public async Task Should_reset_user_password()
{
const string USERNAME = EmailData.NON_EXISTENT_USERNAME;
const string NEW_PASSWORD = UserData.NEW_PASSWORD;
var request = new ResetUserPasswordRequest()
{
Username = USERNAME
};
var response = new UpdateUserResponse()
{
NewPassword = NEW_PASSWORD
};
UserApiClient
.Setup(x => x.ResetUserPasswordAsync(USERNAME))
.ReturnsAsync(response);
var result = await Controller.ResetUserPassword(request);
result.Should().NotBeNull();
var objectResult = (OkObjectResult)result;
objectResult.StatusCode.Should().Be((int)HttpStatusCode.OK);
var passwordResponse = (UpdateUserResponse)objectResult.Value;
passwordResponse.NewPassword.Should().Be(response.NewPassword);
}
public IActionResult ResetUserPassword([FromBody] ResetUserPasswordRequest request)
{
var client = GetUserClient();
client.ResetUserPassword(request.UserId);
return(AjaxOkResponse());
}
public static void ProjectTo(this ResetUserPasswordRequest request, Users user)
{
var securitySalt = EncryptContractor.Instance.SetDefault(Settings.IV, Settings.Key).GenerateEncryptedSecuritySalt();
var scriptedPassword = PasswordContractor.Instance.GeneratePassword(request.NewPassword, securitySalt);
user.SecuritySalt = securitySalt;
user.Password = scriptedPassword;
}
public ResetPasswordUserControllerTests()
{
_loggerMock = new Mock <ILogger <UserController> >();
_request = new ResetUserPasswordRequest {
Username = UserData.USERNAME
};
_configuration = new Mock <IConfiguration>();
SetMockConfig();
}
public async Task Should_pass_validation()
{
var request = new ResetUserPasswordRequest()
{
Username = VALID_TEXT
};
var result = await _validator.ValidateAsync(request);
result.IsValid.Should().BeTrue();
}
public async Task <bool> ResetPasswordAsync(ResetUserPasswordRequest resetUserPasswordRequest)
{
var userResponse = await _userService.GetUserByEmailAsync(resetUserPasswordRequest.Email);
if (userResponse == null)
{
throw new ArgumentException(string.Format(ValidationMessages.NotFound, ValidationMessages.User));
}
var changePasswordResponse = await _loginRepository.UpdatePasswordAsync(userResponse.Id, _passwordHashService.Hash(resetUserPasswordRequest.Password));
return(changePasswordResponse > 0);
}
public async Task Should_return_bad_request_for_null_username()
{
var request = new ResetUserPasswordRequest()
{
Username = string.Empty
};
var uri = ApiUriFactory.UserEndpoints.ResetUserPassword();
await SendPatchRequest(uri, RequestHelper.Serialise(request));
VerifyResponse(HttpStatusCode.BadRequest, false);
}
/**
* Set user phone number.
*/
private async Task <APIGatewayProxyResponse> ResetUserPassword(IDataStores dataStores,
IDictionary <string, string> requestHeaders,
JObject requestBody)
{
Debug.Untested();
Debug.AssertValid(dataStores);
Debug.AssertValid(requestHeaders);
Debug.AssertValidOrNull(requestBody);
try {
// Log call
LoggingHelper.LogMessage($"UserIdentityService::ResetUserPassword()");
// Get the NoSQL DB client
AmazonDynamoDBClient dbClient = (AmazonDynamoDBClient)dataStores.GetNoSQLDataStore().GetDBClient();
Debug.AssertValid(dbClient);
// Check inputs
ResetUserPasswordRequest resetUserPasswordRequest = UserIdentityService_ResetUserPassword_LogicLayer.CheckValidResetUserPasswordRequest(requestBody);
Debug.AssertValid(resetUserPasswordRequest);
// Check reCaptcha
ReCaptchaHelper.CheckReCaptchaToken(resetUserPasswordRequest.reCaptcha);
// Perform logic
await UserIdentityService_ResetUserPassword_LogicLayer.ResetUserPassword(dbClient, resetUserPasswordRequest);
// Respond
return(new APIGatewayProxyResponse {
StatusCode = APIHelper.STATUS_CODE_NO_CONTENT
});
} catch (Exception exception) {
Debug.Tested();
if ((exception.Message == SharedLogicLayer.ERROR_UNRECOGNIZED_EMAIL_ADDRESS) ||
(exception.Message == IdentityServiceLogicLayer.ERROR_EMAIL_NOT_VERIFIED) ||
(exception.Message == ReCaptchaHelper.ERROR_INVALID_RECAPTCHA_TOKEN))
{
Debug.Tested();
// Note tht no error code is returned for security reasons.
//??--return StatusCode(APIHelper.STATUS_CODE_FORBIDDEN);
return(new APIGatewayProxyResponse {
StatusCode = APIHelper.STATUS_CODE_FORBIDDEN
});
}
else
{
Debug.Untested();
return(APIHelper.ResponseFromException(exception));
}
}
}
public void Should_throw_error_if_test_default_password_not_found()
{
var username = EjudUserData.USERNAME(EjudUserData.AUTOMATED_FIRST_NAME_PREFIX, EjudUserData.LAST_NAME(1), EjudUserData.FAKE_EJUD_DOMAIN);
var request = new ResetUserPasswordRequest()
{
Username = username
};
Configuration
.Setup(x => x.GetSection("TestDefaultPassword").Value)
.Returns(() => null);
Assert.ThrowsAsync <ConfigurationErrorsException>(async() => await Controller.ResetUserPassword(request));
}
public async Task Should_fail_validation_if_username_empty()
{
var request = new ResetUserPasswordRequest()
{
Username = string.Empty
};
var result = await _validator.ValidateAsync(request);
result.IsValid.Should().BeFalse();
result.Errors.Count.Should().Be(1);
result.Errors.Any(x => x.ErrorMessage == ResetPasswordRequestValidator.EMPTY_USERNAME_ERROR_MESSAGE)
.Should().BeTrue();
}
public async Task Should_fail_validation_if_username_contains_automation()
{
var request = new ResetUserPasswordRequest()
{
Username = AUTOMATION_USER
};
var result = await _validator.ValidateAsync(request);
result.IsValid.Should().BeFalse();
result.Errors.Count.Should().Be(1);
result.Errors.Any(x => x.ErrorMessage == ResetPasswordRequestValidator.CANNOT_RESET_AUTOMATION_USERS_ERROR_MESSAGE)
.Should().BeTrue();
}
public ResetUserPasswordResponse ResetUserPassword(ResetUserPasswordRequest request)
{
Platform.CheckForNullReference(request, "request");
Platform.CheckMemberIsSet(request.UserName, "UserName");
var user = FindUserByName(request.UserName);
var settings = new AuthenticationSettings();
user.ResetPassword(settings.DefaultTemporaryPassword);
var assembler = new UserAssembler();
return(new ResetUserPasswordResponse(assembler.GetUserSummary(user)));
}
public async Task Should_return_not_found_for_non_existent_username()
{
const string USERNAME = EmailData.NON_EXISTENT_USERNAME;
var request = new ResetUserPasswordRequest()
{
Username = USERNAME
};
var uri = ApiUriFactory.UserEndpoints.ResetUserPassword();
await SendPatchRequest(uri, RequestHelper.Serialise(request));
VerifyResponse(HttpStatusCode.NotFound, false);
}
public async Task <IActionResult> ResetPassword(ResetUserPasswordRequest request)
{
_logger.LogDebug("ResetPassword {username}", request.Username);
const int POLLY_RETRIES = 5;
var policy = Policy
.HandleResult(false)
.WaitAndRetryAsync(POLLY_RETRIES, retryAttempt => TimeSpan.FromSeconds(Math.Pow(2, retryAttempt)));
if (request.Username.EndsWith(GetEjudDomain(), StringComparison.InvariantCultureIgnoreCase))
{
return(Ok(new UpdateUserResponse {
NewPassword = GetDefaultPassword()
}));
}
try
{
var response = await policy.ExecuteAsync(async() => await _testApiClient.GetUserExistsInAdAsync(request.Username));
if (response.Equals(false))
{
return(NotFound());
}
_logger.LogDebug("User '{username}' successfully found in AAD", request.Username);
}
catch (TestApiException e)
{
_logger.LogError(e, "Unable to find user {username} to reset user password with error '{message}'", request.Username, e.Message);
return(StatusCode(e.StatusCode, e.Response));
}
try
{
var response = await _testApiClient.ResetUserPasswordAsync(request);
_logger.LogDebug("User '{username}' successfully reset", request.Username);
return(Ok(response));
}
catch (TestApiException e)
{
_logger.LogError(e, "Unable to reset user password: {username} with error '{message}'", request.Username, e.Message);
return(StatusCode(e.StatusCode, e.Response));
}
}
public async Task <Users> ResetUserPassword(ResetUserPasswordRequest request)
{
var claims = JwtTokenHelper.GetTokenClaims(request.Token, Settings.JwtSecretKey);
var userId = claims.FirstOrDefault(x => x.Type == "UserId");
if (userId == null)
{
throw new Exception("Invalid token");
}
Users u = await _repository.GetByIdAsync(Convert.ToInt64(userId.Value));
request.ProjectTo(u);
await _repository.AddOrUpdateAsync(u);
return(u);
}
public async Task Should_return_test_password_for_ejud_users()
{
var username = EjudUserData.USERNAME(EjudUserData.AUTOMATED_FIRST_NAME_PREFIX, EjudUserData.LAST_NAME(1), EjudUserData.FAKE_EJUD_DOMAIN);
var request = new ResetUserPasswordRequest()
{
Username = username
};
var result = await Controller.ResetUserPassword(request);
var objectResult = (OkObjectResult)result;
objectResult.StatusCode.Should().Be((int)HttpStatusCode.OK);
var passwordResponse = (UpdateUserResponse)objectResult.Value;
passwordResponse.NewPassword.Should().Be(EjudUserData.FAKE_PASSWORD);
}
public async Task Should_return_bad_request_for_automation_user()
{
var individualUser = await Context.Data.SeedUser(UserType.Individual);
await Context.Data.SeedAllocation(individualUser.Id);
await Context.Data.AllocateUser(individualUser.Id);
var request = new ResetUserPasswordRequest()
{
Username = individualUser.Username
};
var uri = ApiUriFactory.UserEndpoints.ResetUserPassword();
await SendPatchRequest(uri, RequestHelper.Serialise(request));
VerifyResponse(HttpStatusCode.BadRequest, false);
}
public async Task Should_return_default_password_for_ejud_user()
{
var username = await AllocateUser(true);
var request = new ResetUserPasswordRequest()
{
Username = username
};
var uri = ApiUriFactory.UserEndpoints.ResetUserPassword();
await SendPatchRequest(uri, RequestHelper.Serialise(request));
VerifyResponse(HttpStatusCode.OK, true);
var response = RequestHelper.Deserialise <UpdateUserResponse>(Json);
response.Should().NotBeNull();
response.NewPassword.Should().Be(Context.Config.TestDefaultPassword);
}
public async Task Should_return_test_password_for_ejud_users()
{
var client = new Mock <ITestApiClient>();
const string username = EjudUserData.FAKE_EJUD_DOMAIN;
var request = new ResetUserPasswordRequest()
{
Username = username
};
var controller = new UserController(client.Object, _loggerMock.Object, _configuration.Object);
var result = await controller.ResetPassword(request);
var objectResult = (OkObjectResult)result;
objectResult.StatusCode.Should().Be((int)HttpStatusCode.OK);
var passwordResponse = (UpdateUserResponse)objectResult.Value;
passwordResponse.NewPassword.Should().Be(EjudUserData.FAKE_PASSWORD);
}
public void Should_throw_error_if_ejud_domain_not_found()
{
var client = new Mock <ITestApiClient>();
const string username = EjudUserData.FAKE_EJUD_DOMAIN;
var request = new ResetUserPasswordRequest()
{
Username = username
};
var configuration = new Mock <IConfiguration>();
configuration
.Setup(x => x.GetSection("EjudUsernameStem").Value)
.Returns(() => null);
var controller = new UserController(client.Object, _loggerMock.Object, configuration.Object);
Assert.ThrowsAsync <InvalidDataException>(async() => await controller.ResetPassword(request));
}
public async Task <IActionResult> ResetUserPassword(ResetUserPasswordRequest request)
{
_logger.LogDebug($"ResetUserPassword");
if (request.Username.EndsWith(GetEjudDomain(), StringComparison.InvariantCultureIgnoreCase))
{
return(Ok(new UpdateUserResponse {
NewPassword = GetDefaultPassword()
}));
}
try
{
var response = await _userApiClient.ResetUserPasswordAsync(request.Username);
return(Ok(response));
}
catch (UserApiException e)
{
return(StatusCode(e.StatusCode, e.Response));
}
}
public async Task Should_reset_users_password()
{
var username = await AllocateUser();
await PollForUserExistsInAad(username);
var request = new ResetUserPasswordRequest()
{
Username = username
};
var uri = ApiUriFactory.UserEndpoints.ResetUserPassword();
await SendPatchRequest(uri, RequestHelper.Serialise(request));
VerifyResponse(HttpStatusCode.OK, true);
var response = RequestHelper.Deserialise <UpdateUserResponse>(Json);
response.Should().NotBeNull();
response.NewPassword.Should().NotBeNullOrEmpty();
}
public ResetUserPasswordResponse ResetUserPassword(ResetUserPasswordRequest request)
{
Platform.CheckForNullReference(request, "request");
Platform.CheckMemberIsSet(request.UserName, "UserName");
var user = FindUserByName(request.UserName);
EnsureCurrentUserAuthorizedToManage(user.AccountType);
if (user.AccountType != UserAccountType.U)
{
throw new RequestValidationException(SR.MessageAccountTypeDoesNotSupportPasswordReset);
}
var settings = new AuthenticationSettings();
user.ResetPassword(settings.DefaultTemporaryPassword);
var assembler = new UserAssembler();
return(new ResetUserPasswordResponse(assembler.GetUserSummary(user)));
}
public async Task <IHttpActionResult> ResetPassword([FromBody] ResetUserPasswordRequest request)
{
try
{
if (ModelState.IsValid)
{
var user = await _userService.ResetUserPassword(request);
if (user != null)
{
await _userService.CommitAsync();
var token = CreateToken(user);
return(Ok(new { Token = token }));
}
}
return(BadRequest(ModelState));
}
catch (Exception ex)
{
HttpContext.Current.Response.StatusCode = 500;
throw ex;
}
}
