public void ThrowAnUnauthorizedAccessExceptionWhenAUserIsNotAuthenticated()
{
// GIVEN a UserDTO containing a user's e-mail and password
UserDTO user = new UserDTO
{
EmailAddress = "*****@*****.**",
Password = "******"
};
UnauthorizedAccessException mockException = new UnauthorizedAccessException("Username or password is incorrect.");
// WHEN a user is not correctly authenticated
TrainerCredentials mockTrainerCredentials = new TrainerCredentials
{
EmailAddress = "*****@*****.**",
// NOTE: the hash should be "$2b$10$sCfS.t4SiS21G9rhNcqKue/PkEiitv/OfB0DojqdkMQneiUQw0l06"
Hash = PASSWORD1234_HASH,
Salt = PASSWORD1234_SALT
};
accountContextMock.Setup(a => a.TrainerCredentials.Find(user.EmailAddress)).Returns(mockTrainerCredentials);
// THEN ensure an UnauthorizedAccessException is thrown
UnauthorizedAccessException ex = Assert.Throws <UnauthorizedAccessException>(() => accountServices.AuthorizeTrainer(user));
// AND ensure the message reads "Username or password is incorrect."
Assert.Equal("Username or password is incorrect.", mockException.Message);
}
private Claims GetTrainerClaims(UserDTO user)
{
TrainerCredentials trainerCredentials = accountContext.TrainerCredentials.Find(user.EmailAddress);
if (trainerCredentials != null && trainerCredentials.IsTrainerAuthorized(user.Password))
{
return(accountContext.Trainer.Find(user.EmailAddress).GenerateClaims());
}
throw new UnauthorizedAccessException("Username or password is incorrect.");
}
public void ReturnUserClaimsDTOForAuthenticatedUser()
{
// GIVEN a UserDTO containing a user's e-mail and password
UserDTO user = new UserDTO
{
EmailAddress = "*****@*****.**",
Password = "******"
};
// WHEN the user is correctly authenticated
// AND the user's login information is returned from the database
TrainerCredentials mockTrainerCredentials = new TrainerCredentials
{
EmailAddress = "*****@*****.**",
Hash = PASSWORD1234_HASH,
Salt = PASSWORD1234_SALT
};
accountContextMock.Setup(a => a.TrainerCredentials.Find(user.EmailAddress)).Returns(mockTrainerCredentials);
Trainer mockTrainer = new Trainer
{
EmailAddress = "*****@*****.**",
FirstName = "Test",
LastName = "User"
};
accountContextMock.Setup(a => a.Trainer.Find(mockTrainer.EmailAddress)).Returns(mockTrainer);
configMock.Setup(c => c.Value.JwtKey).Returns(JWT_KEY);
UserClaimsDTO userClaims = accountServices.AuthorizeTrainer(user);
// THEN return a UserClaimsDTO containing an e-mail claim with the
// user's e-mail, a name claim with the user's full name, a role claim
// of trainer, and a TrainerId claim with the trainer's ID
List <Claim> claims = new List <Claim> {
new Claim(ClaimTypes.Email, "*****@*****.**"),
new Claim(ClaimTypes.Name, "Test User"),
new Claim(ClaimTypes.Role, UserRole.TRAINER.ToString())
};
for (int i = 0; i < claims.Count; i++)
{
Assert.Equal(claims[i].GetType(), userClaims.Claims[i].GetType());
Assert.Equal(claims[i].Value, userClaims.Claims[i].Value);
}
// AND an encrypted Token
var handler = new JwtSecurityTokenHandler();
var decodedClaims = handler.ReadToken(userClaims.Token) as JwtSecurityToken;
Assert.NotNull(decodedClaims);
}
public void ReturnFalseForAuthorizedUser()
{
// GIVEN a TrainderCredentials object
TrainerCredentials trainerCredentials = new TrainerCredentials
{
EmailAddress = "*****@*****.**",
Hash = PASSWORD1234_HASH,
Salt = PASSWORD1234_SALT
};
// AND a password presented by the user
string password = "******";
// WHEN a user is attempting to authenticate
bool isUserAuthorized = trainerCredentials.IsTrainerAuthorized(password);
// THEN return true indicating the user is authorized
Assert.False(isUserAuthorized);
}
