public void ResetsPasswordMigratesPasswordHash()
{
var oldCred = CredentialBuilder.CreateSha1Password("thePassword");
var user = new User
{
Username = "******",
EmailAddress = "*****@*****.**",
PasswordResetToken = "some-token",
PasswordResetTokenExpirationDate = DateTime.UtcNow.AddDays(1),
Credentials = new List <Credential>()
{
oldCred
}
};
var authService = Get <AuthenticationService>();
authService.Entities.Users.Add(user);
bool result = authService.ResetPasswordWithToken("user", "some-token", "new-password");
// Assert
Assert.True(result);
var newCred = user.Credentials.Single();
Assert.Equal(CredentialTypes.Password.Pbkdf2, newCred.Type);
Assert.True(VerifyPasswordHash(newCred.Value, Constants.PBKDF2HashAlgorithmId, "new-password"));
authService.Entities.VerifyCommitChanges();
}
public void GivenOnlyASHA1PasswordItAuthenticatesUserAndReplacesItWithAPBKDF2Password()
{
var user = Fakes.CreateUser("tempUser", CredentialBuilder.CreateSha1Password("thePassword"));
var service = Get <AuthenticationService>();
service.Entities.Users.Add(user);
var foundByUserName = service.Authenticate("tempUser", "thePassword");
var cred = foundByUserName.User.Credentials.Single();
Assert.Same(user, foundByUserName.User);
Assert.Equal(CredentialTypes.Password.Pbkdf2, cred.Type);
Assert.True(CryptographyService.ValidateSaltedHash(cred.Value, "thePassword", Constants.PBKDF2HashAlgorithmId));
service.Entities.VerifyCommitChanges();
}
public void ReturnsFalseIfPasswordDoesNotMatchUser_SHA1()
{
// Arrange
var service = Get <AuthenticationService>();
var user = Fakes.CreateUser("tempUser",
CredentialBuilder.CreateSha1Password("oldpwd"));
service.Entities
.Set <User>()
.Add(user);
// Act
var changed = service.ChangePassword(user.Username, "not_the_password", "newpwd");
// Assert
Assert.False(changed);
}
public void ReturnsTrueWhenSuccessful()
{
// Arrange
var service = Get <AuthenticationService>();
var user = Fakes.CreateUser(
"tempUser",
CredentialBuilder.CreateSha1Password("oldpwd"));
service.Entities
.Set <User>()
.Add(user);
// Act
var changed = service.ChangePassword(user.Username, "oldpwd", "newpwd");
// Assert
Assert.True(changed);
}
public void MigratesPasswordIfHashAlgorithmIsNotPBKDF2()
{
// Arrange
var service = Get <AuthenticationService>();
var user = Fakes.CreateUser(
"tempUser",
CredentialBuilder.CreateSha1Password("oldpwd"));
service.Entities
.Set <User>()
.Add(user);
// Act
var changed = service.ChangePassword(user.Username, "oldpwd", "newpwd");
// Assert
var cred = user.Credentials.Single(c => c.Type.StartsWith(CredentialTypes.Password.Prefix, StringComparison.OrdinalIgnoreCase));
Assert.Equal(CredentialTypes.Password.Pbkdf2, cred.Type);
Assert.True(VerifyPasswordHash(cred.Value, Constants.PBKDF2HashAlgorithmId, "newpwd"));
service.Entities.VerifyCommitChanges();
}
public Fakes()
{
User = new User("testUser")
{
Key = 42,
EmailAddress = "*****@*****.**",
Credentials = new List <Credential>
{
CredentialBuilder.CreatePbkdf2Password(Password),
CredentialBuilder.CreateV1ApiKey(Guid.Parse("519e180e-335c-491a-ac26-e83c4bd31d65"),
ExpirationForApiKeyV1)
}
};
ShaUser = new User("testShaUser")
{
Key = 42,
EmailAddress = "*****@*****.**",
Credentials = new List <Credential>
{
CredentialBuilder.CreateSha1Password(Password),
CredentialBuilder.CreateV1ApiKey(Guid.Parse("b9704a41-4107-4cd2-bcfa-70d84e021ab2"),
ExpirationForApiKeyV1)
}
};
Admin = new User("testAdmin")
{
Key = 43,
EmailAddress = "*****@*****.**",
Credentials = new List <Credential> {
CredentialBuilder.CreatePbkdf2Password(Password)
},
Roles = new List <Role> {
new Role {
Name = Constants.AdminRoleName
}
}
};
Owner = new User("testPackageOwner")
{
Key = 44,
Credentials = new List <Credential> {
CredentialBuilder.CreatePbkdf2Password(Password)
},
EmailAddress = "*****@*****.**" //package owners need confirmed email addresses, obviously.
};
Package = new PackageRegistration
{
Id = "FakePackage",
Owners = new List <User> {
Owner
},
Packages = new List <Package>
{
new Package {
Version = "1.0"
},
new Package {
Version = "2.0"
}
}
};
}