public void FindsUsersByUserName()
{
var user = CreateAUser("theUsername", "thePassword", "*****@*****.**");
var service = new TestableUserService();
service.MockUserRepository
.Setup(r => r.GetAll())
.Returns(new[] { user }.AsQueryable());
var foundByUserName = service.FindByUsernameAndPassword("theUsername", "thePassword");
Assert.NotNull(foundByUserName);
Assert.Same(user, foundByUserName);
}
public void WillNotFindsUsersByEmailAddress()
{
var hash = CryptographyService.GenerateSaltedHash("thePassword", Constants.PBKDF2HashAlgorithmId);
var user = new User {
Username = "******", HashedPassword = hash, EmailAddress = "*****@*****.**"
};
var service = new TestableUserService();
service.MockUserRepository
.Setup(r => r.GetAll())
.Returns(new[] { user }.AsQueryable());
var foundByEmailAddress = service.FindByUsernameAndPassword("*****@*****.**", "thePassword");
Assert.Null(foundByEmailAddress);
}
public void WillNotFindsUsersByEmailAddress()
{
var user = new User {
Username = "******", HashedPassword = "******", EmailAddress = "*****@*****.**"
};
var service = new TestableUserService();
service.MockUserRepository
.Setup(r => r.GetAll())
.Returns(new[] { user }.AsQueryable());
service.MockCrypto
.Setup(c => c.ValidateSaltedHash(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <string>()))
.Returns(true);
var foundByEmailAddress = service.FindByUsernameAndPassword("*****@*****.**", "thePassword");
Assert.Null(foundByEmailAddress);
}
public void WillNotFindsUsersByEmailAddress()
{
var hash = CryptographyService.GenerateSaltedHash("thePassword", Constants.PBKDF2HashAlgorithmId);
var user = new User { Username = "******", HashedPassword = hash, EmailAddress = "*****@*****.**" };
var service = new TestableUserService();
service.MockUserRepository
.Setup(r => r.GetAll())
.Returns(new[] { user }.AsQueryable());
var foundByEmailAddress = service.FindByUsernameAndPassword("*****@*****.**", "thePassword");
Assert.Null(foundByEmailAddress);
}
public void WillNotFindsUsersByEmailAddress()
{
var user = new User { Username = "******", HashedPassword = "******", EmailAddress = "*****@*****.**" };
var service = new TestableUserService();
service.MockUserRepository
.Setup(r => r.GetAll())
.Returns(new[] { user }.AsQueryable());
service.MockCrypto
.Setup(c => c.ValidateSaltedHash(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<string>()))
.Returns(true);
var foundByEmailAddress = service.FindByUsernameAndPassword("*****@*****.**", "thePassword");
Assert.Null(foundByEmailAddress);
}
public void FindsUsersByUserName()
{
var user = CreateAUser("theUsername", "thePassword", "*****@*****.**");
var service = new TestableUserService();
service.MockUserRepository
.Setup(r => r.GetAll())
.Returns(new[] { user }.AsQueryable());
var foundByUserName = service.FindByUsernameAndPassword("theUsername", "thePassword");
Assert.NotNull(foundByUserName);
Assert.Same(user, foundByUserName);
}
public void GivenASHA1AndAPBKDF2CredentialItAuthenticatesUserAndRemovesTheSHA1Cred()
{
var user = CreateAUser("theUsername", password: null, emailAddress: "*****@*****.**");
user.Credentials.Add(CredentialBuilder.CreateSha1Password("thePassword"));
user.Credentials.Add(CredentialBuilder.CreatePbkdf2Password("thePassword"));
var service = new TestableUserService();
service.MockUserRepository.HasData(user);
service.MockCredentialRepository.HasData(user.Credentials);
var foundByUserName = service.FindByUsernameAndPassword("theUsername", "thePassword");
var cred = foundByUserName.Credentials.Single();
Assert.Same(user, foundByUserName);
Assert.Equal(CredentialTypes.Password.Pbkdf2, cred.Type);
Assert.True(CryptographyService.ValidateSaltedHash(cred.Value, "thePassword", Constants.PBKDF2HashAlgorithmId));
}
public void GivenASHA1AndAPBKDF2CredentialItAuthenticatesUserWithEitherCredential()
{
var user = CreateAUser("theUsername", password: null, emailAddress: "*****@*****.**");
user.Credentials.Add(CredentialBuilder.CreateSha1Password("thePassword1"));
user.Credentials.Add(CredentialBuilder.CreatePbkdf2Password("thePassword2"));
var service = new TestableUserService();
service.MockUserRepository.HasData(user);
service.MockCredentialRepository.HasData(user.Credentials);
var foundByPassword1 = service.FindByUsernameAndPassword("theUsername", "thePassword1");
var foundByPassword2 = service.FindByUsernameAndPassword("theUsername", "thePassword2");
Assert.Same(user, foundByPassword1);
Assert.Same(foundByPassword1, foundByPassword2);
}
public void GivenAPBKDF2PasswordColumnAndNoCredentialsItAuthenticatesUser()
{
var user = CreateAUser("theUsername", "thePassword", "*****@*****.**", hashAlgorithm: Constants.PBKDF2HashAlgorithmId);
var service = new TestableUserService();
service.MockUserRepository.HasData(user);
var foundByUserName = service.FindByUsernameAndPassword("theUsername", "thePassword");
Assert.Same(user, foundByUserName);
Assert.Empty(user.Credentials);
}
public void IfSomehowBothPasswordsExistItFindsUserBasedOnPasswordInCredentialsTable()
{
var user = CreateAUser("theUsername", "theWrongPassword", "*****@*****.**");
user.Credentials.Add(CreatePasswordCredential("thePassword"));
var service = new TestableUserService();
service.MockUserRepository.HasData(user);
service.MockCredentialRepository.HasData(user.Credentials);
var foundByUserName = service.FindByUsernameAndPassword("theUsername", "thePassword");
Assert.NotNull(foundByUserName);
Assert.Same(user, foundByUserName);
}
public void DoesNotReturnUserIfPasswordIsInvalid()
{
var user = CreateAUser("theUsername", "thePassword", "*****@*****.**");
var service = new TestableUserService();
service.MockUserRepository
.Setup(r => r.GetAll())
.Returns(new[] { user }.AsQueryable());
var foundByUserName = service.FindByUsernameAndPassword("theUsername", "theWrongPassword");
Assert.Null(foundByUserName);
}