public void ThrowAnUnauthorizedAccessExceptionWhenAUserIsNotAuthenticated() { // GIVEN a UserDTO containing a user's e-mail and password UserDTO user = new UserDTO { EmailAddress = "*****@*****.**", Password = "******" }; UnauthorizedAccessException mockException = new UnauthorizedAccessException("Username or password is incorrect."); // WHEN a user is not correctly authenticated TrainerCredentials mockTrainerCredentials = new TrainerCredentials { EmailAddress = "*****@*****.**", // NOTE: the hash should be "$2b$10$sCfS.t4SiS21G9rhNcqKue/PkEiitv/OfB0DojqdkMQneiUQw0l06" Hash = PASSWORD1234_HASH, Salt = PASSWORD1234_SALT }; accountContextMock.Setup(a => a.TrainerCredentials.Find(user.EmailAddress)).Returns(mockTrainerCredentials); // THEN ensure an UnauthorizedAccessException is thrown UnauthorizedAccessException ex = Assert.Throws <UnauthorizedAccessException>(() => accountServices.AuthorizeTrainer(user)); // AND ensure the message reads "Username or password is incorrect." Assert.Equal("Username or password is incorrect.", mockException.Message); }
private Claims GetTrainerClaims(UserDTO user) { TrainerCredentials trainerCredentials = accountContext.TrainerCredentials.Find(user.EmailAddress); if (trainerCredentials != null && trainerCredentials.IsTrainerAuthorized(user.Password)) { return(accountContext.Trainer.Find(user.EmailAddress).GenerateClaims()); } throw new UnauthorizedAccessException("Username or password is incorrect."); }
public void ReturnUserClaimsDTOForAuthenticatedUser() { // GIVEN a UserDTO containing a user's e-mail and password UserDTO user = new UserDTO { EmailAddress = "*****@*****.**", Password = "******" }; // WHEN the user is correctly authenticated // AND the user's login information is returned from the database TrainerCredentials mockTrainerCredentials = new TrainerCredentials { EmailAddress = "*****@*****.**", Hash = PASSWORD1234_HASH, Salt = PASSWORD1234_SALT }; accountContextMock.Setup(a => a.TrainerCredentials.Find(user.EmailAddress)).Returns(mockTrainerCredentials); Trainer mockTrainer = new Trainer { EmailAddress = "*****@*****.**", FirstName = "Test", LastName = "User" }; accountContextMock.Setup(a => a.Trainer.Find(mockTrainer.EmailAddress)).Returns(mockTrainer); configMock.Setup(c => c.Value.JwtKey).Returns(JWT_KEY); UserClaimsDTO userClaims = accountServices.AuthorizeTrainer(user); // THEN return a UserClaimsDTO containing an e-mail claim with the // user's e-mail, a name claim with the user's full name, a role claim // of trainer, and a TrainerId claim with the trainer's ID List <Claim> claims = new List <Claim> { new Claim(ClaimTypes.Email, "*****@*****.**"), new Claim(ClaimTypes.Name, "Test User"), new Claim(ClaimTypes.Role, UserRole.TRAINER.ToString()) }; for (int i = 0; i < claims.Count; i++) { Assert.Equal(claims[i].GetType(), userClaims.Claims[i].GetType()); Assert.Equal(claims[i].Value, userClaims.Claims[i].Value); } // AND an encrypted Token var handler = new JwtSecurityTokenHandler(); var decodedClaims = handler.ReadToken(userClaims.Token) as JwtSecurityToken; Assert.NotNull(decodedClaims); }
public void ReturnFalseForAuthorizedUser() { // GIVEN a TrainderCredentials object TrainerCredentials trainerCredentials = new TrainerCredentials { EmailAddress = "*****@*****.**", Hash = PASSWORD1234_HASH, Salt = PASSWORD1234_SALT }; // AND a password presented by the user string password = "******"; // WHEN a user is attempting to authenticate bool isUserAuthorized = trainerCredentials.IsTrainerAuthorized(password); // THEN return true indicating the user is authorized Assert.False(isUserAuthorized); }