#243. Generate a one-time password for new users (invite link).

Author: sys27

.dockerignore

@@ -25,4 +25,5 @@ LICENSE
 README.md
 **/*.db
 **/*.db-shm
-**/*.db-wal
+**/*.db-wal
+**/dist

Pyro.Api/Directory.Packages.props

@@ -11,6 +11,7 @@
     <PackageVersion Include="JWT" Version="10.1.1" />
     <PackageVersion Include="JWT.Extensions.AspNetCore" Version="10.1.1" />
     <PackageVersion Include="LibGit2Sharp" Version="0.30.0" />
+    <PackageVersion Include="MailKit" Version="4.8.0" />
     <PackageVersion Include="MediatR" Version="12.4.1" />
     <PackageVersion Include="Microsoft.AspNetCore.DataProtection.Abstractions" Version="8.0.10" />
     <PackageVersion Include="Microsoft.AspNetCore.DataProtection.EntityFrameworkCore" Version="8.0.10" />

Pyro.Api/Pyro.ApiTests/Clients/BaseClient.cs

@@ -192,7 +192,7 @@ public async Task Login(string username, string password)
     }
 
     public Task Login()
-        => Login("pyro", "pyro");
+        => Login("pyro@localhost.local", "pyro");
 
     public async Task Logout()
     {

Pyro.Api/Pyro.ApiTests/Tests/LockUserTests.cs

@@ -24,10 +24,11 @@ public async Task SetUp()
         identityClient = pyroClient.Share<IdentityClient>();
         await pyroClient.Login();
 
-        login = faker.Random.Hash(32);
+        login = faker.Internet.Email();
         password = faker.Random.Hash();
 
-        var createUserRequest = new CreateUserRequest(login, password, ["User"]);
+        // TODO: password/activate
+        var createUserRequest = new CreateUserRequest(login, ["User"]);
         var user = await identityClient.CreateUser(createUserRequest);
         Assert.That(user, Is.Not.Null);
     }

Pyro.Api/Pyro.ApiTests/Tests/ProfileTests.cs

@@ -1,6 +1,7 @@
 // Copyright (c) Dmytro Kyshchenko. All rights reserved.
 // Licensed under the GPL-3.0 license. See LICENSE file in the project root for full license information.
 
+using Bogus;
 using Pyro.ApiTests.Clients;
 using Pyro.Contracts.Requests;
 using Pyro.Contracts.Requests.Identity;
@@ -9,12 +10,14 @@ namespace Pyro.ApiTests.Tests;
 
 public class ProfileTests
 {
+    private Faker faker;
     private PyroClient client;
     private IdentityClient identityClient;
 
     [OneTimeSetUp]
     public async Task SetUp()
     {
+        faker = new Faker();
         client = new PyroClient(Api.BaseAddress);
         identityClient = client.Share<IdentityClient>();
         await client.Login();
@@ -49,14 +52,16 @@ public async Task UpdateGetProfile()
     [Test]
     public async Task GetProfileOfNewlyCreatedUser()
     {
+        // TODO: password/activate
         var request = new CreateUserRequest(
-            Guid.NewGuid().ToString().Replace("-", string.Empty),
-            Guid.NewGuid().ToString(),
+            faker.Internet.Email(),
             ["Admin"]);
         await identityClient.CreateUser(request);
 
         using var newUserClient = new PyroClient(Api.BaseAddress);
-        await newUserClient.Login(request.Login, request.Password);
+
+        // TODO: password/activate
+        await newUserClient.Login(request.Login, string.Empty);
 
         var profile = await newUserClient.GetProfile();
 

Pyro.Api/Pyro.ApiTests/Tests/UserTests.cs

@@ -1,18 +1,21 @@
 // Copyright (c) Dmytro Kyshchenko. All rights reserved.
 // Licensed under the GPL-3.0 license. See LICENSE file in the project root for full license information.
 
+using Bogus;
 using Pyro.ApiTests.Clients;
 using Pyro.Contracts.Requests.Identity;
 
 namespace Pyro.ApiTests.Tests;
 
 public class UserTests
 {
+    private Faker faker;
     private IdentityClient client;
 
     [OneTimeSetUp]
     public async Task SetUp()
     {
+        faker = new Faker();
         client = new IdentityClient(Api.BaseAddress);
         await client.Login();
     }
@@ -35,7 +38,7 @@ public async Task GetUsers()
     [Test]
     public async Task GetUserByLogin()
     {
-        const string login = "pyro";
+        const string login = "pyro@localhost.local";
         var result = await client.GetUser(login);
 
         Assert.That(result, Is.Not.Null);
@@ -54,9 +57,9 @@ public async Task GetMissingUserByLogin()
     [Test]
     public async Task CreateGetUpdateUser()
     {
+        // TODO: password/activate
         var createRequest = new CreateUserRequest(
-            Guid.NewGuid().ToString().Replace("-", string.Empty),
-            "password",
+            faker.Internet.Email(),
             ["Admin"]);
         await client.CreateUser(createRequest);
 

Pyro.Api/Pyro.Contracts/Requests/Identity/ActivateUserRequest.cs

@@ -0,0 +1,6 @@
+// Copyright (c) Dmytro Kyshchenko. All rights reserved.
+// Licensed under the GPL-3.0 license. See LICENSE file in the project root for full license information.
+
+namespace Pyro.Contracts.Requests.Identity;
+
+public record ActivateUserRequest(string Token, string Password);

Pyro.Api/Pyro.Contracts/Requests/Identity/CreateUserRequest.cs

@@ -5,5 +5,4 @@ namespace Pyro.Contracts.Requests.Identity;
 
 public record CreateUserRequest(
     string Login,
-    string Password,
     IEnumerable<string> Roles);

Pyro.Api/Pyro.Contracts/Responses/UserProfileResponse.cs

@@ -3,4 +3,4 @@
 
 namespace Pyro.Contracts.Responses;
 
-public record UserProfileResponse(string Name, string? Email, string? Status);
+public record UserProfileResponse(string Name, string? Status);

Pyro.Api/Pyro.Domain.Identity.UnitTests/Commands/CreateUserHandlerTests.cs

@@ -13,7 +13,7 @@ public class CreateUserHandlerTests
     [Test]
     public async Task CreateValidUser()
     {
-        var command = new CreateUser("test", "password", ["admin"]);
+        var command = new CreateUser("test", ["admin"]);
 
         var repository = Substitute.For<IUserRepository>();
         repository
@@ -22,7 +22,10 @@ public async Task CreateValidUser()
 
         var passwordService = Substitute.For<IPasswordService>();
         passwordService
-            .GeneratePasswordHash(command.Password)
+            .GeneratePassword()
+            .Returns(string.Empty);
+        passwordService
+            .GeneratePasswordHash(string.Empty)
             .Returns((new byte[64], new byte[16]));
 
         var handler = new CreateUserHandler(repository, passwordService);
@@ -34,13 +37,14 @@ public async Task CreateValidUser()
             Assert.That(user.Login, Is.EqualTo(command.Login));
             Assert.That(user.Roles, Has.Count.EqualTo(1));
             Assert.That(user.Roles[0].Name, Is.EqualTo("admin"));
+            Assert.That(user.IsLocked, Is.True);
         });
     }
 
     [Test]
     public void CreateUserWithInvalidRole()
     {
-        var command = new CreateUser("test", "password", ["user"]);
+        var command = new CreateUser("test", ["user"]);
 
         var repository = Substitute.For<IUserRepository>();
         repository
@@ -49,7 +53,10 @@ public void CreateUserWithInvalidRole()
 
         var passwordService = Substitute.For<IPasswordService>();
         passwordService
-            .GeneratePasswordHash(command.Password)
+            .GeneratePassword()
+            .Returns(string.Empty);
+        passwordService
+            .GeneratePasswordHash(string.Empty)
             .Returns((new byte[64], new byte[16]));
 
         var handler = new CreateUserHandler(repository, passwordService);