public void AuthenticateValidCredentialsTest() { UserAccountController userController = CreateFakeUserAccountController(); //Authenticate with valid credentials var response = userController.Authenticate( new ReceiveLoginUserModel(_users[0].Email, "password-u1") ); Assert.IsType <OkObjectResult>(response.Result); //Validate return data from endpoint SendLoginUserModel sendLoginUserModel = (SendLoginUserModel)((OkObjectResult)response.Result).Value; Assert.Equal(_users[0].Id, sendLoginUserModel.Id); Assert.Equal(_users[0].Email, sendLoginUserModel.Email); TokenCreatorValidator tokenCreatorValidator = new TokenCreatorValidator(_testApiSecret); TokenValidationParams tokenValidationParams = tokenCreatorValidator.ValidateToken(sendLoginUserModel.Token); Assert.Equal(_users[0].Id, tokenValidationParams.UserId); User authenticatedUser = _usersService.GetById(_users[0].Id); Assert.Equal( Encoding.Default.GetString(authenticatedUser.AuthSalt), Encoding.Default.GetString(tokenValidationParams.SaltBytes) ); }
public ActionResult ResetPassword([FromBody] PasswordResetModel passwordResetModel) { User user; try { user = _userService.GetByEmail(passwordResetModel.Email); } catch (RequestException) { return(BadRequest(new { message = "Email does not exist" })); } TokenValidationParams tokenValidationParams; User tokenUser; try { tokenValidationParams = _tokenCreatorValidator.ValidateToken(passwordResetModel.RecoveryToken); tokenUser = _userService.GetById(tokenValidationParams.UserId); } catch (Exception) { return(BadRequest(new { message = "Invalid token error" })); } if (Encoding.Default.GetString(tokenUser.RecoverySalt) != Encoding.Default.GetString(tokenValidationParams.SaltBytes)) { return(BadRequest(new { message = "Recovery link expired or invalid" })); } user.RecoverySalt = null; try { _userService.SetNewPassword(user, passwordResetModel.NewPassword); } catch (RequestException ex) { if (ex.Code == UserExceptionCodes.InvalidCredentials) { return(BadRequest(new { message = "Invalid old password" })); } if (ex.Code == UserExceptionCodes.BadPassword) { return(BadRequest(new { message = "Invalid new password" })); } return(BadRequest(new { message = "Unknown error" })); } return(Ok()); }
private void AttachUserToContext(HttpContext context, IUsersService userService, string tokenStr) { TokenCreatorValidator tokenCreatorValidator = new TokenCreatorValidator(_configuration.Value.Secret); try { TokenValidationParams tokenValidationParams = tokenCreatorValidator.ValidateToken(tokenStr); User tokenUser = userService.GetById(tokenValidationParams.UserId); if (Encoding.Default.GetString(tokenUser.AuthSalt) == Encoding.Default.GetString(tokenValidationParams.SaltBytes)) { context.Items["User"] = tokenUser; } } catch { // do nothing if jwt validation fails // user is not attached to context so request won't have access to secure routes } }
public void CreateAndValidateTokenTest() { TokenCreatorValidator tokenCreatorValidator = new TokenCreatorValidator( RandomString(1024) ); int userId; for (int i = 0; i < 100; i++) { userId = Random.Next(1, Int32.MaxValue); TokenCreationParams tokenCreationParams = tokenCreatorValidator.CreateToken(userId, 30); TokenValidationParams tokenValidationParams = tokenCreatorValidator.ValidateToken(tokenCreationParams.TokenStr); Assert.Equal(userId, tokenValidationParams.UserId); Assert.Equal( Encoding.Default.GetString(tokenCreationParams.SaltBytes), Encoding.Default.GetString(tokenValidationParams.SaltBytes) ); } }