public async Task Handle_GivenSavingSucceeds_ExpectSuccessfulResult()
{
var securityStamp = Guid.NewGuid();
var user = new Mock <IUser>();
user.Setup(x => x.SecurityStamp).Returns(securityStamp);
user.Setup(x => x.Profile).Returns(new Profile(TestVariables.UserId, "first-name", "last-name"));
var userRepository = new Mock <IUserRepository>();
var unitOfWork = new Mock <IUnitOfWork>();
unitOfWork.Setup(x => x.SaveEntitiesAsync(It.IsAny <CancellationToken>())).ReturnsAsync(() => true);
userRepository.Setup(x => x.UnitOfWork).Returns(unitOfWork.Object);
userRepository.Setup(x => x.Find(It.IsAny <Guid>(), It.IsAny <CancellationToken>()))
.ReturnsAsync(() => Maybe.From <IUser>(user.Object));
var currentAuthenticatedUserProvider = new Mock <ICurrentAuthenticatedUserProvider>();
currentAuthenticatedUserProvider.Setup(x => x.CurrentAuthenticatedUser)
.Returns(Maybe.From(new UnauthenticatedUser(TestVariables.UserId, MfaProvider.None) as ISystemUser));
var clock = new Mock <IClock>();
var handler = new ValidateEmailMfaCodeAgainstCurrentUserCommandHandler(userRepository.Object, currentAuthenticatedUserProvider.Object, clock.Object);
var totp = new Totp(securityStamp.ToByteArray());
var code = totp.ComputeTotp();
var cmd = new ValidateEmailMfaCodeAgainstCurrentUserCommand(code);
var result = await handler.Handle(cmd, CancellationToken.None);
Assert.True(result.IsSuccess);
}
public async Task Handle_GiveUserDoesExistButCodeIsNotValid_ExpectFailedResultAndPartialAttemptLogged()
{
var user = new Mock <IUser>();
var userRepository = new Mock <IUserRepository>();
var unitOfWork = new Mock <IUnitOfWork>();
unitOfWork.Setup(x => x.SaveEntitiesAsync(It.IsAny <CancellationToken>())).ReturnsAsync(() => true);
userRepository.Setup(x => x.UnitOfWork).Returns(unitOfWork.Object);
userRepository.Setup(x => x.Find(It.IsAny <Guid>(), It.IsAny <CancellationToken>()))
.ReturnsAsync(() => Maybe.From <IUser>(user.Object));
var currentAuthenticatedUserProvider = new Mock <ICurrentAuthenticatedUserProvider>();
currentAuthenticatedUserProvider.Setup(x => x.CurrentAuthenticatedUser)
.Returns(Maybe.From(new UnauthenticatedUser(TestVariables.UserId, MfaProvider.None) as ISystemUser));
var clock = new Mock <IClock>();
var handler = new ValidateEmailMfaCodeAgainstCurrentUserCommandHandler(userRepository.Object, currentAuthenticatedUserProvider.Object, clock.Object);
var cmd = new ValidateEmailMfaCodeAgainstCurrentUserCommand("code");
var result = await handler.Handle(cmd, CancellationToken.None);
user.Verify(x => x.ProcessPartialSuccessfulAuthenticationAttempt(It.IsAny <DateTime>(), AuthenticationHistoryType.EmailMfaFailed));
Assert.True(result.IsFailure);
Assert.Equal(ErrorCodes.MfaCodeNotValid, result.Error.Code);
}
public void Validate_GivenAllPropertiesAreValid_ExpectValidationSuccess()
{
var cmd = new ValidateEmailMfaCodeAgainstCurrentUserCommand("code");
var validator = new ValidateEmailMfaCodeAgainstCurrentUserCommandValidator();
var result = validator.Validate(cmd);
Assert.True(result.IsValid);
}
public void Validate_GivenCodeIsNull_ExpectValidationFailure()
{
var cmd = new ValidateEmailMfaCodeAgainstCurrentUserCommand(null);
var validator = new ValidateEmailMfaCodeAgainstCurrentUserCommandValidator();
var result = validator.Validate(cmd);
Assert.False(result.IsValid);
Assert.Contains(
result.Errors,
failure => failure.ErrorCode.Equals(ValidationCodes.FieldIsRequired) &&
failure.PropertyName == "Code");
}
public async Task Handle_GivenNoUserAppearsToBeAuthenticate_ExpectFailedResult()
{
var userRepository = new Mock <IUserRepository>();
var unitOfWork = new Mock <IUnitOfWork>();
unitOfWork.Setup(x => x.SaveEntitiesAsync(It.IsAny <CancellationToken>())).ReturnsAsync(() => true);
userRepository.Setup(x => x.UnitOfWork).Returns(unitOfWork.Object);
var currentAuthenticatedUserProvider = new Mock <ICurrentAuthenticatedUserProvider>();
currentAuthenticatedUserProvider.Setup(x => x.CurrentAuthenticatedUser)
.Returns(Maybe <ISystemUser> .Nothing);
var clock = new Mock <IClock>();
var handler = new ValidateEmailMfaCodeAgainstCurrentUserCommandHandler(userRepository.Object, currentAuthenticatedUserProvider.Object, clock.Object);
var cmd = new ValidateEmailMfaCodeAgainstCurrentUserCommand("code");
var result = await handler.Handle(cmd, CancellationToken.None);
Assert.True(result.IsFailure);
Assert.Equal(ErrorCodes.UserNotFound, result.Error.Code);
}
private async Task <Result <ValidateEmailMfaCodeAgainstCurrentUserCommandResult, ErrorData> > Process(ValidateEmailMfaCodeAgainstCurrentUserCommand request, CancellationToken cancellationToken)
{
var currentUserMaybe = this._currentAuthenticatedUserProvider.CurrentAuthenticatedUser;
if (!currentUserMaybe.HasValue || !(currentUserMaybe.Value is UnauthenticatedUser currentUser))
{
return(Result.Fail <ValidateEmailMfaCodeAgainstCurrentUserCommandResult, ErrorData>(
new ErrorData(ErrorCodes.UserNotFound)));
}
var userMaybe = await this._userRepository.Find(currentUser.UserId, cancellationToken);
if (userMaybe.HasNoValue)
{
return(Result.Fail <ValidateEmailMfaCodeAgainstCurrentUserCommandResult, ErrorData>(
new ErrorData(ErrorCodes.UserNotFound)));
}
var user = userMaybe.Value;
var totp = new Totp(user.SecurityStamp.ToByteArray());
var result = totp.VerifyTotp(request.Code, out var _, new VerificationWindow(3, 3));
if (!result)
{
user.ProcessPartialSuccessfulAuthenticationAttempt(
this._clock.GetCurrentInstant().ToDateTimeUtc(),
AuthenticationHistoryType.EmailMfaFailed);
return(Result.Fail <ValidateEmailMfaCodeAgainstCurrentUserCommandResult, ErrorData>(
new ErrorData(ErrorCodes.MfaCodeNotValid)));
}
user.ProcessSuccessfulAuthenticationAttempt(this._clock.GetCurrentInstant().ToDateTimeUtc());
return(Result.Ok <ValidateEmailMfaCodeAgainstCurrentUserCommandResult, ErrorData>(
new ValidateEmailMfaCodeAgainstCurrentUserCommandResult(user.Id)));
}
public async Task <Result <ValidateEmailMfaCodeAgainstCurrentUserCommandResult, ErrorData> > Handle(ValidateEmailMfaCodeAgainstCurrentUserCommand request, CancellationToken cancellationToken)
{
var result = await this.Process(request, cancellationToken);
var dbResult = await this._userRepository.UnitOfWork.SaveEntitiesAsync(cancellationToken);
if (!dbResult)
{
return(Result.Fail <ValidateEmailMfaCodeAgainstCurrentUserCommandResult, ErrorData>(new ErrorData(
ErrorCodes.SavingChanges, "Failed To Save Database")));
}
return(result);
}
public void Constructor_GiveValidArguments_PropertiesAreSet()
{
var validateEmailMfaCodeAgainstCurrentUserCommand = new ValidateEmailMfaCodeAgainstCurrentUserCommand("code");
Assert.Equal("code", validateEmailMfaCodeAgainstCurrentUserCommand.Code);
}
