public void SaveAdminPasswordReturnsFalseIfGettingStreamThrowsUnauthorizedAccessException() { // Act bool passwordSaved = AdminSecurity.SaveTemporaryPassword("password", () => { throw new UnauthorizedAccessException(); }); // Assert Assert.False(passwordSaved); }
public RoleInitService( UserManager <AppUser> userManager, RoleManager <AppRole> roleManager, IOptions <AdminSecurity> adminOptions) { this.userManager = userManager; this.roleManager = roleManager; this.adminSecurity = adminOptions.Value; }
private static void AssertSecure( string requestUrl, bool passwordExists, bool temporaryPasswordExists, string expectedUrl ) { // Arrange var vpp = new Mock <VirtualPathProvider>(); if (temporaryPasswordExists) { vpp.Setup(m => m.FileExists("~/App_Data/Admin/_Password.config")).Returns(true); } if (passwordExists) { vpp.Setup(m => m.FileExists("~/App_Data/Admin/Password.config")).Returns(true); } string redirectUrl = null; var response = new Mock <HttpResponseBase>(); response .Setup(m => m.Redirect(It.IsAny <string>())) .Callback <string>(url => redirectUrl = url); var request = new Mock <HttpRequestBase>(); request.Setup(m => m.QueryString).Returns(new NameValueCollection()); request.Setup(m => m.RawUrl).Returns(requestUrl); var cookies = new HttpCookieCollection(); request.Setup(m => m.Cookies).Returns(cookies); var context = new Mock <HttpContextBase>(); context.Setup(m => m.Request).Returns(request.Object); context.Setup(m => m.Response).Returns(response.Object); var startPage = new Mock <StartPage>() { CallBase = true }; var page = new Mock <WebPageRenderingBase>(); page.Setup(m => m.VirtualPath).Returns(requestUrl); startPage.Object.ChildPage = page.Object; page.Setup(m => m.Context).Returns(context.Object); // Act AdminSecurity.Authorize(startPage.Object, vpp.Object, MakeAppRelative); // Assert Assert.Equal(expectedUrl, redirectUrl); }
public void HasTemporaryPasswordReturnsFalseIfAdminPasswordFileDoesNotExists() { // Arrange Mock <VirtualPathProvider> mockVpp = new Mock <VirtualPathProvider>(); mockVpp.Setup(m => m.FileExists("~/App_Data/Admin/_Password.config")).Returns(false); // Act bool hasPassword = AdminSecurity.HasTemporaryPassword(mockVpp.Object); // Assert Assert.False(hasPassword); }
public void HasAdminPasswordReturnsTrueIfAdminPasswordFileExists() { // Arrange Mock <VirtualPathProvider> mockVpp = new Mock <VirtualPathProvider>(); mockVpp.Setup(m => m.FileExists("~/App_Data/Admin/Password.config")).Returns(true); // Act bool hasPassword = AdminSecurity.HasAdminPassword(mockVpp.Object); // Assert Assert.True(hasPassword); }
public void IsAuthenticatedReturnsFalseIfAuthCookieNotInCollection() { // Arrange var mockRequest = new Mock <HttpRequestBase>(); var cookies = new HttpCookieCollection(); mockRequest.Setup(m => m.Cookies).Returns(cookies); // Act bool authorized = AdminSecurity.IsAuthenticated(mockRequest.Object); // Assert Assert.False(authorized); }
public void GetAuthAdminCookieCreatesAnAuthTicketWithUserDataSetToAdmin() { // Arrange var cookie = AdminSecurity.GetAuthCookie(); // Act FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value); // Assert Assert.Equal(".ASPXADMINAUTH", cookie.Name); Assert.True(cookie.HttpOnly); Assert.Equal(2, ticket.Version); Assert.Equal("ADMIN", ticket.UserData); }
public void SetAuthCookieAddsAuthCookieToResponseCollection() { // Arrange var mockResponse = new Mock <HttpResponseBase>(); var cookies = new HttpCookieCollection(); mockResponse.Setup(m => m.Cookies).Returns(cookies); // Act AdminSecurity.SetAuthCookie(mockResponse.Object); // Assert Assert.NotNull(cookies[".ASPXADMINAUTH"]); }
public void IsAuthenticatedReturnsFalseIfAuthCookieInCollectionAndIsNotAValidAdminAuthCookie() { // Arrange var mockRequest = new Mock <HttpRequestBase>(); var cookies = new HttpCookieCollection(); mockRequest.Setup(m => m.Cookies).Returns(cookies); cookies.Add(new HttpCookie(".ASPXADMINAUTH", "test")); // Act bool authorized = AdminSecurity.IsAuthenticated(mockRequest.Object); // Assert Assert.False(authorized); }
public void IsAuthenticatedReturnsTrueIfAuthCookieIsValid() { // Arrange var mockRequest = new Mock <HttpRequestBase>(); var cookies = new HttpCookieCollection(); mockRequest.Setup(m => m.Cookies).Returns(cookies); cookies.Add(AdminSecurity.GetAuthCookie()); // Act bool authorized = AdminSecurity.IsAuthenticated(mockRequest.Object); // Assert Assert.True(authorized); }
public override void Execute() { WriteLiteral("\r\n\r\n"); WriteLiteral("\r\n"); #line 5 "..\..\EnableInstructions.cshtml" Page.Title = AdminResources.SecurityTitle; if (AdminSecurity.HasAdminPassword()) { SiteAdmin.RedirectToHome(Response); return; } string url = SiteAdmin.GetRedirectUrl(SiteAdmin.AdminVirtualPath); #line default #line hidden WriteLiteral("\r\n"); #line 16 "..\..\EnableInstructions.cshtml" Write(Html.Raw(AdminResources.EnableInstructions)); #line default #line hidden WriteLiteral("\r\n<br />\r\n<p>\r\n "); #line 19 "..\..\EnableInstructions.cshtml" Write(Html.Raw(String.Format(CultureInfo.CurrentCulture, AdminResources.ContinueAfterEnableText, Html.Encode(Href(url))))); #line default #line hidden WriteLiteral("\r\n</p>\r\n\r\n"); }
public void CheckPasswordReturnsTrueIfPasswordIsValid() { // Arrange var ms = new MemoryStream(); var writer = new StreamWriter(ms); writer.WriteLine(Crypto.HashPassword("password")); writer.Flush(); ms.Seek(0, SeekOrigin.Begin); // Act bool passwordIsValid = AdminSecurity.CheckPassword("password", () => ms); // Assert Assert.True(passwordIsValid); writer.Close(); }
public void SaveAdminPasswordUsesCryptoToWritePasswordAndSalt() { // Arrange var password = "******"; MemoryStream ms = new MemoryStream(); // Act bool passwordSaved = AdminSecurity.SaveTemporaryPassword(password, () => ms); // Assert Assert.True(passwordSaved); string savedPassword = Encoding.Default.GetString(ms.ToArray()); // Trim everything after the new line. Cannot use the properties from the stream since it is already closed by the writer. savedPassword = savedPassword.Substring(0, savedPassword.IndexOf(Environment.NewLine)); Assert.True(Crypto.VerifyHashedPassword(savedPassword, password)); }