public async Task ChangeUserPasswordCommand_UserPasswordAndSaltChanged()
{
// Arrange
const string userName = "******";
Guid userId = Guid.NewGuid();
const string userPassword = "******";
const string passwordSalt = "SaltySalt";
User user = new User(userId, userName, "Dirk", "Gently", "*****@*****.**", userPassword, passwordSalt, "555-1234");
IAccountsRepository accountsRepository = _container.Resolve <IAccountsRepository>();
await accountsRepository.Add(user);
// Act
ICommandBus commandBus = _container.Resolve <ICommandBus>();
const string newPassword = "******";
await commandBus.Send(new ChangeUserPasswordCommand
{
UserId = userId,
Password = newPassword
});
IAccountsPerspective accountsPerspective = _container.Resolve <IAccountsPerspective>();
AccountWithCredentialsModel userWithCredentials = await accountsPerspective.GetUserWithCredentials(userName);
// Assert
userWithCredentials.PasswordHash
.Should().NotBeNullOrWhiteSpace("Password should be hashed and contained")
.And.NotBe(userPassword)
.And.NotBe(newPassword);
userWithCredentials.PasswordSalt
.Should().NotBeEmpty()
.And.NotBe(passwordSalt);
}
public async Task <AccountWithCredentialsModel> Handle(AccountByUserNameQuery query)
{
AccountWithCredentialsModel accountWithCredentialsModel = await _perspective.GetUserWithCredentials(query.UserName);
if (accountWithCredentialsModel != null)
{
return(accountWithCredentialsModel);
}
throw new UserNotFoundFgException(query.UserName);
}
public async Task <AuthenticatedUserReadModel> Authenticate(string userName, string password)
{
AccountByUserNameQuery accountByUserNameQuery = new AccountByUserNameQuery
{
UserName = userName,
};
AccountWithCredentialsModel account = await _query.Query <Task <AccountWithCredentialsModel>, AccountByUserNameQuery>(accountByUserNameQuery);
if (account == null)
{
return(null);
}
if (!await _passwordHasher.CheckHash(password, account.PasswordHash, account.PasswordSalt))
{
return(null); // todo throw exception
}
byte[] key = Encoding.ASCII.GetBytes(_jwtSettings.Key);
SecurityTokenDescriptor tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new[]
{
new Claim(JwtRegisteredClaimNames.Sub, account.Id.ToString())
}),
Expires = DateTime.UtcNow.AddMinutes(_jwtSettings.ExpiryMinutes),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
JwtSecurityToken token = tokenHandler.CreateJwtSecurityToken(tokenDescriptor);
return(new AuthenticatedUserReadModel
{
Token = tokenHandler.WriteToken(token),
Name = account.Name,
Surname = account.Surname
});
}
