public void ResetPasswordTest()
{
UserAccountRecoveryController usersController = CreateFakeUserAccountRecoveryController();
//Set up recovery token on user
TokenCreatorValidator tokenCreatorValidator = new TokenCreatorValidator(_testApiSecret);
TokenCreationParams tokenCreationParams = tokenCreatorValidator.CreateToken(_users[0].Id, 30);
_users[0].RecoverySalt = tokenCreationParams.SaltBytes;
_usersService.Update(_users[0]);
//Call endpoint with wrong token
var response = usersController.ResetPassword(new PasswordResetModel(
_users[0].Email, "wrong-token", "new-password-u1")
);
Assert.IsType <BadRequestObjectResult>(response);
Assert.True(PasswordVerifier.VerifyPasswordHash("password-u1", _users[0].PasswordHash, _users[0].PasswordSalt));
//Call endpoint and check Ok and user modifications
response = usersController.ResetPassword(new PasswordResetModel(
_users[0].Email, tokenCreationParams.TokenStr, "new-password-u1")
);
Assert.IsType <OkResult>(response);
Assert.True(PasswordVerifier.VerifyPasswordHash("new-password-u1", _users[0].PasswordHash, _users[0].PasswordSalt));
Assert.Null(_users[0].RecoverySalt);
}
public void AuthenticateValidCredentialsTest()
{
UserAccountController userController = CreateFakeUserAccountController();
//Authenticate with valid credentials
var response = userController.Authenticate(
new ReceiveLoginUserModel(_users[0].Email, "password-u1")
);
Assert.IsType <OkObjectResult>(response.Result);
//Validate return data from endpoint
SendLoginUserModel sendLoginUserModel =
(SendLoginUserModel)((OkObjectResult)response.Result).Value;
Assert.Equal(_users[0].Id, sendLoginUserModel.Id);
Assert.Equal(_users[0].Email, sendLoginUserModel.Email);
TokenCreatorValidator tokenCreatorValidator = new TokenCreatorValidator(_testApiSecret);
TokenValidationParams tokenValidationParams = tokenCreatorValidator.ValidateToken(sendLoginUserModel.Token);
Assert.Equal(_users[0].Id, tokenValidationParams.UserId);
User authenticatedUser = _usersService.GetById(_users[0].Id);
Assert.Equal(
Encoding.Default.GetString(authenticatedUser.AuthSalt),
Encoding.Default.GetString(tokenValidationParams.SaltBytes)
);
}
public UserAccountRecoveryController(
IUsersService userService,
IMapper mapper,
IOptions <AppConfiguration> configuration)
{
_userService = userService;
_mapper = mapper;
_tokenCreatorValidator = new TokenCreatorValidator(configuration.Value.Secret);
}
private void AttachUserToContext(HttpContext context, IUsersService userService, string tokenStr)
{
TokenCreatorValidator tokenCreatorValidator = new TokenCreatorValidator(_configuration.Value.Secret);
try
{
TokenValidationParams tokenValidationParams = tokenCreatorValidator.ValidateToken(tokenStr);
User tokenUser = userService.GetById(tokenValidationParams.UserId);
if (Encoding.Default.GetString(tokenUser.AuthSalt) ==
Encoding.Default.GetString(tokenValidationParams.SaltBytes))
{
context.Items["User"] = tokenUser;
}
}
catch
{
// do nothing if jwt validation fails
// user is not attached to context so request won't have access to secure routes
}
}
public void CreateAndValidateTokenTest()
{
TokenCreatorValidator tokenCreatorValidator = new TokenCreatorValidator(
RandomString(1024)
);
int userId;
for (int i = 0; i < 100; i++)
{
userId = Random.Next(1, Int32.MaxValue);
TokenCreationParams tokenCreationParams = tokenCreatorValidator.CreateToken(userId, 30);
TokenValidationParams tokenValidationParams =
tokenCreatorValidator.ValidateToken(tokenCreationParams.TokenStr);
Assert.Equal(userId, tokenValidationParams.UserId);
Assert.Equal(
Encoding.Default.GetString(tokenCreationParams.SaltBytes),
Encoding.Default.GetString(tokenValidationParams.SaltBytes)
);
}
}
