public void TokenSerializer_HashStillValid()
{
var serialized = TokenSerializer.Serialize(token);
var deserialized = TokenSerializer.Deserialize(serialized);
//must reapply the IP - comes from the request header, not saved
deserialized.IpAddress = "123.45.678.90";
Assert.AreNotSame(token, deserialized);
Assert.IsTrue(TokenHasher.IsValid(deserialized));
}
public void TokenSerializer_DifferentIp_NotValid()
{
var serialized = TokenSerializer.Serialize(token);
var deserialized = TokenSerializer.Deserialize(serialized);
//must reapply the IP - comes from the request header, not saved
deserialized.IpAddress = "213.54.678.90";
Assert.AreNotSame(token, deserialized);
Assert.IsFalse(TokenHasher.IsValid(deserialized));
}
public void TokenSetup()
{
token = new Token()
{
CreateDate = DateTime.Now,
IpAddress = "123.45.678.90",
LocationId = 2,
UserId = 55,
Role = (int)RolesEnum.Employee
};
TokenHasher.Hash(token);
}
private Token CreateToken(int userId, string role, int locationId)
{
var token = new Token()
{
CreateDate = DateTime.Now,
IpAddress = HttpContext.Request.UserHostAddress,
LocationId = locationId,
Role = (int)Enum.Parse(typeof(RolesEnum), role),
UserId = userId
};
TokenHasher.Hash(token);
return(token);
}
public void TokenHasher_TamperWithRole_IsNotValid()
{
token.Role = (int)RolesEnum.Administrator;
Assert.IsFalse(TokenHasher.IsValid(token));
}
public void TokenHasher_TamperWithIp_IsNotValid()
{
token.IpAddress = "123.45.678.9";
Assert.IsFalse(TokenHasher.IsValid(token));
}
public void TokenHasher_TamperWithCreateDate_IsNotValid()
{
token.CreateDate = token.CreateDate.AddSeconds(1);
Assert.IsFalse(TokenHasher.IsValid(token));
}
public void TokenHasher_NoTamper_IsValid()
{
Assert.IsTrue(TokenHasher.IsValid(token));
}