public async Task AuthenticateUsingUserName()
{
// create a user :
var user = RandomObjects.RandomUser(new string[] { }).Generate();
var username = user.UserName;
var password = "******";
var httpClient = factory.CreateSecureClient();
var account = await _CreateUser(httpClient, user, password);
var bindings = new AuthenticateBindings {
UserName = username, Password = password
};
var response = await httpClient.PostAsync($"{TestStartup.PATH}/account/authenticate", new JsonContent(bindings));
var content = await response.Content.ReadAsStringAsync();
Assert.True(response.IsSuccessStatusCode, response.ReasonPhrase ?? "");
var result = JsonConvert.DeserializeObject <ApiModel <AccountDto> >(content);
Assert.True(result.Result.Success, result.Result.Errors?.FirstOrDefault().Value?.FirstOrDefault() ?? "");
Assert.Empty(result.Result.Errors);
var resultUser = result.Value;
Assert.NotNull(resultUser);
Assert.True(resultUser.IsAuthenticated);
Assert.NotNull(resultUser.Token);
Assert.NotEqual("", resultUser.Token);
}
private async Task <string> _authenticateAsync(HttpClient client, string username, string password)
{
var bindings = new AuthenticateBindings {
UserName = username, Password = password
};
var response = await client.PostAsync($"{TestStartup.PATH}/account/authenticate", new JsonContent(bindings));
var content = await response.Content.ReadAsStringAsync();
Assert.True(response.IsSuccessStatusCode, response.ReasonPhrase ?? "");
var result = JsonConvert.DeserializeObject <ApiModel <AccountDto> >(content);
return(result.Value.Token);
}
// [ValidateAntiForgeryToken]
public async Task <IActionResult> AuthenticateAsync([FromBody] AuthenticateBindings userDto, string returnUrl = null)
{
var username = _userManager.NormalizeKey(userDto.UserName);
var result = await _signInManager.PasswordSignInAsync(username,
userDto.Password, userDto.RememberMe, lockoutOnFailure : false);
if (result.Succeeded)
{
var user = await _userManager.FindByNameAsync(username);
if (user == null)
{
throw new AppException($"impossible to find the user {userDto.UserName} after successfull login using this username");
}
_logger.LogInformation("User logged in.");
var resultDto = _mapper.Map <AccountDto>(user);
resultDto.Token = await _GenerateTokenAsync(user);
resultDto.IsAuthenticated = true;
return(Ok(ApiModel.AsSuccess(resultDto)));
}
if (result.RequiresTwoFactor)
{
return(RedirectToAction(nameof(LoginWith2fa), new { returnUrl, userDto.RememberMe }));
}
if (result.IsLockedOut)
{
_logger.LogWarning("User account locked out.");
return(Ok(ApiModel.AsError(userDto, "User account locked out.")));
}
else
{
ModelState.AddModelError(string.Empty, "Invalid login attempt.");
return(Ok(ApiModel.AsError(userDto, "Invalid login attempt.")));
}
}
public async Task ResetsPassword()
{
// create a user :
var user = RandomObjects.RandomUser(new string[] { }).Generate();
var username = user.UserName;
var oldpassword = $"username-Pa$$w0rd-old";
var httpClient = factory.CreateSecureClient();
var token = await this._CreateUserAndGetToken(httpClient, user, oldpassword);
// forgot his email
var bindings = new ForgotPasswordBindings {
UserName = username
};
var forgotrequest = await httpClient.PostAsync($"{TestStartup.PATH}/account/forgot", new JsonContent(bindings));
var forgotcontent = await forgotrequest.Content.ReadAsStringAsync();
var forgotresult = JsonConvert.DeserializeObject <ApiModel <AccountDto> >(forgotcontent);
// emails :
var recievedEmails = this.factory.EmailSender.Flush();
var message = recievedEmails.First().message;
// find the link in the email =
var regex = new Regex("href=[\"'].*action=(.+)(&[^\"'])?[\"']", RegexOptions.IgnoreCase);
var encodedlink = regex.Match(message).Groups[1].Value;
var actionLink = WebUtility.UrlDecode(encodedlink);
// // finds the action =
// var uri = new Uri(actionLink);
// var action = HttpUtility.ParseQueryString(uri.Query).Get("action");
var newpassword = $"username-Pa$$w0rd-reset";
var encodedPassword = WebUtility.UrlEncode(newpassword);
// request rest
var resetrequest = await httpClient.GetAsync($"{actionLink}&password={encodedPassword}");
var resetcontent = await resetrequest.Content.ReadAsStringAsync();
var resetresult = JsonConvert.DeserializeObject <ApiModel <AccountDto> >(resetcontent);
Assert.True(resetrequest.IsSuccessStatusCode, resetrequest.ReasonPhrase ?? "");
Assert.True(resetresult.Result.Success, resetresult.Result.Errors?.FirstOrDefault().Value?.FirstOrDefault() ?? "");
Assert.Empty(resetresult.Result.Errors);
var verifyNewbindings = new AuthenticateBindings {
UserName = user.UserName, Password = newpassword
};
var verifyNewresponse = await httpClient.PostAsync($"{TestStartup.PATH}/account/authenticate", new JsonContent(verifyNewbindings));
var verifyNewcontent = await verifyNewresponse.Content.ReadAsStringAsync();
Assert.True(verifyNewresponse.IsSuccessStatusCode, verifyNewresponse.ReasonPhrase ?? "");
var verifyNewResult = JsonConvert.DeserializeObject <ApiModel <AccountDto> >(verifyNewcontent);
Assert.True(verifyNewResult.Result.Success, verifyNewResult.Result.Errors?.FirstOrDefault().Value?.FirstOrDefault() ?? "");
Assert.Empty(verifyNewResult.Result.Errors);
var resultUser = verifyNewResult.Value;
Assert.NotNull(resultUser);
Assert.True(resultUser.IsAuthenticated);
Assert.NotNull(resultUser.Token);
Assert.Equal(user.UserName, resultUser.UserName);
Assert.NotEqual("", resultUser.Token);
var verifyOldbindings = new AuthenticateBindings {
UserName = user.UserName, Password = oldpassword
};
var verifyOldresponse = await httpClient.PostAsync($"{TestStartup.PATH}/account/authenticate", new JsonContent(verifyOldbindings));
var verifyOldcontent = await verifyOldresponse.Content.ReadAsStringAsync();
Assert.True(verifyOldresponse.IsSuccessStatusCode, verifyOldresponse.ReasonPhrase ?? "");
var verifyOldResult = JsonConvert.DeserializeObject <ApiModel <AccountDto> >(verifyOldcontent);
Assert.False(verifyOldResult.Result.Success);
Assert.NotEmpty(verifyOldResult.Result.Errors);
// var resultOldUser = verifyOldResult.Value;
// Assert.Null(resultOldUser);
// Assert.False(resultOldUser.IsAuthenticated);
// Assert.Null(resultOldUser.Token);
}
