mirror of
https://github.com/OrchardCMS/Orchard.git
synced 2026-02-09 09:16:41 +08:00
Adding password storage and verification. Clear and hashed supported. Hashed is default, uses SHA1 with unique salt per user.
--HG-- extra : convert_revision : svn%3A5ff7c347-ad56-4c35-b696-ccb81de16e03/trunk%4040935
This commit is contained in:
@@ -16,6 +16,7 @@ using Orchard.Security;
|
||||
using Orchard.UI.Notify;
|
||||
using Orchard.Users.Controllers;
|
||||
using Orchard.Users.Models;
|
||||
using Orchard.Users.Services;
|
||||
using Orchard.Users.ViewModels;
|
||||
|
||||
namespace Orchard.Tests.Packages.Users.Controllers {
|
||||
@@ -26,6 +27,7 @@ namespace Orchard.Tests.Packages.Users.Controllers {
|
||||
public override void Register(ContainerBuilder builder) {
|
||||
builder.Register<AdminController>();
|
||||
builder.Register<DefaultModelManager>().As<IModelManager>();
|
||||
builder.Register<MembershipService>().As<IMembershipService>();
|
||||
builder.Register<UserDriver>().As<IModelDriver>();
|
||||
builder.Register(new Mock<INotifier>().Object);
|
||||
}
|
||||
@@ -76,7 +78,7 @@ namespace Orchard.Tests.Packages.Users.Controllers {
|
||||
[Test]
|
||||
public void CreateShouldAddUserAndRedirect() {
|
||||
var controller = _container.Resolve<AdminController>();
|
||||
var result = controller.Create(new UserCreateViewModel { UserName = "four" });
|
||||
var result = controller.Create(new UserCreateViewModel { UserName = "four",Password="five",ConfirmPassword="five" });
|
||||
Assert.That(result, Is.TypeOf<RedirectToRouteResult>());
|
||||
|
||||
var redirect = (RedirectToRouteResult)result;
|
||||
|
||||
@@ -2,6 +2,8 @@
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Text;
|
||||
using System.Web.Security;
|
||||
using Autofac;
|
||||
using Autofac.Builder;
|
||||
using Autofac.Modules;
|
||||
using NHibernate;
|
||||
@@ -20,6 +22,7 @@ namespace Orchard.Tests.Packages.Users.Services {
|
||||
private IMembershipService _membershipService;
|
||||
private ISessionFactory _sessionFactory;
|
||||
private ISession _session;
|
||||
private IContainer _container;
|
||||
|
||||
|
||||
public class TestSessionLocator : ISessionLocator {
|
||||
@@ -59,8 +62,8 @@ namespace Orchard.Tests.Packages.Users.Services {
|
||||
builder.RegisterGeneric(typeof(Repository<>)).As(typeof(IRepository<>));
|
||||
_session = _sessionFactory.OpenSession();
|
||||
builder.Register(new TestSessionLocator(_session)).As<ISessionLocator>();
|
||||
var container = builder.Build();
|
||||
_membershipService = container.Resolve<IMembershipService>();
|
||||
_container = builder.Build();
|
||||
_membershipService = _container.Resolve<IMembershipService>();
|
||||
}
|
||||
|
||||
[Test]
|
||||
@@ -69,5 +72,52 @@ namespace Orchard.Tests.Packages.Users.Services {
|
||||
Assert.That(user.UserName, Is.EqualTo("a"));
|
||||
Assert.That(user.Email, Is.EqualTo("c"));
|
||||
}
|
||||
|
||||
[Test]
|
||||
public void DefaultPasswordFormatShouldBeHashedAndHaveSalt() {
|
||||
var user = _membershipService.CreateUser(new CreateUserParams("a", "b", "c", null, null, true));
|
||||
|
||||
var userRepository = _container.Resolve<IRepository<UserRecord>>();
|
||||
var userRecord = userRepository.Get(user.Id);
|
||||
Assert.That(userRecord.PasswordFormat, Is.EqualTo(MembershipPasswordFormat.Hashed));
|
||||
Assert.That(userRecord.Password, Is.Not.EqualTo("b"));
|
||||
Assert.That(userRecord.PasswordSalt, Is.Not.Null);
|
||||
Assert.That(userRecord.PasswordSalt, Is.Not.Empty);
|
||||
}
|
||||
|
||||
[Test]
|
||||
public void SaltAndPasswordShouldBeDifferentEvenWithSameSourcePassword() {
|
||||
var user1 = _membershipService.CreateUser(new CreateUserParams("a", "b", "c", null, null, true));
|
||||
_session.Flush();
|
||||
_session.Clear();
|
||||
|
||||
var user2 = _membershipService.CreateUser(new CreateUserParams("d", "b", "e", null, null, true));
|
||||
_session.Flush();
|
||||
_session.Clear();
|
||||
|
||||
var userRepository = _container.Resolve<IRepository<UserRecord>>();
|
||||
var user1Record = userRepository.Get(user1.Id);
|
||||
var user2Record = userRepository.Get(user2.Id);
|
||||
Assert.That(user1Record.PasswordSalt, Is.Not.EqualTo(user2Record.PasswordSalt));
|
||||
Assert.That(user1Record.Password, Is.Not.EqualTo(user2Record.Password));
|
||||
|
||||
Assert.That(_membershipService.ValidateUser("a", "b"), Is.Not.Null);
|
||||
Assert.That(_membershipService.ValidateUser("d", "b"), Is.Not.Null);
|
||||
}
|
||||
|
||||
[Test]
|
||||
public void ValidateUserShouldReturnNullIfUserOrPasswordIsIncorrect() {
|
||||
_membershipService.CreateUser(new CreateUserParams("test-user", "test-password", "c", null, null, true));
|
||||
_session.Flush();
|
||||
_session.Clear();
|
||||
|
||||
var validate1 = _membershipService.ValidateUser("test-user", "bad-password");
|
||||
var validate2 = _membershipService.ValidateUser("bad-user", "test-password");
|
||||
var validate3 = _membershipService.ValidateUser("test-user", "test-password");
|
||||
|
||||
Assert.That(validate1, Is.Null);
|
||||
Assert.That(validate2, Is.Null);
|
||||
Assert.That(validate3, Is.Not.Null);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user