Improve security logic

Author: craigfowler

CSF.Security/AuthenticationService.cs

@@ -30,7 +30,7 @@ namespace CSF.Security
   /// <summary>
   /// Abstract base type for an authentication service.
   /// </summary>
-  public abstract class AuthenticationService<TEnteredCredentials,TStoredCredentials>
+  public class AuthenticationService<TEnteredCredentials,TStoredCredentials>
     : IAuthenticationService<TEnteredCredentials>, IAuthenticationService
   {
     #region fields

CSF.Security/Base64KeyAndSalt.cs

@@ -30,21 +30,21 @@ namespace CSF.Security
   /// <summary>
   /// Base type for stored credentials which includes a key and salt stored as Base64-encoded strings.
   /// </summary>
-  public abstract class Base64KeyAndSalt : IStoredCredentialsWithKeyAndSalt
+  public class Base64KeyAndSalt : IStoredCredentialsWithKeyAndSalt
   {
     #region properties
 
     /// <summary>
-    /// Gets or sets the key data.
+    /// Gets or sets the Base64-encoded representation of the stored key hash.
     /// </summary>
     /// <value>The key data.</value>
-    public string KeyData { get; set; }
+    public virtual string Key { get; set; }
 
     /// <summary>
-    /// Gets or sets the salt data.
+    /// Gets or sets the Base64-encoded representation of the stored salt.
     /// </summary>
     /// <value>The salt data.</value>
-    public string SaltData { get; set; }
+    public virtual string Salt { get; set; }
 
     #endregion
 
@@ -56,12 +56,12 @@ public abstract class Base64KeyAndSalt : IStoredCredentialsWithKeyAndSalt
     /// <returns>The key as a byte array.</returns>
     public virtual byte[] GetKeyAsByteArray()
     {
-      if(KeyData == null)
+      if(Key == null)
       {
         return null;
       }
 
-      return Convert.FromBase64String(KeyData);
+      return Convert.FromBase64String(Key);
     }
 
     /// <summary>
@@ -70,12 +70,12 @@ public virtual byte[] GetKeyAsByteArray()
     /// <returns>The salt as a byte array.</returns>
     public virtual byte[] GetSaltAsByteArray()
     {
-      if(SaltData == null)
+      if(Salt == null)
       {
         return null;
       }
 
-      return Convert.FromBase64String(SaltData);
+      return Convert.FromBase64String(Salt);
     }
 
     #endregion

CSF.Security/BinaryKeyAndSalt.cs

@@ -30,21 +30,21 @@ namespace CSF.Security
   /// <summary>
   /// Base type for stored credentials which includes a key and salt stored as binary data.
   /// </summary>
-  public abstract class BinaryKeyAndSalt : IStoredCredentialsWithKeyAndSalt
+  public class BinaryKeyAndSalt : IStoredCredentialsWithKeyAndSalt
   {
     #region properties
 
     /// <summary>
     /// Gets or sets the key bytes.
     /// </summary>
     /// <value>The key bytes.</value>
-    public byte[] KeyBytes { get; set; }
+    public virtual byte[] Key { get; set; }
 
     /// <summary>
     /// Gets or sets the salt bytes.
     /// </summary>
     /// <value>The salt bytes.</value>
-    public byte[] SaltBytes { get; set; }
+    public virtual byte[] Salt { get; set; }
 
     #endregion
 
@@ -56,7 +56,7 @@ public abstract class BinaryKeyAndSalt : IStoredCredentialsWithKeyAndSalt
     /// <returns>The key as a byte array.</returns>
     public virtual byte[] GetKeyAsByteArray()
     {
-      return KeyBytes;
+      return Key;
     }
 
     /// <summary>
@@ -65,7 +65,7 @@ public virtual byte[] GetKeyAsByteArray()
     /// <returns>The salt as a byte array.</returns>
     public virtual byte[] GetSaltAsByteArray()
     {
-      return SaltBytes;
+      return Salt;
     }
 
     #endregion

Test.CSF/Security/TestAuthenticationService.cs

@@ -0,0 +1,158 @@
+//
+// TestAuthenticationService.cs
+//
+// Author:
+//       Craig Fowler <craig@craigfowler.me.uk>
+//
+// Copyright (c) 2016 Craig Fowler
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+using System;
+using CSF.Security;
+using NUnit.Framework;
+using Moq;
+
+namespace Test.CSF.Security
+{
+  [TestFixture]
+  public class TestAuthenticationService
+  {
+    #region fields
+
+    private Mock<ICredentialsRepository<StubEnteredCredentials,StubStoredCredentials>> _repository;
+    private Mock<ICredentialVerifier<StubEnteredCredentials,StubStoredCredentials>> _verifier;
+
+    private IAuthenticationService<StubEnteredCredentials> _sut;
+
+    #endregion
+
+    #region setup
+
+    [SetUp]
+    public void Setup()
+    {
+      _repository = new Mock<ICredentialsRepository<StubEnteredCredentials, StubStoredCredentials>>();
+      _verifier = new Mock<ICredentialVerifier<StubEnteredCredentials, StubStoredCredentials>>();
+
+      _sut = new AuthenticationService<StubEnteredCredentials,StubStoredCredentials>(_repository.Object,
+                                                                                     _verifier.Object);
+    }
+
+    #endregion
+
+    #region tests
+
+    [Test]
+    public void Authenticate_returns_not_found_result_when_credentials_not_found()
+    {
+      // Arrange
+      var entered = Mock.Of<StubEnteredCredentials>();
+
+      _repository.Setup(x => x.GetStoredCredentials(entered)).Returns((StubStoredCredentials) null);
+
+      // Act
+      var result = _sut.Authenticate(entered);
+
+      // Assert
+      Assert.IsFalse(result.CredentialsFound);
+    }
+
+    [Test]
+    public void Authenticate_returns_failure_result_when_credentials_not_found()
+    {
+      // Arrange
+      var entered = Mock.Of<StubEnteredCredentials>();
+
+      _repository.Setup(x => x.GetStoredCredentials(entered)).Returns((StubStoredCredentials) null);
+
+      // Act
+      var result = _sut.Authenticate(entered);
+
+      // Assert
+      Assert.IsFalse(result.CredentialsVerified);
+    }
+
+    [Test]
+    public void Authenticate_returns_found_result_when_credentials_are_found()
+    {
+      // Arrange
+      var entered = Mock.Of<StubEnteredCredentials>();
+      var stored = Mock.Of<StubStoredCredentials>();
+
+      _repository.Setup(x => x.GetStoredCredentials(entered)).Returns(stored);
+
+      // Act
+      var result = _sut.Authenticate(entered);
+
+      // Assert
+      Assert.IsTrue(result.CredentialsFound);
+    }
+
+    [Test]
+    public void Authenticate_returns_failure_result_when_authentication_fails()
+    {
+      // Arrange
+      var entered = Mock.Of<StubEnteredCredentials>();
+      var stored = Mock.Of<StubStoredCredentials>();
+
+      _repository.Setup(x => x.GetStoredCredentials(entered)).Returns(stored);
+      _verifier.Setup(x => x.Verify(entered, stored)).Returns(false);
+
+      // Act
+      var result = _sut.Authenticate(entered);
+
+      // Assert
+      Assert.IsFalse(result.CredentialsVerified);
+    }
+
+    [Test]
+    public void Authenticate_returns_success_result_when_authentication_passes()
+    {
+      // Arrange
+      var entered = Mock.Of<StubEnteredCredentials>();
+      var stored = Mock.Of<StubStoredCredentials>();
+
+      _repository.Setup(x => x.GetStoredCredentials(entered)).Returns(stored);
+      _verifier.Setup(x => x.Verify(entered, stored)).Returns(true);
+
+      // Act
+      var result = _sut.Authenticate(entered);
+
+      // Assert
+      Assert.IsTrue(result.CredentialsVerified);
+    }
+
+    #endregion
+
+    #region contained types
+
+    public class StubStoredCredentials : Base64KeyAndSalt {}
+
+    public class StubEnteredCredentials : ICredentialsWithPassword
+    {
+      public virtual byte[] GetPasswordAsByteArray()
+      {
+        throw new NotImplementedException();
+      }
+    }
+
+    #endregion
+  }
+}
+

Test.CSF/Test.CSF.csproj

@@ -96,6 +96,7 @@
     <Compile Include="Collections\Legacy\TestIesiCollectionExtensions.cs" />
     <Compile Include="Collections\Legacy\TestReferenceSet.cs" />
     <Compile Include="Security\TestPBKDF2CredentialVerifier.cs" />
+    <Compile Include="Security\TestAuthenticationService.cs" />
   </ItemGroup>
   <Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
   <ItemGroup>