Verify user invite token (#14491)

* Added functionality to verify user invite tokens and create the initial password * Add response types * Fail ValidateCredentialsAsync when user is not approved * Enable user as part of initial password creating using validation token * Adds documentation to badrequest and changed nocontent to ok, to align with other APIs * Fixed tests and added a new one --------- Co-authored-by: nikolajlauridsen <nikolajlauridsen@protonmail.ch>
2023-07-05 12:42:52 +02:00
parent 8bccab3b60
commit 59df7439db
12 changed files with 185 additions and 4 deletions
--- a/tests/Umbraco.Tests.UnitTests/Umbraco.Infrastructure/Security/MemberManagerTests.cs
+++ b/tests/Umbraco.Tests.UnitTests/Umbraco.Infrastructure/Security/MemberManagerTests.cs
@@ -142,7 +142,7 @@ public class MemberManagerTests
    }

    [Test]
-    public async Task GivenAUserExists_AndTheCorrectCredentialsAreProvided_ThenACheckOfCredentialsShouldSucceed()
+    public async Task GivenAApprovedUserExists_AndTheCorrectCredentialsAreProvided_ThenACheckOfCredentialsShouldSucceed()
    {
        // arrange
        var password = "password";
@@ -168,6 +168,34 @@ public class MemberManagerTests
        Assert.IsTrue(result);
    }

+    [Test]
+    public async Task GivenAnUnapprovedUserExists_AndTheCorrectCredentialsAreProvided_ThenACheckOfCredentialsShouldFail()
+    {
+        // arrange
+        var password = "password";
+        var sut = CreateSut();
+
+        var fakeUser = CreateValidUser();
+        fakeUser.IsApproved = false;
+
+        var fakeMember = CreateMember(fakeUser);
+
+        MockMemberServiceForCreateMember(fakeMember);
+
+        _mockMemberService.Setup(x => x.GetByUsername(It.Is<string>(y => y == fakeUser.UserName))).Returns(fakeMember);
+
+        _mockPasswordHasher
+            .Setup(x => x.VerifyHashedPassword(It.IsAny<MemberIdentityUser>(), It.IsAny<string>(), It.IsAny<string>()))
+            .Returns(PasswordVerificationResult.Success);
+
+        // act
+        await sut.CreateAsync(fakeUser);
+        var result = await sut.ValidateCredentialsAsync(fakeUser.UserName, password);
+
+        // assert
+        Assert.IsFalse(result);
+    }
+
    [Test]
    public async Task GivenAUserExists_AndIncorrectCredentialsAreProvided_ThenACheckOfCredentialsShouldFail()
    {
@@ -220,6 +248,7 @@ public class MemberManagerTests
            MemberTypeAlias = "Anything",
            PasswordConfig = "testConfig",
            PasswordHash = "hashedPassword",
+            IsApproved = true
        };

    private static IMember CreateMember(MemberIdentityUser fakeUser)