Api Key to mock implementation
mockSecurityKeysRepository.AddSecurityKeysPair(new SecurityKeysPair(user.Id, apiKey, "secretkey123", true, "Desc"));
// Add user to mock implementation
mockUserRepository.AddUser(user);
MfaAuthorizationService mfaAuthorizationService = new MfaAuthorizationService(mockPersistenceRepository,
mockUserRepository, mockSecurityKeysRepository, mockSmsService, mockMfaEmailService, mockMfaCodeGenerationService);
Tuple <bool, string> authorizeAccess = mfaAuthorizationService.AuthorizeAccess(apiKey, "Login", null);
Assert.IsTrue(authorizeAccess.Item1);
}
public void CancelAccountActivationSuccessfulTest_MakesSureAccountActivationGetsCancelledWhenEverythingIsGivenAsExpected_VerifiesByReturnedValueAndQueryingRepository()
{
IUserRepository userRepository = new MockUserRepository();
ISecurityKeysRepository securityKeysRepository = new MockSecurityKeysRepository();
IPasswordEncryptionService passwordEncryptionService = new PasswordEncryptionService();
IIdentityAccessPersistenceRepository persistenceRepository = new MockPersistenceRepository(false);
UserApplicationService userApplicationService = new UserApplicationService(userRepository, securityKeysRepository,
passwordEncryptionService, persistenceRepository, new MockEmailService(), new PasswordCodeGenerationService());
string activationKey = "123456789";
string username = "******";
string password = "******";
User user = new User("*****@*****.**", username, passwordEncryptionService.EncryptPassword(password),
"USA", TimeZone.CurrentTimeZone, "", activationKey);
user.AddTierStatus(Status.NonVerified, new Tier(TierLevelConstant.Tier0, TierLevelConstant.Tier0));
// We need to encrypt the password in the test case ourselves, as we are not registering the user through
// the proper service here
(userRepository as MockUserRepository).AddUser(user);
bool accountActivationCancelled = userApplicationService.CancelAccountActivation(new CancelActivationCommand(activationKey));
Assert.IsTrue(accountActivationCancelled);
User userByUserName = userRepository.GetUserByUserName(username);
Assert.IsNull(userByUserName);
}
public void ChangePasswordSuccessTest_ChecksIfThePasswordIsChangedSuccessfully_VeririesThroughTheReturnedValue()
{
IUserRepository userRepository = new MockUserRepository();
ISecurityKeysRepository securityKeysRepository = new MockSecurityKeysRepository();
IPasswordEncryptionService passwordEncryptionService = new PasswordEncryptionService();
IIdentityAccessPersistenceRepository persistenceRepository = new MockPersistenceRepository(false);
UserApplicationService userApplicationService = new UserApplicationService(userRepository, securityKeysRepository,
passwordEncryptionService, persistenceRepository, new MockEmailService(), new PasswordCodeGenerationService());
// Store the Securiyty Keys with the Username of the User at hand
(securityKeysRepository as MockSecurityKeysRepository).AddSecurityKeysPair(new SecurityKeysPair(
new ApiKey("123456789").Value, new SecretKey("987654321").Value, "desc", 0, true));
// We need to encrypt the password in the test case ourselves, as we are not registering the user through
// the proper service here
(userRepository as MockUserRepository).AddUser(new User("*****@*****.**", "linkinpark",
passwordEncryptionService.EncryptPassword("burnitdown"), "USA", TimeZone.CurrentTimeZone, "", ""));
User userBeforePasswordChange = userRepository.GetUserByUserName("linkinpark");
string passwordBeforeChange = userBeforePasswordChange.Password;
// Give the API key that is already stored in the Security keys repository mentioned with the User Name
//UserValidationEssentials userValidationEssentials = new UserValidationEssentials(new Tuple<ApiKey, SecretKey>(
// new ApiKey("123456789"), new SecretKey("987654321")), new TimeSpan(0,0,10,0));
ChangePasswordResponse changePasswordResponse = userApplicationService.ChangePassword(new ChangePasswordCommand(
"123456789", "burnitdown", "burnitdowntwice"));
Assert.IsTrue(changePasswordResponse.ChangeSuccessful);
User userAfterPasswordChange = userRepository.GetUserByUserName("linkinpark");
string passwordAfterChange = userAfterPasswordChange.Password;
// Verify the old and new password do not match
Assert.AreNotEqual(passwordBeforeChange, passwordAfterChange);
}
public void ActivateAccountSuccessTest_ChecksIfTheAccountIsActivatedSuccessfully_VeririesThroughTheReturnedValue()
{
IUserRepository userRepository = new MockUserRepository();
ISecurityKeysRepository securityKeysRepository = new MockSecurityKeysRepository();
IPasswordEncryptionService passwordEncryptionService = new PasswordEncryptionService();
IIdentityAccessPersistenceRepository persistenceRepository = new MockPersistenceRepository(false);
UserApplicationService userApplicationService = new UserApplicationService(userRepository, securityKeysRepository,
passwordEncryptionService, persistenceRepository, new MockEmailService(), new PasswordCodeGenerationService());
// Store the Securiyty Keys with the Username of the User at hand
(securityKeysRepository as MockSecurityKeysRepository).AddSecurityKeysPair(new SecurityKeysPair(
new ApiKey("123456789").Value, new SecretKey("987654321").Value, "desc", 0, true));
string activationKey = "123456789";
string username = "******";
string password = "******";
User user = new User("*****@*****.**", username,
passwordEncryptionService.EncryptPassword(password), "USA", TimeZone.CurrentTimeZone,
"", activationKey);
user.AddTierStatus(Status.NonVerified, new Tier(TierLevelConstant.Tier0, TierLevelConstant.Tier0));
// We need to encrypt the password in the test case ourselves, as we are not registering the user through
// the proper service here
(userRepository as MockUserRepository).AddUser(user);
bool changeSuccessful = userApplicationService.ActivateAccount(new ActivationCommand(activationKey, username, password));
Assert.IsTrue(changeSuccessful);
User user1 = (persistenceRepository as MockPersistenceRepository).GetUser(username);
Assert.IsNotNull(user1);
Assert.IsTrue(user1.IsActivationKeyUsed.Value);
Assert.IsFalse(user1.IsUserBlocked.Value);
}
public void ActivateAccountFailDueToBlankPasswordTest_MakesSureThatTheAccountIsNotActivatedWhenBlankPasswordIsGiven_VeririesThroughTheReturnedValue()
{
IUserRepository userRepository = new MockUserRepository();
ISecurityKeysRepository securityKeysRepository = new MockSecurityKeysRepository();
IPasswordEncryptionService passwordEncryptionService = new PasswordEncryptionService();
IIdentityAccessPersistenceRepository persistenceRepository = new MockPersistenceRepository(false);
UserApplicationService userApplicationService = new UserApplicationService(userRepository, securityKeysRepository,
passwordEncryptionService, persistenceRepository, new MockEmailService(), new PasswordCodeGenerationService());
// Store the Securiyty Keys with the Username of the User at hand
(securityKeysRepository as MockSecurityKeysRepository).AddSecurityKeysPair(new SecurityKeysPair(
new ApiKey("123456789").Value, new SecretKey("987654321").Value, "desc", 0, true));
string activationKey = "123456789";
string username = "******";
string password = "******";
User user = new User("*****@*****.**", username,
passwordEncryptionService.EncryptPassword(password), "USA", TimeZone.CurrentTimeZone,
"", activationKey);
user.AddTierStatus(Status.NonVerified, new Tier(TierLevelConstant.Tier0, TierLevelConstant.Tier0));
// We need to encrypt the password in the test case ourselves, as we are not registering the user through
// the proper service here
(userRepository as MockUserRepository).AddUser(user);
userApplicationService.ActivateAccount(new ActivationCommand(activationKey, username, password + "pass"));
}
public void LoginSuccessfulTest_ChecksIfTheSecurityKeysAreProperlyReturnedWhileLoggingIn_VerifiesTheReturnedKeysToConfirm()
{
IUserRepository userRepository = new MockUserRepository();
IIdentityAccessPersistenceRepository persistRepository = new MockPersistenceRepository(false);
ISecurityKeysApplicationService securityKeysApplicationService = new SecurityKeysApplicationService(new SecurityKeysGenerationService(),
persistRepository, null, null);
IPasswordEncryptionService passwordEncryptionService = new PasswordEncryptionService();
IMfaAuthorizationService mockMfaAuthorizationService = new MockMfaAuthorizationService();
ILoginApplicationService loginApplicationService = new LoginApplicationService(userRepository, passwordEncryptionService,
securityKeysApplicationService, new MockPersistenceRepository(false), mockMfaAuthorizationService);
string enteredPassword = "******";
User user = new User("*****@*****.**", "brucewayne", passwordEncryptionService.EncryptPassword(enteredPassword),
"Ninja County", TimeZone.CurrentTimeZone, "", "");
user.AutoLogout = new TimeSpan(0, 0, 0, 60);
user.IsActivationKeyUsed = new IsActivationKeyUsed(true);
// Add this user to the MockUserRepository
(userRepository as MockUserRepository).AddUser(user);
UserValidationEssentials userValidationEssentials = loginApplicationService.Login(
new LoginCommand("brucewayne", enteredPassword));
Assert.IsNotNull(userValidationEssentials);
Assert.IsNotNull(userValidationEssentials.ApiKey);
Assert.IsNotNull(userValidationEssentials.SecretKey);
Assert.AreEqual(userValidationEssentials.SessionLogoutTime, user.AutoLogout);
}
public void CancelAccountActivationFailedBecasueNoSuchAccountExists_MakesSureTHisDoesntCreateAnyBreach_VerifiesByExpectingException()
{
IUserRepository userRepository = new MockUserRepository();
ISecurityKeysRepository securityKeysRepository = new MockSecurityKeysRepository();
IPasswordEncryptionService passwordEncryptionService = new PasswordEncryptionService();
IIdentityAccessPersistenceRepository persistenceRepository = new MockPersistenceRepository(false);
UserApplicationService userApplicationService = new UserApplicationService(userRepository, securityKeysRepository,
passwordEncryptionService, persistenceRepository, new MockEmailService(), new PasswordCodeGenerationService());
userApplicationService.CancelAccountActivation(new CancelActivationCommand("123ffdsdsaewr43212"));
}
public void UsernameNotProvidedTest_TestsIfNewUserIsNotCreatedWhenUsernameIsNotGiven_ChecksActivationKeyisNotReturnedToConfirm()
{
IIdentityAccessPersistenceRepository persistenceRepository = new MockPersistenceRepository(false);
RegistrationApplicationService registrationApplicationService = new RegistrationApplicationService(persistenceRepository,
new PasswordEncryptionService(), new ActivationKeyGenerationService(), new MockEmailService(),
new MockTierRepository(), new MockUserRepository());
registrationApplicationService.CreateAccount(
new SignupUserCommand("*****@*****.**", null, "iammartinfowler", "ProgrammingNation",
TimeZone.CurrentTimeZone, ""));
}
public void UserCreatedTest_ChecksIfTheRegistrationServiceCreatesAUserAsExpected()
{
IIdentityAccessPersistenceRepository persistenceRepository = new MockPersistenceRepository(false);
RegistrationApplicationService registrationApplicationService = new RegistrationApplicationService(persistenceRepository,
new PasswordEncryptionService(), new ActivationKeyGenerationService(), new MockEmailService(),
new MockTierRepository(), new MockUserRepository());
string activationKey = registrationApplicationService.CreateAccount(
new SignupUserCommand("*****@*****.**", "iamnotmartinfowler", "butiamjohnskeet", "ProgrammingNation",
TimeZone.CurrentTimeZone, ""));
Assert.IsNotNull(activationKey);
Assert.IsFalse(string.IsNullOrEmpty(activationKey));
}
public void MfaAuthorizationSubscribedFailsTest_ChecksThatResponseIsFalseWhenMfaCodeIsNotPresent_VerifiesByReturnValue()
{
// The first time of authorization, the user des not have the MFA code present, but the second time it is present
// as it has been sent to the user
MockPersistenceRepository mockPersistenceRepository = new MockPersistenceRepository(false);
MockUserRepository mockUserRepository = new MockUserRepository();
MockMfaEmailService mockMfaEmailService = new MockMfaEmailService();
MockSmsService mockSmsService = new MockSmsService();
MockMfaCodeGenerationService mockMfaCodeGenerationService = new MockMfaCodeGenerationService();
string userName = "******";
string phoneNumber = "2233344";
string email = "*****@*****.**";
User user = new User(userName, "asdf", "12345", "xyz", email, Language.English, TimeZone.CurrentTimeZone,
new TimeSpan(1, 1, 1, 1), DateTime.Now, "Pakistan", "", phoneNumber, "1234");
Tuple <string, string, bool> loginSubscription = new Tuple <string, string, bool>("LOG", "Login", true);
Tuple <string, string, bool> depositSubscription = new Tuple <string, string, bool>("DEP", "Deposit", true);
Tuple <string, string, bool> withdrawSubscription = new Tuple <string, string, bool>("WD", "Withdraw", true);
Tuple <string, string, bool> placeOrderSubscription = new Tuple <string, string, bool>("PO", "PlaceOrder", true);
Tuple <string, string, bool> cancelOrderSubscription = new Tuple <string, string, bool>("CO", "CancelOrder", true);
IList <Tuple <string, string, bool> > subscriptionsList = new List <Tuple <string, string, bool> >();
subscriptionsList.Add(loginSubscription);
subscriptionsList.Add(depositSubscription);
subscriptionsList.Add(withdrawSubscription);
subscriptionsList.Add(placeOrderSubscription);
subscriptionsList.Add(cancelOrderSubscription);
user.AssignMfaSubscriptions(subscriptionsList);
MockSecurityKeysRepository mockSecurityKeysRepository = new MockSecurityKeysRepository();
string apiKey = "apikey123";
// Add Api Key to mock implementation
mockSecurityKeysRepository.AddSecurityKeysPair(new SecurityKeysPair(user.Id, apiKey, "secretkey123", true, "Desc"));
// Add user to mock implementation
mockUserRepository.AddUser(user);
MfaAuthorizationService mfaAuthorizationService = new MfaAuthorizationService(mockPersistenceRepository,
mockUserRepository, mockSecurityKeysRepository, mockSmsService, mockMfaEmailService, mockMfaCodeGenerationService);
// Login MFA
Tuple <bool, string> authorizeAccess1 = mfaAuthorizationService.AuthorizeAccess(apiKey, loginSubscription.Item2, null);
Assert.IsFalse(authorizeAccess1.Item1);
}
public void LoginFailDueToBlankPasswordTest_MakesSureLoginFailsInCaseOfBlankPassword_VerifiesTheReturnedNullResultToConfirm()
{
IUserRepository userRepository = new MockUserRepository();
IIdentityAccessPersistenceRepository persistRepository = new MockPersistenceRepository(false);
ISecurityKeysApplicationService securityKeysApplicationService = new SecurityKeysApplicationService(new SecurityKeysGenerationService(),
persistRepository, null, null);
IPasswordEncryptionService passwordEncryptionService = new PasswordEncryptionService();
IMfaAuthorizationService mockMfaAuthorizationService = new MockMfaAuthorizationService();
ILoginApplicationService loginApplicationService = new LoginApplicationService(userRepository, passwordEncryptionService,
securityKeysApplicationService, new MockPersistenceRepository(false), mockMfaAuthorizationService);
string enteredPassword = "******";
User user = new User("*****@*****.**", "brucewayne", passwordEncryptionService.EncryptPassword(enteredPassword),
"Ninja County", TimeZone.CurrentTimeZone, "", "");
user.AutoLogout = new TimeSpan(0, 0, 0, 60);
// Add this user to the MockUserRepository
(userRepository as MockUserRepository).AddUser(user);
loginApplicationService.Login(new LoginCommand("brucewayne", ""));
}
public void EmailNotProvidedTest_TestsIfNewUserIsNotCreatedWhenEmailIsNotGiven_ChecksActivationKeyisNotReturnedToConfirm()
{
IIdentityAccessPersistenceRepository persistenceRepository = new MockPersistenceRepository(false);
RegistrationApplicationService registrationApplicationService = new RegistrationApplicationService(persistenceRepository,
new PasswordEncryptionService(), new ActivationKeyGenerationService(), new MockEmailService(), new MockTierRepository(),
new MockUserRepository());
bool exceptionRaised = false;
try
{
registrationApplicationService.CreateAccount(
new SignupUserCommand("", "agilegeek", "iammartinfowler", "ProgrammingNation",
TimeZone.CurrentTimeZone, ""));
}
catch (InvalidCredentialException e)
{
exceptionRaised = true;
}
Assert.IsTrue(exceptionRaised);
}
//[ExpectedException(typeof(InvalidOperationException))]
public void MfaAuthorizationSubscribedFailtTest_ChecksThatExceptionIsRaisedWhenMfaCodesDontMatch_VerifiesByReturnValue()
{
MockPersistenceRepository mockPersistenceRepository = new MockPersistenceRepository(false);
MockUserRepository mockUserRepository = new MockUserRepository();
MockMfaEmailService mockMfaEmailService = new MockMfaEmailService();
MockSmsService mockSmsService = new MockSmsService();
MockMfaCodeGenerationService mockMfaCodeGenerationService = new MockMfaCodeGenerationService();
string userName = "******";
string phoneNumber = "2233344";
string email = "*****@*****.**";
User user = new User(userName, "asdf", "12345", "xyz", email, Language.English, TimeZone.CurrentTimeZone,
new TimeSpan(1, 1, 1, 1), DateTime.Now, "Pakistan", "", phoneNumber, "1234");
Tuple <string, string, bool> loginSubscription = new Tuple <string, string, bool>("LOG", "Login", true);
IList <Tuple <string, string, bool> > subscriptionsList = new List <Tuple <string, string, bool> >();
subscriptionsList.Add(loginSubscription);
user.AssignMfaSubscriptions(subscriptionsList);
MockSecurityKeysRepository mockSecurityKeysRepository = new MockSecurityKeysRepository();
string apiKey = "apikey123";
// Add Api Key to mock implementation
mockSecurityKeysRepository.AddSecurityKeysPair(new SecurityKeysPair(user.Id, apiKey, "secretkey123", true, "Desc"));
// Add user to mock implementation
mockUserRepository.AddUser(user);
MfaAuthorizationService mfaAuthorizationService = new MfaAuthorizationService(mockPersistenceRepository,
mockUserRepository, mockSecurityKeysRepository, mockSmsService, mockMfaEmailService, mockMfaCodeGenerationService);
// Login MFA
Tuple <bool, string> authorizeAccess1 = mfaAuthorizationService.AuthorizeAccess(apiKey, loginSubscription.Item2, null);
Assert.IsFalse(authorizeAccess1.Item1);
// This time the code should be assigned to the user, so verify that
authorizeAccess1 = mfaAuthorizationService.AuthorizeAccess(apiKey, loginSubscription.Item2, user.MfaCode + "1");
Assert.IsFalse(authorizeAccess1.Item1);
}
public void CancelAccountActivationFailedDueToBlankActivationKey_MakesSureAccountActivationDoesNotGetCancelledWhenBlankActivationKeyIsGiven_VerifiesByExpectingException()
{
IUserRepository userRepository = new MockUserRepository();
ISecurityKeysRepository securityKeysRepository = new MockSecurityKeysRepository();
IPasswordEncryptionService passwordEncryptionService = new PasswordEncryptionService();
IIdentityAccessPersistenceRepository persistenceRepository = new MockPersistenceRepository(false);
UserApplicationService userApplicationService = new UserApplicationService(userRepository, securityKeysRepository,
passwordEncryptionService, persistenceRepository, new MockEmailService(), new PasswordCodeGenerationService());
string activationKey = "123456789";
string username = "******";
string password = "******";
User user = new User("*****@*****.**", username, passwordEncryptionService.EncryptPassword(password),
"USA", TimeZone.CurrentTimeZone, "", activationKey);
user.AddTierStatus(Status.NonVerified, new Tier(TierLevelConstant.Tier0, TierLevelConstant.Tier0));
// We need to encrypt the password in the test case ourselves, as we are not registering the user through
// the proper service here
(userRepository as MockUserRepository).AddUser(user);
userApplicationService.CancelAccountActivation(new CancelActivationCommand(""));
}
//[ExpectedException(typeof(Exception))]
public void ChangePasswordFailDueToSessionTimeoutTest_ChecksThePasswordDoesNotGetChangedWhenSessionTimeoutHasExpired_VerifiesByExpectingException()
{
IUserRepository userRepository = new MockUserRepository();
ISecurityKeysRepository securityKeysRepository = new MockSecurityKeysRepository();
IPasswordEncryptionService passwordEncryptionService = new PasswordEncryptionService();
IIdentityAccessPersistenceRepository persistenceRepository = new MockPersistenceRepository(false);
UserApplicationService userApplicationService = new UserApplicationService(userRepository, securityKeysRepository,
passwordEncryptionService, persistenceRepository, new MockEmailService(), new PasswordCodeGenerationService());
// Store the Securiyty Keys with the Username of the User at hand
(securityKeysRepository as MockSecurityKeysRepository).AddSecurityKeysPair(new SecurityKeysPair(
new ApiKey("123456789").Value, new SecretKey("987654321").Value, "desc", 0, true));
var user = new User("*****@*****.**", "linkinpark", passwordEncryptionService.EncryptPassword("burnitdown"), "USA", TimeZone.CurrentTimeZone, "", "");
// We need to encrypt the password in the test case ourselves, as we are not registering the user through
// the proper service here
(userRepository as MockUserRepository).AddUser(user);
User userBeforePasswordChange = userRepository.GetUserByUserName("linkinpark");
string passwordBeforeChange = userBeforePasswordChange.Password;
// Give the API key that is already stored in the Security keys repository mentioned with the User Name
//UserValidationEssentials userValidationEssentials = new UserValidationEssentials(new Tuple<ApiKey, SecretKey>(
// new ApiKey("123456789"), new SecretKey("987654321")), new TimeSpan(0, 0, 0, 0, 1));
(userRepository as MockUserRepository).DeleteUser(user);
user.AutoLogout = new TimeSpan(0, 0, 0, 0, 1);
(userRepository as MockUserRepository).AddUser(user);
// Wrong password given
userApplicationService.ChangePassword(new ChangePasswordCommand("123456789", "burnitdown",
"burnitdowntwice"));
User userAfterPasswordChange = userRepository.GetUserByUserName("linkinpark");
string passwordAfterChange = userAfterPasswordChange.Password;
// Verify the old and new password do not match
Assert.AreNotEqual(passwordBeforeChange, passwordAfterChange);
}
public void DatabaseMockSaveFailTest_TestsIfUserIsNotSavedInDatabaseExceptionIsRaisedFromTheMockClass_HandlesTheExceptionToConfirm()
{
// Provide true to the Mock class so that it raises exception when SaveUpdate method is called inside it
IIdentityAccessPersistenceRepository persistenceRepository = new MockPersistenceRepository(true);
RegistrationApplicationService registrationApplicationService = new RegistrationApplicationService(persistenceRepository,
new PasswordEncryptionService(), new ActivationKeyGenerationService(), new MockEmailService(),
new MockTierRepository(), new MockUserRepository());
bool exceptionRaised = false;
try
{
string activationKey = registrationApplicationService.CreateAccount(new SignupUserCommand(
"*****@*****.**", "iamnotmartinfowler", "butiamjacksparrow", "PirateNation",
TimeZone.CurrentTimeZone, ""));
Assert.IsNull(activationKey);
}
catch (Exception e)
{
exceptionRaised = true;
}
Assert.IsTrue(exceptionRaised);
}