#243. Generate a one-time password for new users (invite link).

Author: sys27

.dockerignore

@@ -25,4 +25,5 @@ LICENSE
 README.md
 **/*.db
 **/*.db-shm
-**/*.db-wal
+**/*.db-wal
+**/dist

Dockerfile

@@ -52,9 +52,9 @@ EXPOSE 80
 HEALTHCHECK --interval=5s --timeout=5s CMD wget http://localhost/health -q -O - > /dev/null 2>&1
 
 ENV ASPNETCORE_ENVIRONMENT="Production"
-ENV ASPNETCORE_ConnectionStrings__DefaultConnection="Data Source=/data/pyro.db"
-ENV ASPNETCORE_Git__BasePath="/data"
 ENV ASPNETCORE_URLS="http://+:80"
+ENV ConnectionStrings__DefaultConnection="Data Source=/data/pyro.db"
+ENV Git__BasePath="/data"
 
 RUN apk add --no-cache git
 RUN addgroup -S pyro && adduser -S pyro -G pyro

Pyro.Api/Directory.Packages.props

@@ -11,6 +11,7 @@
     <PackageVersion Include="JWT" Version="10.1.1" />
     <PackageVersion Include="JWT.Extensions.AspNetCore" Version="10.1.1" />
     <PackageVersion Include="LibGit2Sharp" Version="0.30.0" />
+    <PackageVersion Include="MailKit" Version="4.8.0" />
     <PackageVersion Include="MediatR" Version="12.4.1" />
     <PackageVersion Include="Microsoft.AspNetCore.DataProtection.Abstractions" Version="8.0.10" />
     <PackageVersion Include="Microsoft.AspNetCore.DataProtection.EntityFrameworkCore" Version="8.0.10" />
@@ -24,13 +25,15 @@
     <PackageVersion Include="Microsoft.EntityFrameworkCore.Design" Version="8.0.10" />
     <PackageVersion Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="8.0.0" />
     <PackageVersion Include="Microsoft.NET.Test.Sdk" Version="17.11.1" />
+    <PackageVersion Include="MimeKit" Version="4.8.0" />
     <PackageVersion Include="NewId" Version="4.0.1" />
     <PackageVersion Include="NSubstitute" Version="5.3.0" />
     <PackageVersion Include="NSubstitute.Analyzers.CSharp" Version="1.0.17" />
     <PackageVersion Include="NUnit" Version="4.2.2" />
     <PackageVersion Include="NUnit.Analyzers" Version="4.3.0" />
     <PackageVersion Include="NUnit3TestAdapter" Version="4.6.0" />
     <PackageVersion Include="Riok.Mapperly" Version="4.1.0" />
+    <PackageVersion Include="SmtpServer" Version="10.0.1" />
     <PackageVersion Include="StyleCop.Analyzers" Version="1.2.0-beta.556" />
     <PackageVersion Include="Testcontainers" Version="4.0.0" />
   </ItemGroup>

Pyro.Api/Pyro.ApiTests/Api.cs

@@ -1,42 +1,74 @@
 // Copyright (c) Dmytro Kyshchenko. All rights reserved.
 // Licensed under the GPL-3.0 license. See LICENSE file in the project root for full license information.
 
+using System.Net;
+using System.Net.Sockets;
 using DotNet.Testcontainers.Builders;
 using DotNet.Testcontainers.Containers;
+using Pyro.ApiTests.Clients;
 
 namespace Pyro.ApiTests;
 
 [SetUpFixture]
-public class Api
+internal class Api
 {
+    private static Smtp? smtp;
     private static IContainer? container;
     private static Uri? baseAddress;
 
     [OneTimeSetUp]
     public async Task SetUp()
     {
+        smtp = new Smtp();
+        smtp.Start();
+
         const int hostPort = 8080;
         const int containerPort = 80;
         var imageId = Environment.GetEnvironmentVariable("PYRO_IMAGE_ID") ??
                       "pyro";
+        var isInContainer = Environment.GetEnvironmentVariable("DOTNET_RUNNING_IN_CONTAINER") == "true";
 
-        container = new ContainerBuilder()
+        var containerBuilder = new ContainerBuilder()
             .WithImage(imageId)
             .WithName("pyro")
             .WithPortBinding(hostPort, containerPort)
             .WithWaitStrategy(Wait.ForUnixContainer().UntilContainerIsHealthy())
-            .Build();
+            .WithEnvironment(new Dictionary<string, string>
+            {
+                ["EmailService__Provider"] = "Smtp",
+                ["EmailService__Login"] = "test",
+                ["EmailService__Password"] = "1234",
+            });
+
+        if (isInContainer)
+        {
+            var addresses = (await Dns.GetHostAddressesAsync(Dns.GetHostName()))
+                .FirstOrDefault(x => x.AddressFamily == AddressFamily.InterNetwork);
+
+            containerBuilder = containerBuilder
+                .WithEnvironment("EmailService__Host", $"smtp://{addresses}:25");
+        }
+        else
+        {
+            containerBuilder = containerBuilder
+                .WithExtraHost("host.docker.internal", "host-gateway")
+                .WithEnvironment("EmailService__Host", "smtp://host.docker.internal:25");
+        }
+
+        container = containerBuilder.Build();
 
         await container.StartAsync();
 
-        baseAddress = Environment.GetEnvironmentVariable("DOTNET_RUNNING_IN_CONTAINER") == "true"
+        baseAddress = isInContainer
             ? new Uri($"http://{container.IpAddress}:{containerPort}")
             : new Uri($"http://localhost:{hostPort}");
     }
 
     [OneTimeTearDown]
     public async Task TearDown()
     {
+        smtp?.Stop();
+
         if (container is not null)
         {
             await container.StopAsync();
@@ -45,4 +77,6 @@ public async Task TearDown()
     }
 
     public static Uri BaseAddress => baseAddress!;
+
+    public static Smtp Smtp => smtp!;
 }

Pyro.Api/Pyro.ApiTests/Clients/BaseClient.cs

@@ -192,7 +192,7 @@ public async Task Login(string username, string password)
     }
 
     public Task Login()
-        => Login("pyro", "pyro");
+        => Login("pyro@localhost.local", "pyro");
 
     public async Task Logout()
     {

Pyro.Api/Pyro.ApiTests/Clients/IdentityClient.cs

@@ -35,6 +35,9 @@ public async Task LockUser(string login)
     public async Task UnlockUser(string login)
         => await Post($"/api/users/{login}/unlock");
 
+    public async Task ActivateUser(ActivateUserRequest request)
+        => await Post($"/api/users/activate", request);
+
     public async Task<IReadOnlyList<AccessTokenResponse>?> GetAccessTokens()
         => await Get<IReadOnlyList<AccessTokenResponse>>("/api/users/access-tokens");
 

Pyro.Api/Pyro.ApiTests/Clients/Smtp.cs

@@ -0,0 +1,102 @@
+// Copyright (c) Dmytro Kyshchenko. All rights reserved.
+// Licensed under the GPL-3.0 license. See LICENSE file in the project root for full license information.
+
+using System.Buffers;
+using System.Collections.Concurrent;
+using System.Text.RegularExpressions;
+using SmtpServer;
+using SmtpServer.Authentication;
+using SmtpServer.ComponentModel;
+using SmtpServer.Protocol;
+using SmtpServer.Storage;
+
+namespace Pyro.ApiTests.Clients;
+
+internal sealed partial class Smtp : IMessageStore
+{
+    private readonly SmtpServer.SmtpServer smtpServer;
+    private readonly BlockingCollection<Message> messages;
+
+    public Smtp()
+    {
+        var options = new SmtpServerOptionsBuilder()
+            .ServerName("localhost")
+            .Endpoint(builder => builder
+                .Port(25, false)
+                .AllowUnsecureAuthentication())
+            .Build();
+
+        var serviceProvider = new ServiceProvider();
+        serviceProvider.Add(this);
+        serviceProvider.Add(MailboxFilter.Default);
+        serviceProvider.Add(UserAuthenticator.Default);
+
+        smtpServer = new SmtpServer.SmtpServer(options, serviceProvider);
+        messages = [];
+    }
+
+    public void Start()
+        => Task.Run(() => smtpServer.StartAsync(CancellationToken.None))
+            .ContinueWith(
+                task => Console.WriteLine(task.Exception),
+                CancellationToken.None,
+                TaskContinuationOptions.OnlyOnFaulted,
+                TaskScheduler.Default);
+
+    public void Stop()
+        => smtpServer.Shutdown();
+
+    public async Task<SmtpResponse> SaveAsync(
+        ISessionContext context,
+        IMessageTransaction transaction,
+        ReadOnlySequence<byte> buffer,
+        CancellationToken cancellationToken)
+    {
+        await using var stream = new MemoryStream();
+
+        var position = buffer.GetPosition(0);
+        while (buffer.TryGet(ref position, out var memory))
+            await stream.WriteAsync(memory, cancellationToken);
+
+        stream.Position = 0;
+
+        var message = await MimeKit.MimeMessage.LoadAsync(stream, cancellationToken);
+        messages.Add(
+            new Message
+            {
+                From = message.From.Mailboxes.First().Address,
+                To = message.To.Mailboxes.First().Address,
+                Body = message.HtmlBody,
+            },
+            cancellationToken);
+
+        return SmtpResponse.Ok;
+    }
+
+    public Message? WaitForMessage(Func<Message, bool> condition, CancellationToken cancellationToken = default)
+    {
+        using var timeout = new CancellationTokenSource(TimeSpan.FromMinutes(1));
+        using var linked = CancellationTokenSource.CreateLinkedTokenSource(cancellationToken, timeout.Token);
+
+        foreach (var message in messages.GetConsumingEnumerable(linked.Token))
+            if (condition(message))
+                return message;
+
+        return null;
+    }
+
+    public partial class Message
+    {
+        public required string From { get; set; }
+
+        public required string To { get; set; }
+
+        public required string Body { get; set; }
+
+        [GeneratedRegex("token=(.*)\"")]
+        private static partial Regex TokenRegex();
+
+        public string GetToken()
+            => Uri.UnescapeDataString(TokenRegex().Match(Body).Groups[1].Value);
+    }
+}

Pyro.Api/Pyro.ApiTests/Pyro.ApiTests.csproj

@@ -17,6 +17,7 @@
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
     <PackageReference Include="Microsoft.NET.Test.Sdk" />
+    <PackageReference Include="MimeKit" />
     <PackageReference Include="NSubstitute" />
     <PackageReference Include="NSubstitute.Analyzers.CSharp">
       <PrivateAssets>all</PrivateAssets>
@@ -28,6 +29,7 @@
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
     <PackageReference Include="NUnit3TestAdapter" />
+    <PackageReference Include="SmtpServer" />
     <PackageReference Include="Testcontainers" />
   </ItemGroup>
 

Pyro.Api/Pyro.ApiTests/Tests/LockUserTests.cs

@@ -24,12 +24,23 @@ public async Task SetUp()
         identityClient = pyroClient.Share<IdentityClient>();
         await pyroClient.Login();
 
-        login = faker.Random.Hash(32);
-        password = faker.Random.Hash();
+        login = faker.Internet.Email();
 
-        var createUserRequest = new CreateUserRequest(login, password, ["User"]);
+        var createUserRequest = new CreateUserRequest(login, ["User"]);
         var user = await identityClient.CreateUser(createUserRequest);
         Assert.That(user, Is.Not.Null);
+        Assert.That(user.IsLocked, Is.True);
+
+        var message = Api.Smtp.WaitForMessage(x => x.To == login) ??
+                      throw new InvalidOperationException("The message was not found.");
+        var token = message.GetToken();
+        password = faker.Random.Hash();
+        var activateUserRequest = new ActivateUserRequest(token, password);
+        await identityClient.ActivateUser(activateUserRequest);
+
+        user = await identityClient.GetUser(login);
+        Assert.That(user, Is.Not.Null);
+        Assert.That(user.IsLocked, Is.False);
     }
 
     [OneTimeTearDown]

Pyro.Api/Pyro.ApiTests/Tests/ProfileTests.cs

@@ -1,6 +1,7 @@
 // Copyright (c) Dmytro Kyshchenko. All rights reserved.
 // Licensed under the GPL-3.0 license. See LICENSE file in the project root for full license information.
 
+using Bogus;
 using Pyro.ApiTests.Clients;
 using Pyro.Contracts.Requests;
 using Pyro.Contracts.Requests.Identity;
@@ -9,12 +10,14 @@ namespace Pyro.ApiTests.Tests;
 
 public class ProfileTests
 {
+    private Faker faker;
     private PyroClient client;
     private IdentityClient identityClient;
 
     [OneTimeSetUp]
     public async Task SetUp()
     {
+        faker = new Faker();
         client = new PyroClient(Api.BaseAddress);
         identityClient = client.Share<IdentityClient>();
         await client.Login();
@@ -49,14 +52,22 @@ public async Task UpdateGetProfile()
     [Test]
     public async Task GetProfileOfNewlyCreatedUser()
     {
+        var login = faker.Internet.Email();
         var request = new CreateUserRequest(
-            Guid.NewGuid().ToString().Replace("-", string.Empty),
-            Guid.NewGuid().ToString(),
+            login,
             ["Admin"]);
         await identityClient.CreateUser(request);
 
+        var message = Api.Smtp.WaitForMessage(x => x.To == login) ??
+                      throw new InvalidOperationException("The message was not found.");
+        var token = message.GetToken();
+        var password = faker.Random.Hash();
+        var activateUserRequest = new ActivateUserRequest(token, password);
+        await identityClient.ActivateUser(activateUserRequest);
+
         using var newUserClient = new PyroClient(Api.BaseAddress);
-        await newUserClient.Login(request.Login, request.Password);
+
+        await newUserClient.Login(request.Login, password);
 
         var profile = await newUserClient.GetProfile();