public string Add(User user)
{
if (user == null) return null;
var key = Guid.NewGuid().ToString();
Cache.Add(key, user, new CacheItemPolicy() { SlidingExpiration = new TimeSpan(0, SlidingExpirationMinutes, 0) });
return key;
}
public void Should_return_NoUserForCredentials_error_when_user_password_does_not_match_password_supplied()
{
// Given
var username = MakeFake.Username;
var password = MakeFake.Password;
User userToLoad = new User();
var fakeUserService = MakeFake.UserService(userToLoad);
var fakePasswordService = MakeFake.PasswordService();
A.CallTo(() => fakePasswordService.IsPasswordValid(A<User>.Ignored, A<string>.Ignored)).Returns(false);
var userTestBrowser = MakeTestErrorBrowser<UserModule>(fakeUserService: fakeUserService, fakePasswordService: fakePasswordService);
// When
var result = userTestBrowser.Post("/user/validate", with =>
{
with.HttpRequest();
with.FormValue("username", username);
with.FormValue("password", password);
});
// Then
result.StatusCode.ShouldBe(HttpStatusCode.NotFound);
var payload = result.Body.DeserializeJson<Dictionary<string, object>>();
payload.ContainsItems("ErrorCode", "ErrorMessage").ShouldBe(true);
payload["ErrorCode"].ShouldBe((int)ErrorCode.NoUserForCredentials);
}
public void Should_return_InvalidForgotPasswordToken_error_when_unknown_token_supplied()
{
// Given
var token = MakeFake.Guid;
var username = MakeFake.Username;
var userToLoad = new User();
var fakeUserService = MakeFake.UserService(userToLoad);
var fakePasswordService = MakeFake.PasswordService();
A.CallTo(() => fakePasswordService.IsForgotPasswordTokenValid(A<User>.Ignored, A<string>.Ignored)).Returns(false);
var userTestBrowser = MakeTestErrorBrowser<UserModule>(fakeUserService: fakeUserService, fakePasswordService : fakePasswordService);
// When
var result = userTestBrowser.Post("/user/forgot-password/reset", with =>
{
with.HttpRequest();
with.FormValue("username", username);
with.FormValue("token", token);
});
// Then
result.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var payload = result.Body.DeserializeJson<Dictionary<string, object>>();
payload.ContainsItems("ErrorCode", "ErrorMessage").ShouldBe(true);
payload["ErrorCode"].ShouldBe((int)ErrorCode.InvalidForgotPasswordToken);
}
public bool IsForgotPasswordTokenValid(User user, string token)
{
if (user == null || string.IsNullOrWhiteSpace(token) || !token.IsGuid()) return false;
if (user.ForgotPasswordRequestToken != token) return false;
var minutesElapsedSinceTokenRequested = (DateTime.Now - user.ForgotPasswordRequestDate).TotalMinutes;
return minutesElapsedSinceTokenRequested < ForgotPasswordTimeLimitMinutes;
}
public string ForgotPasswordRequest(User user)
{
if (user==null) return null;
var token = Guid.NewGuid().ToString();
user.ForgotPasswordRequestToken = token;
user.ForgotPasswordRequestDate = DateTime.Now;
db.Store(user);
return token;
}
public string ForgotPasswordReset(User user)
{
if (user == null) return null;
var password = passwordService.Generate();
user.Salt = password.Salt;
user.Hash = password.Hash;
user.ForgotPasswordRequestToken = string.Empty;
db.Store(user);
return password.Clear;
}
public void Should_return_false_when_token_is_missing_or_invalid(string token)
{
// Given
var fakeUser = new User();
var passwordService = new PasswordService(A.Dummy<ICryptoService>());
// When
var isValid = passwordService.IsPasswordValid(fakeUser, token);
// Then
isValid.ShouldBe(false);
}
public void Should_return_false_when_supplied_parameters_are_missing_or_invalid(string password, string hash, string salt)
{
// Given
var fakeUser = new User() { Salt = salt, Hash = hash };
var passwordService = new PasswordService(new PBKDF2());
// When
var isValid = passwordService.IsPasswordValid(fakeUser, password);
// Then
isValid.ShouldBe(false);
}
public void Should_return_success_is_true_when_removing_known_key()
{
// Given
var user = new User() { Id = MakeFake.Guid };
var userCacheService = new UserCacheService();
var key = userCacheService.Add(user);
// When
var success = userCacheService.Remove(key);
// Then
success.ShouldBe(true);
}
public void Should_return_valid_key_when_user_is_added()
{
// Given
var user = new User() { Id = MakeFake.Guid };
var userCacheService = new UserCacheService();
// When
var key = userCacheService.Add(user);
// Then
key.ShouldNotBe(null);
key.IsGuid().ShouldBe(true);
}
public void Should_return_true_when_password_matches_user_password()
{
// Given
var token = MakeFake.Guid;
var fakeUser = new User() { ForgotPasswordRequestToken= token, ForgotPasswordRequestDate = DateTime.Now };
var passwordService = new PasswordService(A.Dummy<ICryptoService>());
// When
var isValid = passwordService.IsForgotPasswordTokenValid(fakeUser, token);
// Then
isValid.ShouldBe(true);
}
public void Should_return_true_when_key_is_known()
{
// Given
var user = new User() { Id = MakeFake.Guid };
var userCacheService = new UserCacheService();
var key = userCacheService.Add(user);
// When
var isValid = userCacheService.Validate(key);
// Then
isValid.ShouldBe(true);
}
public void Should_return_true_when_supplied_password_matches_user_password()
{
// Given
var password = MakeFake.Password;
var fakeUser = new User() { Salt = MakeFake.Salt, Hash = MakeFake.Hash };
var passwordService = new PasswordService(new PBKDF2());
// When
var isValid = passwordService.IsPasswordValid(fakeUser, password);
// Then
isValid.ShouldBe(true);
}
public void Should_return_false_when_minutes_elapsed_since_the_token_was_requested_is_greater_than_the_ForgotPasswordTimeLimit()
{
// Given
var token = MakeFake.Guid;
var requestDate = DateTime.MinValue;
var fakeUser = new User() { ForgotPasswordRequestToken = token, ForgotPasswordRequestDate = requestDate };
var passwordService = new PasswordService(A.Dummy<ICryptoService>());
// When
var isValid = passwordService.IsForgotPasswordTokenValid(fakeUser, token);
// Then
isValid.ShouldBe(false);
}
public void Should_return_false_when_key_is_unknown()
{
// Given
var user = new User() { Id = MakeFake.Guid };
var unknownKey = MakeFake.Guid;
var userCacheService = new UserCacheService();
userCacheService.Add(user);
// When
var isValid = userCacheService.Validate(unknownKey);
// Then
isValid.ShouldBe(false);
}
public void Should_return_success_is_false_when_key_is_unknown()
{
// Given
var user = new User() { Id = MakeFake.Guid };
var unknownKey = MakeFake.Guid;
var userCacheService = new UserCacheService();
var key = userCacheService.Add(user);
// When
var success = userCacheService.Remove(unknownKey);
// Then
success.ShouldBe(false);
}
public void Should_return_password_when_valid_user_and_password_are_supplied()
{
// Given
var user = new User();
var fakePasswordService = MakeFake.PasswordService();
A.CallTo(() => fakePasswordService.IsPasswordValid(A<User>.Ignored, A<string>.Ignored)).Returns(true);
var userService = new UserService(A.Dummy<IRavenSessionProvider>(), fakePasswordService);
// When
var password = userService.ResetPassword(user);
// Then
password.ShouldNotBe(null);
password.Length.ShouldBe(PasswordService.PasswordCharactersCount);
}
public void Should_return_valid_password_when_valid_user_and_email_are_supplied()
{
// Given
var user = new User();
var fakePasswordService = MakeFake.PasswordService();
var userService = new UserService(A.Dummy<IRavenSessionProvider>(), fakePasswordService);
// When
var password = userService.ForgotPasswordReset(user);
// Then
password.ShouldNotBe(null);
password.Length.ShouldBe(PasswordService.PasswordCharactersCount);
}
public void Should_set_user_properties_when_valid_user_and_email_are_supplied()
{
// Given
var user = new User() { ForgotPasswordRequestToken = MakeFake.Guid };
var userService = new UserService(A.Dummy<IRavenSessionProvider>(), A.Dummy<IPasswordService>());
// When
userService.ForgotPasswordReset(user);
// Then
user.Salt.ShouldNotBe(null);
user.Hash.ShouldNotBe(null);
user.ForgotPasswordRequestToken.ShouldBe(string.Empty);
}
public string CreateUser(string username, string email)
{
if (string.IsNullOrWhiteSpace(username) || string.IsNullOrWhiteSpace(email) || !email.IsEmail()) return null;
var password = passwordService.Generate();
var user = new User()
{
Id = Guid.NewGuid().ToString(),
Email = email,
UserName = username,
Salt = password.Salt,
Hash = password.Hash
};
db.Store(user);
return password.Clear;
}
public void Should_return_token_when_valid_user_and_email_are_supplied()
{
// Given
var user = new User();
var userService = new UserService(A.Dummy<IRavenSessionProvider>(), A.Dummy<IPasswordService>());
// When
var token = userService.ForgotPasswordRequest(user);
// Then
token.ShouldNotBe(null);
token.ToString().IsGuid().ShouldBe(true);
user.ForgotPasswordRequestToken.ShouldBe(token);
user.ForgotPasswordRequestDate.Ticks.ShouldBeLessThan(DateTime.Now.AddSeconds(1).Ticks);
}
public void Should_return_UserNameTaken_error_when_existing_username_is_supplied()
{
// Given
User userToLoad = new User();
var fakeUserService = MakeFake.UserService(userToLoad);
var userTestBrowser = MakeTestErrorBrowser<UserModule>(fakeUserService: fakeUserService);
// When
var result = userTestBrowser.Post("/user/validate/name", with =>
{
with.HttpRequest();
with.FormValue("username", "<existing-username>");
});
// Then
result.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var payload = result.Body.DeserializeJson<Dictionary<string, object>>();
payload.ContainsItems("ErrorCode", "ErrorMessage").ShouldBe(true);
payload["ErrorCode"].ShouldBe((int)ErrorCode.UserNameTaken);
}
public void Should_return_user_details_when_user_is_retrieved_with_valid_thumbkey()
{
// Given
var thumbkey = MakeFake.Guid;
var username = MakeFake.Username;
var userToLoad = new User { UserName = username};
var fakeUserCacheService = MakeFake.UserCacheService(userToLoad);
var userTestBrowser = MakeTestErrorBrowser<UserModule>(fakeUserCacheService: fakeUserCacheService);
// When
var result = userTestBrowser.Post("/user/get", with =>
{
with.HttpRequest();
with.FormValue("thumbkey", thumbkey);
});
// Then
result.StatusCode.ShouldBe(HttpStatusCode.OK);
var payload = result.Body.DeserializeJson<Dictionary<string, object>>();
payload.ContainsItems("User").ShouldBe(true);
var user = payload["User"];
((Dictionary<string, object>)user)["UserName"].ShouldBe(username);
}
public void Should_return_thumbkey_when_valid_user_credentials_are_supplied()
{
// Given
var username = MakeFake.Username;
var password = MakeFake.Password;
var thumbKey = MakeFake.Guid;
User userToLoad = new User();
var fakeUserService = MakeFake.UserService(userToLoad);
var fakePasswordService = MakeFake.PasswordService();
A.CallTo(() => fakePasswordService.IsPasswordValid(A<User>.Ignored, A<string>.Ignored)).Returns(true);
var fakeUserCacheService = A.Fake<IUserCacheService>();
A.CallTo(() => fakeUserCacheService.Add(A<User>.Ignored)).Returns(thumbKey);
var userTestBrowser = MakeTestBrowser<UserModule>(fakeUserService: fakeUserService, fakePasswordService: fakePasswordService, fakeUserCacheService: fakeUserCacheService);
// When
var result = userTestBrowser.Post("/user/validate", with =>
{
with.HttpRequest();
with.FormValue("username", username);
with.FormValue("password", password);
});
// Then
result.StatusCode.ShouldBe(HttpStatusCode.OK);
var payload = result.Body.DeserializeJson<Dictionary<string, object>>();
payload.ContainsItems("ThumbKey").ShouldBe(true);
payload["ThumbKey"].ShouldBe(thumbKey);
}
public string ResetPassword(User user)
{
if (user==null) return null;
var password = passwordService.Generate();
user.Salt = password.Salt;
user.Hash = password.Hash;
db.Store(user);
return password.Clear;
}
public bool IsPasswordValid(User user, string clear)
{
if (user == null || string.IsNullOrWhiteSpace(user.Salt) || string.IsNullOrWhiteSpace(user.Hash) || string.IsNullOrWhiteSpace(clear)) return false;
return cryptoService.Compute(clear, user.Salt) == user.Hash;
}
