sys27 · sys27 · Nov 19, 2024 · Nov 17, 2024
diff --git a/Pyro.Api/Directory.Packages.props b/Pyro.Api/Directory.Packages.props
@@ -23,6 +23,7 @@
     <PackageVersion Include="Microsoft.EntityFrameworkCore" Version="9.0.0" />
     <PackageVersion Include="Microsoft.EntityFrameworkCore.Sqlite" Version="9.0.0" />
     <PackageVersion Include="Microsoft.EntityFrameworkCore.Design" Version="9.0.0" />
+    <PackageVersion Include="Microsoft.Extensions.Options" Version="9.0.0" />
     <PackageVersion Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="9.0.0" />
     <PackageVersion Include="Microsoft.NET.Test.Sdk" Version="17.11.1" />
     <PackageVersion Include="MimeKit" Version="4.8.0" />

diff --git a/Pyro.Api/Pyro.ApiTests/Clients/PyroClient.cs b/Pyro.Api/Pyro.ApiTests/Clients/PyroClient.cs
@@ -2,8 +2,10 @@
 // Licensed under the GPL-3.0 license. See LICENSE file in the project root for full license information.
 
 using Pyro.Contracts.Requests;
+using Pyro.Contracts.Requests.Identity;
 using Pyro.Contracts.Requests.Issues;
 using Pyro.Contracts.Responses;
+using Pyro.Contracts.Responses.Identity;
 
 namespace Pyro.ApiTests.Clients;
 

diff --git a/Pyro.Api/Pyro.ApiTests/Tests/ProfileTests.cs b/Pyro.Api/Pyro.ApiTests/Tests/ProfileTests.cs
@@ -3,7 +3,6 @@
 
 using Bogus;
 using Pyro.ApiTests.Clients;
-using Pyro.Contracts.Requests;
 using Pyro.Contracts.Requests.Identity;
 
 namespace Pyro.ApiTests.Tests;

diff --git a/...acts/Requests/UpdateUserProfileRequest.cs → ...ests/Identity/UpdateUserProfileRequest.cs b/...acts/Requests/UpdateUserProfileRequest.cs → ...ests/Identity/UpdateUserProfileRequest.cs
@@ -1,6 +1,6 @@
 // Copyright (c) Dmytro Kyshchenko. All rights reserved.
 // Licensed under the GPL-3.0 license. See LICENSE file in the project root for full license information.
 
-namespace Pyro.Contracts.Requests;
+namespace Pyro.Contracts.Requests.Identity;
 
 public record UpdateUserProfileRequest(string Name, string Status);
diff --git a/...ontracts/Responses/UserProfileResponse.cs → ...Responses/Identity/UserProfileResponse.cs b/...ontracts/Responses/UserProfileResponse.cs → ...Responses/Identity/UserProfileResponse.cs
@@ -1,6 +1,6 @@
 // Copyright (c) Dmytro Kyshchenko. All rights reserved.
 // Licensed under the GPL-3.0 license. See LICENSE file in the project root for full license information.
 
-namespace Pyro.Contracts.Responses;
+namespace Pyro.Contracts.Responses.Identity;
 
 public record UserProfileResponse(string Name, string? Status);
diff --git a/Pyro.Api/Pyro.Domain.Identity.UnitTests/Commands/LockUserHandlerTests.cs b/Pyro.Api/Pyro.Domain.Identity.UnitTests/Commands/LockUserHandlerTests.cs
@@ -27,7 +27,12 @@ public void LockMissingUser()
     public void LockCurrentUser()
     {
         var currentUser = new CurrentUser(Guid.NewGuid(), "user", [], []);
-        var user = new User { Id = currentUser.Id, Login = currentUser.Login };
+        var user = new User
+        {
+            Id = currentUser.Id,
+            Login = currentUser.Login,
+            Profile = new UserProfile { Name = currentUser.Login },
+        };
         var command = new LockUser(currentUser.Login);
 
         var userRepository = Substitute.For<IUserRepository>();
@@ -48,7 +53,11 @@ public void LockCurrentUser()
     public async Task LockUser()
     {
         var currentUser = new CurrentUser(Guid.NewGuid(), "user", [], []);
-        var user = new User { Login = "test" };
+        var user = new User
+        {
+            Login = "test",
+            Profile = new UserProfile { Name = "test" },
+        };
         var command = new LockUser(user.Login);
 
         var userRepository = Substitute.For<IUserRepository>();

diff --git a/Pyro.Api/Pyro.Domain.Identity.UnitTests/Commands/LoginHandlerTests.cs b/Pyro.Api/Pyro.Domain.Identity.UnitTests/Commands/LoginHandlerTests.cs
@@ -16,10 +16,11 @@ public async Task LoginWithInvalidUser()
         var command = new LoginCommand("test", "password");
 
         var logger = Substitute.For<ILogger<LoginHandler>>();
+        var timeProvider = Substitute.For<TimeProvider>();
         var repository = Substitute.For<IUserRepository>();
         var passwordService = Substitute.For<IPasswordService>();
         var tokenService = Substitute.For<ITokenService>();
-        var handler = new LoginHandler(logger, repository, passwordService, tokenService);
+        var handler = new LoginHandler(logger, timeProvider, repository, passwordService, tokenService);
 
         var result = await handler.Handle(command);
 
@@ -30,17 +31,50 @@ public async Task LoginWithInvalidUser()
     public async Task LoginWithLockedUser()
     {
         var command = new LoginCommand("test", "password");
-        var user = new User { Login = "test" };
+        var user = new User
+        {
+            Login = "test",
+            Profile = new UserProfile { Name = "test" },
+        };
         user.Lock();
 
         var logger = Substitute.For<ILogger<LoginHandler>>();
+        var timeProvider = Substitute.For<TimeProvider>();
         var repository = Substitute.For<IUserRepository>();
         repository
             .GetUserByLogin(command.Login)
             .Returns(user);
         var passwordService = Substitute.For<IPasswordService>();
         var tokenService = Substitute.For<ITokenService>();
-        var handler = new LoginHandler(logger, repository, passwordService, tokenService);
+        var handler = new LoginHandler(logger, timeProvider, repository, passwordService, tokenService);
+
+        var result = await handler.Handle(command);
+
+        Assert.That(result, Is.EqualTo(LoginResult.Fail()));
+    }
+
+    [Test]
+    public async Task LoginWithExpiredPassword()
+    {
+        var currentDate = DateTimeOffset.UtcNow;
+        var command = new LoginCommand("test", "password");
+        var user = new User
+        {
+            Login = "test",
+            Profile = new UserProfile { Name = "test" },
+            PasswordExpiresAt = currentDate.AddDays(-1),
+        };
+
+        var logger = Substitute.For<ILogger<LoginHandler>>();
+        var timeProvider = Substitute.For<TimeProvider>();
+        timeProvider.GetUtcNow().Returns(currentDate);
+        var repository = Substitute.For<IUserRepository>();
+        repository
+            .GetUserByLogin(command.Login)
+            .Returns(user);
+        var passwordService = Substitute.For<IPasswordService>();
+        var tokenService = Substitute.For<ITokenService>();
+        var handler = new LoginHandler(logger, timeProvider, repository, passwordService, tokenService);
 
         var result = await handler.Handle(command);
 
@@ -51,9 +85,14 @@ public async Task LoginWithLockedUser()
     public async Task LoginWithInvalidCredentials()
     {
         var command = new LoginCommand("test", "password");
-        var user = new User { Login = "test" };
+        var user = new User
+        {
+            Login = "test",
+            Profile = new UserProfile { Name = "test" },
+        };
 
         var logger = Substitute.For<ILogger<LoginHandler>>();
+        var timeProvider = Substitute.For<TimeProvider>();
         var repository = Substitute.For<IUserRepository>();
         repository
             .GetUserByLogin(command.Login)
@@ -63,7 +102,7 @@ public async Task LoginWithInvalidCredentials()
             .VerifyPassword(command.Password, user.Password, user.Salt)
             .Returns(false);
         var tokenService = Substitute.For<ITokenService>();
-        var handler = new LoginHandler(logger, repository, passwordService, tokenService);
+        var handler = new LoginHandler(logger, timeProvider, repository, passwordService, tokenService);
 
         var result = await handler.Handle(command);
 
@@ -74,12 +113,17 @@ public async Task LoginWithInvalidCredentials()
     public async Task LoginWithValidCredentials()
     {
         var command = new LoginCommand("test", "password");
-        var user = new User { Login = "test" };
+        var user = new User
+        {
+            Login = "test",
+            Profile = new UserProfile { Name = "test" },
+        };
         var jwtTokenPair = new JwtTokenPair(
             new Token(Guid.NewGuid(), "access", DateTimeOffset.UtcNow),
             new Token(Guid.NewGuid(), "refresh", DateTimeOffset.UtcNow));
 
         var logger = Substitute.For<ILogger<LoginHandler>>();
+        var timeProvider = Substitute.For<TimeProvider>();
         var repository = Substitute.For<IUserRepository>();
         repository
             .GetUserByLogin(command.Login)
@@ -92,7 +136,7 @@ public async Task LoginWithValidCredentials()
         tokenService
             .GenerateTokenPair(user)
             .Returns(jwtTokenPair);
-        var handler = new LoginHandler(logger, repository, passwordService, tokenService);
+        var handler = new LoginHandler(logger, timeProvider, repository, passwordService, tokenService);
 
         var result = await handler.Handle(command);
 

diff --git a/Pyro.Api/Pyro.Domain.Identity.UnitTests/Commands/RefreshTokenHandlerTests.cs b/Pyro.Api/Pyro.Domain.Identity.UnitTests/Commands/RefreshTokenHandlerTests.cs
@@ -41,7 +41,11 @@ public async Task RefreshTokenWithInvalidUser()
     public async Task RefreshTokenWithLockedUser()
     {
         var command = new RefreshToken("token");
-        var user = new User { Login = "test" };
+        var user = new User
+        {
+            Login = "test",
+            Profile = new UserProfile { Name = "test" },
+        };
         user.Lock();
 
         var jwtToken = new JwtToken
@@ -70,11 +74,53 @@ public async Task RefreshTokenWithLockedUser()
         Assert.That(result, Is.EqualTo(RefreshTokenResult.Fail()));
     }
 
+    [Test]
+    public async Task RefreshTokenWithExpiredPassword()
+    {
+        var currentDate = DateTimeOffset.UtcNow;
+        var command = new RefreshToken("token");
+        var user = new User
+        {
+            Login = "test",
+            Profile = new UserProfile { Name = "test" },
+            PasswordExpiresAt = currentDate.AddDays(-1),
+        };
+        var jwtToken = new JwtToken
+        {
+            TokenId = Guid.NewGuid(),
+            IssuedAt = 0,
+            ExpiresAt = 0,
+            UserId = user.Id,
+            Login = user.Login,
+        };
+
+        var logger = Substitute.For<ILogger<RefreshTokenHandler>>();
+        var userRepository = Substitute.For<IUserRepository>();
+        userRepository
+            .GetUserById(jwtToken.UserId)
+            .Returns(user);
+        var tokenService = Substitute.For<ITokenService>();
+        tokenService
+            .DecodeTokenId(command.Token)
+            .Returns(jwtToken);
+        var timeProvider = Substitute.For<TimeProvider>();
+        timeProvider.GetUtcNow().Returns(currentDate);
+        var handler = new RefreshTokenHandler(logger, userRepository, tokenService, timeProvider);
+
+        var result = await handler.Handle(command);
+
+        Assert.That(result, Is.EqualTo(RefreshTokenResult.Fail()));
+    }
+
     [Test]
     public async Task RefreshTokenWithoutAuthToken()
     {
         var command = new RefreshToken("token");
-        var user = new User { Login = "test" };
+        var user = new User
+        {
+            Login = "test",
+            Profile = new UserProfile { Name = "test" },
+        };
         var jwtToken = new JwtToken
         {
             TokenId = Guid.NewGuid(),
@@ -106,7 +152,11 @@ public async Task RefreshTokenWithExpiredToken()
     {
         var currentDate = new DateTimeOffset(new DateTime(2024, 01, 01));
         var command = new RefreshToken("token");
-        var user = new User { Login = "test" };
+        var user = new User
+        {
+            Login = "test",
+            Profile = new UserProfile { Name = "test" },
+        };
         var authToken = AuthenticationToken.Create(Guid.NewGuid(), user, currentDate.AddMonths(-1));
         user.AddAuthenticationToken(authToken);
         var jwtToken = new JwtToken
@@ -143,7 +193,12 @@ public async Task RefreshToken()
     {
         var currentDate = new DateTimeOffset(new DateTime(2024, 01, 01));
         var command = new RefreshToken("token");
-        var user = new User { Login = "test" };
+        var user = new User
+        {
+            Login = "test",
+            Profile = new UserProfile { Name = "test" },
+            PasswordExpiresAt = currentDate.AddDays(90),
+        };
         var authToken = AuthenticationToken.Create(Guid.NewGuid(), user, currentDate.AddMonths(1));
         user.AddAuthenticationToken(authToken);
         var jwtToken = new JwtToken

diff --git a/Pyro.Api/Pyro.Domain.Identity.UnitTests/Commands/UpdateUserHandlerTests.cs b/Pyro.Api/Pyro.Domain.Identity.UnitTests/Commands/UpdateUserHandlerTests.cs
@@ -13,7 +13,11 @@ public class UpdateUserHandlerTests
     [Test]
     public void UpdateUserWithInvalidRole()
     {
-        var user = new User { Login = "test" };
+        var user = new User
+        {
+            Login = "test",
+            Profile = new UserProfile { Name = "test" },
+        };
         var updateUser = new UpdateUser(user, ["admin"]);
 
         var repository = Substitute.For<IUserRepository>();
@@ -33,7 +37,11 @@ public async Task UpdateUser()
             new Role { Name = "admin" },
             new Role { Name = "user" },
         };
-        var user = new User { Login = "test" };
+        var user = new User
+        {
+            Login = "test",
+            Profile = new UserProfile { Name = "test" },
+        };
         user.AddRole(roles[1]);
 
         var updateUser = new UpdateUser(user, [roles[0].Name]);