diff --git a/src/Umbraco.Tests/Security/BackOfficeUserManagerTests.cs b/src/Umbraco.Tests/Security/BackOfficeUserManagerTests.cs new file mode 100644 index 0000000000..30ed101297 --- /dev/null +++ b/src/Umbraco.Tests/Security/BackOfficeUserManagerTests.cs @@ -0,0 +1,62 @@ +using System.Collections.Generic; +using System.Threading; +using System.Threading.Tasks; +using Microsoft.AspNetCore.Identity; +using Microsoft.Extensions.Logging.Abstractions; +using Microsoft.Owin.Security.DataProtection; +using Moq; +using NUnit.Framework; +using Umbraco.Core.Configuration; +using Umbraco.Core.Models.Membership; +using Umbraco.Net; +using Umbraco.Web.Models.Identity; +using Umbraco.Web.Security; + +namespace Umbraco.Tests.Security +{ + public class BackOfficeUserManagerTests + { + [Test] + public async Task CheckPasswordAsync_When_Default_Password_Hasher_Validates_Umbraco7_Hash_Expect_Valid_Password() + { + const string v7Hash = "7Uob6fMTTxDIhWGebYiSxg==P+hgvWlXLbDd4cFLADn811KOaVI/9pg1PNvTuG5NklY="; + const string plaintext = "4XxzH3s3&J"; + + var mockPasswordConfiguration = new Mock(); + var mockIpResolver = new Mock(); + var mockUserStore = new Mock>(); + var mockDataProtectionProvider = new Mock(); + + mockDataProtectionProvider.Setup(x => x.Create(It.IsAny())) + .Returns(new Mock().Object); + mockPasswordConfiguration.Setup(x => x.HashAlgorithmType) + .Returns("HMACSHA256"); + + var userManager = BackOfficeUserManager.Create( + mockPasswordConfiguration.Object, + mockIpResolver.Object, + mockUserStore.Object, + null, + mockDataProtectionProvider.Object, + new NullLogger>()); + + var mockGlobalSettings = new Mock(); + mockGlobalSettings.Setup(x => x.DefaultUILanguage).Returns("test"); + + var user = new BackOfficeIdentityUser(mockGlobalSettings.Object, 2, new List()) + { + UserName = "alice", + Name = "Alice", + Email = "alice@umbraco.test", + PasswordHash = v7Hash + }; + + mockUserStore.Setup(x => x.GetPasswordHashAsync(user, It.IsAny())) + .ReturnsAsync(v7Hash); + + var isValidPassword = await userManager.CheckPasswordAsync(user, plaintext); + + Assert.True(isValidPassword); + } + } +} diff --git a/src/Umbraco.Tests/Umbraco.Tests.csproj b/src/Umbraco.Tests/Umbraco.Tests.csproj index 1f54e1e629..c36d35a56d 100644 --- a/src/Umbraco.Tests/Umbraco.Tests.csproj +++ b/src/Umbraco.Tests/Umbraco.Tests.csproj @@ -148,6 +148,7 @@ + diff --git a/src/Umbraco.Web/Editors/BackOfficeController.cs b/src/Umbraco.Web/Editors/BackOfficeController.cs index 684d19be81..78a5eaaa38 100644 --- a/src/Umbraco.Web/Editors/BackOfficeController.cs +++ b/src/Umbraco.Web/Editors/BackOfficeController.cs @@ -8,6 +8,7 @@ using System.Threading.Tasks; using System.Web; using System.Web.Mvc; using System.Web.UI; +using Microsoft.AspNetCore.Identity; using Microsoft.Owin.Security; using Newtonsoft.Json; using Umbraco.Core; @@ -31,7 +32,6 @@ using Umbraco.Core.Runtime; using Umbraco.Core.WebAssets; using Umbraco.Web.Trees; using Umbraco.Web.WebAssets; -using UserLoginInfo = Microsoft.AspNetCore.Identity.UserLoginInfo; namespace Umbraco.Web.Editors { diff --git a/src/Umbraco.Web/Security/ExternalSignInAutoLinkOptions.cs b/src/Umbraco.Web/Security/ExternalSignInAutoLinkOptions.cs index bd0d3b98a4..abe5aeb196 100644 --- a/src/Umbraco.Web/Security/ExternalSignInAutoLinkOptions.cs +++ b/src/Umbraco.Web/Security/ExternalSignInAutoLinkOptions.cs @@ -40,7 +40,7 @@ namespace Umbraco.Web.Security public Func OnExternalLogin { get; set; } - /// B + /// /// The default User group aliases to use for auto-linking users /// ///