diff --git a/docs/design-principles/0110-back-end-for-front-end.md b/docs/design-principles/0110-back-end-for-front-end.md
index b1bcf708..4d57c9a1 100644
--- a/docs/design-principles/0110-back-end-for-front-end.md
+++ b/docs/design-principles/0110-back-end-for-front-end.md
@@ -81,8 +81,6 @@ If the attempt to authenticate is successful, the authentication response from t
These "auth tokens" are then added to [HTTPOnly, secure] cookies that are then returned to the browser to be used between the browser and BEFFE for subsequent requests/responses.
-
-
At some point in time, either of those auth tokens will expire, at which point either the `access_token` can be refreshed (using the `refresh_token`), or the `refresh_tokesn` expires, and the end user will need to re-authenticate again.
#### Login
@@ -99,20 +97,26 @@ For example,
}
```
+
+
or with a body containing an SSO authentication code,
For example,
```json
{
- "AuthCode": "anauthocde",
- "Provider": "sso"
+ "AuthCode": "anauthcode",
+ "Provider": "google"
}
```
+> Note: The Backend API call to authenticate this "OAuth2 identity" will receive some tokens (from the 3rd party provider) that should include an email address \[claim\] that identifies the actual person to the system. However, some OAuth2 providers today do not include that email address claim in the returned tokens, and in those cases the parson cannot be identified. Instead, their email address can be included in the above request (as `Username`) which can be available in the first steps of the "OAuth Authorization Flow".
+
+
+
> Note: you will also need to include CSRF protection in these requests, like all others coming from a JS app.
-A successful response from this request will yield the following body,
+A successful response from either of these requests will yield the following body,
For example,
@@ -122,7 +126,7 @@ For example,
}
```
-But it will also include these cookies (for the current domain):
+But, the response will also include these cookies (for the current domain):
`auth-tok=anaccesstoken`
diff --git a/docs/images/Authentication-SSO.png b/docs/images/Authentication-SSO.png
index c153e375..82be792d 100644
Binary files a/docs/images/Authentication-SSO.png and b/docs/images/Authentication-SSO.png differ
diff --git a/docs/images/BEFFE-ReverseProxy.png b/docs/images/BEFFE-ReverseProxy.png
index 844a0acc..e76b4c8d 100644
Binary files a/docs/images/BEFFE-ReverseProxy.png and b/docs/images/BEFFE-ReverseProxy.png differ
diff --git a/docs/images/Sources.pptx b/docs/images/Sources.pptx
index 9e7a652d..4728b56b 100644
Binary files a/docs/images/Sources.pptx and b/docs/images/Sources.pptx differ
diff --git a/src/ApiHost1/appsettings.json b/src/ApiHost1/appsettings.json
index aface782..b9cdf03f 100644
--- a/src/ApiHost1/appsettings.json
+++ b/src/ApiHost1/appsettings.json
@@ -23,6 +23,11 @@
"SenderProductName": "SaaStack",
"SenderEmailAddress": "noreply@saastack.com",
"SenderDisplayName": "Support"
+ },
+ "SSOProvidersService": {
+ "SSOUserTokens": {
+ "AesSecret": "V7z5SZnhHRa7z68adsvazQjeIbSiWWcR+4KuAUikhe0=::u4ErEVotb170bM8qKWyT8A=="
+ }
}
},
"Hosts": {
diff --git a/src/Application.Interfaces/Audits.Designer.cs b/src/Application.Interfaces/Audits.Designer.cs
index 225054d9..dbfd696d 100644
--- a/src/Application.Interfaces/Audits.Designer.cs
+++ b/src/Application.Interfaces/Audits.Designer.cs
@@ -130,5 +130,32 @@ public static string PasswordCredentialsApplication_Authenticate_Succeeded {
return ResourceManager.GetString("PasswordCredentialsApplication_Authenticate_Succeeded", resourceCulture);
}
}
+
+ ///
+ /// Looks up a localized string similar to SingleSignOn.AutoRegistered.
+ ///
+ public static string SingleSignOnApplication_Authenticate_AccountOnboarded {
+ get {
+ return ResourceManager.GetString("SingleSignOnApplication_Authenticate_AccountOnboarded", resourceCulture);
+ }
+ }
+
+ ///
+ /// Looks up a localized string similar to Authentication.Failed.AccountSuspended.
+ ///
+ public static string SingleSignOnApplication_Authenticate_AccountSuspended {
+ get {
+ return ResourceManager.GetString("SingleSignOnApplication_Authenticate_AccountSuspended", resourceCulture);
+ }
+ }
+
+ ///
+ /// Looks up a localized string similar to Authentication.Passed.
+ ///
+ public static string SingleSignOnApplication_Authenticate_Succeeded {
+ get {
+ return ResourceManager.GetString("SingleSignOnApplication_Authenticate_Succeeded", resourceCulture);
+ }
+ }
}
}
diff --git a/src/Application.Interfaces/Audits.resx b/src/Application.Interfaces/Audits.resx
index 9ea57fe6..e7167c26 100644
--- a/src/Application.Interfaces/Audits.resx
+++ b/src/Application.Interfaces/Audits.resx
@@ -48,4 +48,13 @@
EndUser.PlatformRolesAssigned
+
+ SingleSignOn.AutoRegistered
+
+
+ Authentication.Failed.AccountSuspended
+
+
+ Authentication.Passed
+
\ No newline at end of file
diff --git a/src/Application.Resources.Shared/Identity.cs b/src/Application.Resources.Shared/Identity.cs
index 0d64b32d..627f3ea5 100644
--- a/src/Application.Resources.Shared/Identity.cs
+++ b/src/Application.Resources.Shared/Identity.cs
@@ -4,15 +4,18 @@ namespace Application.Resources.Shared;
public class AuthenticateTokens
{
- public required string AccessToken { get; set; }
+ public required AuthenticateToken AccessToken { get; set; }
- public required DateTime AccessTokenExpiresOn { get; set; }
+ public required AuthenticateToken RefreshToken { get; set; }
- public required string RefreshToken { get; set; }
+ public required string UserId { get; set; }
+}
- public required DateTime RefreshTokenExpiresOn { get; set; }
+public class AuthenticateToken
+{
+ public required DateTime ExpiresOn { get; set; }
- public required string UserId { get; set; }
+ public required string Value { get; set; }
}
public class APIKey : IIdentifiableResource
@@ -26,4 +29,27 @@ public class APIKey : IIdentifiableResource
public required string UserId { get; set; }
public required string Id { get; set; }
+}
+
+public class AuthToken
+{
+ public AuthToken(TokenType type, string value, DateTime? expiresOn)
+ {
+ Type = type;
+ Value = value;
+ ExpiresOn = expiresOn;
+ }
+
+ public DateTime? ExpiresOn { get; }
+
+ public TokenType Type { get; }
+
+ public string Value { get; }
+}
+
+public enum TokenType
+{
+ AccessToken = 1,
+ RefreshToken = 2,
+ IdToken = 3
}
\ No newline at end of file
diff --git a/src/Application.Services.Shared/IEndUsersService.cs b/src/Application.Services.Shared/IEndUsersService.cs
index 3c3a4853..86ec2275 100644
--- a/src/Application.Services.Shared/IEndUsersService.cs
+++ b/src/Application.Services.Shared/IEndUsersService.cs
@@ -6,15 +6,18 @@ namespace Application.Services.Shared;
public interface IEndUsersService
{
- Task> GetPersonAsync(ICallerContext caller, string id, CancellationToken cancellationToken);
+ Task, Error>> FindPersonByEmailAsync(ICallerContext caller, string emailAddress,
+ CancellationToken cancellationToken);
- Task> GetMembershipsAsync(ICallerContext context, string id,
+ Task> GetMembershipsAsync(ICallerContext caller, string id,
CancellationToken cancellationToken);
- Task> RegisterMachineAsync(ICallerContext context, string name, string? timezone,
+ Task> GetPersonAsync(ICallerContext caller, string id, CancellationToken cancellationToken);
+
+ Task> RegisterMachineAsync(ICallerContext caller, string name, string? timezone,
string? countryCode, CancellationToken cancellationToken);
Task> RegisterPersonAsync(ICallerContext caller, string emailAddress,
- string firstName, string lastName, string? timezone, string? countryCode, bool termsAndConditionsAccepted,
+ string firstName, string? lastName, string? timezone, string? countryCode, bool termsAndConditionsAccepted,
CancellationToken cancellationToken);
}
\ No newline at end of file
diff --git a/src/Common/Extensions/EnumExtensions.cs b/src/Common/Extensions/EnumExtensions.cs
index f0cb892c..45fab797 100644
--- a/src/Common/Extensions/EnumExtensions.cs
+++ b/src/Common/Extensions/EnumExtensions.cs
@@ -24,7 +24,7 @@ public static TTargetEnum ToEnum(this TSourceEnum sour
/// Converts the to an value of the ,
/// and in the case where no value can be found, uses the
///
- public static TTargetEnum ToEnumOrDefault(this string value, TTargetEnum defaultValue)
+ public static TTargetEnum ToEnumOrDefault(this string? value, TTargetEnum defaultValue)
{
if (value.HasNoValue())
{
diff --git a/src/Domain.Interfaces/Domain.Interfaces.csproj b/src/Domain.Interfaces/Domain.Interfaces.csproj
index 5be2f664..7379efbe 100644
--- a/src/Domain.Interfaces/Domain.Interfaces.csproj
+++ b/src/Domain.Interfaces/Domain.Interfaces.csproj
@@ -11,6 +11,7 @@
+
diff --git a/src/Domain.Interfaces/Validations/CommonValidations.cs b/src/Domain.Interfaces/Validations/CommonValidations.cs
index 23f1dc15..039dfd1d 100644
--- a/src/Domain.Interfaces/Validations/CommonValidations.cs
+++ b/src/Domain.Interfaces/Validations/CommonValidations.cs
@@ -1,5 +1,6 @@
using Common;
using Common.Extensions;
+using PhoneNumbers;
namespace Domain.Interfaces.Validations;
@@ -14,6 +15,34 @@ public static class CommonValidations
public static readonly Validation FeatureLevel = new(@"^[\w\d]{4,30}$", 4, 30);
public static readonly Validation Identifier = new(@"^[\w]{1,20}_[\d\w]{10,22}$", 12, 43);
public static readonly Validation IdentifierPrefix = new(@"^[^\W_]*$", 1, 20);
+
+ ///
+ /// Validations for International
+ ///
+ public static readonly Validation PhoneNumber = new(value =>
+ {
+ if (!value.HasValue())
+ {
+ return false;
+ }
+
+ if (!value.StartsWith("+"))
+ {
+ return false;
+ }
+
+ var util = PhoneNumberUtil.GetInstance();
+ try
+ {
+ var number = util.Parse(value, null);
+ return util.IsValidNumber(number);
+ }
+ catch (NumberParseException)
+ {
+ return false;
+ }
+ });
+
public static readonly Validation RoleLevel = new(@"^[\w\d]{4,30}$", 4, 30);
public static readonly Validation Timezone = new(Timezones.Exists);
public static readonly Validation Url = new(s => Uri.IsWellFormedUriString(s, UriKind.Absolute));
diff --git a/src/Domain.Shared/Address.cs b/src/Domain.Shared/Address.cs
new file mode 100644
index 00000000..0d914579
--- /dev/null
+++ b/src/Domain.Shared/Address.cs
@@ -0,0 +1,68 @@
+using Common;
+using Domain.Common.ValueObjects;
+using Domain.Interfaces;
+
+namespace Domain.Shared;
+
+public sealed class Address : ValueObjectBase
+{
+ public static readonly Address Default = Create(CountryCodes.Default).Value;
+
+ public static Result Create(string line1, string line2, string line3, string city, string state,
+ CountryCodeIso3166 countryCode, string zip)
+ {
+ return new Address(line1, line2, line3, city, state, countryCode, zip);
+ }
+
+ public static Result Create(CountryCodeIso3166 countryCode)
+ {
+ return new Address(countryCode);
+ }
+
+ private Address(CountryCodeIso3166 countryCode) : this(string.Empty, string.Empty, string.Empty,
+ string.Empty, string.Empty, countryCode, string.Empty)
+ {
+ }
+
+ private Address(string? line1, string? line2, string? line3, string? city, string? state,
+ CountryCodeIso3166 countryCode, string? zip)
+ {
+ Line1 = line1;
+ Line2 = line2;
+ Line3 = line3;
+ City = city;
+ State = state;
+ CountryCode = countryCode;
+ Zip = zip;
+ }
+
+ public string? City { get; }
+
+ public CountryCodeIso3166 CountryCode { get; }
+
+ public string? Line1 { get; }
+
+ public string? Line2 { get; }
+
+ public string? Line3 { get; }
+
+ public string? State { get; }
+
+ public string? Zip { get; }
+
+ public static ValueObjectFactory Rehydrate()
+ {
+ return (property, _) =>
+ {
+ var parts = RehydrateToList(property, false);
+ return new Address(parts[0], parts[1], parts[2], parts[3], parts[4],
+ CountryCodes.FindOrDefault(parts[5]),
+ parts[6]);
+ };
+ }
+
+ protected override IEnumerable GetAtomicValues()
+ {
+ return new object?[] { Line1, Line2, Line3, City, State, CountryCode.Alpha3, Zip };
+ }
+}
\ No newline at end of file
diff --git a/src/Domain.Shared/PhoneNumber.cs b/src/Domain.Shared/PhoneNumber.cs
new file mode 100644
index 00000000..39fa9a3d
--- /dev/null
+++ b/src/Domain.Shared/PhoneNumber.cs
@@ -0,0 +1,38 @@
+using Common;
+using Common.Extensions;
+using Domain.Common.Extensions;
+using Domain.Common.ValueObjects;
+using Domain.Interfaces;
+using Domain.Interfaces.Validations;
+
+namespace Domain.Shared;
+
+public sealed class PhoneNumber : SingleValueObjectBase
+{
+ public static Result Create(string phoneNumber)
+ {
+ if (phoneNumber.IsNotValuedParameter(nameof(phoneNumber), out var error1))
+ {
+ return error1;
+ }
+
+ if (phoneNumber.IsInvalidParameter(CommonValidations.PhoneNumber, nameof(phoneNumber),
+ Resources.PhoneNumber_InvalidPhoneNumber, out var error2))
+ {
+ return error2;
+ }
+
+ return new PhoneNumber(phoneNumber);
+ }
+
+ private PhoneNumber(string phoneNumber) : base(phoneNumber)
+ {
+ }
+
+ public string Number => Value;
+
+ public static ValueObjectFactory Rehydrate()
+ {
+ return (property, _) => new PhoneNumber(property);
+ }
+}
\ No newline at end of file
diff --git a/src/Domain.Shared/Resources.Designer.cs b/src/Domain.Shared/Resources.Designer.cs
index 4244e0e5..1ffaea96 100644
--- a/src/Domain.Shared/Resources.Designer.cs
+++ b/src/Domain.Shared/Resources.Designer.cs
@@ -86,6 +86,15 @@ internal static string Features_InvalidFeature {
}
}
+ ///
+ /// Looks up a localized string similar to The PhoneNumber value is not a valid international phone number.
+ ///
+ internal static string PhoneNumber_InvalidPhoneNumber {
+ get {
+ return ResourceManager.GetString("PhoneNumber_InvalidPhoneNumber", resourceCulture);
+ }
+ }
+
///
/// Looks up a localized string similar to The Role value is invalid.
///
@@ -94,5 +103,14 @@ internal static string Roles_InvalidRole {
return ResourceManager.GetString("Roles_InvalidRole", resourceCulture);
}
}
+
+ ///
+ /// Looks up a localized string similar to The Timezone value is invalid.
+ ///
+ internal static string Timezone_InvalidTimezone {
+ get {
+ return ResourceManager.GetString("Timezone_InvalidTimezone", resourceCulture);
+ }
+ }
}
}
diff --git a/src/Domain.Shared/Resources.resx b/src/Domain.Shared/Resources.resx
index 3ba331dc..45d7e04c 100644
--- a/src/Domain.Shared/Resources.resx
+++ b/src/Domain.Shared/Resources.resx
@@ -36,4 +36,10 @@
The Feature value is invalid
+
+ The Timezone value is invalid
+
+
+ The PhoneNumber value is not a valid international phone number
+
\ No newline at end of file
diff --git a/src/Domain.Shared/Timezone.cs b/src/Domain.Shared/Timezone.cs
new file mode 100644
index 00000000..25f98479
--- /dev/null
+++ b/src/Domain.Shared/Timezone.cs
@@ -0,0 +1,45 @@
+using Common;
+using Common.Extensions;
+using Domain.Common.Extensions;
+using Domain.Common.ValueObjects;
+using Domain.Interfaces;
+using Domain.Interfaces.Validations;
+
+namespace Domain.Shared;
+
+public sealed class Timezone : SingleValueObjectBase
+{
+ public static readonly Timezone Default = Create(Timezones.Default).Value;
+
+ public static Result Create(string timezone)
+ {
+ if (timezone.IsNotValuedParameter(nameof(timezone), out var error1))
+ {
+ return error1;
+ }
+
+ if (timezone.IsInvalidParameter(CommonValidations.Timezone, nameof(timezone),
+ Resources.Timezone_InvalidTimezone, out var error2))
+ {
+ return error2;
+ }
+
+ return new Timezone(Timezones.FindOrDefault(timezone));
+ }
+
+ public static Result Create(TimezoneIANA timezone)
+ {
+ return new Timezone(timezone);
+ }
+
+ private Timezone(TimezoneIANA timezone) : base(timezone)
+ {
+ }
+
+ public TimezoneIANA Code => Value;
+
+ public static ValueObjectFactory Rehydrate()
+ {
+ return (property, _) => new Timezone(Timezones.FindOrDefault(property));
+ }
+}
\ No newline at end of file
diff --git a/src/EndUsersApplication.UnitTests/EndUsersApplicationSpec.cs b/src/EndUsersApplication.UnitTests/EndUsersApplicationSpec.cs
index e509de31..cc429d87 100644
--- a/src/EndUsersApplication.UnitTests/EndUsersApplicationSpec.cs
+++ b/src/EndUsersApplication.UnitTests/EndUsersApplicationSpec.cs
@@ -48,7 +48,7 @@ public async Task WhenGetPersonAndUnregistered_ThenReturnsUser()
{
var user = EndUserRoot.Create(_recorder.Object, _idFactory.Object, UserClassification.Person).Value;
_repository.Setup(rep => rep.LoadAsync(It.IsAny(), It.IsAny()))
- .Returns(Task.FromResult>(user));
+ .ReturnsAsync(user);
var result = await _application.GetPersonAsync(_caller.Object, "anid", CancellationToken.None);
@@ -156,11 +156,11 @@ public async Task WhenAssignPlatformRolesAsync_ThenAssigns()
assignee.Register(Roles.Create(PlatformRoles.Standard).Value, Features.Create(PlatformFeatures.Basic).Value,
Optional.None);
_repository.Setup(rep => rep.LoadAsync("anassigneeid".ToId(), It.IsAny()))
- .Returns(Task.FromResult>(assignee));
+ .ReturnsAsync(assignee);
var assigner = EndUserRoot.Create(_recorder.Object, _idFactory.Object, UserClassification.Person).Value;
assigner.Register(Roles.Create(PlatformRoles.Operations).Value, Features.Create(), Optional.None);
_repository.Setup(rep => rep.LoadAsync("anassignerid".ToId(), It.IsAny()))
- .Returns(Task.FromResult>(assigner));
+ .ReturnsAsync(assigner);
var result = await _application.AssignPlatformRolesAsync(_caller.Object, "anassigneeid",
new List { PlatformRoles.TestingOnly.Name },
@@ -183,13 +183,13 @@ public async Task WhenAssignTenantRolesAsync_ThenAssigns()
assignee.AddMembership("anorganizationid".ToId(), Roles.Create(TenantRoles.Member).Value,
Features.Create(TenantFeatures.Basic).Value);
_repository.Setup(rep => rep.LoadAsync("anassigneeid".ToId(), It.IsAny()))
- .Returns(Task.FromResult>(assignee));
+ .ReturnsAsync(assignee);
var assigner = EndUserRoot.Create(_recorder.Object, _idFactory.Object, UserClassification.Person).Value;
assigner.Register(Roles.Create(PlatformRoles.Operations).Value, Features.Create(), Optional.None);
assigner.AddMembership("anorganizationid".ToId(), Roles.Create(TenantRoles.Owner).Value,
Features.Create(TenantFeatures.Basic).Value);
_repository.Setup(rep => rep.LoadAsync("anassignerid".ToId(), It.IsAny()))
- .Returns(Task.FromResult>(assigner));
+ .ReturnsAsync(assigner);
var result = await _application.AssignTenantRolesAsync(_caller.Object, "anorganizationid", "anassigneeid",
new List { TenantRoles.TestingOnly.Name },
@@ -201,4 +201,31 @@ public async Task WhenAssignTenantRolesAsync_ThenAssigns()
.ContainInOrder(TenantRoles.Member.Name, TenantRoles.TestingOnly.Name);
}
#endif
+
+ [Fact]
+ public async Task WhenFindPersonByEmailAsyncAndNotExists_ThenReturnsNone()
+ {
+ _repository.Setup(rep => rep.FindByEmailAddressAsync(It.IsAny(), It.IsAny()))
+ .ReturnsAsync(Optional.None());
+
+ var result =
+ await _application.FindPersonByEmailAsync(_caller.Object, "auser@company.com", CancellationToken.None);
+
+ result.Should().BeSuccess();
+ result.Value.Should().BeNone();
+ }
+
+ [Fact]
+ public async Task WhenFindPersonByEmailAsyncAndExists_ThenReturns()
+ {
+ var endUser = EndUserRoot.Create(_recorder.Object, _idFactory.Object, UserClassification.Person).Value;
+ _repository.Setup(rep => rep.FindByEmailAddressAsync(It.IsAny(), It.IsAny()))
+ .ReturnsAsync(endUser.ToOptional());
+
+ var result =
+ await _application.FindPersonByEmailAsync(_caller.Object, "auser@company.com", CancellationToken.None);
+
+ result.Should().BeSuccess();
+ result.Value.Value.Id.Should().Be("anid");
+ }
}
\ No newline at end of file
diff --git a/src/EndUsersApplication/EndUsersApplication.cs b/src/EndUsersApplication/EndUsersApplication.cs
index 6e25eed0..259f243c 100644
--- a/src/EndUsersApplication/EndUsersApplication.cs
+++ b/src/EndUsersApplication/EndUsersApplication.cs
@@ -110,7 +110,7 @@ public async Task> RegisterMachineAsync(ICaller
}
public async Task> RegisterPersonAsync(ICallerContext context, string emailAddress,
- string firstName, string lastName, string? timezone, string? countryCode, bool termsAndConditionsAccepted,
+ string firstName, string? lastName, string? timezone, string? countryCode, bool termsAndConditionsAccepted,
CancellationToken cancellationToken)
{
if (!termsAndConditionsAccepted)
@@ -169,6 +169,33 @@ public async Task> RegisterPersonAsync(ICallerC
CountryCodes.FindOrDefault(countryCode));
}
+ public async Task, Error>> FindPersonByEmailAsync(ICallerContext context,
+ string emailAddress, CancellationToken cancellationToken)
+ {
+ //TODO: find the profile of this person by email address from the profilesService
+ //And then, if not, lookup a endUser that has the email address as an invited guest
+
+ var match = EmailAddress.Create(emailAddress);
+ if (!match.IsSuccessful)
+ {
+ return match.Error;
+ }
+
+ var retrieved = await _repository.FindByEmailAddressAsync(match.Value, cancellationToken);
+ if (!retrieved.IsSuccessful)
+ {
+ return retrieved.Error;
+ }
+
+ if (retrieved.Value.HasValue)
+ {
+ var endUser = retrieved.Value.Value;
+ return endUser.ToUser().ToOptional();
+ }
+
+ return Optional.None;
+ }
+
public async Task> AssignPlatformRolesAsync(ICallerContext context, string id,
List roles, CancellationToken cancellationToken)
{
diff --git a/src/EndUsersApplication/IEndUsersApplication.cs b/src/EndUsersApplication/IEndUsersApplication.cs
index fc1bf4b6..dbbe4fb2 100644
--- a/src/EndUsersApplication/IEndUsersApplication.cs
+++ b/src/EndUsersApplication/IEndUsersApplication.cs
@@ -22,6 +22,9 @@ Task> RegisterMachineAsync(ICallerContext conte
string? countryCode, CancellationToken cancellationToken);
Task> RegisterPersonAsync(ICallerContext context, string emailAddress,
- string firstName, string lastName, string? timezone, string? countryCode, bool termsAndConditionsAccepted,
+ string firstName, string? lastName, string? timezone, string? countryCode, bool termsAndConditionsAccepted,
+ CancellationToken cancellationToken);
+
+ Task, Error>> FindPersonByEmailAsync(ICallerContext context, string emailAddress,
CancellationToken cancellationToken);
}
\ No newline at end of file
diff --git a/src/EndUsersApplication/Persistence/IEndUserRepository.cs b/src/EndUsersApplication/Persistence/IEndUserRepository.cs
index ce90ff52..58b8fe6f 100644
--- a/src/EndUsersApplication/Persistence/IEndUserRepository.cs
+++ b/src/EndUsersApplication/Persistence/IEndUserRepository.cs
@@ -1,6 +1,7 @@
using Application.Persistence.Interfaces;
using Common;
using Domain.Common.ValueObjects;
+using Domain.Shared;
using EndUsersDomain;
namespace EndUsersApplication.Persistence;
@@ -10,4 +11,7 @@ public interface IEndUserRepository : IApplicationRepository
Task> LoadAsync(Identifier id, CancellationToken cancellationToken);
Task> SaveAsync(EndUserRoot endUser, CancellationToken cancellationToken);
+
+ Task, Error>> FindByEmailAddressAsync(EmailAddress emailAddress,
+ CancellationToken cancellationToken);
}
\ No newline at end of file
diff --git a/src/EndUsersInfrastructure/ApplicationServices/EndUsersInProcessServiceClient.cs b/src/EndUsersInfrastructure/ApplicationServices/EndUsersInProcessServiceClient.cs
index 90f70118..cb35928f 100644
--- a/src/EndUsersInfrastructure/ApplicationServices/EndUsersInProcessServiceClient.cs
+++ b/src/EndUsersInfrastructure/ApplicationServices/EndUsersInProcessServiceClient.cs
@@ -25,24 +25,30 @@ public async Task> GetPersonAsync(ICallerContext caller,
return await _endUsersApplication.GetPersonAsync(caller, id, cancellationToken);
}
- public async Task> GetMembershipsAsync(ICallerContext context, string id,
+ public async Task, Error>> FindPersonByEmailAsync(ICallerContext caller,
+ string emailAddress, CancellationToken cancellationToken)
+ {
+ return await _endUsersApplication.FindPersonByEmailAsync(caller, emailAddress, cancellationToken);
+ }
+
+ public async Task> GetMembershipsAsync(ICallerContext caller, string id,
CancellationToken cancellationToken)
{
- return await _endUsersApplication.GetMembershipsAsync(context, id, cancellationToken);
+ return await _endUsersApplication.GetMembershipsAsync(caller, id, cancellationToken);
}
public async Task> RegisterPersonAsync(ICallerContext caller, string emailAddress,
- string firstName, string lastName,
- string? timezone, string? countryCode, bool termsAndConditionsAccepted, CancellationToken cancellationToken)
+ string firstName, string? lastName, string? timezone, string? countryCode, bool termsAndConditionsAccepted,
+ CancellationToken cancellationToken)
{
return await _endUsersApplication.RegisterPersonAsync(caller, emailAddress, firstName, lastName, timezone,
countryCode, termsAndConditionsAccepted, cancellationToken);
}
- public async Task> RegisterMachineAsync(ICallerContext context, string name,
+ public async Task> RegisterMachineAsync(ICallerContext caller, string name,
string? timezone, string? countryCode,
CancellationToken cancellationToken)
{
- return await _endUsersApplication.RegisterMachineAsync(context, name, timezone, countryCode, cancellationToken);
+ return await _endUsersApplication.RegisterMachineAsync(caller, name, timezone, countryCode, cancellationToken);
}
}
\ No newline at end of file
diff --git a/src/EndUsersInfrastructure/Persistence/EndUserRepository.cs b/src/EndUsersInfrastructure/Persistence/EndUserRepository.cs
index 80f4a65c..55efedbc 100644
--- a/src/EndUsersInfrastructure/Persistence/EndUserRepository.cs
+++ b/src/EndUsersInfrastructure/Persistence/EndUserRepository.cs
@@ -3,11 +3,13 @@
using Common.Extensions;
using Domain.Common.ValueObjects;
using Domain.Interfaces;
+using Domain.Shared;
using EndUsersApplication.Persistence;
using EndUsersApplication.Persistence.ReadModels;
using EndUsersDomain;
using Infrastructure.Persistence.Common;
using Infrastructure.Persistence.Interfaces;
+using QueryAny;
namespace EndUsersInfrastructure.Persistence;
@@ -47,4 +49,36 @@ public async Task> SaveAsync(EndUserRoot endUser, Can
return endUser;
}
+
+ public async Task, Error>> FindByEmailAddressAsync(EmailAddress emailAddress,
+ CancellationToken cancellationToken)
+ {
+ var query = Query.From()
+ .Where(at => at.Username, ConditionOperator.EqualTo, emailAddress.Address);
+ return await FindFirstByQueryAsync(query, cancellationToken);
+ }
+
+ private async Task, Error>> FindFirstByQueryAsync(QueryClause query,
+ CancellationToken cancellationToken)
+ {
+ var queried = await _userQueries.QueryAsync(query, false, cancellationToken);
+ if (!queried.IsSuccessful)
+ {
+ return queried.Error;
+ }
+
+ var matching = queried.Value.Results.FirstOrDefault();
+ if (matching.NotExists())
+ {
+ return Optional.None;
+ }
+
+ var users = await _users.LoadAsync(matching.Id.Value.ToId(), cancellationToken);
+ if (!users.IsSuccessful)
+ {
+ return users.Error;
+ }
+
+ return users.Value.ToOptional();
+ }
}
\ No newline at end of file
diff --git a/src/IdentityApplication.UnitTests/APIKeysApplicationSpec.cs b/src/IdentityApplication.UnitTests/APIKeysApplicationSpec.cs
index 28e23eb4..49b2518b 100644
--- a/src/IdentityApplication.UnitTests/APIKeysApplicationSpec.cs
+++ b/src/IdentityApplication.UnitTests/APIKeysApplicationSpec.cs
@@ -28,7 +28,7 @@ public class APIKeysApplicationSpec
private readonly Mock _endUsersService;
private readonly Mock _idFactory;
private readonly Mock _recorder;
- private readonly Mock _repository;
+ private readonly Mock _repository;
private readonly Mock _tokensService;
public APIKeysApplicationSpec()
@@ -61,7 +61,7 @@ public APIKeysApplicationSpec()
_apiKeyHasherService.Setup(khs => khs.ValidateAPIKeyHash(It.IsAny()))
.Returns(true);
_endUsersService = new Mock();
- _repository = new Mock();
+ _repository = new Mock();
_repository.Setup(rep => rep.SaveAsync(It.IsAny(), It.IsAny()))
.Returns((APIKeyRoot root, CancellationToken _) => Task.FromResult>(root));
diff --git a/src/IdentityApplication.UnitTests/AuthTokensApplicationSpec.cs b/src/IdentityApplication.UnitTests/AuthTokensApplicationSpec.cs
index b502cc1a..3f8ccf9c 100644
--- a/src/IdentityApplication.UnitTests/AuthTokensApplicationSpec.cs
+++ b/src/IdentityApplication.UnitTests/AuthTokensApplicationSpec.cs
@@ -141,9 +141,10 @@ public async Task WhenRefreshTokenAsyncAndTokensExist_ThenReturnsRefreshedTokens
var result = await _application.RefreshTokenAsync(_caller.Object, "arefreshtoken1", CancellationToken.None);
- result.Value.AccessToken.Should().Be("anaccesstoken2");
- result.Value.RefreshToken.Should().Be("arefreshtoken2");
- result.Value.AccessTokenExpiresOn.Should().Be(expiresOn2);
+ result.Value.AccessToken.Value.Should().Be("anaccesstoken2");
+ result.Value.AccessToken.ExpiresOn.Should().Be(expiresOn2);
+ result.Value.RefreshToken.Value.Should().Be("arefreshtoken2");
+ result.Value.RefreshToken.ExpiresOn.Should().Be(expiresOn2);
_jwtTokensService.Verify(jts => jts.IssueTokensAsync(user));
_repository.Verify(rep => rep.SaveAsync(It.Is(at =>
at.Id == "anid"
diff --git a/src/IdentityApplication.UnitTests/PasswordCredentialsApplicationSpec.cs b/src/IdentityApplication.UnitTests/PasswordCredentialsApplicationSpec.cs
index 5f490c49..b0ad59c0 100644
--- a/src/IdentityApplication.UnitTests/PasswordCredentialsApplicationSpec.cs
+++ b/src/IdentityApplication.UnitTests/PasswordCredentialsApplicationSpec.cs
@@ -266,10 +266,10 @@ public async Task WhenAuthenticateAsyncWithCorrectPassword_ThenReturnsError()
await _application.AuthenticateAsync(_caller.Object, "ausername", "apassword", CancellationToken.None);
result.Should().BeSuccess();
- result.Value.AccessToken.Should().Be("anaccesstoken");
- result.Value.RefreshToken.Should().Be("arefreshtoken");
- result.Value.AccessTokenExpiresOn.Should().Be(expiresOn);
- result.Value.RefreshTokenExpiresOn.Should().Be(expiresOn);
+ result.Value.AccessToken.Value.Should().Be("anaccesstoken");
+ result.Value.RefreshToken.Value.Should().Be("arefreshtoken");
+ result.Value.AccessToken.ExpiresOn.Should().Be(expiresOn);
+ result.Value.RefreshToken.ExpiresOn.Should().Be(expiresOn);
_repository.Verify(rep => rep.SaveAsync(It.IsAny(), It.IsAny()));
_recorder.Verify(rec => rec.AuditAgainst(It.IsAny(), "auserid",
Audits.PasswordCredentialsApplication_Authenticate_Succeeded, It.IsAny(),
diff --git a/src/IdentityApplication.UnitTests/SSOProvidersServiceSpec.cs b/src/IdentityApplication.UnitTests/SSOProvidersServiceSpec.cs
new file mode 100644
index 00000000..6596a63e
--- /dev/null
+++ b/src/IdentityApplication.UnitTests/SSOProvidersServiceSpec.cs
@@ -0,0 +1,166 @@
+using Application.Interfaces;
+using Application.Resources.Shared;
+using Common;
+using Common.Extensions;
+using Domain.Common.Identity;
+using Domain.Common.ValueObjects;
+using Domain.Interfaces.Entities;
+using Domain.Services.Shared.DomainServices;
+using Domain.Shared;
+using FluentAssertions;
+using IdentityApplication.ApplicationServices;
+using IdentityApplication.Persistence;
+using IdentityDomain;
+using JetBrains.Annotations;
+using Moq;
+using UnitTesting.Common;
+using Xunit;
+
+namespace IdentityApplication.UnitTests;
+
+[UsedImplicitly]
+public class SSOProvidersServiceSpec
+{
+ [Trait("Category", "Unit")]
+ public class GivenNoAuthProviders
+ {
+ private readonly SSOProvidersService _service;
+
+ public GivenNoAuthProviders()
+ {
+ var recorder = new Mock();
+ var idFactory = new Mock();
+ var repository = new Mock();
+ var encryptionService = new Mock();
+ encryptionService.Setup(es => es.Encrypt(It.IsAny()))
+ .Returns((string value) => value);
+ encryptionService.Setup(es => es.Decrypt(It.IsAny()))
+ .Returns((string value) => value);
+
+ _service = new SSOProvidersService(recorder.Object, idFactory.Object, encryptionService.Object,
+ new List(),
+ repository.Object);
+ }
+
+ [Fact]
+ public async Task WhenFindByNameAsyncAndNotRegistered_ThenReturnsNone()
+ {
+ var result = await _service.FindByNameAsync("aname", CancellationToken.None);
+
+ result.Should().BeSuccess();
+ result.Value.Should().BeNone();
+ }
+
+ [Fact]
+ public async Task WhenSaveUserInfoAsyncAndProviderNotRegistered_ThenReturnsError()
+ {
+ var userInfo = new SSOUserInfo(new List(), "auser@company.com", "afirstname", null,
+ Timezones.Default, CountryCodes.Default);
+
+ var result =
+ await _service.SaveUserInfoAsync("aprovidername", "auserid".ToId(), userInfo, CancellationToken.None);
+
+ result.Should().BeError(ErrorCode.EntityNotFound,
+ Resources.SSOProvidersService_UnknownProvider.Format("aprovidername"));
+ }
+ }
+
+ [Trait("Category", "Unit")]
+ public class GivenAuthProviders
+ {
+ private readonly Mock _repository;
+ private readonly SSOProvidersService _service;
+
+ public GivenAuthProviders()
+ {
+ var recorder = new Mock();
+ var idFactory = new Mock();
+ idFactory.Setup(idf => idf.Create(It.IsAny()))
+ .Returns("anid".ToId());
+ _repository = new Mock();
+ var encryptionService = new Mock();
+ encryptionService.Setup(es => es.Encrypt(It.IsAny()))
+ .Returns((string value) => value);
+ encryptionService.Setup(es => es.Decrypt(It.IsAny()))
+ .Returns((string value) => value);
+
+ _service = new SSOProvidersService(recorder.Object, idFactory.Object, encryptionService.Object,
+ new List
+ {
+ new TestSSOAuthenticationProvider()
+ },
+ _repository.Object);
+ }
+
+ [Fact]
+ public async Task WhenFindByNameAsyncAndNotRegistered_ThenReturnsNone()
+ {
+ var result = await _service.FindByNameAsync("aname", CancellationToken.None);
+
+ result.Should().BeSuccess();
+ result.Value.Should().BeNone();
+ }
+
+ [Fact]
+ public async Task WhenFindByNameAsyncRegistered_ThenReturnsProvider()
+ {
+ var result = await _service.FindByNameAsync(TestSSOAuthenticationProvider.Name, CancellationToken.None);
+
+ result.Should().BeSuccess();
+ result.Value.Value.Should().BeOfType();
+ }
+
+ [Fact]
+ public async Task WhenSaveUserInfoAsyncAndProviderNotRegistered_ThenReturnsError()
+ {
+ var userInfo = new SSOUserInfo(new List(), "auser@company.com", "afirstname", null,
+ Timezones.Default, CountryCodes.Default);
+
+ var result =
+ await _service.SaveUserInfoAsync("aprovidername", "auserid".ToId(), userInfo, CancellationToken.None);
+
+ result.Should().BeError(ErrorCode.EntityNotFound,
+ Resources.SSOProvidersService_UnknownProvider.Format("aprovidername"));
+ }
+
+ [Fact]
+ public async Task WhenSaveUserInfoAsyncAndUserNotExists_ThenCreatesAndSavesDetails()
+ {
+ var userInfo = new SSOUserInfo(new List(), "auser@company.com", "afirstname", null,
+ Timezones.Default, CountryCodes.Default);
+ _repository.Setup(rep =>
+ rep.FindUserInfoByUserIdAsync(It.IsAny(), It.IsAny(),
+ It.IsAny()))
+ .ReturnsAsync(Optional.None);
+
+ var result =
+ await _service.SaveUserInfoAsync(TestSSOAuthenticationProvider.Name, "auserid".ToId(), userInfo,
+ CancellationToken.None);
+
+ result.Should().BeSuccess();
+ _repository.Verify(rep => rep.SaveAsync(It.Is(user =>
+ user.Id == "anid"
+ && user.UserId == "auserid"
+ && user.EmailAddress.Value.Address == "auser@company.com"
+ && user.Name.Value.FirstName == "afirstname"
+ && user.Name.Value.LastName == Optional.None
+ && user.Timezone.Value == Timezones.Default
+ && user.Address.Value.CountryCode == CountryCodes.Default
+ ), It.IsAny()));
+ }
+ }
+}
+
+public class TestSSOAuthenticationProvider : ISSOAuthenticationProvider
+{
+ public const string Name = "atestprovider";
+
+ public Task> AuthenticateAsync(ICallerContext context, string authCode,
+ string? emailAddress,
+ CancellationToken cancellationToken)
+ {
+ throw new NotImplementedException();
+ }
+
+ public string ProviderName => Name;
+}
\ No newline at end of file
diff --git a/src/IdentityApplication.UnitTests/SingleSignOnApplicationSpec.cs b/src/IdentityApplication.UnitTests/SingleSignOnApplicationSpec.cs
new file mode 100644
index 00000000..1e25fea4
--- /dev/null
+++ b/src/IdentityApplication.UnitTests/SingleSignOnApplicationSpec.cs
@@ -0,0 +1,279 @@
+using Application.Interfaces;
+using Application.Resources.Shared;
+using Application.Services.Shared;
+using Common;
+using Domain.Common.ValueObjects;
+using FluentAssertions;
+using IdentityApplication.ApplicationServices;
+using Moq;
+using UnitTesting.Common;
+using Xunit;
+
+namespace IdentityApplication.UnitTests;
+
+[Trait("Category", "Unit")]
+public class SingleSignOnApplicationSpec
+{
+ private readonly SingleSignOnApplication _application;
+ private readonly Mock _authTokensService;
+ private readonly Mock _caller;
+ private readonly Mock _endUsersService;
+ private readonly Mock _ssoProvider;
+ private readonly Mock _ssoProvidersService;
+
+ public SingleSignOnApplicationSpec()
+ {
+ var recorder = new Mock();
+ _caller = new Mock();
+ _endUsersService = new Mock();
+ _ssoProvider = new Mock();
+ _ssoProvidersService = new Mock();
+ _ssoProvidersService.Setup(sps => sps.FindByNameAsync(It.IsAny(), It.IsAny()))
+ .ReturnsAsync(_ssoProvider.Object.ToOptional());
+ _authTokensService = new Mock();
+
+ _application = new SingleSignOnApplication(recorder.Object, _endUsersService.Object,
+ _ssoProvidersService.Object,
+ _authTokensService.Object);
+ }
+
+ [Fact]
+ public async Task WhenAuthenticateAndNoProvider_ThenReturnsError()
+ {
+ _ssoProvidersService.Setup(sp => sp.FindByNameAsync(It.IsAny(), It.IsAny()))
+ .ReturnsAsync(Optional.None);
+
+ var result = await _application.AuthenticateAsync(_caller.Object, "aprovidername", "anauthcode", null,
+ CancellationToken.None);
+
+ result.Should().BeError(ErrorCode.NotAuthenticated);
+ _endUsersService.Verify(
+ eus => eus.FindPersonByEmailAsync(It.IsAny(), It.IsAny(),
+ It.IsAny()), Times.Never);
+ }
+
+ [Fact]
+ public async Task WhenAuthenticateAndProviderErrors_ThenReturnsError()
+ {
+ _ssoProvider.Setup(sp =>
+ sp.AuthenticateAsync(It.IsAny(), It.IsAny(), It.IsAny(),
+ It.IsAny()))
+ .ReturnsAsync(Error.Unexpected("amessage"));
+
+ var result = await _application.AuthenticateAsync(_caller.Object, "aprovidername", "anauthcode", null,
+ CancellationToken.None);
+
+ result.Should().BeError(ErrorCode.Unexpected, "amessage");
+ _endUsersService.Verify(
+ eus => eus.FindPersonByEmailAsync(It.IsAny(), It.IsAny(),
+ It.IsAny()), Times.Never);
+ }
+
+ [Fact]
+ public async Task WhenAuthenticateAndPersonExistsButNotRegisteredYet_ThenIssuesToken()
+ {
+ var userInfo = new SSOUserInfo(new List(), "auser@company.com", "afirstname", null,
+ Timezones.Default,
+ CountryCodes.Default);
+ _ssoProvider.Setup(sp =>
+ sp.AuthenticateAsync(It.IsAny(), It.IsAny(), It.IsAny(),
+ It.IsAny()))
+ .ReturnsAsync(userInfo);
+ var endUser = new EndUser
+ {
+ Id = "anexistinguserid"
+ };
+ _endUsersService.Setup(eus =>
+ eus.FindPersonByEmailAsync(It.IsAny(), It.IsAny(),
+ It.IsAny()))
+ .ReturnsAsync(endUser.ToOptional());
+ _endUsersService.Setup(eus =>
+ eus.GetMembershipsAsync(It.IsAny(), It.IsAny(), It.IsAny()))
+ .ReturnsAsync(new EndUserWithMemberships
+ {
+ Id = "amembershipsuserid",
+ Status = EndUserStatus.Unregistered,
+ Access = EndUserAccess.Enabled
+ });
+ var expiresOn = DateTime.UtcNow;
+ _authTokensService.Setup(ats => ats.IssueTokensAsync(It.IsAny(),
+ It.IsAny(), It.IsAny()))
+ .ReturnsAsync(new AccessTokens("anaccesstoken", expiresOn, "arefreshtoken", expiresOn));
+
+ var result = await _application.AuthenticateAsync(_caller.Object, "aprovidername", "anauthcode", null,
+ CancellationToken.None);
+
+ result.Should().BeError(ErrorCode.NotAuthenticated);
+ _endUsersService.Verify(eus =>
+ eus.FindPersonByEmailAsync(_caller.Object, "auser@company.com", It.IsAny()));
+ _endUsersService.Verify(eus => eus.RegisterPersonAsync(It.IsAny(), It.IsAny(),
+ It.IsAny(), It.IsAny(),
+ It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny()), Times.Never);
+ _ssoProvidersService.Verify(
+ sps => sps.SaveUserInfoAsync(It.IsAny(), It.IsAny(), It.IsAny(),
+ It.IsAny()), Times.Never);
+ _endUsersService.Verify(eus =>
+ eus.GetMembershipsAsync(_caller.Object, "anexistinguserid", It.IsAny()));
+ _authTokensService.Verify(
+ ats => ats.IssueTokensAsync(It.IsAny(), It.IsAny(),
+ It.IsAny()), Times.Never);
+ }
+
+ [Fact]
+ public async Task WhenAuthenticateAndPersonExistsButSuspended_ThenIssuesToken()
+ {
+ var userInfo = new SSOUserInfo(new List(), "auser@company.com", "afirstname", null,
+ Timezones.Default,
+ CountryCodes.Default);
+ _ssoProvider.Setup(sp =>
+ sp.AuthenticateAsync(It.IsAny(), It.IsAny(), It.IsAny(),
+ It.IsAny()))
+ .ReturnsAsync(userInfo);
+ var endUser = new EndUser
+ {
+ Id = "anexistinguserid"
+ };
+ _endUsersService.Setup(eus =>
+ eus.FindPersonByEmailAsync(It.IsAny(), It.IsAny(),
+ It.IsAny()))
+ .ReturnsAsync(endUser.ToOptional());
+ _endUsersService.Setup(eus =>
+ eus.GetMembershipsAsync(It.IsAny(), It.IsAny(), It.IsAny()))
+ .ReturnsAsync(new EndUserWithMemberships
+ {
+ Id = "amembershipsuserid",
+ Status = EndUserStatus.Registered,
+ Access = EndUserAccess.Suspended
+ });
+ var expiresOn = DateTime.UtcNow;
+ _authTokensService.Setup(ats => ats.IssueTokensAsync(It.IsAny(),
+ It.IsAny(), It.IsAny()))
+ .ReturnsAsync(new AccessTokens("anaccesstoken", expiresOn, "arefreshtoken", expiresOn));
+
+ var result = await _application.AuthenticateAsync(_caller.Object, "aprovidername", "anauthcode", null,
+ CancellationToken.None);
+
+ result.Should().BeError(ErrorCode.EntityExists, Resources.SingleSignOnApplication_AccountSuspended);
+ _endUsersService.Verify(eus =>
+ eus.FindPersonByEmailAsync(_caller.Object, "auser@company.com", It.IsAny()));
+ _endUsersService.Verify(eus => eus.RegisterPersonAsync(It.IsAny(), It.IsAny(),
+ It.IsAny(), It.IsAny(),
+ It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny()), Times.Never);
+ _ssoProvidersService.Verify(
+ sps => sps.SaveUserInfoAsync(It.IsAny(), It.IsAny(), It.IsAny(),
+ It.IsAny()), Times.Never);
+ _endUsersService.Verify(eus =>
+ eus.GetMembershipsAsync(_caller.Object, "anexistinguserid", It.IsAny()));
+ _authTokensService.Verify(
+ ats => ats.IssueTokensAsync(It.IsAny(), It.IsAny(),
+ It.IsAny()), Times.Never);
+ }
+
+ [Fact]
+ public async Task WhenAuthenticateAndPersonNotExists_ThenRegistersPersonAndIssuesToken()
+ {
+ var userInfo = new SSOUserInfo(new List(), "auser@company.com", "afirstname", null,
+ Timezones.Default,
+ CountryCodes.Default);
+ _ssoProvider.Setup(sp =>
+ sp.AuthenticateAsync(It.IsAny(), It.IsAny(), It.IsAny(),
+ It.IsAny()))
+ .ReturnsAsync(userInfo);
+ _endUsersService.Setup(eus =>
+ eus.FindPersonByEmailAsync(It.IsAny(), It.IsAny(),
+ It.IsAny()))
+ .ReturnsAsync(Optional.None());
+ _endUsersService.Setup(eus => eus.RegisterPersonAsync(It.IsAny(), It.IsAny(),
+ It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(), It.IsAny(),
+ It.IsAny()))
+ .ReturnsAsync(new RegisteredEndUser
+ {
+ Id = "aregistereduserid"
+ });
+ _endUsersService.Setup(eus =>
+ eus.GetMembershipsAsync(It.IsAny(), It.IsAny(), It.IsAny()))
+ .ReturnsAsync(new EndUserWithMemberships
+ {
+ Id = "amembershipsuserid",
+ Status = EndUserStatus.Registered,
+ Access = EndUserAccess.Enabled
+ });
+ var expiresOn = DateTime.UtcNow;
+ _authTokensService.Setup(ats => ats.IssueTokensAsync(It.IsAny(),
+ It.IsAny(), It.IsAny()))
+ .ReturnsAsync(new AccessTokens("anaccesstoken", expiresOn, "arefreshtoken", expiresOn));
+
+ var result = await _application.AuthenticateAsync(_caller.Object, "aprovidername", "anauthcode", null,
+ CancellationToken.None);
+
+ result.Should().BeSuccess();
+ result.Value.AccessToken.Value.Should().Be("anaccesstoken");
+ result.Value.AccessToken.ExpiresOn.Should().Be(expiresOn);
+ result.Value.RefreshToken.Value.Should().Be("arefreshtoken");
+ result.Value.RefreshToken.ExpiresOn.Should().Be(expiresOn);
+ _endUsersService.Verify(eus =>
+ eus.FindPersonByEmailAsync(_caller.Object, "auser@company.com", It.IsAny()));
+ _endUsersService.Verify(eus => eus.RegisterPersonAsync(_caller.Object, "auser@company.com", "afirstname", null,
+ Timezones.Default.ToString(), CountryCodes.Default.ToString(), true, It.IsAny()));
+ _ssoProvidersService.Verify(sps => sps.SaveUserInfoAsync("aprovidername", "aregistereduserid".ToId(),
+ It.Is(ui => ui == userInfo), It.IsAny()));
+ _endUsersService.Verify(eus =>
+ eus.GetMembershipsAsync(_caller.Object, "aregistereduserid", It.IsAny()));
+ _authTokensService.Verify(ats => ats.IssueTokensAsync(_caller.Object, It.Is(eu =>
+ eu.Id == "amembershipsuserid"
+ ), It.IsAny()));
+ }
+
+ [Fact]
+ public async Task WhenAuthenticateAndPersonExists_ThenIssuesToken()
+ {
+ var userInfo = new SSOUserInfo(new List(), "auser@company.com", "afirstname", null,
+ Timezones.Default,
+ CountryCodes.Default);
+ _ssoProvider.Setup(sp =>
+ sp.AuthenticateAsync(It.IsAny(), It.IsAny(), It.IsAny(),
+ It.IsAny()))
+ .ReturnsAsync(userInfo);
+ var endUser = new EndUser
+ {
+ Id = "anexistinguserid"
+ };
+ _endUsersService.Setup(eus =>
+ eus.FindPersonByEmailAsync(It.IsAny(), It.IsAny(),
+ It.IsAny()))
+ .ReturnsAsync(endUser.ToOptional());
+ _endUsersService.Setup(eus =>
+ eus.GetMembershipsAsync(It.IsAny(), It.IsAny(), It.IsAny()))
+ .ReturnsAsync(new EndUserWithMemberships
+ {
+ Id = "amembershipsuserid",
+ Status = EndUserStatus.Registered,
+ Access = EndUserAccess.Enabled
+ });
+ var expiresOn = DateTime.UtcNow;
+ _authTokensService.Setup(ats => ats.IssueTokensAsync(It.IsAny(),
+ It.IsAny(), It.IsAny()))
+ .ReturnsAsync(new AccessTokens("anaccesstoken", expiresOn, "arefreshtoken", expiresOn));
+
+ var result = await _application.AuthenticateAsync(_caller.Object, "aprovidername", "anauthcode", null,
+ CancellationToken.None);
+
+ result.Should().BeSuccess();
+ result.Value.AccessToken.Value.Should().Be("anaccesstoken");
+ result.Value.AccessToken.ExpiresOn.Should().Be(expiresOn);
+ result.Value.RefreshToken.Value.Should().Be("arefreshtoken");
+ result.Value.RefreshToken.ExpiresOn.Should().Be(expiresOn);
+ _endUsersService.Verify(eus =>
+ eus.FindPersonByEmailAsync(_caller.Object, "auser@company.com", It.IsAny()));
+ _endUsersService.Verify(eus => eus.RegisterPersonAsync(It.IsAny(), It.IsAny(),
+ It.IsAny