/// <inheritdoc/>
public async Task <IdSrvUserDto> GetByAuthInfoAsync(IdSrvUserAuthDto userAuth)
{
if (userAuth == null || userAuth.UserName == null || userAuth.Password == null)
{
throw new ArgumentNullException(nameof(userAuth));
}
using (IDbConnection connection = await this.GetConnection())
{
var compiler = new SqlServerCompiler();
var db = new QueryFactory(connection, compiler);
dynamic userInDb = await db
.Query("Users")
.Select("Id", "UserName", "PasswordHash", "PasswordSalt", "IsBlocked")
.Where(new { UserName = userAuth.UserName })
.FirstOrDefaultAsync();
// If PasswordHash and PasswordSalt are null, then it means that it's windows user,
// this repository have not responsibility to authenticate windows users, so we just return null.
if (userInDb == null || userInDb.PasswordHash == null)
{
return(null);
}
string passwordHashFromDb = userInDb.PasswordHash;
string passwordSaltFromDb = userInDb.PasswordSalt;
string calculatedPasswordHash = this.GetB64PasswordHashFrom(userAuth.Password, passwordSaltFromDb);
return(calculatedPasswordHash == passwordHashFromDb ?
new IdSrvUserDto {
Id = userInDb.Id, UserName = userInDb.UserName, IsBlocked = userInDb.IsBlocked
} :
null);
}
}
/// <inheritdoc/>
public async Task <IdSrvUserDto> GetUserByUserNameAndPasswordAsync(string userName, string password)
{
var authInfo = new IdSrvUserAuthDto {
UserName = userName, Password = password
};
return(await RestApiHelpers.CallValueApi(() => this.RestClient.GetByAuthInfoAsync(authInfo)));
}
public async Task GetByAuthInfo_ReturnBadRequest_When_PassingDtoWithNullArgs()
{
this.UserRepository
.Setup(v => v.GetByAuthInfoAsync(It.IsAny <IdSrvUserAuthDto>()))
.ReturnsAsync(new IdSrvUserDto());
var controller = new UserController(this.UserRepository.Object);
var authInfo = new IdSrvUserAuthDto();
IHttpActionResult httpResult = await controller.GetByAuthInfo(authInfo);
Assert.NotNull(httpResult);
Assert.IsInstanceOf <BadRequestResult>(httpResult);
}
public async Task GetByAuthInfo_InvokeDeleteFromRepository_With_PassedId()
{
this.UserRepository
.Setup(v => v.GetByAuthInfoAsync(It.IsAny <IdSrvUserAuthDto>()))
.ReturnsAsync(new IdSrvUserDto());
var controller = new UserController(this.UserRepository.Object);
var authInfoDto = new IdSrvUserAuthDto {
UserName = "******", Password = "******"
};
await controller.GetByAuthInfo(authInfoDto);
this.UserRepository.Verify(v => v.GetByAuthInfoAsync(authInfoDto));
}
public async Task <IHttpActionResult> GetByAuthInfo(IdSrvUserAuthDto authInfo)
{
// This action check credentials only for simple users, not windows users.
// So it's necessary to get password from client
if (authInfo == null || authInfo.UserName == null || authInfo.Password == null)
{
return(this.BadRequest());
}
IdSrvUserDto user = await this.UserRepository.GetByAuthInfoAsync(authInfo);
return(user != null?this.Ok(user) : this.NotFound() as IHttpActionResult);
}
public async Task GetByAuthInfo_ReturnNotFound_When_RepositoryReturnNull()
{
this.UserRepository
.Setup(v => v.GetByAuthInfoAsync(It.IsAny <IdSrvUserAuthDto>()))
.ReturnsAsync(null as IdSrvUserDto);
var controller = new UserController(this.UserRepository.Object);
var authInfoDto = new IdSrvUserAuthDto {
UserName = "******", Password = "******"
};
IHttpActionResult httpResult = await controller.GetByAuthInfo(authInfoDto);
Assert.NotNull(httpResult);
Assert.IsInstanceOf <NotFoundResult>(httpResult);
}
public async Task GetByAuthInfo_ReturnOkWithUserReceivedFromRepository_When_RepositoryReturnNotNull()
{
var user = new IdSrvUserDto();
this.UserRepository
.Setup(v => v.GetByAuthInfoAsync(It.IsAny <IdSrvUserAuthDto>()))
.ReturnsAsync(user);
var controller = new UserController(this.UserRepository.Object);
var authInfoDto = new IdSrvUserAuthDto {
UserName = "******", Password = "******"
};
IHttpActionResult httpResult = await controller.GetByAuthInfo(authInfoDto);
Assert.IsInstanceOf <OkNegotiatedContentResult <IdSrvUserDto> >(httpResult);
Assert.NotNull(httpResult);
Assert.AreEqual(user, (httpResult as OkNegotiatedContentResult <IdSrvUserDto>).Content);
}
