public async Task TestInvalidCaseAsync()
{
// arrange
var obj = new {
username = "******",
password = "******"
};
var repository = new Mock <IRepository>();
var settings = new ApplicationSettings();
var set = TestUtilities.CreateDbSetMock(new List <User> {
new User {
Username = obj.username, Password = CryptoUtilities.CreateHash(obj.password)
},
});
repository
.Setup(x => x.AsQueryable <User>())
.Returns(set.Object);
var validationService = new ValidationService(repository.Object, settings);
// act
var exception = await TestUtilities.ThrowsAsync <ValidationException>(async() => await validationService.ValidateOldPasswordAsync(obj.username, "something else"));
// assert
Assert.Equal(ValidationReason.PasswordIsIncorrect, exception.Reason);
repository.Verify(x => x.AsQueryable <User>(), Times.Once);
}
public void TestValidCase()
{
// arrange
var obj = new {
username = "******",
password = "******"
};
var repository = new Mock <IRepository>();
var settings = new ApplicationSettings();
var set = TestUtilities.CreateDbSetMock(new List <User> {
new User {
Username = obj.username, Password = CryptoUtilities.CreateHash(obj.password)
},
});
repository
.Setup(x => x.AsQueryable <User>())
.Returns(set.Object);
var validationService = new ValidationService(repository.Object, settings);
// act
Assert.DoesNotThrow(async() => await validationService.ValidateOldPasswordAsync(obj.username, obj.password));
// assert
repository.Verify(x => x.AsQueryable <User>(), Times.Exactly(1));
}
public virtual async Task ChangePasswordAsync(dynamic model)
{
_validationService.Bundles.ValidateNewPassword(model);
var user = await _repository.UserByUsernameAsync((string)model.username);
user.Password = CryptoUtilities.CreateHash((string)model.password);
await _repository.UpdateAsync(user);
}
public void TestInvalidPassword()
{
// arrange
var hash = CryptoUtilities.CreateHash("password");
// act
var valid = CryptoUtilities.ValidatePassword("something else", hash);
// assert
Assert.False(valid);
}
public virtual async Task ResetPasswordAsync(dynamic model)
{
_validationService.Bundles.ValidateNewPassword(model);
string q = model.q;
int id;
string ciphertext;
try {
var split = q.Split(new[] { ':' });
id = int.Parse(split[0]);
ciphertext = split[1];
}
catch {
throw new ServiceException(ServiceReason.InvalidUserRequest);
}
var request = await _repository.GetAsync <UserRequest>(id);
if (request == null || request.RequestType != UserRequestType.ResetPassword)
{
throw new ServiceException(ServiceReason.InvalidUserRequest);
}
try {
var plaintext = CryptoUtilities.Decrypt(ciphertext, request.Key, request.IV);
dynamic obj = JObject.Parse(plaintext);
var credentials = new User {
Username = obj.username,
Password = obj.password
};
if (!CryptoUtilities.ValidatePassword(credentials.Password, request.Password))
{
throw new ServiceException(ServiceReason.ResetPasswordError);
}
var user = await _repository.UserByUsernameAsync(credentials.Username);
user.Password = CryptoUtilities.CreateHash((string)model.password);
await _repository.UpdateAsync(user);
await _repository.UpdateAsync(request);
}
catch {
throw new ServiceException(ServiceReason.ResetPasswordError);
}
}
public void TestDefaultBehavior()
{
// arrange/act
var hash = CryptoUtilities.CreateHash("password");
// assert
var tokens = hash.Split(new[] { ':' }, StringSplitOptions.RemoveEmptyEntries);
Assert.Equal(3, tokens.Length);
Assert.Equal(Constants.Cryptography.HASH_ITERATIONS, int.Parse(tokens[0]));
Assert.Equal(Constants.Cryptography.SALT_BYTE_SIZE, Convert.FromBase64String(tokens[1]).Length);
Assert.Equal(Constants.Cryptography.HASH_BYTE_SIZE, Convert.FromBase64String(tokens[2]).Length);
}
public async Task TestWithInvalidPasswordAsync()
{
// arrange
var obj = new {
email = "*****@*****.**",
password = "******",
rememberMe = false
};
var repository = new Mock <IRepository>();
var settings = new ApplicationSettings();
var validationService = new Mock <ValidationService>(repository.Object, settings);
var administrationService = new Mock <AdministrationService>(repository.Object, validationService.Object);
var mailService = new Mock <MailService>(repository.Object);
var httpContext = new Mock <HttpContextBase>();
var httpResponse = new Mock <HttpResponseBase>();
var cookies = new HttpCookieCollection();
var user = new User {
Email = obj.email,
Password = CryptoUtilities.CreateHash("something else")
};
var userSet = TestUtilities.CreateDbSetMock(new List <User> {
user
});
repository
.Setup(x => x.AsQueryable <User>())
.Returns(userSet.Object);
httpContext
.SetupGet(x => x.Response)
.Returns(httpResponse.Object);
httpResponse
.SetupGet(x => x.Cookies)
.Returns(cookies);
dynamic model = JObject.FromObject(obj);
var accountService = new AccountService(repository.Object, validationService.Object, administrationService.Object, mailService.Object);
// act
var exception = await TestUtilities.ThrowsAsync <ServiceException>(async() => await accountService.SignInAsync(httpContext.Object, model));
// assert
Assert.Equal(exception.Reason, ServiceReason.InvalidCredentials);
httpResponse.VerifyGet(x => x.Cookies, Times.Never);
}
public async Task TestDefaultBehaviorAsync()
{
// arrange
var obj = new {
email = "*****@*****.**",
password = "******",
rememberMe = false
};
var repository = new Mock <IRepository>();
var settings = new ApplicationSettings();
var validationService = new Mock <ValidationService>(repository.Object, settings);
var administrationService = new Mock <AdministrationService>(repository.Object, validationService.Object);
var mailService = new Mock <MailService>(repository.Object);
var httpContext = new Mock <HttpContextBase>();
var httpResponse = new Mock <HttpResponseBase>();
var cookies = new HttpCookieCollection();
var user = new User {
Email = obj.email,
Password = CryptoUtilities.CreateHash(obj.password),
Enabled = true
};
var userSet = TestUtilities.CreateDbSetMock(new List <User> {
user
});
repository
.Setup(x => x.AsQueryable <User>())
.Returns(userSet.Object);
httpContext
.SetupGet(x => x.Response)
.Returns(httpResponse.Object);
httpResponse
.SetupGet(x => x.Cookies)
.Returns(cookies);
dynamic model = JObject.FromObject(obj);
var accountService = new AccountService(repository.Object, validationService.Object, administrationService.Object, mailService.Object);
// act
await TestUtilities.DoesNotThrowAsync(async() => await accountService.SignInAsync(httpContext.Object, model));
// assert
Assert.Equal(httpResponse.Object.Cookies[".ASPXAUTH"].Expires, DateTime.MinValue);
}
public void TestValidPassword()
{
// arrange
var obj = new {
password = "******"
};
var hash = CryptoUtilities.CreateHash(obj.password);
// act
var valid = CryptoUtilities.ValidatePassword(obj.password, hash);
// assert
Assert.True(valid);
}
private static User SeedUser(DbContext context, string firstName, string lastName, string username, string email, string password)
{
var entity = new User {
FirstName = firstName,
LastName = lastName,
Username = username,
Email = email,
Password = CryptoUtilities.CreateHash(password),
Enabled = true,
CreatedDate = DateTime.UtcNow
};
context.Set <User>().Add(entity);
return(entity);
}
public async Task TestDefaultBehaviorAsync()
{
// arrange
var obj = new {
username = "******",
oldPassword = "******",
password = "******",
confirmPassword = "******"
};
var repository = new Mock <IRepository>();
var settings = new ApplicationSettings();
var validationService = new Mock <ValidationService>(repository.Object, settings);
var administrationService = new Mock <AdministrationService>(repository.Object, validationService.Object);
var mailService = new Mock <MailService>(repository.Object);
var user = new User {
Username = obj.username,
Password = CryptoUtilities.CreateHash(obj.oldPassword)
};
var set = TestUtilities.CreateDbSetMock(new List <User> {
user
});
repository
.Setup(x => x.AsQueryable <User>())
.Returns(set.Object);
dynamic model = JObject.FromObject(new {
obj.oldPassword,
obj.password,
obj.confirmPassword
});
var accountService = new AccountService(repository.Object, validationService.Object, administrationService.Object, mailService.Object);
// act
await accountService.ChangePasswordAsync(obj.username, model);
// assert
Assert.Equal(obj.username, (string)model.username);
validationService.Verify(x => x.ValidateOldPasswordAsync(obj.username, obj.oldPassword), Times.Once);
administrationService.Verify(x => x.ChangePasswordAsync(It.IsAny <object>()), Times.Once);
}
public virtual async Task CreateUserAsync(dynamic model)
{
await _validationService.ValidateNewUserByUsernameAsync((string)model.username);
await _validationService.ValidateNewUserByEmailAsync((string)model.email);
_validationService.Bundles.ValidateUser(model);
_validationService.Bundles.ValidateNewPassword(model);
var user = new User {
Username = model.username,
FirstName = model.firstName,
LastName = model.lastName,
Email = model.email,
Password = CryptoUtilities.CreateHash((string)model.password),
Enabled = model.enabled
};
await AddRolesAsync(model, user);
await _repository.InsertAsync(user);
}
public virtual async Task <string> CreateUserRequestAsync(string username, UserRequestType requestType)
{
var password = Guid.NewGuid().ToString();
var credentials = JObject.FromObject(new {
username,
password
});
using (var algorithm = TripleDES.Create()) {
var request = new UserRequest {
Key = algorithm.Key,
IV = algorithm.IV,
Username = username,
Password = CryptoUtilities.CreateHash(password),
RequestType = requestType
};
await _repository.InsertAsync(request);
var ciphertext = CryptoUtilities.Encrypt(credentials.ToString(), algorithm.Key, algorithm.IV);
return(HttpUtility.UrlEncode(request.Id + ":" + ciphertext));
}
}
public async Task TestDefaultBehaviorAsync()
{
// arrange
var obj = new {
username = "******"
};
var repository = new Mock <IRepository>();
var settings = new ApplicationSettings();
var validationService = new Mock <ValidationService>(repository.Object, settings);
var administrationService = new Mock <AdministrationService>(repository.Object, validationService.Object);
var mailService = new Mock <MailService>(repository.Object);
var user = new User {
Username = obj.username
};
var request = new UserRequest {
Id = 1,
Username = obj.username,
RequestType = UserRequestType.Activation
};
var userSet = TestUtilities.CreateDbSetMock(new List <User> {
user
});
repository
.Setup(x => x.AsQueryable <User>())
.Returns(userSet.Object);
repository
.Setup(x => x.GetAsync <User>(1))
.ReturnsAsync(user);
repository
.Setup(x => x.GetAsync <UserRequest>(1))
.ReturnsAsync(request);
var password = Guid.NewGuid().ToString();
var credentials = JObject.FromObject(new {
obj.username,
password
});
string q;
using (var algorithm = TripleDES.Create()) {
request.Key = algorithm.Key;
request.IV = algorithm.IV;
request.Password = CryptoUtilities.CreateHash(password);
var ciphertext = CryptoUtilities.Encrypt(credentials.ToString(), algorithm.Key, algorithm.IV);
q = 1 + ":" + ciphertext;
}
dynamic model = JObject.FromObject(new {
q
});
var accountService = new AccountService(repository.Object, validationService.Object, administrationService.Object, mailService.Object);
// act
await TestUtilities.DoesNotThrowAsync(async() => await accountService.ActivateAsync(model));
// assert
Assert.True(user.Enabled);
repository.Verify(x => x.GetAsync <UserRequest>(It.IsAny <int>()), Times.Once);
repository.Verify(x => x.AsQueryable <User>(), Times.Once);
repository.Verify(x => x.UpdateAsync(user), Times.Once());
repository.Verify(x => x.UpdateAsync(request), Times.Once());
}
public async Task TestWithInvalidPasswordAsync()
{
// arrange
var obj = new {
username = "******",
password = "******"
};
var repository = new Mock <IRepository>();
var settings = new ApplicationSettings();
var validationService = new Mock <ValidationService>(repository.Object, settings);
var administrationService = new Mock <AdministrationService>(repository.Object, validationService.Object);
var mailService = new Mock <MailService>(repository.Object);
validationService
.SetupGet(x => x.Bundles)
.Returns(new ValidationBundles(validationService.Object));
var user = new User {
Username = obj.username
};
var request = new UserRequest {
Id = 1,
Username = obj.username,
RequestType = UserRequestType.ResetPassword
};
var userSet = TestUtilities.CreateDbSetMock(new List <User> {
user
});
repository
.Setup(x => x.AsQueryable <User>())
.Returns(userSet.Object);
repository
.Setup(x => x.GetAsync <UserRequest>(1))
.ReturnsAsync(request);
var password = Guid.NewGuid().ToString();
var credentials = JObject.FromObject(obj);
string q;
using (var algorithm = TripleDES.Create()) {
request.Key = algorithm.Key;
request.IV = algorithm.IV;
request.Password = CryptoUtilities.CreateHash(password);
var ciphertext = CryptoUtilities.Encrypt(credentials.ToString(), algorithm.Key, algorithm.IV);
q = 1 + ":" + ciphertext;
}
dynamic model = JObject.FromObject(new {
q
});
var accountService = new AccountService(repository.Object, validationService.Object, administrationService.Object, mailService.Object);
// act
var exception = await TestUtilities.ThrowsAsync <ServiceException>(async() => await accountService.ResetPasswordAsync(model));
// assert
Assert.Equal(ServiceReason.ResetPasswordError, exception.Reason);
Assert.Null(user.Password);
repository.Verify(x => x.GetAsync <UserRequest>(It.IsAny <int>()), Times.Once);
repository.Verify(x => x.AsQueryable <User>(), Times.Never);
repository.Verify(x => x.UpdateAsync(user), Times.Never());
repository.Verify(x => x.UpdateAsync(request), Times.Never());
}
