public async Task <AccessUser> CreateUser(AccessUserInput request)
{
var isValid = this.ValidateRequest(request);
if (isValid)
{
byte[] passwordHash, passwordSalt;
this.CreatePasswordHash(request.Password, out passwordHash, out passwordSalt);
try
{
var userEntity = _mapper.Map <AccessUser>(request);
userEntity.PasswordHash = passwordHash;
userEntity.PasswordSalt = passwordSalt;
var user = await _accessUserRepository.AddUserAsync(userEntity);
if (user == null)
{
return(null);
}
return(user);
}
catch (Exception ex)
{
throw new Exception($"An error has occured. {ex}");
}
}
return(null);
}
private bool ValidateRequest(AccessUserInput request)
{
return(request != null &&
!string.IsNullOrEmpty(request.Password) &&
!string.IsNullOrWhiteSpace(request.Password) &&
!string.IsNullOrEmpty(request.Username) &&
!string.IsNullOrWhiteSpace(request.Username));
}
public async Task <IActionResult> RegisterUser([FromBody] AccessUserInput userParams)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var user = await _userService.CreateUser(userParams);
if (user == null)
{
return(BadRequest("An error has occured."));
}
return(Ok("The user Created successfully"));
}
public async Task <IActionResult> Authenticate([FromBody] AccessUserInput userParams)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var user = await _userService.GetUser(userParams);
if (user == null)
{
return(BadRequest("Incorrect Username or Password."));
}
return(Ok(user));
}
public async Task AuthenticateUser_ReturnsOkResult()
{
// Arrange
var requestModel = new AccessUserInput
{
Username = "******",
Password = "******"
};
// Act
var response = await _accessUserController.Authenticate(requestModel);
// Assert
var result = Assert.IsType <OkObjectResult>(response);
Assert.IsAssignableFrom <AccessUser>(result.Value);
}
public async Task CreateUser_EmptyInputs_ReturnsBadRequest()
{
// Arrange
var requestModel = new AccessUserInput
{
Username = "",
Password = ""
};
// Act
var response = await _accessUserController.RegisterUser(requestModel);
// Assert
var result = Assert.IsType <BadRequestObjectResult>(response);
Assert.Equal(400, result.StatusCode);
}
public async Task CreateUser_ReturnsOkResult()
{
// Arrange
var requestModel = new AccessUserInput
{
Username = "******",
Password = "******"
};
// Act
var response = await _accessUserController.RegisterUser(requestModel);
// Assert
var result = Assert.IsType <OkObjectResult>(response);
Assert.IsAssignableFrom <string>(result.Value);
}
public async Task AuthenticateUser_WrongCredentials_ReturnsBadRequest()
{
// Arrange
var requestModel = new AccessUserInput
{
Username = "******",
Password = "******"
};
// Act
var response = await _accessUserController.Authenticate(requestModel);
// Assert
var result = Assert.IsType <BadRequestObjectResult>(response);
Assert.Equal(400, result.StatusCode);
}
public async Task <AccessUser> GetUser(AccessUserInput request)
{
var isValid = this.ValidateRequest(request);
if (isValid)
{
var user = await _accessUserRepository.GetUserAsync(request.Username);
if (user == null || !VerifyPassword(request.Password, user.PasswordHash, user.PasswordSalt))
{
return(null);
}
user.PasswordHash = new byte[0];
user.PasswordSalt = new byte[0];
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(BearerSecret);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.Name, user.Id.ToString())
}),
Expires = DateTime.UtcNow.AddDays(10),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
user.Token = tokenHandler.WriteToken(token);
return(user);
}
return(null);
}
