Adding password storage and verification. Clear and hashed supported. Hashed is default, uses SHA1 with unique salt per user.

--HG--
extra : convert_revision : svn%3A5ff7c347-ad56-4c35-b696-ccb81de16e03/trunk%4040935
This commit is contained in:
loudej
2009-11-17 05:52:23 +00:00
parent 0cc64ebe1c
commit e225650203
10 changed files with 195 additions and 10 deletions

View File

@@ -16,6 +16,7 @@ using Orchard.Security;
using Orchard.UI.Notify;
using Orchard.Users.Controllers;
using Orchard.Users.Models;
using Orchard.Users.Services;
using Orchard.Users.ViewModels;
namespace Orchard.Tests.Packages.Users.Controllers {
@@ -26,6 +27,7 @@ namespace Orchard.Tests.Packages.Users.Controllers {
public override void Register(ContainerBuilder builder) {
builder.Register<AdminController>();
builder.Register<DefaultModelManager>().As<IModelManager>();
builder.Register<MembershipService>().As<IMembershipService>();
builder.Register<UserDriver>().As<IModelDriver>();
builder.Register(new Mock<INotifier>().Object);
}
@@ -76,7 +78,7 @@ namespace Orchard.Tests.Packages.Users.Controllers {
[Test]
public void CreateShouldAddUserAndRedirect() {
var controller = _container.Resolve<AdminController>();
var result = controller.Create(new UserCreateViewModel { UserName = "four" });
var result = controller.Create(new UserCreateViewModel { UserName = "four",Password="five",ConfirmPassword="five" });
Assert.That(result, Is.TypeOf<RedirectToRouteResult>());
var redirect = (RedirectToRouteResult)result;

View File

@@ -2,6 +2,8 @@
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Web.Security;
using Autofac;
using Autofac.Builder;
using Autofac.Modules;
using NHibernate;
@@ -20,6 +22,7 @@ namespace Orchard.Tests.Packages.Users.Services {
private IMembershipService _membershipService;
private ISessionFactory _sessionFactory;
private ISession _session;
private IContainer _container;
public class TestSessionLocator : ISessionLocator {
@@ -59,8 +62,8 @@ namespace Orchard.Tests.Packages.Users.Services {
builder.RegisterGeneric(typeof(Repository<>)).As(typeof(IRepository<>));
_session = _sessionFactory.OpenSession();
builder.Register(new TestSessionLocator(_session)).As<ISessionLocator>();
var container = builder.Build();
_membershipService = container.Resolve<IMembershipService>();
_container = builder.Build();
_membershipService = _container.Resolve<IMembershipService>();
}
[Test]
@@ -69,5 +72,52 @@ namespace Orchard.Tests.Packages.Users.Services {
Assert.That(user.UserName, Is.EqualTo("a"));
Assert.That(user.Email, Is.EqualTo("c"));
}
[Test]
public void DefaultPasswordFormatShouldBeHashedAndHaveSalt() {
var user = _membershipService.CreateUser(new CreateUserParams("a", "b", "c", null, null, true));
var userRepository = _container.Resolve<IRepository<UserRecord>>();
var userRecord = userRepository.Get(user.Id);
Assert.That(userRecord.PasswordFormat, Is.EqualTo(MembershipPasswordFormat.Hashed));
Assert.That(userRecord.Password, Is.Not.EqualTo("b"));
Assert.That(userRecord.PasswordSalt, Is.Not.Null);
Assert.That(userRecord.PasswordSalt, Is.Not.Empty);
}
[Test]
public void SaltAndPasswordShouldBeDifferentEvenWithSameSourcePassword() {
var user1 = _membershipService.CreateUser(new CreateUserParams("a", "b", "c", null, null, true));
_session.Flush();
_session.Clear();
var user2 = _membershipService.CreateUser(new CreateUserParams("d", "b", "e", null, null, true));
_session.Flush();
_session.Clear();
var userRepository = _container.Resolve<IRepository<UserRecord>>();
var user1Record = userRepository.Get(user1.Id);
var user2Record = userRepository.Get(user2.Id);
Assert.That(user1Record.PasswordSalt, Is.Not.EqualTo(user2Record.PasswordSalt));
Assert.That(user1Record.Password, Is.Not.EqualTo(user2Record.Password));
Assert.That(_membershipService.ValidateUser("a", "b"), Is.Not.Null);
Assert.That(_membershipService.ValidateUser("d", "b"), Is.Not.Null);
}
[Test]
public void ValidateUserShouldReturnNullIfUserOrPasswordIsIncorrect() {
_membershipService.CreateUser(new CreateUserParams("test-user", "test-password", "c", null, null, true));
_session.Flush();
_session.Clear();
var validate1 = _membershipService.ValidateUser("test-user", "bad-password");
var validate2 = _membershipService.ValidateUser("bad-user", "test-password");
var validate3 = _membershipService.ValidateUser("test-user", "test-password");
Assert.That(validate1, Is.Null);
Assert.That(validate2, Is.Null);
Assert.That(validate3, Is.Not.Null);
}
}
}