public void AuthenticateValidCredentialsTest()
        {
            UserAccountController userController = CreateFakeUserAccountController();

            //Authenticate with valid credentials
            var response = userController.Authenticate(
                new ReceiveLoginUserModel(_users[0].Email, "password-u1")
                );

            Assert.IsType <OkObjectResult>(response.Result);

            //Validate return data from endpoint
            SendLoginUserModel sendLoginUserModel =
                (SendLoginUserModel)((OkObjectResult)response.Result).Value;

            Assert.Equal(_users[0].Id, sendLoginUserModel.Id);
            Assert.Equal(_users[0].Email, sendLoginUserModel.Email);

            TokenCreatorValidator tokenCreatorValidator = new TokenCreatorValidator(_testApiSecret);
            TokenValidationParams tokenValidationParams = tokenCreatorValidator.ValidateToken(sendLoginUserModel.Token);

            Assert.Equal(_users[0].Id, tokenValidationParams.UserId);

            User authenticatedUser = _usersService.GetById(_users[0].Id);

            Assert.Equal(
                Encoding.Default.GetString(authenticatedUser.AuthSalt),
                Encoding.Default.GetString(tokenValidationParams.SaltBytes)
                );
        }
Пример #2
0
        public ActionResult ResetPassword([FromBody] PasswordResetModel passwordResetModel)
        {
            User user;

            try {
                user = _userService.GetByEmail(passwordResetModel.Email);
            } catch (RequestException) {
                return(BadRequest(new { message = "Email does not exist" }));
            }

            TokenValidationParams tokenValidationParams;
            User tokenUser;

            try {
                tokenValidationParams = _tokenCreatorValidator.ValidateToken(passwordResetModel.RecoveryToken);
                tokenUser             = _userService.GetById(tokenValidationParams.UserId);
            } catch (Exception) {
                return(BadRequest(new { message = "Invalid token error" }));
            }

            if (Encoding.Default.GetString(tokenUser.RecoverySalt) !=
                Encoding.Default.GetString(tokenValidationParams.SaltBytes))
            {
                return(BadRequest(new { message = "Recovery link expired or invalid" }));
            }

            user.RecoverySalt = null;

            try {
                _userService.SetNewPassword(user, passwordResetModel.NewPassword);
            }
            catch (RequestException ex) {
                if (ex.Code == UserExceptionCodes.InvalidCredentials)
                {
                    return(BadRequest(new { message = "Invalid old password" }));
                }
                if (ex.Code == UserExceptionCodes.BadPassword)
                {
                    return(BadRequest(new { message = "Invalid new password" }));
                }
                return(BadRequest(new { message = "Unknown error" }));
            }

            return(Ok());
        }
Пример #3
0
        private void AttachUserToContext(HttpContext context, IUsersService userService, string tokenStr)
        {
            TokenCreatorValidator tokenCreatorValidator = new TokenCreatorValidator(_configuration.Value.Secret);

            try
            {
                TokenValidationParams tokenValidationParams = tokenCreatorValidator.ValidateToken(tokenStr);
                User tokenUser = userService.GetById(tokenValidationParams.UserId);
                if (Encoding.Default.GetString(tokenUser.AuthSalt) ==
                    Encoding.Default.GetString(tokenValidationParams.SaltBytes))
                {
                    context.Items["User"] = tokenUser;
                }
            }
            catch
            {
                // do nothing if jwt validation fails
                // user is not attached to context so request won't have access to secure routes
            }
        }
        public void CreateAndValidateTokenTest()
        {
            TokenCreatorValidator tokenCreatorValidator = new TokenCreatorValidator(
                RandomString(1024)
                );
            int userId;

            for (int i = 0; i < 100; i++)
            {
                userId = Random.Next(1, Int32.MaxValue);
                TokenCreationParams   tokenCreationParams   = tokenCreatorValidator.CreateToken(userId, 30);
                TokenValidationParams tokenValidationParams =
                    tokenCreatorValidator.ValidateToken(tokenCreationParams.TokenStr);

                Assert.Equal(userId, tokenValidationParams.UserId);
                Assert.Equal(
                    Encoding.Default.GetString(tokenCreationParams.SaltBytes),
                    Encoding.Default.GetString(tokenValidationParams.SaltBytes)
                    );
            }
        }