public void Register_User_Same_Username()
{
bool outcome;
try
{
var controller = new UserManagementController(_dbCtx);
var newUser = new ApplicationUserAccount()
{
AppUserName = "******",
UserPassword = "******"
};
controller.RegisterUser(newUser);
outcome = _dbCtx.UserAccounts.Where(x => x.AppUserName.Equals("Nathan")).ToList().Count == 1;
// Cleanup added objects
if (!outcome)
{
_dbCtx.UserAccounts.Remove(newUser);
_dbCtx.SaveChanges();
}
}
catch (ArgumentException)
{
outcome = false;
}
Assert.True(outcome);
}
/// <summary>
/// Issues a new JWT user token for this application
/// </summary>
/// <param name="user">The user to issue the token to</param>
/// <returns>string: The issued token in its encoded format</returns>
public string IssueToken(ApplicationUserAccount user)
{
var secKey = _config.tokenSecKey;
var symSecKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secKey));
var signingCredentials = new SigningCredentials(symSecKey, SecurityAlgorithms.HmacSha512Signature);
var claims = new List <Claim>();
var jwtId = Guid.NewGuid().ToString();
var utcDate = EpochTime.GetIntDate(DateTime.Now);
claims.Add(new Claim("iat", $"{utcDate}", ClaimValueTypes.Integer64));
claims.Add(new Claim("jti", jwtId, ClaimValueTypes.String));
claims.Add(new Claim("user_id", $"{user.Id}", ClaimValueTypes.Integer32));
claims.Add(new Claim("user_name", $"{user.AppUserName}", ClaimValueTypes.String));
claims.Add(new Claim("user_type", $"{user.UserType}", ClaimValueTypes.String));
var token = new JwtSecurityToken(
issuer: _config.tokenIssuer,
audience: _config.tokenAudience,
expires: EpochTime.DateTime(EpochTime.GetIntDate(DateTime.Now.AddDays(7))),
signingCredentials: signingCredentials,
claims: claims
);
var tokenHandler = new JwtSecurityTokenHandler();
var encodedToken = tokenHandler.WriteToken(token);
// Delete expired tokens for the user (exccess tokens for each user waste space)
DeleteInavlidTokens(user.Id);
// If the token can't be saved in the database
if (!SaveToken(encodedToken, user.Id, token.ValidTo))
{
return("");
}
return(encodedToken);
}
public void Register_User_Invalid_Pass()
{
var controller = new UserManagementController(_dbCtx);
var newUser = new ApplicationUserAccount()
{
AppUserName = "******",
UserPassword = "******"
};
controller.RegisterUser(newUser);
var user = _dbCtx.UserAccounts.Where(x => x.AppUserName.Equals("Ashur")).FirstOrDefault();
var outcome = user == null;
// Cleanup added objects
if (!outcome)
{
_dbCtx.UserAccounts.Remove(newUser);
_dbCtx.SaveChanges();
}
Assert.True(outcome);
}
public void Register_User_Invalid_Username_By_Non_Alpha_Numeric_Chars()
{
var controller = new UserManagementController(_dbCtx);
var newUser = new ApplicationUserAccount()
{
AppUserName = "******",
UserPassword = "******"
};
controller.RegisterUser(newUser);
var user = _dbCtx.UserAccounts.Where(x => x.AppUserName.Equals("Sablique V0# Lu$")).FirstOrDefault();
var outcome = user == null;
// Cleanup added objects
if (!outcome)
{
_dbCtx.UserAccounts.Remove(newUser);
_dbCtx.SaveChanges();
}
Assert.True(outcome);
}
public void Register_User_Valid_Creds()
{
var controller = new UserManagementController(_dbCtx);
var newUser = new ApplicationUserAccount()
{
AppUserName = "******",
UserPassword = "******"
};
controller.RegisterUser(newUser);
var user = _dbCtx.UserAccounts.Where(x => x.AppUserName.Equals("George")).FirstOrDefault();
var outcome = user != null;
// Cleanup added objects
if (outcome)
{
_dbCtx.UserAccounts.Remove(user);
_dbCtx.SaveChanges();
}
Assert.True(outcome);
}
public IActionResult RegisterUser([FromBody] ApplicationUserAccount userAccount)
{
// App user name must be at least 3 characters long and must be alphanumeric
if (!string.IsNullOrWhiteSpace(userAccount.AppUserName))
{
if (userAccount.AppUserName.Length < 3 || !Regex.IsMatch(userAccount.AppUserName, "^[a-zA-Z0-9]+$"))
{
return(new BadRequestObjectResult("Username cannot be empty and must contain two alphanumeric characters"));
}
}
else
{
return(new BadRequestObjectResult("Username cannot be empty and must contain two alphanumeric characters"));
}
// Password must be at least 8 characters long
if (!string.IsNullOrWhiteSpace(userAccount.UserPassword))
{
if (userAccount.UserPassword.Length < 8)
{
return(new BadRequestObjectResult("Password must be 8 characters long"));
}
}
else
{
return(new BadRequestObjectResult("Password must be 8 characters long"));
}
// Usernames must be also unique and they are also alternate keys in the database
var existingUser = _dbCtx.UserAccounts.Where(x => x.AppUserName.Equals(userAccount.AppUserName)).FirstOrDefault();
if (existingUser != null)
{
return(new BadRequestObjectResult($"Username {userAccount.AppUserName} is already taken"));
}
var newUser = new ApplicationUserAccount()
{
AppUserName = userAccount.AppUserName,
UserPassword = _scryptHasher.Encode(userAccount.UserPassword),
UserType = UserType.Instructor
};
_dbCtx.UserAccounts.Add(newUser);
try
{
_dbCtx.SaveChanges();
}
catch (Exception)
{
// Rollback the addition of a new user
_dbCtx.UserAccounts.Remove(newUser);
return(new NotFoundObjectResult("Failed to Create New User"));
}
var token = _tokenManager.IssueToken(newUser);
if (token.Equals(""))
{
return(new NotFoundObjectResult("Failed to Generate Token"));
}
return(new OkObjectResult($"Successfully Registered new User: {userAccount.AppUserName}"));
}
