public async Task VerifyCredentials_Should_Succeed_When_Session_UserId_Matches_User()
{
// Arrange
_authenticationRepositoryMock.Setup(repo => repo.AuthenticateUserAsync("foo", "bar", true)).ReturnsAsync(new AuthenticationUser()
{
Id = 2
});
// Act
var controller = new SessionsController(_authenticationRepositoryMock.Object, _httpClientProvider, _logMock.Object)
{
Request = new HttpRequestMessage()
{
Properties =
{
{ ServiceConstants.SessionProperty, new Session()
{
UserId = 2
} }
}
}
};
await controller.VerifyCredentials(EncryptedUsername, EncryptedPassword);
}
public async Task VerifyCredentials_Should_Throw_Authentication_Exception_When_Session_Does_Not_Exist()
{
// Arrange
_authenticationRepositoryMock.Setup(repo => repo.AuthenticateUserAsync(It.IsAny <string>(), It.IsAny <string>(), true))
.Throws(new AuthenticationException("baz", ErrorCodes.UserDisabled));
// Act
var controller = new SessionsController(_authenticationRepositoryMock.Object, _httpClientProvider, _logMock.Object)
{
Request = new HttpRequestMessage()
{
Properties = { }
}
};
try
{
await controller.VerifyCredentials(EncryptedUsername, EncryptedPassword);
}
catch (AuthenticationException ex)
{
// Assert
Assert.AreEqual(ErrorCodes.UnauthorizedAccess, ex.ErrorCode);
return;
}
Assert.Fail("An Authentication Exception was not thrown.");
}
public async Task VerifyCredentials_Should_Decrypt_Password_From_Base64()
{
// Arrange
_authenticationRepositoryMock.Setup(repo => repo.AuthenticateUserAsync(It.IsAny <string>(), It.IsAny <string>(), true)).ReturnsAsync(new AuthenticationUser()
{
Id = 2
});
// Act
var controller = new SessionsController(_authenticationRepositoryMock.Object, _httpClientProvider, _logMock.Object)
{
Request = new HttpRequestMessage()
{
Properties =
{
{ ServiceConstants.SessionProperty, new Session()
{
UserId = 2
} }
}
}
};
await controller.VerifyCredentials(EncryptedUsername, EncryptedPassword);
// Assert
_authenticationRepositoryMock.Verify(repo => repo.AuthenticateUserAsync(It.IsAny <string>(), "bar", true));
}
public async Task VerifyCredentials_Should_Throw_Bad_Request_Exception_When_Session_UserId_Doesnt_Match_User()
{
// Arrange
_authenticationRepositoryMock.Setup(repo => repo.AuthenticateUserAsync(It.IsAny <string>(), It.IsAny <string>(), true)).ReturnsAsync(new AuthenticationUser()
{
Id = 2
});
// Act
var controller = new SessionsController(_authenticationRepositoryMock.Object, _httpClientProvider, _logMock.Object)
{
Request = new HttpRequestMessage()
{
Properties =
{
{ ServiceConstants.SessionProperty, new Session()
{
UserId = 3
} }
}
}
};
try
{
await controller.VerifyCredentials(EncryptedUsername, EncryptedPassword);
}
catch (BadRequestException ex)
{
// Assert
Assert.AreEqual(ErrorCodes.InvalidCredentials, ex.ErrorCode);
return;
}
Assert.Fail("A BadRequestException was not thrown.");
}