public void should_call_generate_new_jwt_token()
{
List <RefreshToken> tokens = new() { new RefreshTokenBuilder().Build() };
User user = new UserBuilder().WithRefreshTokens(tokens).Build();
UserDb userFromDb = user.Map();
var usersFromDb = new List <UserDb> {
userFromDb
};
DateTime now = DateTime.UtcNow;
var newRefreshToken = new RefreshTokenBuilder().Build();
bool newJwtTokenGenerated = false;
Action <User> generateJwtToken = (usr) => { newJwtTokenGenerated = true; };
_users.Setup(n => n.Get(It.IsAny <Expression <Func <UserDb, bool> > >(), null, "")).Returns(usersFromDb);
_mapper.Setup(n => n.Map <User>(userFromDb)).Returns(user);
_dateTimeProvider.Setup(n => n.Now).Returns(now);
_jwtUtils.Setup(n => n.GenerateRefreshToken(IP_ADDRESS)).Returns(newRefreshToken);
_jwtUtils.Setup(n => n.GenerateJwtToken(user)).Callback(generateJwtToken);
_sut.RefreshToken(tokens.First().Token, IP_ADDRESS);
newJwtTokenGenerated.Should().BeTrue();
}
public void should_revoke_old_tokens_when_add_new_refresh_token()
{
List <RefreshToken> tokens = new() { new RefreshTokenBuilder().Build() };
User user = new UserBuilder().WithRefreshTokens(tokens).Build();
UserDb userFromDb = user.Map();
var usersFromDb = new List <UserDb> {
userFromDb
};
DateTime now = DateTime.UtcNow;
string reason = ApiResponses.ReplacedByNewToken;
var newRefreshToken = new RefreshTokenBuilder().Build();
var lastTokenRevoked = getLastTokenRevoked(tokens, now, reason, newRefreshToken.Token);
List <RefreshToken> expectedRefreshTokens = new() { lastTokenRevoked, newRefreshToken };
User result = null;
Action <User, UserDb> mapFinalUser = (a, b) => { result = a; };
_users.Setup(n => n.Get(It.IsAny <Expression <Func <UserDb, bool> > >(), null, "")).Returns(usersFromDb);
_mapper.Setup(n => n.Map <User>(userFromDb)).Returns(user);
_dateTimeProvider.Setup(n => n.Now).Returns(now);
_jwtUtils.Setup(n => n.GenerateRefreshToken(IP_ADDRESS)).Returns(newRefreshToken);
_mapper.Setup(n => n.Map(user, userFromDb)).Callback(mapFinalUser);
_sut.RefreshToken(tokens.First().Token, IP_ADDRESS);
result.RefreshTokens.Should().BeEquivalentTo(expectedRefreshTokens);
}
public void should_remove_old_refresh_tokens()
{
List <RefreshToken> tokens = generateFakeReplacedTokensChain(2); // new RefreshTokenBuilder().Build(2);
User user = new UserBuilder().WithRefreshTokens(tokens).Build();
UserDb userFromDb = user.Map();
DateTime now = new DateTime(2022, 05, 05);
string reason = ApiResponses.ReplacedByNewToken;
var usersFromDb = new List <UserDb> {
userFromDb
};
tokens[0].Created = new DateTime(2022, 01, 01);
tokens[0].Revoked = new DateTime(2022, 01, 02);
tokens[1].Created = new DateTime(2022, 05, 05);
var newRefreshToken = new RefreshTokenBuilder().WithCreated(new DateTime(2022, 05, 10)).Build();
var lastTokenRevoked = getLastTokenRevoked(tokens, now, reason, newRefreshToken.Token);
var expectedTokens = new List <RefreshToken> {
lastTokenRevoked, newRefreshToken
};
User result = null;
Action <User, UserDb> mapFinalUser = (a, b) => { result = a; };
_users.Setup(n => n.Get(It.IsAny <Expression <Func <UserDb, bool> > >(), null, "")).Returns(usersFromDb);
_mapper.Setup(n => n.Map <User>(userFromDb)).Returns(user);
_dateTimeProvider.Setup(n => n.Now).Returns(now);
_jwtUtils.Setup(n => n.GenerateRefreshToken(IP_ADDRESS)).Returns(newRefreshToken);
_mapper.Setup(n => n.Map(user, userFromDb)).Callback(mapFinalUser);
_sut.RefreshToken(tokens[1].Token, IP_ADDRESS);
result.RefreshTokens.Should().BeEquivalentTo(expectedTokens);
}
public void should_add_new_refresh_token()
{
List <RefreshToken> tokens = new() { new RefreshTokenBuilder().Build() };
User user = new UserBuilder().WithRefreshTokens(tokens).Build();
UserDb userFromDb = user.Map();
var usersFromDb = new List <UserDb> {
userFromDb
};
DateTime now = DateTime.UtcNow;
var newRefreshToken = new RefreshTokenBuilder().Build();
User result = null;
Action <User, UserDb> mapFinalUser = (a, b) => { result = a; };
_users.Setup(n => n.Get(It.IsAny <Expression <Func <UserDb, bool> > >(), null, "")).Returns(usersFromDb);
_mapper.Setup(n => n.Map <User>(userFromDb)).Returns(user);
_dateTimeProvider.Setup(n => n.Now).Returns(now);
_jwtUtils.Setup(n => n.GenerateRefreshToken(IP_ADDRESS)).Returns(newRefreshToken);
_mapper.Setup(n => n.Map(user, userFromDb)).Callback(mapFinalUser);
_sut.RefreshToken(tokens.First().Token, IP_ADDRESS);
result.RefreshTokens.Should().Contain(newRefreshToken);
}
public void should_add_new_refresh_token_to_users_tokens()
{
AuthenticateRequest request = createFakeRequest();
string hashedPassword = BCrypt.Net.BCrypt.HashPassword(request.Password);
User user = new UserBuilder()
.WithUsername(request.Username).WithPasswordHash(hashedPassword).Build();
List <UserDb> usersFromDb = new() { user.Map() };
DateTime now = DateTime.UtcNow;
DateTime dateValid = now.AddDays(_appSettings.Value.RefreshTokenTTL + 5);
RefreshToken generatedRefreshToken = new RefreshTokenBuilder().WithCreated(dateValid).Build();
User result = null;
Action <User, UserDb> mapUserToUserDb = (usr, usrfromdb) => { result = usr; };
List <RefreshToken> expectedResult = new() { generatedRefreshToken };
_users.Setup(n => n.Get(It.IsAny <Expression <Func <UserDb, bool> > >(), null, ""))
.Returns(usersFromDb);
_mapper.Setup(n => n.Map <User>(It.IsAny <UserDb>())).Returns(user);
_jwtUtils.Setup(n => n.GenerateJwtToken(It.IsAny <User>())).Returns(GENERATED_JWT_TOKEN);
_jwtUtils.Setup(n => n.GenerateRefreshToken(IP_ADDRESS)).Returns(generatedRefreshToken);
_dateTimeProvider.Setup(n => n.Now).Returns(now);
_mapper.Setup(n => n.Map(It.IsAny <User>(), It.IsAny <UserDb>())).Callback(mapUserToUserDb);
_sut.Authenticate(request, IP_ADDRESS);
result.RefreshTokens.Should().BeEquivalentTo(expectedResult);
}
public void should_return_authenticate_response()
{
AuthenticateRequest request = createFakeRequest();
string hashedPassword = BCrypt.Net.BCrypt.HashPassword(request.Password);
User user = new UserBuilder().WithUsername(request.Username).WithPasswordHash(hashedPassword).Build();
List <UserDb> usersFromDb = new() { user.Map() };
DateTime now = DateTime.UtcNow;
DateTime dateValid = now.AddDays(_appSettings.Value.RefreshTokenTTL + 5);
RefreshToken generatedRefreshToken = new RefreshTokenBuilder().WithCreated(dateValid).Build();
AuthenticateResponse expectedResult = new(user, GENERATED_JWT_TOKEN, generatedRefreshToken.Token);
_users.Setup(n => n.Get(It.IsAny <Expression <Func <UserDb, bool> > >(), null, ""))
.Returns(usersFromDb);
_mapper.Setup(n => n.Map <User>(It.IsAny <UserDb>())).Returns(user);
_jwtUtils.Setup(n => n.GenerateJwtToken(It.IsAny <User>())).Returns(GENERATED_JWT_TOKEN);
_jwtUtils.Setup(n => n.GenerateRefreshToken(IP_ADDRESS)).Returns(generatedRefreshToken);
_dateTimeProvider.Setup(n => n.Now).Returns(now);
var result = _sut.Authenticate(request, IP_ADDRESS);
result.Should().BeEquivalentTo(expectedResult);
}
public void should_remove_old_refresh_tokens()
{
AuthenticateRequest request = createFakeRequest();
string hashedPassword = BCrypt.Net.BCrypt.HashPassword(request.Password);
User user = new UserBuilder()
.WithUsername(request.Username).WithPasswordHash(hashedPassword).Build();
List <UserDb> usersFromDb = new() { user.Map() };
DateTime now = DateTime.UtcNow;
DateTime dateExpired = now.Subtract(TimeSpan.FromDays(3));
var inactiveTokens = new RefreshTokenBuilder().Inactive().WithCreated(dateExpired).Build(5);
user.RefreshTokens = inactiveTokens;
List <RefreshToken> expectedResult = new();
User result = null;
Action <User, UserDb> mapUserToUserDb = (usr, usrfromdb) => { result = usr; };
_users.Setup(n => n.Get(It.IsAny <Expression <Func <UserDb, bool> > >(), null, ""))
.Returns(usersFromDb);
_mapper.Setup(n => n.Map <User>(It.IsAny <UserDb>())).Returns(user);
_jwtUtils.Setup(n => n.GenerateJwtToken(It.IsAny <User>()));
_jwtUtils.Setup(n => n.GenerateRefreshToken(IP_ADDRESS)).Returns(inactiveTokens[0]);
_dateTimeProvider.Setup(n => n.Now).Returns(now);
_mapper.Setup(n => n.Map(It.IsAny <User>(), It.IsAny <UserDb>())).Callback(mapUserToUserDb);
_sut.Authenticate(request, IP_ADDRESS);
result.RefreshTokens.Should().BeEquivalentTo(expectedResult);
}
public void should_revoke_token()
{
RefreshToken activeRefreshToken = new RefreshTokenBuilder().Build();
List <RefreshToken> refreshTokens = new() { activeRefreshToken };
User user = new UserBuilder().WithRefreshTokens(refreshTokens).Build();
UserDb userFromDb = user.Map();
List <UserDb> usersFromDb = new() { userFromDb };
User userUpdated = null;
Action <object, object> mapFinal = (a, b) => { userUpdated = a as User; };
DateTime now = DateTime.UtcNow;
string reason = ApiResponses.RevokedWithoutReplacement;
var expectedResult = new List <RefreshToken> {
getCopiedRevokedToken(activeRefreshToken, now, reason)
};
_users.Setup(n => n.Get(It.IsAny <Expression <Func <UserDb, bool> > >(), null, ""))
.Returns(usersFromDb);
_mapper.Setup(n => n.Map <User>(userFromDb)).Returns(user);
_mapper.Setup(n => n.Map(It.IsAny <User>(), It.IsAny <UserDb>())).Callback(mapFinal);
_dateTimeProvider.Setup(n => n.Now).Returns(now);
_sut.RevokeToken(activeRefreshToken.Token, IP_ADDRESS);
userUpdated.RefreshTokens.Should().BeEquivalentTo(expectedResult);
}
private static List <RefreshToken> generateFakeReplacedTokensChain(int count)
{
var tokens = new RefreshTokenBuilder().Build(count);
for (int i = 0; i < count - 1; i++)
{
tokens[i].ReplacedByToken = tokens[i + 1].Token;
tokens[i].Expires = DateTime.UtcNow.AddMonths(5);
tokens[i].Revoked = DateTime.UtcNow.Subtract(TimeSpan.FromDays(150));
}
return(tokens);
}
public void should_throw_exception_when_token_is_inactive()
{
RefreshToken inactiveRefreshToken = new RefreshTokenBuilder().Inactive().Build();
List <RefreshToken> refreshTokens = new() { inactiveRefreshToken };
User user = new UserBuilder().WithRefreshTokens(refreshTokens).Build();
UserDb userFromDb = user.Map();
List <UserDb> usersFromDb = new() { userFromDb };
_users.Setup(n => n.Get(It.IsAny <Expression <Func <UserDb, bool> > >(), null, ""))
.Returns(usersFromDb);
_mapper.Setup(n => n.Map <User>(userFromDb)).Returns(user);
_sut.Invoking(n => n.RevokeToken(inactiveRefreshToken.Token, IP_ADDRESS))
.Should()
.Throw <Exception>()
.WithMessage(ApiResponses.InvalidToken);
}
public void should_return_new_jwt_and_refresh_token()
{
List <RefreshToken> tokens = new() { new RefreshTokenBuilder().Build() };
User user = new UserBuilder().WithRefreshTokens(tokens).Build();
UserDb userFromDb = user.Map();
var usersFromDb = new List <UserDb> {
userFromDb
};
DateTime now = DateTime.UtcNow;
var newRefreshToken = new RefreshTokenBuilder().Build();
string newJwtToken = "new jwt token";
AuthenticateResponse expectedResult = new(user, newJwtToken, newRefreshToken.Token);
_users.Setup(n => n.Get(It.IsAny <Expression <Func <UserDb, bool> > >(), null, "")).Returns(usersFromDb);
_mapper.Setup(n => n.Map <User>(userFromDb)).Returns(user);
_dateTimeProvider.Setup(n => n.Now).Returns(now);
_jwtUtils.Setup(n => n.GenerateRefreshToken(IP_ADDRESS)).Returns(newRefreshToken);
_jwtUtils.Setup(n => n.GenerateJwtToken(user)).Returns(newJwtToken);
var result = _sut.RefreshToken(tokens.First().Token, IP_ADDRESS);
result.Should().BeEquivalentTo(expectedResult);
}
