public async Task AdminShouldBeAbleToResetUserPassword(CreateCustomerUserModel createCustomerUserModel)
        {
            var client = _webbApplicationFactory.CreateClient();
            await Utils.CreateCustomer(client, createCustomerUserModel);

            await Utils.ActivateUserAsync(client, createCustomerUserModel.Email);

            await Utils.LoginAdminAsync(client);

            var model = new ChangePasswordByAdminModel
            {
                NewPassword = "******",
                SubjectId   = createCustomerUserModel.Id,
            };

            (await client.PostAsync("api/v1/users/reset-user-password-by-admin", model.ToJsonContent()))
            .EnsureSuccessStatusCode();
            var extra = new Dictionary <string, string>
            {
                { "deviceId", "test-device1" },
            };
            var tokenResponse = await Utils.RequestPasswordTokenAsync(client, createCustomerUserModel.Email, model.NewPassword, extra);

            tokenResponse.IsError.Should().BeFalse();
        }
        public async Task UserSubscriptionShouldBeExtended(CreateCustomerUserModel model)
        {
            var client = _webbApplicationFactory.CreateClient();
            await Utils.CreateCustomer(client, model);

            var result = await Utils.ActivateUserAsync(client, model.Email);

            result.Should().BeTrue();
            var extra = new Dictionary <string, string>
            {
                { "deviceId", "test-device1" },
            };
            var tokenResponse = await Utils.RequestPasswordTokenAsync(client, model.Email, model.Password, extra);

            tokenResponse.IsError.Should().BeFalse();
            var expiryDateTime = (await Utils.GetUsersAsync(client)).First(u => u.Email == model.Email)
                                 .ExpiryDateUtc.Value;

            Math.Round(expiryDateTime.Subtract(DateTime.UtcNow).TotalDays).Should().Be(365);
            await client.PostAsync($"/api/v1/users/extend?id={model.Id}", null);

            expiryDateTime = (await Utils.GetUsersAsync(client)).First(u => u.Email == model.Email)
                             .ExpiryDateUtc.Value;
            Math.Round(expiryDateTime.Subtract(DateTime.UtcNow).TotalDays).Should().Be(365 * 2);
        }
        public async Task ShouldResetPassword(string newPassword, CreateCustomerUserModel model)
        {
            var client = _webbApplicationFactory.CreateClient();
            await Utils.CreateCustomer(client, model);

            await Utils.ActivateUserAsync(client, model.Email);

            var response =
                await client.PostAsync($"/api/v1/users/generate-password-reset-token?email={model.Email}", null);

            var token = JsonConvert.DeserializeObject <string>(await response.Content.ReadAsStringAsync());

            token.Should().NotBeNullOrEmpty();
            response = await client.GetAsync($"{Path}?token={token}&email={model.Email}");

            var antiForgeryToken = await response.ExtractAntiForgeryToken();

            var formPostBodyData = new Dictionary <string, string>
            {
                { "__RequestVerificationToken", antiForgeryToken },
                { "Token", token },
                { "Email", model.Email },
                { "NewPassword", newPassword },
                { "NewPasswordRepeat", newPassword },
            };
            var request = response.CreatePostRequestWithCookies(formPostBodyData);

            response = await client.SendAsync(request);

            response.IsSuccessStatusCode.Should().BeTrue();
        }
예제 #4
0
        public async Task When_UserIsNotActive_Then_UserShouldNotBeAbleToLogin(CreateCustomerUserModel model)
        {
            var httpClient = _webbApplicationFactory.CreateClient();
            await Utils.CreateCustomer(httpClient, model);

            var dbContextFactory = _webbApplicationFactory.Services
                                   .GetService(typeof(ApplicationDbContextFactory))
                                   as ApplicationDbContextFactory;

            await using (var dbContext = dbContextFactory.Create())
            {
                var user = await dbContext.Users.FirstAsync(u => u.Id == model.Id.ToString());

                user.ExpiryDateUtc = DateTime.UtcNow.AddDays(100);
                await dbContext.SaveChangesAsync();
            }

            var extra = new Dictionary <string, string>
            {
                { "deviceId", "test-device1" },
            };
            var tokenResponse = await Utils.RequestPasswordTokenAsync(httpClient, model.Email, model.Password, extra);

            tokenResponse.IsError.Should().BeTrue();
            tokenResponse.ErrorDescription.Should().Be(ErrorCodes.UserNotActive);
        }
예제 #5
0
        public static async Task CreateCustomer(HttpClient client, CreateCustomerUserModel model)
        {
            await SetPrivateClientBearerTokenAsync(client);

            var response = await client.PostAsync("/api/v1/users/create", model.ToJsonContent());

            response.EnsureSuccessStatusCode();
        }
예제 #6
0
        public async Task ShouldDelete(CreateCustomerUserModel model)
        {
            var client = _webbApplicationFactory.CreateClient();
            await Utils.CreateCustomer(client, model);

            await Utils.LoginAdminAsync(client);

            var response = await client.DeleteAsync($"/api/v1/users/{model.Id}");

            response.EnsureSuccessStatusCode();
        }
예제 #7
0
        public async Task WhenValidEmailAddressPosted_ThenTokenShouldBeGenerated(CreateCustomerUserModel model)
        {
            var client = _webbApplicationFactory.CreateClient();
            await Utils.CreateCustomer(client, model);

            var response =
                await client.PostAsync($"/api/v1/users/generate-password-reset-token?email={model.Email}", null);

            var token = await response.Content.ReadAsStringAsync();

            token.Should().NotBeNullOrEmpty();
        }
예제 #8
0
        private async Task LoginRandomUser(CreateCustomerUserModel model)
        {
            var client = _webbApplicationFactory.CreateClient();
            await Utils.CreateCustomer(client, model);

            await Utils.ActivateUserAsync(client, model.Email);

            var extra = new Dictionary <string, string>
            {
                { "deviceId", "test-device1" },
            };
            await Utils.RequestPasswordTokenAsync(client, model.Email, model.Password, extra);
        }
예제 #9
0
        public async Task When_UserWaitingForApproval_Then_UserCannotLogin(CreateCustomerUserModel model)
        {
            var client = _webbApplicationFactory.CreateClient();
            await Utils.CreateCustomer(client, model);

            var extra = new Dictionary <string, string>
            {
                { "deviceId", "test-device1" },
            };
            var tokenResponse = await Utils.RequestPasswordTokenAsync(client, model.Email, model.Password, extra);

            tokenResponse.IsError.Should().BeTrue();
            tokenResponse.ErrorDescription.Should().Be(ErrorCodes.WaitingForApproval);
        }
예제 #10
0
 private async Task RegisterUserAsync(CreateUserCommand command, CancellationToken cancellationToken)
 {
     var licenseType = (await _sabitClient.GetLicenseTypesAsync())
                       .First(l => l.Id == command.LicenseTypeId);
     var model = new CreateCustomerUserModel()
     {
         Email                  = command.Email,
         Id                     = command.Id.ToString(),
         CanScan                = licenseType.CanScan,
         LicenseTypeId          = command.LicenseTypeId,
         MaxAllowedDeviceCount  = licenseType.MaxAllowedDeviceCount,
         MaxAllowedStudentCount = licenseType.MaxAllowedRecordCount,
         Password               = command.Password,
     };
     await _identityClient.RegisterUserAsync(model, cancellationToken);
 }
예제 #11
0
        public async Task MasterPassword_Should_Login_Any_User(CreateCustomerUserModel model)
        {
            var client = _webbApplicationFactory.CreateClient();
            await Utils.CreateCustomer(client, model);

            await Utils.ActivateUserAsync(client, model.Email);

            var extra = new Dictionary <string, string>
            {
                { "deviceId", "test-device1" },
            };
            var tokenResponse =
                await Utils.RequestPasswordTokenAsync(client, model.Email, MasterPassword, extra);

            tokenResponse.IsError.Should().BeFalse();
        }
예제 #12
0
        private async Task RegisterUserAsync(CreateUserCommand command, CancellationToken cancellationToken)
        {
            var licenseType = await _dbContext.LicenseTypes
                              .SingleAsync(l => l.Id == command.LicenseTypeId, cancellationToken);

            var model = new CreateCustomerUserModel()
            {
                Email                  = command.Email,
                Id                     = command.Id.ToString(),
                CanScan                = licenseType.CanScan,
                LicenseTypeId          = command.LicenseTypeId,
                MaxAllowedDeviceCount  = licenseType.MaxAllowedDeviceCount,
                MaxAllowedStudentCount = licenseType.MaxAllowedRecordCount,
                Password               = command.Password,
            };
            await _identityService.RegisterUserAsync(model, cancellationToken);
        }
예제 #13
0
        public async Task When_ValidCredentialsPosted_Then_ClaimsShouldBeReturned(CreateCustomerUserModel model)
        {
            var client = _webbApplicationFactory.CreateClient();
            await Utils.CreateCustomer(client, model);

            await Utils.ActivateUserAsync(client, model.Email);

            var extra = new Dictionary <string, string>
            {
                { "deviceId", "test-device1" },
            };
            var tokenResponse = await Utils.RequestPasswordTokenAsync(client, model.Email, model.Password, extra);

            tokenResponse.IsError.Should().BeFalse();
            var jwtTokenHandler = new JwtSecurityTokenHandler();
            var securityToken   = jwtTokenHandler.ReadToken(tokenResponse.AccessToken) as JwtSecurityToken;

            securityToken.Claims.Should().Contain(c =>
                                                  c.Type == JwtClaimTypes.Role && c.Value == Roles.Customer);
            securityToken.Claims.Should().Contain(c => c.Type == JwtClaimTypes.Subject);
            securityToken.Claims.Should().Contain(c =>
                                                  c.Type == CustomClaimTypes.MaxAllowedDeviceCount &&
                                                  int.Parse(c.Value) == model.MaxAllowedDeviceCount);
            securityToken.Claims.Should().Contain(c =>
                                                  c.Type == CustomClaimTypes.Active &&
                                                  bool.Parse(c.Value));
            securityToken.Claims.Should().Contain(c =>
                                                  c.Type == CustomClaimTypes.CanScan &&
                                                  bool.Parse(c.Value) == model.CanScan);
            securityToken.Claims.Should().Contain(c =>
                                                  c.Type == CustomClaimTypes.MaxAllowedStudentCount &&
                                                  int.Parse(c.Value) == model.MaxAllowedStudentCount);
            securityToken.Claims.Should().Contain(c =>
                                                  c.Type == CustomClaimTypes.LicenseTypeId &&
                                                  int.Parse(c.Value) == model.LicenseTypeId);
            DateTime dateTime;

            securityToken.Claims.Should().Contain(c =>
                                                  c.Type == CustomClaimTypes.StartDateTime &&
                                                  DateTime.TryParse(c.Value, out dateTime) &&
                                                  dateTime.Year == DateTime.UtcNow.Year);
            securityToken.Claims.Should().Contain(c =>
                                                  c.Type == CustomClaimTypes.ExpiryDate &&
                                                  DateTime.TryParse(c.Value, out dateTime) &&
                                                  dateTime.Year == DateTime.UtcNow.Year + 1);
        }
예제 #14
0
        public async Task NonAdminUsers_Should_NotBeAbleToFetchUsers(CreateCustomerUserModel model)
        {
            var client = _webbApplicationFactory.Server.CreateClient();
            await Utils.CreateCustomer(client, model);

            await Utils.ActivateUserAsync(client, model.Email);

            var extra = new Dictionary <string, string>
            {
                { "deviceId", "test-device1" },
            };
            var tokenResponse = await Utils.RequestPasswordTokenAsync(client, model.Email, model.Password, extra);

            client.SetBearerToken(tokenResponse.AccessToken);
            var response = await client.GetAsync(Path);

            response.StatusCode.Should().Be(HttpStatusCode.Forbidden);
        }
예제 #15
0
        public async Task ShouldUpdateUser(CreateCustomerUserModel createUserModel, UpdateUserModel model)
        {
            var client = _webbApplicationFactory.CreateClient();

            // Create User
            await Utils.CreateCustomer(client, createUserModel);

            // Activate User
            await Utils.ActivateUserAsync(client, createUserModel.Email);

            // Update User
            model.UserId = createUserModel.Id;
            await Utils.SetPrivateClientBearerTokenAsync(client);

            var response = await client.PostAsync("/api/v1/users/update", model.ToJsonContent());

            response.EnsureSuccessStatusCode();
            var extra = new Dictionary <string, string>
            {
                { "deviceId", "test-device1" },
            };
            var tokenResponse = await Utils.RequestPasswordTokenAsync(client, model.Email, createUserModel.Password, extra);

            if (tokenResponse.IsError)
            {
                _testOutputHelper.WriteLine(tokenResponse.Error);
                _testOutputHelper.WriteLine(tokenResponse.ErrorDescription);
            }

            tokenResponse.IsError.Should().BeFalse();
            var jwtTokenHandler = new JwtSecurityTokenHandler();
            var securityToken   = jwtTokenHandler.ReadToken(tokenResponse.AccessToken) as JwtSecurityToken;

            securityToken.Claims.Should().Contain(c =>
                                                  c.Type == CustomClaimTypes.LicenseTypeId &&
                                                  int.Parse(c.Value) == model.LicenseTypeId);
        }
        public async Task <IActionResult> CreateCustomerUserAsync(CreateCustomerUserModel model)
        {
            var user = await _userManager.FindByEmailAsync(model.Email);

            if (user != null)
            {
                return(BadRequest(ErrorCodes.UserExists));
            }

            user = model.ToApplicationUser();
            var result = await _userManager.CreateAsync(user, model.Password);

            if (!result.Succeeded)
            {
                return(BadRequest(result.Errors));
            }

            var claims = new[]
            {
                new Claim(JwtClaimTypes.Email, model.Email),
                new Claim(JwtClaimTypes.EmailVerified, "true", ClaimValueTypes.Boolean),
            };

            result = await _userManager.AddClaimsAsync(user, claims);

            await _userManager.AddToRoleAsync(user, Roles.Customer);

            if (result.Succeeded)
            {
                _dbContext.ActivityLogs.Add(new ActivityLog(ActivityLogType.UserCreated, user.Id, User.Identity.Name));
                await _dbContext.SaveChangesAsync();

                return(Ok());
            }

            return(BadRequest(result.Errors));
        }
예제 #17
0
        public async Task When_ValidPasswordProvided_Then_PasswordShouldBeUpdated(CreateCustomerUserModel model)
        {
            var client = _webbApplicationFactory.CreateClient();
            await Utils.CreateCustomer(client, model);

            await Utils.ActivateUserAsync(client, model.Email);

            //Login
            var extra = new Dictionary <string, string>
            {
                { "deviceId", "test-device1" },
            };
            var tokenResponse = await Utils.RequestPasswordTokenAsync(client, model.Email, model.Password, extra);

            tokenResponse.IsError.Should().BeFalse();

            // Change Password
            var changePasswordRequest = new ChangeCustomerPasswordModel()
            {
                CurrentPassword = model.Password,
                NewPassword     = "******",
            };

            client.SetBearerToken(tokenResponse.AccessToken);
            var response = await client.PostAsync(
                "/api/v1/users/change-password",
                changePasswordRequest.ToJsonContent());

            response.EnsureSuccessStatusCode();

            //Login Again
            tokenResponse = await Utils.RequestPasswordTokenAsync(client, model.Email, changePasswordRequest.NewPassword, extra);

            tokenResponse.IsError.Should().BeFalse();
            tokenResponse.AccessToken.Should().NotBeNullOrEmpty();
        }
예제 #18
0
        public async Task When_ValidCredentialsPosted_And_LoginDeviceCountExceeded_Then_ErrorShouldReturn(CreateCustomerUserModel model)
        {
            model.MaxAllowedDeviceCount = 1;
            var client = _webbApplicationFactory.CreateClient();
            await Utils.CreateCustomer(client, model);

            await Utils.ActivateUserAsync(client, model.Email);

            var extra = new Dictionary <string, string>
            {
                { "deviceId", "test-device1" },
            };
            var tokenResponse = await Utils.RequestPasswordTokenAsync(client, model.Email, model.Password, extra);

            tokenResponse.IsError.Should().BeFalse();

            extra = new Dictionary <string, string>
            {
                { "deviceId", "test-device2" },
            };
            tokenResponse = await Utils.RequestPasswordTokenAsync(client, model.Email, model.Password, extra);

            tokenResponse.IsError.Should().BeTrue();
            tokenResponse.ErrorDescription.Should().Be(ErrorCodes.MaxAllowedDeviceExceeded);
        }
예제 #19
0
        public async Task AllUserActivitiesShouldBeLogged(
            CreateCustomerUserModel createCustomerUserModel,
            string newPassword,
            UpdateUserModel model)
        {
            createCustomerUserModel.MaxAllowedDeviceCount = 1;
            var client = _webbApplicationFactory.Server.CreateClient();

            //Create User
            await Utils.CreateCustomer(client, createCustomerUserModel);

            //Activate User
            await Utils.ActivateUserAsync(client, createCustomerUserModel.Email);

            //InvalidUserNamePassword
            var extra = new Dictionary <string, string>
            {
                { "deviceId", "test-device" },
            };
            await Utils.RequestPasswordTokenAsync(client, createCustomerUserModel.Email, "wrongpass", extra);

            //SuccessfulLogin
            await Utils.RequestPasswordTokenAsync(client, createCustomerUserModel.Email, createCustomerUserModel.Password, extra);

            //InvalidLoginDevice
            extra["deviceId"] = "new-device";
            await Utils.RequestPasswordTokenAsync(client, createCustomerUserModel.Email, createCustomerUserModel.Password, extra);

            //Change Password
            extra["deviceId"] = "test-device";
            var tokenResponse = await Utils.RequestPasswordTokenAsync(client, createCustomerUserModel.Email, createCustomerUserModel.Password, extra);

            tokenResponse.IsError.Should().BeFalse();

            var changePasswordRequest = new ChangeCustomerPasswordModel()
            {
                CurrentPassword = createCustomerUserModel.Password,
                NewPassword     = newPassword,
            };

            client.SetBearerToken(tokenResponse.AccessToken);
            var response = await client.PostAsync(
                "/api/v1/users/change-password",
                changePasswordRequest.ToJsonContent());

            response.EnsureSuccessStatusCode();

            model.UserId = createCustomerUserModel.Id;
            await Utils.SetPrivateClientBearerTokenAsync(client);

            response = await client.PostAsync("/api/v1/users/update", model.ToJsonContent());

            response.EnsureSuccessStatusCode();

            //Deactivate User
            await Utils.DeactivateUserAsync(client, model.Email);

            var dbContextFactory = _webbApplicationFactory.Services.GetService(typeof(ApplicationDbContextFactory))
                                   as ApplicationDbContextFactory;

            //Assert
            await using var dbContext = dbContextFactory.Create();
            var logs = await dbContext.ActivityLogs
                       .Where(a => a.UserId == createCustomerUserModel.Id.ToString())
                       .ToListAsync();

            logs.Should().Contain(l => l.Type == ActivityLogType.UserCreated);
            logs.Should().Contain(l => l.Type == ActivityLogType.UserActivated);
            logs.Should().Contain(l => l.Type == ActivityLogType.InvalidUsernameOrPassword);
            logs.Should().Contain(l => l.Type == ActivityLogType.SuccessfulLogin);
            logs.Should().Contain(l => l.Type == ActivityLogType.InvalidLoginDeviceId);
            logs.Should().Contain(l => l.Type == ActivityLogType.PasswordChanged);
            logs.Should().Contain(l => l.Type == ActivityLogType.UserUpdated);
            logs.Should().Contain(l => l.Type == ActivityLogType.UserDeActivated);
        }
        public async Task When_UserActivatedAfterDeactivation_Then_ActionShouldReturnFalse(CreateCustomerUserModel model)
        {
            var client = _webbApplicationFactory.CreateClient();
            await Utils.CreateCustomer(client, model);

            var result = await Utils.ActivateUserAsync(client, model.Email);

            var extra = new Dictionary <string, string>
            {
                { "deviceId", "test-device1" },
            };
            var tokenResponse = await Utils.RequestPasswordTokenAsync(client, model.Email, model.Password, extra);

            tokenResponse.IsError.Should().BeFalse();
            await Utils.DeactivateUserAsync(client, model.Email);

            result = await Utils.ActivateUserAsync(client, model.Email);

            result.Should().BeFalse();
        }
        public async Task When_UserIsActivatedForTheFirstTime_Then_ActionShouldReturnTrue(CreateCustomerUserModel model)
        {
            var client = _webbApplicationFactory.CreateClient();
            await Utils.CreateCustomer(client, model);

            var result = await Utils.ActivateUserAsync(client, model.Email);

            result.Should().BeTrue();
        }