Exemplo n.º 1
0
        public void MfaAuthorizationNotSubscribedTest_TestsIfResultIsTrueWhenMfaIsNotSubscribedForAnyAction_VerifiesByReturnValue()
        {
            MockPersistenceRepository    mockPersistenceRepository    = new MockPersistenceRepository(true);
            MockUserRepository           mockUserRepository           = new MockUserRepository();
            MockMfaEmailService          mockMfaEmailService          = new MockMfaEmailService();
            MockSmsService               mockSmsService               = new MockSmsService();
            MockMfaCodeGenerationService mockMfaCodeGenerationService = new MockMfaCodeGenerationService();

            string userName    = "******";
            string phoneNumber = "2233344";
            string email       = "*****@*****.**";

            User user = new User(userName, "asdf", "12345", "xyz", email, Language.English, TimeZone.CurrentTimeZone,
                                 new TimeSpan(1, 1, 1, 1), DateTime.Now, "Pakistan", "", phoneNumber, "1234");

            MockSecurityKeysRepository mockSecurityKeysRepository = new MockSecurityKeysRepository();
            string apiKey = "apikey123";

            // Add Api Key to mock implementation
            mockSecurityKeysRepository.AddSecurityKeysPair(new SecurityKeysPair(user.Id, apiKey, "secretkey123", true, "Desc"));
            // Add user to mock implementation
            mockUserRepository.AddUser(user);

            MfaAuthorizationService mfaAuthorizationService = new MfaAuthorizationService(mockPersistenceRepository,
                                                                                          mockUserRepository, mockSecurityKeysRepository, mockSmsService, mockMfaEmailService, mockMfaCodeGenerationService);
            Tuple <bool, string> authorizeAccess = mfaAuthorizationService.AuthorizeAccess(apiKey, "Login", null);

            Assert.IsTrue(authorizeAccess.Item1);
        }
        public void CancelAccountActivationSuccessfulTest_MakesSureAccountActivationGetsCancelledWhenEverythingIsGivenAsExpected_VerifiesByReturnedValueAndQueryingRepository()
        {
            IUserRepository                      userRepository            = new MockUserRepository();
            ISecurityKeysRepository              securityKeysRepository    = new MockSecurityKeysRepository();
            IPasswordEncryptionService           passwordEncryptionService = new PasswordEncryptionService();
            IIdentityAccessPersistenceRepository persistenceRepository     = new MockPersistenceRepository(false);
            UserApplicationService               userApplicationService    = new UserApplicationService(userRepository, securityKeysRepository,
                                                                                                        passwordEncryptionService, persistenceRepository, new MockEmailService(), new PasswordCodeGenerationService());

            string activationKey = "123456789";
            string username      = "******";
            string password      = "******";
            User   user          = new User("*****@*****.**", username, passwordEncryptionService.EncryptPassword(password),
                                            "USA", TimeZone.CurrentTimeZone, "", activationKey);

            user.AddTierStatus(Status.NonVerified, new Tier(TierLevelConstant.Tier0, TierLevelConstant.Tier0));
            // We need to encrypt the password in the test case ourselves, as we are not registering the user through
            // the proper service here
            (userRepository as MockUserRepository).AddUser(user);

            bool accountActivationCancelled = userApplicationService.CancelAccountActivation(new CancelActivationCommand(activationKey));

            Assert.IsTrue(accountActivationCancelled);

            User userByUserName = userRepository.GetUserByUserName(username);

            Assert.IsNull(userByUserName);
        }
        public void ChangePasswordSuccessTest_ChecksIfThePasswordIsChangedSuccessfully_VeririesThroughTheReturnedValue()
        {
            IUserRepository                      userRepository            = new MockUserRepository();
            ISecurityKeysRepository              securityKeysRepository    = new MockSecurityKeysRepository();
            IPasswordEncryptionService           passwordEncryptionService = new PasswordEncryptionService();
            IIdentityAccessPersistenceRepository persistenceRepository     = new MockPersistenceRepository(false);
            UserApplicationService               userApplicationService    = new UserApplicationService(userRepository, securityKeysRepository,
                                                                                                        passwordEncryptionService, persistenceRepository, new MockEmailService(), new PasswordCodeGenerationService());

            // Store the Securiyty Keys with the Username of the User at hand
            (securityKeysRepository as MockSecurityKeysRepository).AddSecurityKeysPair(new SecurityKeysPair(
                                                                                           new ApiKey("123456789").Value, new SecretKey("987654321").Value, "desc", 0, true));

            // We need to encrypt the password in the test case ourselves, as we are not registering the user through
            // the proper service here
            (userRepository as MockUserRepository).AddUser(new User("*****@*****.**", "linkinpark",
                                                                    passwordEncryptionService.EncryptPassword("burnitdown"), "USA", TimeZone.CurrentTimeZone, "", ""));

            User   userBeforePasswordChange = userRepository.GetUserByUserName("linkinpark");
            string passwordBeforeChange     = userBeforePasswordChange.Password;

            // Give the API key that is already stored in the Security keys repository mentioned with the User Name
            //UserValidationEssentials userValidationEssentials = new UserValidationEssentials(new Tuple<ApiKey, SecretKey>(
            //    new ApiKey("123456789"), new SecretKey("987654321")), new TimeSpan(0,0,10,0));

            ChangePasswordResponse changePasswordResponse = userApplicationService.ChangePassword(new ChangePasswordCommand(
                                                                                                      "123456789", "burnitdown", "burnitdowntwice"));

            Assert.IsTrue(changePasswordResponse.ChangeSuccessful);
            User   userAfterPasswordChange = userRepository.GetUserByUserName("linkinpark");
            string passwordAfterChange     = userAfterPasswordChange.Password;

            // Verify the old and new password do not match
            Assert.AreNotEqual(passwordBeforeChange, passwordAfterChange);
        }
        public void ActivateAccountFailDueToBlankPasswordTest_MakesSureThatTheAccountIsNotActivatedWhenBlankPasswordIsGiven_VeririesThroughTheReturnedValue()
        {
            IUserRepository                      userRepository            = new MockUserRepository();
            ISecurityKeysRepository              securityKeysRepository    = new MockSecurityKeysRepository();
            IPasswordEncryptionService           passwordEncryptionService = new PasswordEncryptionService();
            IIdentityAccessPersistenceRepository persistenceRepository     = new MockPersistenceRepository(false);
            UserApplicationService               userApplicationService    = new UserApplicationService(userRepository, securityKeysRepository,
                                                                                                        passwordEncryptionService, persistenceRepository, new MockEmailService(), new PasswordCodeGenerationService());

            // Store the Securiyty Keys with the Username of the User at hand
            (securityKeysRepository as MockSecurityKeysRepository).AddSecurityKeysPair(new SecurityKeysPair(
                                                                                           new ApiKey("123456789").Value, new SecretKey("987654321").Value, "desc", 0, true));

            string activationKey = "123456789";
            string username      = "******";
            string password      = "******";
            User   user          = new User("*****@*****.**", username,
                                            passwordEncryptionService.EncryptPassword(password), "USA", TimeZone.CurrentTimeZone,
                                            "", activationKey);

            user.AddTierStatus(Status.NonVerified, new Tier(TierLevelConstant.Tier0, TierLevelConstant.Tier0));
            // We need to encrypt the password in the test case ourselves, as we are not registering the user through
            // the proper service here
            (userRepository as MockUserRepository).AddUser(user);

            userApplicationService.ActivateAccount(new ActivationCommand(activationKey, username, password + "pass"));
        }
        public void ActivateAccountSuccessTest_ChecksIfTheAccountIsActivatedSuccessfully_VeririesThroughTheReturnedValue()
        {
            IUserRepository                      userRepository            = new MockUserRepository();
            ISecurityKeysRepository              securityKeysRepository    = new MockSecurityKeysRepository();
            IPasswordEncryptionService           passwordEncryptionService = new PasswordEncryptionService();
            IIdentityAccessPersistenceRepository persistenceRepository     = new MockPersistenceRepository(false);
            UserApplicationService               userApplicationService    = new UserApplicationService(userRepository, securityKeysRepository,
                                                                                                        passwordEncryptionService, persistenceRepository, new MockEmailService(), new PasswordCodeGenerationService());

            // Store the Securiyty Keys with the Username of the User at hand
            (securityKeysRepository as MockSecurityKeysRepository).AddSecurityKeysPair(new SecurityKeysPair(
                                                                                           new ApiKey("123456789").Value, new SecretKey("987654321").Value, "desc", 0, true));

            string activationKey = "123456789";
            string username      = "******";
            string password      = "******";
            User   user          = new User("*****@*****.**", username,
                                            passwordEncryptionService.EncryptPassword(password), "USA", TimeZone.CurrentTimeZone,
                                            "", activationKey);

            user.AddTierStatus(Status.NonVerified, new Tier(TierLevelConstant.Tier0, TierLevelConstant.Tier0));
            // We need to encrypt the password in the test case ourselves, as we are not registering the user through
            // the proper service here
            (userRepository as MockUserRepository).AddUser(user);

            bool changeSuccessful = userApplicationService.ActivateAccount(new ActivationCommand(activationKey, username, password));

            Assert.IsTrue(changeSuccessful);
            User user1 = (persistenceRepository as MockPersistenceRepository).GetUser(username);

            Assert.IsNotNull(user1);
            Assert.IsTrue(user1.IsActivationKeyUsed.Value);
            Assert.IsFalse(user1.IsUserBlocked.Value);
        }
        public void LoginSuccessfulTest_ChecksIfTheSecurityKeysAreProperlyReturnedWhileLoggingIn_VerifiesTheReturnedKeysToConfirm()
        {
            IUserRepository userRepository = new MockUserRepository();
            IIdentityAccessPersistenceRepository persistRepository = new MockPersistenceRepository(false);
            ISecurityKeysApplicationService      securityKeysApplicationService = new SecurityKeysApplicationService(new SecurityKeysGenerationService(),
                                                                                                                     persistRepository, null, null);
            IPasswordEncryptionService passwordEncryptionService   = new PasswordEncryptionService();
            IMfaAuthorizationService   mockMfaAuthorizationService = new MockMfaAuthorizationService();
            ILoginApplicationService   loginApplicationService     = new LoginApplicationService(userRepository, passwordEncryptionService,
                                                                                                 securityKeysApplicationService, new MockPersistenceRepository(false), mockMfaAuthorizationService);

            string enteredPassword = "******";
            User   user            = new User("*****@*****.**", "brucewayne", passwordEncryptionService.EncryptPassword(enteredPassword),
                                              "Ninja County", TimeZone.CurrentTimeZone, "", "");

            user.AutoLogout          = new TimeSpan(0, 0, 0, 60);
            user.IsActivationKeyUsed = new IsActivationKeyUsed(true);
            // Add this user to the MockUserRepository
            (userRepository as MockUserRepository).AddUser(user);
            UserValidationEssentials userValidationEssentials = loginApplicationService.Login(
                new LoginCommand("brucewayne", enteredPassword));

            Assert.IsNotNull(userValidationEssentials);
            Assert.IsNotNull(userValidationEssentials.ApiKey);
            Assert.IsNotNull(userValidationEssentials.SecretKey);
            Assert.AreEqual(userValidationEssentials.SessionLogoutTime, user.AutoLogout);
        }
        public void CancelAccountActivationFailedBecasueNoSuchAccountExists_MakesSureTHisDoesntCreateAnyBreach_VerifiesByExpectingException()
        {
            IUserRepository                      userRepository            = new MockUserRepository();
            ISecurityKeysRepository              securityKeysRepository    = new MockSecurityKeysRepository();
            IPasswordEncryptionService           passwordEncryptionService = new PasswordEncryptionService();
            IIdentityAccessPersistenceRepository persistenceRepository     = new MockPersistenceRepository(false);
            UserApplicationService               userApplicationService    = new UserApplicationService(userRepository, securityKeysRepository,
                                                                                                        passwordEncryptionService, persistenceRepository, new MockEmailService(), new PasswordCodeGenerationService());

            userApplicationService.CancelAccountActivation(new CancelActivationCommand("123ffdsdsaewr43212"));
        }
Exemplo n.º 8
0
        public void MfaAuthorizationSubscribedFailsTest_ChecksThatResponseIsFalseWhenMfaCodeIsNotPresent_VerifiesByReturnValue()
        {
            // The first time of authorization, the user des not have the MFA code present, but the second time it is present
            // as it has been sent to the user
            MockPersistenceRepository    mockPersistenceRepository    = new MockPersistenceRepository(false);
            MockUserRepository           mockUserRepository           = new MockUserRepository();
            MockMfaEmailService          mockMfaEmailService          = new MockMfaEmailService();
            MockSmsService               mockSmsService               = new MockSmsService();
            MockMfaCodeGenerationService mockMfaCodeGenerationService = new MockMfaCodeGenerationService();

            string userName    = "******";
            string phoneNumber = "2233344";
            string email       = "*****@*****.**";
            User   user        = new User(userName, "asdf", "12345", "xyz", email, Language.English, TimeZone.CurrentTimeZone,
                                          new TimeSpan(1, 1, 1, 1), DateTime.Now, "Pakistan", "", phoneNumber, "1234");

            Tuple <string, string, bool>          loginSubscription       = new Tuple <string, string, bool>("LOG", "Login", true);
            Tuple <string, string, bool>          depositSubscription     = new Tuple <string, string, bool>("DEP", "Deposit", true);
            Tuple <string, string, bool>          withdrawSubscription    = new Tuple <string, string, bool>("WD", "Withdraw", true);
            Tuple <string, string, bool>          placeOrderSubscription  = new Tuple <string, string, bool>("PO", "PlaceOrder", true);
            Tuple <string, string, bool>          cancelOrderSubscription = new Tuple <string, string, bool>("CO", "CancelOrder", true);
            IList <Tuple <string, string, bool> > subscriptionsList       = new List <Tuple <string, string, bool> >();

            subscriptionsList.Add(loginSubscription);
            subscriptionsList.Add(depositSubscription);
            subscriptionsList.Add(withdrawSubscription);
            subscriptionsList.Add(placeOrderSubscription);
            subscriptionsList.Add(cancelOrderSubscription);
            user.AssignMfaSubscriptions(subscriptionsList);

            MockSecurityKeysRepository mockSecurityKeysRepository = new MockSecurityKeysRepository();
            string apiKey = "apikey123";

            // Add Api Key to mock implementation
            mockSecurityKeysRepository.AddSecurityKeysPair(new SecurityKeysPair(user.Id, apiKey, "secretkey123", true, "Desc"));
            // Add user to mock implementation
            mockUserRepository.AddUser(user);

            MfaAuthorizationService mfaAuthorizationService = new MfaAuthorizationService(mockPersistenceRepository,
                                                                                          mockUserRepository, mockSecurityKeysRepository, mockSmsService, mockMfaEmailService, mockMfaCodeGenerationService);

            // Login MFA
            Tuple <bool, string> authorizeAccess1 = mfaAuthorizationService.AuthorizeAccess(apiKey, loginSubscription.Item2, null);

            Assert.IsFalse(authorizeAccess1.Item1);
        }
        public void LoginFailDueToBlankPasswordTest_MakesSureLoginFailsInCaseOfBlankPassword_VerifiesTheReturnedNullResultToConfirm()
        {
            IUserRepository userRepository = new MockUserRepository();
            IIdentityAccessPersistenceRepository persistRepository = new MockPersistenceRepository(false);
            ISecurityKeysApplicationService      securityKeysApplicationService = new SecurityKeysApplicationService(new SecurityKeysGenerationService(),
                                                                                                                     persistRepository, null, null);
            IPasswordEncryptionService passwordEncryptionService   = new PasswordEncryptionService();
            IMfaAuthorizationService   mockMfaAuthorizationService = new MockMfaAuthorizationService();
            ILoginApplicationService   loginApplicationService     = new LoginApplicationService(userRepository, passwordEncryptionService,
                                                                                                 securityKeysApplicationService, new MockPersistenceRepository(false), mockMfaAuthorizationService);
            string enteredPassword = "******";
            User   user            = new User("*****@*****.**", "brucewayne", passwordEncryptionService.EncryptPassword(enteredPassword),
                                              "Ninja County", TimeZone.CurrentTimeZone, "", "");

            user.AutoLogout = new TimeSpan(0, 0, 0, 60);
            // Add this user to the MockUserRepository
            (userRepository as MockUserRepository).AddUser(user);

            loginApplicationService.Login(new LoginCommand("brucewayne", ""));
        }
Exemplo n.º 10
0
        //[ExpectedException(typeof(InvalidOperationException))]
        public void MfaAuthorizationSubscribedFailtTest_ChecksThatExceptionIsRaisedWhenMfaCodesDontMatch_VerifiesByReturnValue()
        {
            MockPersistenceRepository    mockPersistenceRepository    = new MockPersistenceRepository(false);
            MockUserRepository           mockUserRepository           = new MockUserRepository();
            MockMfaEmailService          mockMfaEmailService          = new MockMfaEmailService();
            MockSmsService               mockSmsService               = new MockSmsService();
            MockMfaCodeGenerationService mockMfaCodeGenerationService = new MockMfaCodeGenerationService();

            string userName    = "******";
            string phoneNumber = "2233344";
            string email       = "*****@*****.**";
            User   user        = new User(userName, "asdf", "12345", "xyz", email, Language.English, TimeZone.CurrentTimeZone,
                                          new TimeSpan(1, 1, 1, 1), DateTime.Now, "Pakistan", "", phoneNumber, "1234");

            Tuple <string, string, bool>          loginSubscription = new Tuple <string, string, bool>("LOG", "Login", true);
            IList <Tuple <string, string, bool> > subscriptionsList = new List <Tuple <string, string, bool> >();

            subscriptionsList.Add(loginSubscription);
            user.AssignMfaSubscriptions(subscriptionsList);

            MockSecurityKeysRepository mockSecurityKeysRepository = new MockSecurityKeysRepository();
            string apiKey = "apikey123";

            // Add Api Key to mock implementation
            mockSecurityKeysRepository.AddSecurityKeysPair(new SecurityKeysPair(user.Id, apiKey, "secretkey123", true, "Desc"));
            // Add user to mock implementation
            mockUserRepository.AddUser(user);

            MfaAuthorizationService mfaAuthorizationService = new MfaAuthorizationService(mockPersistenceRepository,
                                                                                          mockUserRepository, mockSecurityKeysRepository, mockSmsService, mockMfaEmailService, mockMfaCodeGenerationService);

            // Login MFA
            Tuple <bool, string> authorizeAccess1 = mfaAuthorizationService.AuthorizeAccess(apiKey, loginSubscription.Item2, null);

            Assert.IsFalse(authorizeAccess1.Item1);
            // This time the code should be assigned to the user, so verify that
            authorizeAccess1 = mfaAuthorizationService.AuthorizeAccess(apiKey, loginSubscription.Item2, user.MfaCode + "1");
            Assert.IsFalse(authorizeAccess1.Item1);
        }
        public void CancelAccountActivationFailedDueToBlankActivationKey_MakesSureAccountActivationDoesNotGetCancelledWhenBlankActivationKeyIsGiven_VerifiesByExpectingException()
        {
            IUserRepository                      userRepository            = new MockUserRepository();
            ISecurityKeysRepository              securityKeysRepository    = new MockSecurityKeysRepository();
            IPasswordEncryptionService           passwordEncryptionService = new PasswordEncryptionService();
            IIdentityAccessPersistenceRepository persistenceRepository     = new MockPersistenceRepository(false);
            UserApplicationService               userApplicationService    = new UserApplicationService(userRepository, securityKeysRepository,
                                                                                                        passwordEncryptionService, persistenceRepository, new MockEmailService(), new PasswordCodeGenerationService());

            string activationKey = "123456789";
            string username      = "******";
            string password      = "******";
            User   user          = new User("*****@*****.**", username, passwordEncryptionService.EncryptPassword(password),
                                            "USA", TimeZone.CurrentTimeZone, "", activationKey);

            user.AddTierStatus(Status.NonVerified, new Tier(TierLevelConstant.Tier0, TierLevelConstant.Tier0));
            // We need to encrypt the password in the test case ourselves, as we are not registering the user through
            // the proper service here
            (userRepository as MockUserRepository).AddUser(user);

            userApplicationService.CancelAccountActivation(new CancelActivationCommand(""));
        }
        //[ExpectedException(typeof(Exception))]
        public void ChangePasswordFailDueToSessionTimeoutTest_ChecksThePasswordDoesNotGetChangedWhenSessionTimeoutHasExpired_VerifiesByExpectingException()
        {
            IUserRepository                      userRepository            = new MockUserRepository();
            ISecurityKeysRepository              securityKeysRepository    = new MockSecurityKeysRepository();
            IPasswordEncryptionService           passwordEncryptionService = new PasswordEncryptionService();
            IIdentityAccessPersistenceRepository persistenceRepository     = new MockPersistenceRepository(false);
            UserApplicationService               userApplicationService    = new UserApplicationService(userRepository, securityKeysRepository,
                                                                                                        passwordEncryptionService, persistenceRepository, new MockEmailService(), new PasswordCodeGenerationService());

            // Store the Securiyty Keys with the Username of the User at hand
            (securityKeysRepository as MockSecurityKeysRepository).AddSecurityKeysPair(new SecurityKeysPair(
                                                                                           new ApiKey("123456789").Value, new SecretKey("987654321").Value, "desc", 0, true));

            var user = new User("*****@*****.**", "linkinpark", passwordEncryptionService.EncryptPassword("burnitdown"), "USA", TimeZone.CurrentTimeZone, "", "");

            // We need to encrypt the password in the test case ourselves, as we are not registering the user through
            // the proper service here
            (userRepository as MockUserRepository).AddUser(user);

            User   userBeforePasswordChange = userRepository.GetUserByUserName("linkinpark");
            string passwordBeforeChange     = userBeforePasswordChange.Password;

            // Give the API key that is already stored in the Security keys repository mentioned with the User Name
            //UserValidationEssentials userValidationEssentials = new UserValidationEssentials(new Tuple<ApiKey, SecretKey>(
            //    new ApiKey("123456789"), new SecretKey("987654321")), new TimeSpan(0, 0, 0, 0, 1));
            (userRepository as MockUserRepository).DeleteUser(user);
            user.AutoLogout = new TimeSpan(0, 0, 0, 0, 1);
            (userRepository as MockUserRepository).AddUser(user);

            // Wrong password given
            userApplicationService.ChangePassword(new ChangePasswordCommand("123456789", "burnitdown",
                                                                            "burnitdowntwice"));
            User   userAfterPasswordChange = userRepository.GetUserByUserName("linkinpark");
            string passwordAfterChange     = userAfterPasswordChange.Password;

            // Verify the old and new password do not match
            Assert.AreNotEqual(passwordBeforeChange, passwordAfterChange);
        }