public void T02_ValidateSecurityAnswer()
{
// empty model checking
var answerModel = new ValidateSecurityAnswerModel();
ValidateApiModel(answerModel);
try
{
Controller.ValidateSecurityAnswer(answerModel);
Assert.Fail("Empty validate answer model passed test");
}
catch (Exception ex)
{
Assert.IsInstanceOfType(ex, typeof(ModelException), "For empty validate answer model incorrect type exception is thrown");
}
Controller.ModelState.Clear();
// incorrect answer checking
ApiSessionToken.UpdateSecurityQuestion(User.SecurityQuestions.First());
answerModel.Answer = "wrong";
ValidateApiModel(answerModel);
try
{
Controller.ValidateSecurityAnswer(answerModel);
Assert.Fail("Validation with incorrect answer passed test");
}
catch (Exception ex)
{
Assert.IsInstanceOfType(ex, typeof(ApiException), "For wrong answer incorrect type exception is thrown");
Assert.AreEqual(((ApiException)ex).Error, ApiException.Errors.Auth.IncorrectSecurityAnswer, "For wrong answer incorrect error is returned");
}
Controller.ModelState.Clear();
// correct answer checking
ApiSessionToken.UpdateSecurityQuestion(User.SecurityQuestions.First());
answerModel.Answer = "b";
ValidateApiModel(answerModel);
try
{
Controller.ValidateSecurityAnswer(answerModel);
}
catch (Exception ex)
{
Assert.Fail("Validation with correct answer not passed test");
}
Controller.ModelState.Clear();
}
public void ValidateSecurityAnswer(ValidateSecurityAnswerModel model)
{
if (!ModelState.IsValid)
{
throw new ModelException(ModelState);
}
var apiToken = _apiSessionTokenService.Details(Guid.Parse(User.Identity.Name));
var user = apiToken.User;
var question = user.GetSecurityQuestion(apiToken.SecurityQuestionId);
if (!question.ValidateAnswer(model.Answer))
{
throw new ApiException(ApiException.Errors.Auth.IncorrectSecurityAnswer);
}
_apiSessionTokenService.UpdateQuestionAnswered(apiToken.Id);
}