public UserAuthenticateResponseModel AuthenticateUser(UserAuthenticateRequestModel model)
{
// validation
var results = _userValidator.Validate(model).ToArray();
if (results.Length > 0)
{
throw new ValidationApiException(results);
}
// get the user from the repository / database
var entity = _repo.GetUsers().SingleOrDefault(user => user.Email == model.Email && user.Password == model.Password);
// throw unathorized exception if user doesn't exist
if (entity == null)
{
throw new UnauthorizedApiException("Username or password is incorrect");
}
if (entity.Locked)
{
throw new UnauthorizedApiException("Account is locked");
}
// authentication successful so generate jwt token
var token = GenerateJwtToken(entity.Id);
//return the UserAuthenticateResponseModel to the controller
return(_userMapper.AuthenticateMapper(entity, token));
}
public void Validate_InvalidUserName_ReturnsFailure(string userName)
{
UserModel model = DataHelper.CreateUserModel();
model.UserName = userName;
ValidationResult result = _userValidator.Validate(model);
Assert.IsFalse(result.Success);
Assert.AreEqual(1, result.Messages.Count);
Assert.IsTrue(result.Messages[0].Contains("User name"));
}
public async Task <UserView> Insert(UserDto dto)
{
var reg = new User();
new UserMapper().Map(reg, dto);
_userValidator.Validate(reg);
await Context.Users.AddAsync(reg);
await Context.SaveChangesAsync();
return(UserView.New(reg));
}
public void Execute_ValidationFails_ThrowsException()
{
UserModel model = DataHelper.CreateUserModel();
_userValidator.Validate(Arg.Any <UserModel>()).Returns(new ValidationResult("error"));
// execute
TestDelegate del = () => _createUserCommand.Execute(model.UserName, model.Password, model.Role);
// assert
Assert.Throws <ValidationException>(del);
// we shouldn't have even tried to do the insert
_dbContext.DidNotReceive().ExecuteNonQuery(Arg.Any <string>(), Arg.Any <object>());
_passwordProvider.DidNotReceive().HashPassword(Arg.Any <string>(), Arg.Any <string>());
}
public void UpsertUser(string token, UserDto dto)
{
var userId = _auth.Authorize(token);
if (userId == null)
{
throw new AuthException("Unauthorized");
}
try
{
// LSP demo
var validResults = _validator.Validate(dto).ToList();
validResults.ForEach(result => result.ThrowIfFail());
}
catch (ValidationException e)
{
_logger.Log($"Validation failed : {e.Message}");
throw;
}
var user = dto.ToUser(userId);
_storage.UpsetUser(user);
}
protected override HttpRequestMessage OnHandle(HttpRequestMessage input)
{
var authorizationHeader = input.Headers.Authorization;
if (authorizationHeader != null)
{
byte[] encodedDataAsBytes = Convert.FromBase64String(authorizationHeader.Parameter);
string value = Encoding.ASCII.GetString(encodedDataAsBytes);
string username = value.Substring(0, value.IndexOf(':'));
string password = value.Substring(value.IndexOf(':') + 1);
if (validator.Validate(username, password))
{
return(input);
}
}
var unauthorizedResponse = new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized);
unauthorizedResponse.Headers.WwwAuthenticate.Add(new System.Net.Http.Headers.AuthenticationHeaderValue("Basic", "realm=\"My Server\""));
unauthorizedResponse.Content = new StringContent("401, please authenticate");
// Get the client to prompt for credentials
throw new HttpResponseException(unauthorizedResponse);
}
public UserModel Execute(string userName, string password, string role)
{
UserModel user = new UserModel();
user.UserName = userName;
user.Password = password;
user.Role = role;
// validate before we try to hash the password
ValidationResult result = _userValidator.Validate(user);
if (!result.Success)
{
throw new ValidationException(result.Messages);
}
// hash the password
user.Password = _passwordProvider.HashPassword(password, _passwordProvider.GenerateSalt());
// insert new record
string sql = @"INSERT INTO Users (Id, UserName, Password, Role) VALUES (@Id, @UserName, @Password, @Role)";
_dbContext.ExecuteNonQuery(sql, user);
return(user);
}
private static bool TryGetPrincipal(string authHeader,
IUserValidator validator, out IPrincipal principal)
{
var protocolParts = authHeader.Split(' ');
if (protocolParts.Length != 2)
{
principal = null;
return(false);
}
else if (protocolParts[0] == "Basic")
{
var parameter = Encoding.UTF8.GetString(
Convert.FromBase64String(protocolParts[1]));
var parts = parameter.Split(':');
if (parts.Length != 2)
{
principal = null;
return(false);
}
var username = parts[0];
var password = parts[1];
principal = validator.Validate(username, password);
return(principal != null);
}
else
{
principal = null;
return(false);
}
}
public bool Persist(IUserValidator validator)
{
bool bValid = validator.Validate(this);
if(bValid) bValid = this.Gateway.Persist(this);
return bValid;
}
public void Save_AuthTest()
{
// setup
var currentUser = new UserIdentity()
{
Id = Guid.NewGuid(), UserName = "******"
};
var browser = new Browser((bootstrapper) =>
bootstrapper.Module(new UserModule(_userStore, _userValidator, _passwordProvider))
.RequestStartup((container, pipelines, context) => {
context.CurrentUser = currentUser;
})
);
_userStore.Users.Returns(new List <UserModel>()
{
});
_userValidator.Validate(Arg.Any <UserModel>()).Returns(new ValidationResult());
foreach (string claim in Claims.AllClaims)
{
currentUser.Claims = new string[] { claim };
// execute
var response = browser.Post(Actions.User.Save, (with) =>
{
with.HttpRequest();
with.FormsAuth(currentUser.Id, new Nancy.Authentication.Forms.FormsAuthenticationConfiguration());
//with.FormValue("id", connectionId.ToString());
});
// assert
if (claim == Claims.UserAdd)
{
Assert.AreEqual(HttpStatusCode.OK, response.StatusCode);
}
else
{
Assert.AreEqual(HttpStatusCode.Forbidden, response.StatusCode);
}
}
}
public ServiceResult <bool> Create(TServiceUser user, string password)
{
ThrowIfDisposed();
if (user == null)
{
throw new ArgumentNullException("user");
}
if (string.IsNullOrWhiteSpace(password))
{
throw new ArgumentNullException("password");
}
var errors = new List <string>();
var userValidationResult = _userValidator.Validate(user);
if (!userValidationResult.Valid)
{
errors.AddRange(userValidationResult.Errors);
}
var passwordValidation = _passwordValidator.Validate(password);
if (!passwordValidation.Valid)
{
errors.AddRange(passwordValidation.Errors);
}
if (!string.IsNullOrWhiteSpace(user.Email) && _userRepository.Exists(u => u.Email.Trim().Equals(user.Email.Trim())))
{
errors.Add("Email address is already in use");
}
if (!string.IsNullOrWhiteSpace(user.UserName) && _userRepository.Exists(u => u.UserName.Trim().Equals(user.UserName.Trim())))
{
errors.Add("Username is already in use");
}
if (errors.Any())
{
return(ServiceResult <bool> .Error(errors.ToArray()));
}
var repoUser = AutoMapper.Mapper.Map <TServiceUser, TRepositoryUser>(user);
TKey id = _userRepository.Create(repoUser);
repoUser.Id = id;
UpdatePasswordInternal(repoUser, password);
return(new ServiceResult <bool> {
Value = true, Succeeded = true
});
}
public void Delete_AuthTest()
{
// setup
var currentUser = new UserIdentity()
{
Id = Guid.NewGuid(), UserName = "******"
};
var browser = new Browser((bootstrapper) =>
bootstrapper.Module(new UserModule(_userRepo, _createUserCommand, _updateUserPasswordCommand, _deleteUserCommand))
.RequestStartup((container, pipelines, context) => {
context.CurrentUser = currentUser;
})
);
_userRepo.GetAll().Returns(new List <UserModel>()
{
});
_userValidator.Validate(Arg.Any <UserModel>()).Returns(new ValidationResult());
TestHelper.ValidateAuth(currentUser, browser, Actions.User.Delete, HttpMethod.Post, Claims.UserDelete);
}
public async Task <User> CreateUser(Registration registration)
{
_userValidator.ValidatePassword(registration.Password);
var passwordHash = _passwordGuard.GeneratePasswordHash(registration.Password);
var user = new User(
UserLevel.User,
registration.FirstName,
registration.LastName,
registration.Email.ToLower(),
registration.BirthDate,
DateTime.UtcNow,
passwordHash);
_userValidator.Validate(user);
await _userRepository.Insert(user);
return(user.WithoutPasswordHash());
}
public void TestRegistration(UserRequestDataModel userRequestMock, bool expectedResult, string expectedMessage)
{
//Arrange
//Act
var actualResult = _registerUserValidator.Validate(userRequestMock);
//_output.WriteLine(JsonConvert.SerializeObject(actualResult));
//Assert
Assert.Equal(expectedResult, actualResult.IsValid);
if (!string.IsNullOrEmpty(expectedMessage))
{
Assert.Contains(expectedMessage, actualResult.Errors.Select(x => x.ErrorMessage));
}
}
public override void Create(User pUser)
{
_userValidator.Validate(pUser);
_userRepository.Create(pUser);
}
public ValidationResult Validate(UserRequestDataModel userRequest)
{
return(_validator.Validate(userRequest));
}
