2020-12-08 01:57:14 +00:00
|
|
|
using Microsoft.AspNetCore.Http;
|
2020-11-30 00:45:38 +00:00
|
|
|
using Microsoft.AspNetCore.Identity;
|
|
|
|
|
using Microsoft.Extensions.Logging;
|
2022-12-05 12:25:55 +01:00
|
|
|
using Microsoft.Extensions.Logging.Abstractions;
|
2020-11-30 00:45:38 +00:00
|
|
|
using Microsoft.Extensions.Options;
|
|
|
|
|
using Moq;
|
|
|
|
|
using NUnit.Framework;
|
2024-02-05 06:42:07 +01:00
|
|
|
using Umbraco.Cms.Core;
|
2021-05-11 11:29:40 +02:00
|
|
|
using Umbraco.Cms.Core.Cache;
|
2021-02-22 20:55:12 +00:00
|
|
|
using Umbraco.Cms.Core.Configuration.Models;
|
2024-04-25 10:59:41 +02:00
|
|
|
using Umbraco.Cms.Core.Events;
|
2021-03-14 21:59:30 +00:00
|
|
|
using Umbraco.Cms.Core.Mapping;
|
|
|
|
|
using Umbraco.Cms.Core.Models;
|
2021-02-22 20:55:12 +00:00
|
|
|
using Umbraco.Cms.Core.Net;
|
Published members cleanup (#10159)
* Getting new netcore PublicAccessChecker in place
* Adds full test coverage for PublicAccessChecker
* remove PublicAccessComposer
* adjust namespaces, ensure RoleManager works, separate public access controller, reduce content controller
* Implements the required methods on IMemberManager, removes old migrated code
* Updates routing to be able to re-route, Fixes middleware ordering ensuring endpoints are last, refactors pipeline options, adds public access middleware, ensures public access follows all hops
* adds note
* adds note
* Cleans up ext methods, ensures that members identity is added on both front-end and back ends. updates how UmbracoApplicationBuilder works in that it explicitly starts endpoints at the time of calling.
* Changes name to IUmbracoEndpointBuilder
* adds note
* Fixing tests, fixing error describers so there's 2x one for back office, one for members, fixes TryConvertTo, fixes login redirect
* fixing build
* Updates user manager to correctly validate password hashing and injects the IBackOfficeUserPasswordChecker
* Merges PR
* Fixes up build and notes
* Implements security stamp and email confirmed for members, cleans up a bunch of repo/service level member groups stuff, shares user store code between members and users and fixes the user identity object so we arent' tracking both groups and roles.
* Security stamp for members is now working
* Fixes keepalive, fixes PublicAccessMiddleware to not throw, updates startup code to be more clear and removes magic that registers middleware.
* adds note
* removes unused filter, fixes build
* fixes WebPath and tests
* Looks up entities in one query
* remove usings
* Fix test, remove stylesheet
* Set status code before we write to response to avoid error
* Ensures that users and members are validated when logging in. Shares more code between users and members.
* merge changes
* oops
* Reducing and removing published member cache
* Fixes RepositoryCacheKeys to ensure the keys are normalized
* oops didn't mean to commit this
* Fix casing issues with caching, stop boxing value types for all cache operations, stop re-creating string keys in DefaultRepositoryCachePolicy
* oops didn't mean to comit this
* bah, far out this keeps getting recommitted. sorry
* cannot inject IPublishedMemberCache and cannot have IPublishedMember
* splits out files, fixes build
* fix tests
* removes membership provider classes
* removes membership provider classes
* updates the identity map definition
* reverts commented out lines
* reverts commented out lines
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
2021-04-22 21:21:43 +10:00
|
|
|
using Umbraco.Cms.Core.PublishedCache;
|
2021-02-23 09:05:06 +01:00
|
|
|
using Umbraco.Cms.Core.Security;
|
2021-03-14 21:59:30 +00:00
|
|
|
using Umbraco.Cms.Core.Services;
|
2022-06-21 08:09:38 +02:00
|
|
|
using Umbraco.Cms.Infrastructure.Scoping;
|
2021-09-24 09:49:53 +02:00
|
|
|
using Umbraco.Cms.Tests.Common;
|
2021-03-14 21:59:30 +00:00
|
|
|
using Umbraco.Cms.Tests.Common.Builders;
|
|
|
|
|
using Umbraco.Cms.Tests.Common.Builders.Extensions;
|
2023-10-10 11:51:47 +02:00
|
|
|
using Umbraco.Cms.Tests.UnitTests.TestHelpers;
|
2021-02-23 09:05:06 +01:00
|
|
|
using Umbraco.Cms.Web.Common.Security;
|
2020-11-30 00:45:38 +00:00
|
|
|
|
2022-06-21 08:09:38 +02:00
|
|
|
namespace Umbraco.Cms.Tests.UnitTests.Umbraco.Infrastructure.Security;
|
|
|
|
|
|
|
|
|
|
[TestFixture]
|
|
|
|
|
public class MemberManagerTests
|
2020-11-30 00:45:38 +00:00
|
|
|
{
|
2022-06-21 08:09:38 +02:00
|
|
|
private MemberUserStore _fakeMemberStore;
|
|
|
|
|
private Mock<IOptions<IdentityOptions>> _mockIdentityOptions;
|
|
|
|
|
private Mock<IPasswordHasher<MemberIdentityUser>> _mockPasswordHasher;
|
|
|
|
|
private Mock<IMemberService> _mockMemberService;
|
|
|
|
|
private Mock<IServiceProvider> _mockServiceProviders;
|
|
|
|
|
private Mock<IOptionsSnapshot<MemberPasswordConfigurationSettings>> _mockPasswordConfiguration;
|
|
|
|
|
|
|
|
|
|
public MemberManager CreateSut()
|
2020-11-30 00:45:38 +00:00
|
|
|
{
|
2023-10-10 11:51:47 +02:00
|
|
|
var scopeProvider = TestHelper.ScopeProvider;
|
2022-06-21 08:09:38 +02:00
|
|
|
_mockMemberService = new Mock<IMemberService>();
|
|
|
|
|
|
|
|
|
|
var mapDefinitions = new List<IMapDefinition>
|
2020-11-30 00:45:38 +00:00
|
|
|
{
|
2022-06-21 08:09:38 +02:00
|
|
|
new IdentityMapDefinition(
|
|
|
|
|
Mock.Of<ILocalizedTextService>(),
|
|
|
|
|
Mock.Of<IEntityService>(),
|
|
|
|
|
new TestOptionsSnapshot<GlobalSettings>(new GlobalSettings()),
|
2024-01-20 01:33:11 +01:00
|
|
|
new TestOptionsSnapshot<SecuritySettings>(new SecuritySettings()),
|
2023-02-17 09:38:39 +01:00
|
|
|
AppCaches.Disabled,
|
|
|
|
|
Mock.Of<ITwoFactorLoginService>())
|
2022-06-21 08:09:38 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
_fakeMemberStore = new MemberUserStore(
|
|
|
|
|
_mockMemberService.Object,
|
2022-12-05 12:25:55 +01:00
|
|
|
new UmbracoMapper(new MapDefinitionCollection(() => mapDefinitions), scopeProvider, NullLogger<UmbracoMapper>.Instance),
|
2022-06-21 08:09:38 +02:00
|
|
|
scopeProvider,
|
|
|
|
|
new IdentityErrorDescriber(),
|
|
|
|
|
Mock.Of<IExternalLoginWithKeyService>(),
|
2024-10-01 15:03:02 +02:00
|
|
|
Mock.Of<ITwoFactorLoginService>(),
|
|
|
|
|
Mock.Of<IPublishedMemberCache>());
|
2022-06-21 08:09:38 +02:00
|
|
|
|
|
|
|
|
_mockIdentityOptions = new Mock<IOptions<IdentityOptions>>();
|
|
|
|
|
var idOptions = new IdentityOptions { Lockout = { AllowedForNewUsers = false } };
|
|
|
|
|
_mockIdentityOptions.Setup(o => o.Value).Returns(idOptions);
|
|
|
|
|
_mockPasswordHasher = new Mock<IPasswordHasher<MemberIdentityUser>>();
|
|
|
|
|
|
|
|
|
|
var userValidators = new List<IUserValidator<MemberIdentityUser>>();
|
|
|
|
|
var validator = new Mock<IUserValidator<MemberIdentityUser>>();
|
|
|
|
|
userValidators.Add(validator.Object);
|
|
|
|
|
|
|
|
|
|
_mockServiceProviders = new Mock<IServiceProvider>();
|
|
|
|
|
_mockPasswordConfiguration = new Mock<IOptionsSnapshot<MemberPasswordConfigurationSettings>>();
|
|
|
|
|
_mockPasswordConfiguration.Setup(x => x.Value).Returns(() =>
|
|
|
|
|
new MemberPasswordConfigurationSettings());
|
|
|
|
|
|
|
|
|
|
var pwdValidators = new List<PasswordValidator<MemberIdentityUser>> { new() };
|
|
|
|
|
|
|
|
|
|
var userManager = new MemberManager(
|
|
|
|
|
new Mock<IIpResolver>().Object,
|
|
|
|
|
_fakeMemberStore,
|
|
|
|
|
_mockIdentityOptions.Object,
|
|
|
|
|
_mockPasswordHasher.Object,
|
|
|
|
|
userValidators,
|
|
|
|
|
pwdValidators,
|
|
|
|
|
new MembersErrorDescriber(Mock.Of<ILocalizedTextService>()),
|
|
|
|
|
_mockServiceProviders.Object,
|
|
|
|
|
new Mock<ILogger<UserManager<MemberIdentityUser>>>().Object,
|
|
|
|
|
_mockPasswordConfiguration.Object,
|
|
|
|
|
Mock.Of<IPublicAccessService>(),
|
|
|
|
|
Mock.Of<IHttpContextAccessor>());
|
|
|
|
|
|
|
|
|
|
validator.Setup(v => v.ValidateAsync(
|
|
|
|
|
userManager,
|
|
|
|
|
It.IsAny<MemberIdentityUser>()))
|
|
|
|
|
.Returns(Task.FromResult(IdentityResult.Success)).Verifiable();
|
|
|
|
|
|
|
|
|
|
return userManager;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
[Test]
|
|
|
|
|
public async Task GivenICreateUser_AndTheIdentityResultFailed_ThenIShouldGetAFailedResultAsync()
|
|
|
|
|
{
|
|
|
|
|
// arrange
|
|
|
|
|
var sut = CreateSut();
|
|
|
|
|
var fakeUser = new MemberIdentityUser { PasswordConfig = "testConfig" };
|
|
|
|
|
|
|
|
|
|
// act
|
|
|
|
|
var identityResult = await sut.CreateAsync(fakeUser);
|
|
|
|
|
|
|
|
|
|
// assert
|
|
|
|
|
Assert.IsFalse(identityResult.Succeeded);
|
|
|
|
|
Assert.IsFalse(!identityResult.Errors.Any());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
[Test]
|
|
|
|
|
public async Task GivenICreateUser_AndTheUserIsNull_ThenIShouldGetAFailedResultAsync()
|
|
|
|
|
{
|
|
|
|
|
// arrange
|
|
|
|
|
var sut = CreateSut();
|
|
|
|
|
IdentityError[] identityErrors =
|
2020-11-30 00:45:38 +00:00
|
|
|
{
|
2022-06-21 08:09:38 +02:00
|
|
|
new() { Code = "IdentityError1", Description = "There was an identity error when creating a user" },
|
|
|
|
|
};
|
2021-04-20 19:34:18 +02:00
|
|
|
|
2022-06-21 08:09:38 +02:00
|
|
|
// act
|
|
|
|
|
Assert.ThrowsAsync<ArgumentNullException>(async () => await sut.CreateAsync(null));
|
|
|
|
|
}
|
2020-11-30 00:45:38 +00:00
|
|
|
|
2022-06-21 08:09:38 +02:00
|
|
|
[Test]
|
|
|
|
|
public async Task GivenICreateANewUser_AndTheUserIsPopulatedCorrectly_ThenIShouldGetASuccessResultAsync()
|
|
|
|
|
{
|
|
|
|
|
// arrange
|
|
|
|
|
var sut = CreateSut();
|
|
|
|
|
var fakeUser = CreateValidUser();
|
2020-11-30 00:45:38 +00:00
|
|
|
|
2022-06-21 08:09:38 +02:00
|
|
|
var fakeMember = CreateMember(fakeUser);
|
2020-11-30 00:45:38 +00:00
|
|
|
|
2022-06-21 08:09:38 +02:00
|
|
|
MockMemberServiceForCreateMember(fakeMember);
|
2020-11-30 00:45:38 +00:00
|
|
|
|
2022-06-21 08:09:38 +02:00
|
|
|
// act
|
|
|
|
|
var identityResult = await sut.CreateAsync(fakeUser);
|
|
|
|
|
|
|
|
|
|
// assert
|
|
|
|
|
Assert.IsTrue(identityResult.Succeeded);
|
2024-04-25 10:59:41 +02:00
|
|
|
Assert.IsFalse(identityResult.Errors.Any());
|
2022-06-21 08:09:38 +02:00
|
|
|
}
|
2021-05-11 11:29:40 +02:00
|
|
|
|
2022-06-21 08:09:38 +02:00
|
|
|
[Test]
|
2023-07-05 12:42:52 +02:00
|
|
|
public async Task GivenAApprovedUserExists_AndTheCorrectCredentialsAreProvided_ThenACheckOfCredentialsShouldSucceed()
|
2022-06-21 08:09:38 +02:00
|
|
|
{
|
|
|
|
|
// arrange
|
|
|
|
|
var password = "password";
|
|
|
|
|
var sut = CreateSut();
|
2021-05-11 11:29:40 +02:00
|
|
|
|
2022-06-21 08:09:38 +02:00
|
|
|
var fakeUser = CreateValidUser();
|
2021-05-11 11:29:40 +02:00
|
|
|
|
2022-06-21 08:09:38 +02:00
|
|
|
var fakeMember = CreateMember(fakeUser);
|
2021-05-11 11:29:40 +02:00
|
|
|
|
2022-06-21 08:09:38 +02:00
|
|
|
MockMemberServiceForCreateMember(fakeMember);
|
2021-05-11 11:29:40 +02:00
|
|
|
|
2022-06-21 08:09:38 +02:00
|
|
|
_mockMemberService.Setup(x => x.GetByUsername(It.Is<string>(y => y == fakeUser.UserName))).Returns(fakeMember);
|
2021-05-11 11:29:40 +02:00
|
|
|
|
2022-06-21 08:09:38 +02:00
|
|
|
_mockPasswordHasher
|
|
|
|
|
.Setup(x => x.VerifyHashedPassword(It.IsAny<MemberIdentityUser>(), It.IsAny<string>(), It.IsAny<string>()))
|
|
|
|
|
.Returns(PasswordVerificationResult.Success);
|
2021-05-11 11:29:40 +02:00
|
|
|
|
2022-06-21 08:09:38 +02:00
|
|
|
// act
|
|
|
|
|
await sut.CreateAsync(fakeUser);
|
|
|
|
|
var result = await sut.ValidateCredentialsAsync(fakeUser.UserName, password);
|
2021-05-11 11:29:40 +02:00
|
|
|
|
2022-06-21 08:09:38 +02:00
|
|
|
// assert
|
|
|
|
|
Assert.IsTrue(result);
|
|
|
|
|
}
|
2021-05-11 11:29:40 +02:00
|
|
|
|
2023-07-05 12:42:52 +02:00
|
|
|
[Test]
|
|
|
|
|
public async Task GivenAnUnapprovedUserExists_AndTheCorrectCredentialsAreProvided_ThenACheckOfCredentialsShouldFail()
|
|
|
|
|
{
|
|
|
|
|
// arrange
|
|
|
|
|
var password = "password";
|
|
|
|
|
var sut = CreateSut();
|
|
|
|
|
|
|
|
|
|
var fakeUser = CreateValidUser();
|
|
|
|
|
fakeUser.IsApproved = false;
|
|
|
|
|
|
|
|
|
|
var fakeMember = CreateMember(fakeUser);
|
|
|
|
|
|
|
|
|
|
MockMemberServiceForCreateMember(fakeMember);
|
|
|
|
|
|
|
|
|
|
_mockMemberService.Setup(x => x.GetByUsername(It.Is<string>(y => y == fakeUser.UserName))).Returns(fakeMember);
|
|
|
|
|
|
|
|
|
|
_mockPasswordHasher
|
|
|
|
|
.Setup(x => x.VerifyHashedPassword(It.IsAny<MemberIdentityUser>(), It.IsAny<string>(), It.IsAny<string>()))
|
|
|
|
|
.Returns(PasswordVerificationResult.Success);
|
|
|
|
|
|
|
|
|
|
// act
|
|
|
|
|
await sut.CreateAsync(fakeUser);
|
|
|
|
|
var result = await sut.ValidateCredentialsAsync(fakeUser.UserName, password);
|
|
|
|
|
|
|
|
|
|
// assert
|
|
|
|
|
Assert.IsFalse(result);
|
|
|
|
|
}
|
|
|
|
|
|
2022-06-21 08:09:38 +02:00
|
|
|
[Test]
|
|
|
|
|
public async Task GivenAUserExists_AndIncorrectCredentialsAreProvided_ThenACheckOfCredentialsShouldFail()
|
|
|
|
|
{
|
|
|
|
|
// arrange
|
|
|
|
|
var password = "password";
|
|
|
|
|
var sut = CreateSut();
|
2021-05-11 11:29:40 +02:00
|
|
|
|
2022-06-21 08:09:38 +02:00
|
|
|
var fakeUser = CreateValidUser();
|
2021-05-11 11:29:40 +02:00
|
|
|
|
2022-06-21 08:09:38 +02:00
|
|
|
var fakeMember = CreateMember(fakeUser);
|
2021-05-11 11:29:40 +02:00
|
|
|
|
2022-06-21 08:09:38 +02:00
|
|
|
MockMemberServiceForCreateMember(fakeMember);
|
2021-05-11 11:29:40 +02:00
|
|
|
|
2022-06-21 08:09:38 +02:00
|
|
|
_mockMemberService.Setup(x => x.GetByUsername(It.Is<string>(y => y == fakeUser.UserName))).Returns(fakeMember);
|
2021-05-11 11:29:40 +02:00
|
|
|
|
2022-06-21 08:09:38 +02:00
|
|
|
_mockPasswordHasher
|
|
|
|
|
.Setup(x => x.VerifyHashedPassword(It.IsAny<MemberIdentityUser>(), It.IsAny<string>(), It.IsAny<string>()))
|
|
|
|
|
.Returns(PasswordVerificationResult.Failed);
|
2021-05-11 11:29:40 +02:00
|
|
|
|
2022-06-21 08:09:38 +02:00
|
|
|
// act
|
|
|
|
|
await sut.CreateAsync(fakeUser);
|
|
|
|
|
var result = await sut.ValidateCredentialsAsync(fakeUser.UserName, password);
|
2021-05-11 11:29:40 +02:00
|
|
|
|
2022-06-21 08:09:38 +02:00
|
|
|
// assert
|
|
|
|
|
Assert.IsFalse(result);
|
|
|
|
|
}
|
2021-05-11 11:29:40 +02:00
|
|
|
|
2022-06-21 08:09:38 +02:00
|
|
|
[Test]
|
|
|
|
|
public async Task GivenAUserDoesExists_AndCredentialsAreProvided_ThenACheckOfCredentialsShouldFail()
|
|
|
|
|
{
|
|
|
|
|
// arrange
|
|
|
|
|
var password = "password";
|
|
|
|
|
var sut = CreateSut();
|
2021-05-11 11:29:40 +02:00
|
|
|
|
2022-06-21 08:09:38 +02:00
|
|
|
_mockMemberService.Setup(x => x.GetByUsername(It.Is<string>(y => y == "testUser"))).Returns((IMember)null);
|
2021-05-11 11:29:40 +02:00
|
|
|
|
2022-06-21 08:09:38 +02:00
|
|
|
// act
|
|
|
|
|
var result = await sut.ValidateCredentialsAsync("testUser", password);
|
2021-05-11 11:29:40 +02:00
|
|
|
|
2022-06-21 08:09:38 +02:00
|
|
|
// assert
|
|
|
|
|
Assert.IsFalse(result);
|
|
|
|
|
}
|
2021-05-11 11:29:40 +02:00
|
|
|
|
2022-06-21 08:09:38 +02:00
|
|
|
private static MemberIdentityUser CreateValidUser() =>
|
|
|
|
|
new(777)
|
2021-05-11 11:29:40 +02:00
|
|
|
{
|
2022-06-21 08:09:38 +02:00
|
|
|
UserName = "testUser",
|
|
|
|
|
Email = "test@test.com",
|
|
|
|
|
Name = "Test",
|
|
|
|
|
MemberTypeAlias = "Anything",
|
|
|
|
|
PasswordConfig = "testConfig",
|
|
|
|
|
PasswordHash = "hashedPassword",
|
2023-07-05 12:42:52 +02:00
|
|
|
IsApproved = true
|
2022-06-21 08:09:38 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
private static IMember CreateMember(MemberIdentityUser fakeUser)
|
|
|
|
|
{
|
|
|
|
|
var builder = new MemberTypeBuilder();
|
|
|
|
|
var memberType = builder.BuildSimpleMemberType();
|
|
|
|
|
return new Member(memberType) { Id = 777, Username = fakeUser.UserName };
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private void MockMemberServiceForCreateMember(IMember fakeMember)
|
|
|
|
|
{
|
|
|
|
|
_mockMemberService
|
|
|
|
|
.Setup(x => x.CreateMember(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<string>(), It.IsAny<string>()))
|
|
|
|
|
.Returns(fakeMember);
|
2024-04-25 10:59:41 +02:00
|
|
|
_mockMemberService
|
2025-02-17 17:46:50 +01:00
|
|
|
.Setup(x => x.Save(fakeMember, It.IsAny<PublishNotificationSaveOptions>(), Constants.Security.SuperUserId))
|
2024-04-25 10:59:41 +02:00
|
|
|
.Returns(Attempt.Succeed<OperationResult?>(null));
|
|
|
|
|
|
2020-11-30 00:45:38 +00:00
|
|
|
}
|
|
|
|
|
}
|