/// <inheritdoc/> public async Task <IdSrvUserDto> GetByAuthInfoAsync(IdSrvUserAuthDto userAuth) { if (userAuth == null || userAuth.UserName == null || userAuth.Password == null) { throw new ArgumentNullException(nameof(userAuth)); } using (IDbConnection connection = await this.GetConnection()) { var compiler = new SqlServerCompiler(); var db = new QueryFactory(connection, compiler); dynamic userInDb = await db .Query("Users") .Select("Id", "UserName", "PasswordHash", "PasswordSalt", "IsBlocked") .Where(new { UserName = userAuth.UserName }) .FirstOrDefaultAsync(); // If PasswordHash and PasswordSalt are null, then it means that it's windows user, // this repository have not responsibility to authenticate windows users, so we just return null. if (userInDb == null || userInDb.PasswordHash == null) { return(null); } string passwordHashFromDb = userInDb.PasswordHash; string passwordSaltFromDb = userInDb.PasswordSalt; string calculatedPasswordHash = this.GetB64PasswordHashFrom(userAuth.Password, passwordSaltFromDb); return(calculatedPasswordHash == passwordHashFromDb ? new IdSrvUserDto { Id = userInDb.Id, UserName = userInDb.UserName, IsBlocked = userInDb.IsBlocked } : null); } }
/// <inheritdoc/> public async Task <IdSrvUserDto> GetUserByUserNameAndPasswordAsync(string userName, string password) { var authInfo = new IdSrvUserAuthDto { UserName = userName, Password = password }; return(await RestApiHelpers.CallValueApi(() => this.RestClient.GetByAuthInfoAsync(authInfo))); }
public async Task GetByAuthInfo_ReturnBadRequest_When_PassingDtoWithNullArgs() { this.UserRepository .Setup(v => v.GetByAuthInfoAsync(It.IsAny <IdSrvUserAuthDto>())) .ReturnsAsync(new IdSrvUserDto()); var controller = new UserController(this.UserRepository.Object); var authInfo = new IdSrvUserAuthDto(); IHttpActionResult httpResult = await controller.GetByAuthInfo(authInfo); Assert.NotNull(httpResult); Assert.IsInstanceOf <BadRequestResult>(httpResult); }
public async Task GetByAuthInfo_InvokeDeleteFromRepository_With_PassedId() { this.UserRepository .Setup(v => v.GetByAuthInfoAsync(It.IsAny <IdSrvUserAuthDto>())) .ReturnsAsync(new IdSrvUserDto()); var controller = new UserController(this.UserRepository.Object); var authInfoDto = new IdSrvUserAuthDto { UserName = "******", Password = "******" }; await controller.GetByAuthInfo(authInfoDto); this.UserRepository.Verify(v => v.GetByAuthInfoAsync(authInfoDto)); }
public async Task <IHttpActionResult> GetByAuthInfo(IdSrvUserAuthDto authInfo) { // This action check credentials only for simple users, not windows users. // So it's necessary to get password from client if (authInfo == null || authInfo.UserName == null || authInfo.Password == null) { return(this.BadRequest()); } IdSrvUserDto user = await this.UserRepository.GetByAuthInfoAsync(authInfo); return(user != null?this.Ok(user) : this.NotFound() as IHttpActionResult); }
public async Task GetByAuthInfo_ReturnNotFound_When_RepositoryReturnNull() { this.UserRepository .Setup(v => v.GetByAuthInfoAsync(It.IsAny <IdSrvUserAuthDto>())) .ReturnsAsync(null as IdSrvUserDto); var controller = new UserController(this.UserRepository.Object); var authInfoDto = new IdSrvUserAuthDto { UserName = "******", Password = "******" }; IHttpActionResult httpResult = await controller.GetByAuthInfo(authInfoDto); Assert.NotNull(httpResult); Assert.IsInstanceOf <NotFoundResult>(httpResult); }
public async Task GetByAuthInfo_ReturnOkWithUserReceivedFromRepository_When_RepositoryReturnNotNull() { var user = new IdSrvUserDto(); this.UserRepository .Setup(v => v.GetByAuthInfoAsync(It.IsAny <IdSrvUserAuthDto>())) .ReturnsAsync(user); var controller = new UserController(this.UserRepository.Object); var authInfoDto = new IdSrvUserAuthDto { UserName = "******", Password = "******" }; IHttpActionResult httpResult = await controller.GetByAuthInfo(authInfoDto); Assert.IsInstanceOf <OkNegotiatedContentResult <IdSrvUserDto> >(httpResult); Assert.NotNull(httpResult); Assert.AreEqual(user, (httpResult as OkNegotiatedContentResult <IdSrvUserDto>).Content); }