yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Tests for v7 password hash

Browse Source
This commit is contained in:
Scott Brady
2020-04-22 15:58:28 +01:00
parent e90778bd3d
commit 8fc2674426
4 changed files with 65 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
src/Umbraco.Tests/Security/BackOfficeUserManagerTests.cs Normal file
View File

@@ -0,0 +1,62 @@
using System.Collections.Generic;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.Logging.Abstractions;
using Microsoft.Owin.Security.DataProtection;
using Moq;
using NUnit.Framework;
using Umbraco.Core.Configuration;
using Umbraco.Core.Models.Membership;
using Umbraco.Net;
using Umbraco.Web.Models.Identity;
using Umbraco.Web.Security;
namespace Umbraco.Tests.Security
{
public class BackOfficeUserManagerTests
{
[Test]
public async Task CheckPasswordAsync_When_Default_Password_Hasher_Validates_Umbraco7_Hash_Expect_Valid_Password()
{
const string v7Hash = "7Uob6fMTTxDIhWGebYiSxg==P+hgvWlXLbDd4cFLADn811KOaVI/9pg1PNvTuG5NklY=";
const string plaintext = "4XxzH3s3&J";
var mockPasswordConfiguration = new Mock<IPasswordConfiguration>();
var mockIpResolver = new Mock<IIpResolver>();
var mockUserStore = new Mock<IUserPasswordStore<BackOfficeIdentityUser>>();
var mockDataProtectionProvider = new Mock<IDataProtectionProvider>();
mockDataProtectionProvider.Setup(x => x.Create(It.IsAny<string>()))
.Returns(new Mock<IDataProtector>().Object);
mockPasswordConfiguration.Setup(x => x.HashAlgorithmType)
.Returns("HMACSHA256");
var userManager = BackOfficeUserManager.Create(
mockPasswordConfiguration.Object,
mockIpResolver.Object,
mockUserStore.Object,
null,
mockDataProtectionProvider.Object,
new NullLogger<UserManager<BackOfficeIdentityUser>>());
var mockGlobalSettings = new Mock<IGlobalSettings>();
mockGlobalSettings.Setup(x => x.DefaultUILanguage).Returns("test");
var user = new BackOfficeIdentityUser(mockGlobalSettings.Object, 2, new List<IReadOnlyUserGroup>())
{
UserName = "alice",
Name = "Alice",
Email = "alice@umbraco.test",
PasswordHash = v7Hash
};
mockUserStore.Setup(x => x.GetPasswordHashAsync(user, It.IsAny<CancellationToken>()))
.ReturnsAsync(v7Hash);
var isValidPassword = await userManager.CheckPasswordAsync(user, plaintext);
Assert.True(isValidPassword);
}
}
}

1
src/Umbraco.Tests/Umbraco.Tests.csproj
View File

@@ -148,6 +148,7 @@
<Compile Include="Persistence\Repositories\EntityRepositoryTest.cs" />
<Compile Include="Security\BackOfficeClaimsPrincipalFactoryTests.cs" />
<Compile Include="Persistence\Repositories\KeyValueRepositoryTests.cs" />
<Compile Include="Security\BackOfficeUserManagerTests.cs" />
<Compile Include="Security\UmbracoSecurityStampValidatorTests.cs" />
<Compile Include="Services\KeyValueServiceTests.cs" />
<Compile Include="Persistence\Repositories\UserRepositoryTest.cs" />

2
src/Umbraco.Web/Editors/BackOfficeController.cs
View File

@@ -8,6 +8,7 @@ using System.Threading.Tasks;
using System.Web;
using System.Web.Mvc;
using System.Web.UI;
using Microsoft.AspNetCore.Identity;
using Microsoft.Owin.Security;
using Newtonsoft.Json;
using Umbraco.Core;
@@ -31,7 +32,6 @@ using Umbraco.Core.Runtime;
using Umbraco.Core.WebAssets;
using Umbraco.Web.Trees;
using Umbraco.Web.WebAssets;
using UserLoginInfo = Microsoft.AspNetCore.Identity.UserLoginInfo;
namespace Umbraco.Web.Editors
{

2
src/Umbraco.Web/Security/ExternalSignInAutoLinkOptions.cs
View File

@@ -40,7 +40,7 @@ namespace Umbraco.Web.Security
public Func<BackOfficeIdentityUser, ExternalLoginInfo, bool> OnExternalLogin { get; set; }
/// <summary>B
/// <summary>
/// The default User group aliases to use for auto-linking users
/// </summary>
/// <param name="umbracoContext"></param>