public async Task ChangePassword(UserPasswordChangeResource userEntry) { var user = await _userRepository.GetByUsernameAsync(userEntry.Username); if (!AuthBusinessLogic.CheckWaitPeriod(user, _configuration)) { // TODO: Implement timeout time throw new UserLoginTimeoutException("{0} seconds."); } if (user == null) { throw new WrongUserCredentialsException("Invalid username or password."); } if (!AuthBusinessLogic.CheckIfValidPassword(user, userEntry.Password, _configuration)) { _userRepository.MarkFailedLogin(user); await _userRepository.SaveChanges(); throw new WrongUserCredentialsException("Invalid username or password."); } user.PasswordHash = AuthBusinessLogic.GetHash(userEntry.Username, userEntry.NewPassword, _configuration); await _userRepository.Update(user); _userRepository.MarkSuccessfulLogin(user); await _userRepository.SaveChanges(); }
public void CheckWaitPeriodTest() { Mock <IConfigurationSection> configurationSection = new Mock <IConfigurationSection>(); configurationSection.Setup(x => x["WaitTime"]).Returns("5"); Mock <IConfiguration> configuration = new Mock <IConfiguration>(); configuration.Setup(x => x["Auth:WaitTime"]).Returns(configurationSection.Object["WaitTime"]); var userNoFails = new User { LoginAttempts = 0 }; var user1FailWaitTimeGood = new User { LoginAttempts = 1, LastLoginAttempt = DateTime.MinValue }; var user1FailWaitTimeBad = new User { LoginAttempts = 1, LastLoginAttempt = DateTime.Now }; Assert.IsTrue(AuthBusinessLogic.CheckWaitPeriod(userNoFails, configuration.Object)); Assert.IsTrue(AuthBusinessLogic.CheckWaitPeriod(user1FailWaitTimeGood, configuration.Object)); Assert.IsFalse(AuthBusinessLogic.CheckWaitPeriod(user1FailWaitTimeBad, configuration.Object)); }
public void CompareByteArraysTest() { var testString = "123456789"; var testBytes = Encoding.ASCII.GetBytes(testString); var badTestBytes = Encoding.ASCII.GetBytes(testString + "0"); Assert.IsTrue(AuthBusinessLogic.CompareByteArrays(testBytes, testBytes)); Assert.IsFalse(AuthBusinessLogic.CompareByteArrays(testBytes, badTestBytes)); Assert.IsFalse(AuthBusinessLogic.CompareByteArrays(badTestBytes, testBytes)); }
public async Task CreateAccount(UserResource userEntry) { var user = new User() { Username = userEntry.Username, UserRole = UserRole.Admin, PasswordHash = AuthBusinessLogic.GetHash(userEntry.Username, userEntry.Password, _configuration) }; await _userRepository.Insert(user); await _userRepository.SaveChanges(); }
public void GetHashTest() { var user = new User { Username = "******" }; var password = "******"; var result = AuthBusinessLogic.GetHash(user.Username, password, "0"); Assert.AreEqual("鷒灓㰝麅¹쫁⾎䌩频옶儉䗻ꆊ", Encoding.Unicode.GetString(result)); }
public void GetHashConfigTest() { Mock <IConfigurationSection> configurationSection = new Mock <IConfigurationSection>(); configurationSection.Setup(x => x["Secret"]).Returns("0"); Mock <IConfiguration> configuration = new Mock <IConfiguration>(); configuration.Setup(x => x["Auth:Secret"]).Returns(configurationSection.Object["Secret"]); var user = new User { Username = "******" }; var password = "******"; var result = AuthBusinessLogic.GetHash(user.Username, password, configuration.Object); Assert.AreEqual("鷒灓㰝麅¹쫁⾎䌩频옶儉䗻ꆊ", Encoding.Unicode.GetString(result)); }
public void CheckIfValidPasswordTest() { Mock <IConfigurationSection> configurationSection = new Mock <IConfigurationSection>(); configurationSection.Setup(x => x["Secret"]).Returns("0"); Mock <IConfiguration> configuration = new Mock <IConfiguration>(); configuration.Setup(x => x["Auth:Secret"]).Returns(configurationSection.Object["Secret"]); var user = new User { Username = "******", PasswordHash = Encoding.Unicode.GetBytes("鷒灓㰝麅¹쫁⾎䌩频옶儉䗻ꆊ") }; var password = "******"; var result = AuthBusinessLogic.CheckIfValidPassword(user, password, configuration.Object); Assert.IsTrue(result); }
public AuthController(AuthBusinessLogic authBusinessLogic) { _authBusinessLogic = authBusinessLogic; }