public string GetUtcNow()
{
// ---- Methods that do NOT work ------------
// var res = QueryUtcAsync().Result; //deadlocks
// var res = QueryUtcAsync().ConfigureAwait(false).GetAwaiter().GetResult(); // deadlocks
// var res = SyncAsync.RunSync(() => QueryUtcAsync()); //works OK
// The following call is a test for non-generic overload of RunSync
SyncAsync.RunSync(() => Delay(20));
// Call method that will call non-async method restClient.Get<>
var res = QueryUtc(); // works OK
return($"Success! - sync->async call did not deadlock. Result UTC now: {res}");
}
public void TestLoginAdvancedFeatures()
{
Startup.BooksApp.LogTestStart();
var password = Samples.BookStore.SampleData.SampleDataGenerator.DefaultPassword;
var app = Startup.BooksApp;
var loginService = app.GetService <ILoginService>();
var loginMgr = app.GetService <ILoginManagementService>();
var loginProcessService = app.GetService <ILoginProcessService>();
var loginAdmin = app.GetService <ILoginAdministrationService>();
var context = app.CreateSystemContext();
// Simple login/logout ------------------------------------------------------------------------
//Let's try to login Dora
var doraEmail = "*****@*****.**";
var doraLogin = loginService.Login(context, "dora", "invalid password"); // it is Dora, but we configured for case-insensitive user names
Assert.AreEqual(LoginAttemptStatus.Failed, doraLogin.Status, "Expected login fail.");
doraLogin = loginService.Login(context, "dora", password);
Assert.AreEqual(LoginAttemptStatus.Success, doraLogin.Status, "Expected login succeed.");
var doraUser = doraLogin.User;
loginService.Logout(context); // should write a log entry
// Password reset, full process. --------------------------------------------------------
// See detailed discussion here: http://www.troyhunt.com/2012/05/everything-you-ever-wanted-to-know.html
// Let's say Dora forgot her password. She comes to Login page and clicks 'Forgot password' link.
// She is presented with a box 'Enter your email', and a captcha to verify she's not a robot.
// Dora enters email, solves captcha and clicks NEXT. We verify captcha (outside this sample)
//if captcha matches, we proceed to search for login record using email
var session = app.OpenSystemSession();
var enteredEmail = doraEmail;
var doraEmailFactor = loginProcessService.FindLoginExtraFactor(session, ExtraFactorTypes.Email, enteredEmail);
// In this test, we know login exists; in real app, if we do not find login, stop here,
// but do not disclose that email did not match; say 'Reset URL was sent to this email if it was found in our database'
Assert.IsNotNull(doraEmailFactor, "Expected to find login by email.");
// login is found; Start login process
var processToken = loginProcessService.GenerateProcessToken();
var process = loginProcessService.StartProcess(doraEmailFactor.Login, LoginProcessType.PasswordReset, processToken);
Assert.AreEqual(ExtraFactorTypes.Email | ExtraFactorTypes.SecretQuestions, process.PendingFactors, "Expected Email and Secret questions pending factors");
// send email to email address provided by user with a link containing the flowToken; wait for the user to hit the link.
// Do not send anything if login factor was not found by email; otherwise your site becomes email DDOS bot
// Important: in both cases (email found or not), present user (dora or not) with the same page
// saying 'Reset instructions were sent to email you provided, if it was found in our database. ', without disclosing if email was found or not
// Embed process token in URL and send it in email
SyncAsync.RunSync(() => loginProcessService.SendPinAsync(process, doraEmailFactor));
//Dora receives email, copies pin; we get the pin thru our fake message service
var pin = Startup.LoginMessagingService.SentMessages.Last().Pin;
//Find the login process
session = app.OpenSystemSession();
process = loginProcessService.GetActiveProcess(session, LoginProcessType.PasswordReset, processToken);
// if the process is null, present with page 'oopss..' invalid link or link expired
Assert.IsNotNull(process, "Expected to find process.");
var pinOk = loginProcessService.SubmitPin(process, pin);
Assert.IsTrue(pinOk, "Pin verification failed");
// Next - secret questions
Assert.AreEqual(ExtraFactorTypes.SecretQuestions, process.PendingFactors, "Expected Secret questions pending factor.");
var qaList = process.Login.SecretQuestionAnswers;
Assert.AreEqual(3, qaList.Count, "Expected 3 questions/answers");
//present Dora with a page with her 3 questions, wait until she types the answers
// Assume we got the answers; we also have flowToken preserved somewhere on the page
var answers = new SecretQuestionAnswer[] {
new SecretQuestionAnswer()
{
QuestionId = qaList[0].Question.Id, Answer = "Diego"
}, //best friend
new SecretQuestionAnswer()
{
QuestionId = qaList[1].Question.Id, Answer = "Banana"
}, //favorite fruit
new SecretQuestionAnswer()
{
QuestionId = qaList[2].Question.Id, Answer = "yellow"
}, //favorite color
};
var answersCorrect = loginProcessService.CheckAllSecretQuestionAnswers(process, answers);
Assert.IsTrue(answersCorrect, "Secret question answers failed.");
process = loginProcessService.GetActiveProcess(session, LoginProcessType.PasswordReset, processToken);
Assert.AreEqual(ExtraFactorTypes.None, process.PendingFactors, "Expected no pending factors.");
// Dora enters new password and hits Submit
var oldPass = password;
// Now set new password
var newPass = password + "New";
loginMgr.ChangePassword(process.Login, oldPass, newPass);
//we are done; let's try to login Dora with new password
doraLogin = loginService.Login(context, "dora", newPass); //user names are case insensitive
Assert.IsTrue(doraLogin.Status == LoginAttemptStatus.Success, "Failed to login after password change.");
//Change back, to avoid breaking other tests
loginMgr.ChangePassword(process.Login, newPass, oldPass);
/* // Quick test of a bug (LastLoggedIn not updated with one-time pwd)
* var tempPass = "******";
* loginAdmin.SetOneTimePassword(doraLogin.Login, tempPass);
* doraLogin = loginService.Login(context, "dora", tempPass);
* loginMgr.ChangePassword(doraLogin.Login, tempPass, oldPass);
*/
}//method
public static TResult Get <TResult>(this RestClient client, string url, params object[] args)
{
return(SyncAsync.RunSync(() => client.GetAsync <TResult>(url, args)));
}//method
private IActionResult DoDelaySyncCorrect()
{
SyncAsync.RunSync(() => DoDelayAsync()); //this is our helper method, we test it here under IIS
return(AsPlainText("Time: " + DateTime.Now.ToString("hh:MM:ss")));
}
public static string GetString(this RestClient client, string url, object[] args = null, string acceptMediaType = "text/plain")
{
return(SyncAsync.RunSync(() => client.GetStringAsync(url, args, acceptMediaType)));
}
public static byte[] GetBinary(this RestClient client, string url, object[] args = null, string acceptMediaType = "application/octet-stream")
{
return(SyncAsync.RunSync(() => client.GetBinaryAsync(url, args, acceptMediaType)));
}
public static HttpStatusCode Delete(this RestClient client, string url, params object[] args)
{
return(SyncAsync.RunSync(() => client.DeleteAsync(url, args)));
}
public static TResult Send <TContent, TResult>(this RestClient client, HttpMethod method,
TContent content, string url, object[] args, string acceptMediaType = null)
{
return(SyncAsync.RunSync(() => client.SendAsync <TContent, TResult>(method, content, url, args, acceptMediaType)));
}
public static TResult Put <TContent, TResult>(this RestClient client, TContent content, string url, params object[] args)
{
return(SyncAsync.RunSync(() => client.PutAsync <TContent, TResult>(content, url, args)));
}