Merge pull request #331 from TransactionProcessing/task/#10_userwelcomeemail

Welcome email added

Author: StuartFerguson

SecurityService.BusinessLogic/ISecurityServiceManager.cs

@@ -11,6 +11,8 @@ namespace SecurityService.BusinessLogic
 
     public interface ISecurityServiceManager
     {
+        Task SendWelcomeEmail(String userName, CancellationToken cancellationToken);
+
         Task<Boolean> ConfirmEmailAddress(String userName,
                                  String confirmEmailToken,
                                  CancellationToken cancellationToken);
@@ -160,7 +162,6 @@ Task<Guid> CreateUser(String givenName,
                               String phoneNumber,
                               Dictionary<String, String> claims,
                               List<String> roles,
-                              Boolean? requireRegistrationEmail,
                               CancellationToken cancellationToken);
 
         /// <summary>

SecurityService.BusinessLogic/SecurityServiceManager.cs

@@ -313,7 +313,6 @@ public async Task<Guid> CreateUser(String givenName,
                                            String phoneNumber,
                                            Dictionary<String, String> claims,
                                            List<String> roles,
-                                           Boolean? requireRegistrationEmail,
                                            CancellationToken cancellationToken) {
             Guid userId = Guid.NewGuid();
 
@@ -328,11 +327,11 @@ public async Task<Guid> CreateUser(String givenName,
                                                                 PhoneNumber = phoneNumber
                                                             };
 
-            // Set the password
-            // TODO: generate password when not supplied (use GenerateRandomPassword)
+            String passwordValue = String.IsNullOrEmpty(password) ? SecurityServiceManager.GenerateRandomPassword(this.UserManager.Options.Password) : password;
 
-            // Hash the new password
-            newIdentityUser.PasswordHash = this.PasswordHasher.HashPassword(newIdentityUser, password);
+            // Hash the default password
+            newIdentityUser.PasswordHash =
+                this.PasswordHasher.HashPassword(newIdentityUser, passwordValue);
 
             if (String.IsNullOrEmpty(newIdentityUser.PasswordHash)) {
                 throw new IdentityResultException("Error generating password hash value, hash was null or empty", IdentityResult.Failed());
@@ -706,7 +705,7 @@ public async Task ProcessPasswordResetRequest(String username,
             resetToken = UrlEncoder.Default.Encode(resetToken);
             String baseAddress = ConfigurationReader.GetValue("ServiceOptions", "PublicOrigin");
             String uri = $"{baseAddress}/Account/ForgotPassword/Confirm?userName={user.UserName}&resetToken={resetToken}&clientId={clientId}";
-            
+
             TokenResponse token = await this.GetToken(cancellationToken);
             SendEmailRequest emailRequest = this.BuildPasswordResetEmailRequest(user, uri);
             try {
@@ -717,6 +716,24 @@ public async Task ProcessPasswordResetRequest(String username,
             }
         }
 
+        public async Task SendWelcomeEmail(String userName,
+                                           CancellationToken cancellationToken) {
+            IdentityUser i = await this.UserManager.FindByNameAsync(userName);
+            await this.UserManager.RemovePasswordAsync(i);
+            String generatedPassword = SecurityServiceManager.GenerateRandomPassword(this.UserManager.Options.Password);
+            await this.UserManager.AddPasswordAsync(i, generatedPassword);
+
+            // Send Email
+            TokenResponse token = await this.GetToken(cancellationToken);
+            SendEmailRequest emailRequest = this.BuildWelcomeEmail(i.Email, generatedPassword);
+            try {
+                await this.MessagingServiceClient.SendEmail(token.AccessToken, emailRequest, cancellationToken);
+            }
+            catch(Exception ex) {
+                Logger.LogError(ex);
+            }
+        }
+
         [ExcludeFromCodeCoverage]
         public async Task Signout() {
             await this.SignInManager.SignOutAsync();
@@ -791,6 +808,36 @@ private SendEmailRequest BuildPasswordResetEmailRequest(IdentityUser user,
             return request;
         }
 
+        private SendEmailRequest BuildWelcomeEmail(String emailAddress,
+                                                   String password) {
+            StringBuilder mesasgeBuilder = new StringBuilder();
+            mesasgeBuilder.AppendLine("<html><body>");
+            mesasgeBuilder.AppendLine("<p>Welcome to Transaction Processing System</p>");
+            mesasgeBuilder.AppendLine("<p></p>");
+            mesasgeBuilder.AppendLine("<p>Please find below your user details:</p>");
+            mesasgeBuilder.AppendLine("<table>");
+            mesasgeBuilder.AppendLine("<tr><td><strong>User Name</strong></td></tr>");
+            mesasgeBuilder.AppendLine($"<tr><td id=\"username\">{emailAddress}</td></tr>");
+            mesasgeBuilder.AppendLine("<tr><td><strong>Password</strong></td></tr>");
+            mesasgeBuilder.AppendLine($"<tr><td id=\"password\">{password}</td></tr>");
+            mesasgeBuilder.AppendLine("</table>");
+            mesasgeBuilder.AppendLine("</body></html>");
+
+            SendEmailRequest request = new() {
+                                                 Body = mesasgeBuilder.ToString(),
+                                                 ConnectionIdentifier = Guid.NewGuid(),
+                                                 FromAddress = "golfhandicapping@btinternet.com",
+                                                 IsHtml = true,
+                                                 Subject = "Welcome to Transaction Processing",
+                                                 ToAddresses = new List<String> {
+                                                                                    emailAddress,
+                                                                                    "stuart_ferguson1@outlook.com"
+                                                                                }
+                                             };
+
+            return request;
+        }
+
         /// <summary>
         /// Converts the users claims.
         /// </summary>
@@ -816,6 +863,47 @@ private async Task<List<String>> ConvertUsersRoles(IdentityUser identityUser) {
             return roles.ToList();
         }
 
+        private static String GenerateRandomPassword(PasswordOptions opts = null) {
+            if (opts == null)
+                opts = new PasswordOptions {
+                                               RequiredLength = 8,
+                                               RequiredUniqueChars = 4,
+                                               RequireDigit = true,
+                                               RequireLowercase = true,
+                                               RequireNonAlphanumeric = true,
+                                               RequireUppercase = true
+                                           };
+
+            String[] randomChars = {
+                                       "ABCDEFGHJKLMNOPQRSTUVWXYZ", // uppercase 
+                                       "abcdefghijkmnopqrstuvwxyz", // lowercase
+                                       "0123456789", // digits
+                                       "!@$?_-" // non-alphanumeric
+                                   };
+
+            Random rand = new Random(Environment.TickCount);
+            List<Char> chars = new List<Char>();
+
+            if (opts.RequireUppercase)
+                chars.Insert(rand.Next(0, chars.Count), randomChars[0][rand.Next(0, randomChars[0].Length)]);
+
+            if (opts.RequireLowercase)
+                chars.Insert(rand.Next(0, chars.Count), randomChars[1][rand.Next(0, randomChars[1].Length)]);
+
+            if (opts.RequireDigit)
+                chars.Insert(rand.Next(0, chars.Count), randomChars[2][rand.Next(0, randomChars[2].Length)]);
+
+            if (opts.RequireNonAlphanumeric)
+                chars.Insert(rand.Next(0, chars.Count), randomChars[3][rand.Next(0, randomChars[3].Length)]);
+
+            for (Int32 i = chars.Count; i < opts.RequiredLength || chars.Distinct().Count() < opts.RequiredUniqueChars; i++) {
+                String rcs = randomChars[rand.Next(0, randomChars.Length)];
+                chars.Insert(rand.Next(0, chars.Count), rcs[rand.Next(0, rcs.Length)]);
+            }
+
+            return new String(chars.ToArray());
+        }
+
         private async Task<TokenResponse> GetToken(CancellationToken cancellationToken) {
             // Get a token to talk to the estate service
             String clientId = ConfigurationReader.GetValue("AppSettings", "ClientId");

SecurityService.DataTransferObjects/Requests/CreateUserRequest.cs

@@ -15,9 +15,6 @@ public class CreateUserRequest
         [JsonProperty("phone_number")]
         public String PhoneNumber { get; set; }
 
-        [JsonProperty("password")]
-        public String Password { get; set; }
-
         [JsonProperty("claims")]
         public Dictionary<String, String> Claims { get; set; }
 
@@ -33,7 +30,7 @@ public class CreateUserRequest
         [JsonProperty("family_name")]
         public String FamilyName { get; set; }
 
-        [JsonProperty("require_registration_email")]
-        public Boolean? RequireRegistrationEmail { get; set; }
+        [JsonProperty("password")]
+        public String Password { get; set; }
     }
 }

SecurityService.IntegrationTests/Users/Users.feature

@@ -10,25 +10,25 @@ Background:
 
 Scenario: Create User
 	Given I create the following users
-	| Email Address           | Password | Phone Number | Given Name | Middle Name | Family Name | Claims                      | Roles     |
-	| testuser1@testing.co.uk | 123456   | 123456789    | Test       |             | User 1      | Claim1:value1,Claim2:value2 | TestRole1 |
+	| Email Address           | Phone Number | Given Name | Middle Name | Family Name | Claims                      | Roles     |
+	| testuser1@testing.co.uk | 123456789    | Test       |             | User 1      | Claim1:value1,Claim2:value2 | TestRole1 |
 
 Scenario: Get User
 	Given I create the following users
-	| Email Address           | Password | Phone Number | Given Name | Middle Name | Family Name | Claims | Roles     |
-	| testuser1@testing.co.uk | 123456   | 123456789    | Test       |             | User 1      |        | TestRole1 |
-	| testuser2@testing.co.uk | 123456   | 123456789    | Test       |             | User 2      |        | TestRole2 |
+	| Email Address           | Phone Number | Given Name | Middle Name | Family Name | Claims | Roles     |
+	| testuser1@testing.co.uk | 123456789    | Test       |             | User 1      |        | TestRole1 |
+	| testuser2@testing.co.uk | 123456789    | Test       |             | User 2      |        | TestRole2 |
 	When I get the user with user name 'testuser1@testing.co.uk' the user details are returned as follows
 	| Email Address           | Phone Number | Given Name | Middle Name | Family Name | Claims                                                             | Roles     |
 	| testuser1@testing.co.uk | 123456789    | Test       |             | User 1      | email:testuser1@testing.co.uk, given_name:Test, family_name:User 1 | TestRole1 |
 
 @PRTest
 Scenario: Get Users
 	Given I create the following users
-	| Email Address           | Password | Phone Number | Given Name | Middle Name | Family Name | Claims | Roles     |
-	| testuser1@testing.co.uk | 123456   | 123456789    | Test       |             | User 1      |        | TestRole1 |
-	| testuser2@testing.co.uk | 123456   | 123456789    | Test       |             | User 2      |        | TestRole2 |
-	| testuser3@testing.co.uk | 123456   | 123456789    | Test       |             | User 3      |        | TestRole3 |
+	| Email Address           | Phone Number | Given Name | Middle Name | Family Name | Claims | Roles     |
+	| testuser1@testing.co.uk | 123456789    | Test       |             | User 1      |        | TestRole1 |
+	| testuser2@testing.co.uk | 123456789    | Test       |             | User 2      |        | TestRole2 |
+	| testuser3@testing.co.uk | 123456789    | Test       |             | User 3      |        | TestRole3 |
 	When I get the users 3 users details are returned as follows
 	| Email Address           | Phone Number | Given Name | Middle Name | Family Name | Claims                                                             | Roles     |
 	| testuser1@testing.co.uk | 123456789    | Test       |             | User 1      | email:testuser1@testing.co.uk, given_name:Test, family_name:User 1 | TestRole1 |

SecurityService.IntegrationTests/Users/Users.feature.cs

@@ -80,8 +80,9 @@ public async Task GivenICreateTheFollowingUsers(Table table)
                                                           MiddleName = SpecflowTableHelper.GetStringRowValue(tableRow, "Middle name"),
                                                           Claims = userClaims,
                                                           Roles = string.IsNullOrEmpty(roles) ? null : roles.Split(",").ToList(),
-                                                          Password = SpecflowTableHelper.GetStringRowValue(tableRow, "Password")
-                                                      };
+                                                          Password= SpecflowTableHelper.GetStringRowValue(tableRow, "Password")
+                };
+                
                 CreateUserResponse createUserResponse = await this.CreateUser(createUserRequest, CancellationToken.None).ConfigureAwait(false);
 
                 createUserResponse.ShouldNotBeNull();

SecurityService.IntegrationTests/Users/UsersSteps.cs

@@ -21,16 +21,20 @@ Background:
 	| ClientId       | Name            | Secret  | Scopes                                | GrantTypes | RedirectUris                     | PostLogoutRedirectUris            | RequireConsent | AllowOfflineAccess | ClientUri            |
 	| estateUIClient | Merchant Client | Secret1 | estateManagement,openid,email,profile | hybrid     | https://[url]:[port]/signin-oidc | https://[url]:[port]/signout-oidc | false          | true               | https://[url]:[port] |
 
-	Given I create the following users
-	| Email Address                    | Password | Phone Number | Given Name | Middle Name | Family Name | Claims     | Roles      |
-	| estateuser@testestate1.co.uk | 123456   | 123456789    | Test       |             | User 1      | EstateId:1 | Estate |
 
 @PRTest
 Scenario: Change Passwword
+	Given I create the following users
+	| Email Address                | Phone Number | Given Name | Middle Name | Family Name | Claims     | Roles  |
+	| estateuser@testestate1.co.uk | 123456789    | Test       |             | User 1      | EstateId:1 | Estate |
+	Then I get an email with a confirm email address link
+	When I navigate to the confirm email address
+	Then I am presented with the confirm email address successful screen
+	And I get a welcome email with my login details
 	Given I am on the application home page
 	When I click the 'Privacy' link
 	Then I am presented with a login screen
-	When I login with the username 'estateuser@testestate1.co.uk' and password '123456'
+	When I login with the username 'estateuser@testestate1.co.uk' and the provided password
 	Then I am presented with the privacy screen
 	When I click the 'ChangePassword' link
 	Then I am presented with a change password screen