public async Task ChangePassword(UserPasswordChangeResource userEntry)
{
var user = await _userRepository.GetByUsernameAsync(userEntry.Username);
if (!AuthBusinessLogic.CheckWaitPeriod(user, _configuration))
{
// TODO: Implement timeout time
throw new UserLoginTimeoutException("{0} seconds.");
}
if (user == null)
{
throw new WrongUserCredentialsException("Invalid username or password.");
}
if (!AuthBusinessLogic.CheckIfValidPassword(user, userEntry.Password, _configuration))
{
_userRepository.MarkFailedLogin(user);
await _userRepository.SaveChanges();
throw new WrongUserCredentialsException("Invalid username or password.");
}
user.PasswordHash = AuthBusinessLogic.GetHash(userEntry.Username, userEntry.NewPassword, _configuration);
await _userRepository.Update(user);
_userRepository.MarkSuccessfulLogin(user);
await _userRepository.SaveChanges();
}
public void CheckWaitPeriodTest()
{
Mock <IConfigurationSection> configurationSection = new Mock <IConfigurationSection>();
configurationSection.Setup(x => x["WaitTime"]).Returns("5");
Mock <IConfiguration> configuration = new Mock <IConfiguration>();
configuration.Setup(x => x["Auth:WaitTime"]).Returns(configurationSection.Object["WaitTime"]);
var userNoFails = new User
{
LoginAttempts = 0
};
var user1FailWaitTimeGood = new User
{
LoginAttempts = 1,
LastLoginAttempt = DateTime.MinValue
};
var user1FailWaitTimeBad = new User
{
LoginAttempts = 1,
LastLoginAttempt = DateTime.Now
};
Assert.IsTrue(AuthBusinessLogic.CheckWaitPeriod(userNoFails, configuration.Object));
Assert.IsTrue(AuthBusinessLogic.CheckWaitPeriod(user1FailWaitTimeGood, configuration.Object));
Assert.IsFalse(AuthBusinessLogic.CheckWaitPeriod(user1FailWaitTimeBad, configuration.Object));
}
public void CompareByteArraysTest()
{
var testString = "123456789";
var testBytes = Encoding.ASCII.GetBytes(testString);
var badTestBytes = Encoding.ASCII.GetBytes(testString + "0");
Assert.IsTrue(AuthBusinessLogic.CompareByteArrays(testBytes, testBytes));
Assert.IsFalse(AuthBusinessLogic.CompareByteArrays(testBytes, badTestBytes));
Assert.IsFalse(AuthBusinessLogic.CompareByteArrays(badTestBytes, testBytes));
}
public async Task CreateAccount(UserResource userEntry)
{
var user = new User()
{
Username = userEntry.Username,
UserRole = UserRole.Admin,
PasswordHash = AuthBusinessLogic.GetHash(userEntry.Username, userEntry.Password, _configuration)
};
await _userRepository.Insert(user);
await _userRepository.SaveChanges();
}
public void GetHashTest()
{
var user = new User
{
Username = "******"
};
var password = "******";
var result = AuthBusinessLogic.GetHash(user.Username, password, "0");
Assert.AreEqual("鷒灓㰝麅¹쫁⾎䌩频옶儉䗻ꆊ", Encoding.Unicode.GetString(result));
}
public void GetHashConfigTest()
{
Mock <IConfigurationSection> configurationSection = new Mock <IConfigurationSection>();
configurationSection.Setup(x => x["Secret"]).Returns("0");
Mock <IConfiguration> configuration = new Mock <IConfiguration>();
configuration.Setup(x => x["Auth:Secret"]).Returns(configurationSection.Object["Secret"]);
var user = new User
{
Username = "******"
};
var password = "******";
var result = AuthBusinessLogic.GetHash(user.Username, password, configuration.Object);
Assert.AreEqual("鷒灓㰝麅¹쫁⾎䌩频옶儉䗻ꆊ", Encoding.Unicode.GetString(result));
}
public void CheckIfValidPasswordTest()
{
Mock <IConfigurationSection> configurationSection = new Mock <IConfigurationSection>();
configurationSection.Setup(x => x["Secret"]).Returns("0");
Mock <IConfiguration> configuration = new Mock <IConfiguration>();
configuration.Setup(x => x["Auth:Secret"]).Returns(configurationSection.Object["Secret"]);
var user = new User
{
Username = "******",
PasswordHash = Encoding.Unicode.GetBytes("鷒灓㰝麅¹쫁⾎䌩频옶儉䗻ꆊ")
};
var password = "******";
var result = AuthBusinessLogic.CheckIfValidPassword(user, password, configuration.Object);
Assert.IsTrue(result);
}
public AuthController(AuthBusinessLogic authBusinessLogic)
{
_authBusinessLogic = authBusinessLogic;
}
