public void User_Ban_Test()
 {
     var controller = TestHelper.Resolve<UsersController>();
     var context = new FakeControllerContext(controller);
     var sessionWrapper = new SessionWrapper(context.HttpContext);
     sessionWrapper.SetUser(ServicesTests.GetTestUser(), AuthenticationProvider.CustomDb);
     controller.ControllerContext = context;
     controller.Ban(0, ModeratorReason.Spamming, null);
     Assert.IsFalse((bool)controller.ViewData.Model);
 }
        public void PreventFloodAttribute_Role_Test()
        {
            //set up context
            var controller = TestHelper.Resolve<TopicsController>();
            var controllerContext = new FakeControllerContext(controller, "http://localhost");
            var executingFilterContext = new ActionExecutingContext(controllerContext, new FakeActionDescriptor(), new Dictionary<string, object>());
            var executedfilterContext = new ActionExecutedContext(controllerContext, new FakeActionDescriptor(), false, null);
            var httpContext = (FakeHttpContext) controllerContext.HttpContext;
            httpContext.CleanCache();

            //set up attr
            var attr = new PreventFloodAttribute(typeof(EmptyResult));
            attr.Config.SpamPrevention.FloodControl.TimeBetweenPosts = 5;
            attr.Config.SpamPrevention.FloodControl.IgnoreForRole = UserRole.Moderator; //ignore for moderator or admin

            var session = new SessionWrapper(httpContext);
            session.SetUser(new User() { Role = UserRole.Moderator }, AuthenticationProvider.CustomDb);

            //first execution
            attr.OnActionExecuting(executingFilterContext);
            Assert.AreNotEqual<bool?>(true, (bool?)controller.ViewBag.ShowCaptcha);
            attr.OnActionExecuted(executedfilterContext);

            //second execution: must NOT be considered as flooding
            attr.OnActionExecuting(executingFilterContext);
            Assert.AreNotEqual<bool?>(true, (bool?)controller.ViewBag.ShowCaptcha);
            attr.OnActionExecuted(executedfilterContext);
        }
Beispiel #3
0
        /// <summary>
        /// Logs the user in or creates the a site user account if the user does not exist, based on membership user.
        /// Sets the logged user in the session.
        /// </summary>
        /// <exception cref="ValidationException"></exception>
        /// <returns>The user id of the authenticated user</returns>
        public static int TryFinishMembershipLogin(SessionWrapper session, MembershipUser membershipUser, IUsersService service)
        {
            if (membershipUser == null)
            {
                throw new ArgumentNullException("Can not finish membership signin with membership not set.");
            }
            var siteUser = service.GetByProviderId(AuthenticationProvider.Membership, membershipUser.ProviderUserKey.ToString());

            if (siteUser == null)
            {
                //User does not exist on Nearforums db
                siteUser = new User();
                siteUser.UserName = membershipUser.UserName;
                siteUser.Email = membershipUser.Email;
                siteUser = service.Add(siteUser, AuthenticationProvider.Membership, membershipUser.ProviderUserKey.ToString());
            }
            session.SetUser(siteUser, AuthenticationProvider.Membership);

            return siteUser.Id;
        }
Beispiel #4
0
        /// <summary>
        /// Logs the user in or creates the user account if the user does not exist.
        /// Sets the logged user in the session.
        /// </summary>
        public static int OpenIdFinishLogin(IAuthenticationResponse response, SessionWrapper session, IUsersService service, bool enableClaimsRequest)
        {
            string externalId = response.ClaimedIdentifier.ToString();
            User user = service.GetByProviderId(AuthenticationProvider.OpenId, externalId);

            var claimsResponse = response.GetExtension<ClaimsResponse>();
            string name = enableClaimsRequest ? claimsResponse.Nickname : response.FriendlyIdentifierForDisplay;

            if (user == null)
            {
                user = new User(0, name);

                if (enableClaimsRequest)
                {
                    user.Email = claimsResponse.Email;
                    user.BirthDate = claimsResponse.BirthDate;
                }

                user = service.Add(user, AuthenticationProvider.OpenId, externalId);
            }
            else
            {
                if (enableClaimsRequest && !claimsResponse.Email.Equals(user.Email, StringComparison.CurrentCultureIgnoreCase))
                {
                    user.Email = claimsResponse.Email;
                    service.Edit(user);
                }
            }

            session.SetUser(user, AuthenticationProvider.OpenId);

            return user.Id;
        }
        public void User_Warn_Dismiss_Test()
        {
            var controller = TestHelper.Resolve<UsersController>();
            var context = new FakeControllerContext(controller);
            var sessionWrapper = new SessionWrapper(context.HttpContext);
            sessionWrapper.SetUser(ServicesTests.GetTestUser(), AuthenticationProvider.CustomDb);
            controller.ControllerContext = context;
            controller.WarnDismiss();

            //True if a record was affected.
            Assert.IsTrue((bool)controller.ViewData.Model);
        }
        public void User_Manage_Access_Test()
        {
            var controller = TestHelper.Resolve<UsersController>();
            var context = new FakeControllerContext(controller);
            var sessionWrapper = new SessionWrapper(context.HttpContext);
            sessionWrapper.SetUser(new User() { Role = UserRole.Member }, AuthenticationProvider.CustomDb);
            controller.ControllerContext = context;
            try
            {
                controller.Ban(0, ModeratorReason.Spamming, null);
                Assert.Fail("The user banning is not a moderator or admin");
            }
            catch (System.Security.SecurityException)
            {

            }
        }