Beispiel #1
0
        public void Userods_CheckUserAndPassoword_UpdateFailedAttemptsFromOtherMethods()
        {
            //First, setup the test scenario.
            long   group1 = UserGroupT.CreateUserGroup("usergroup1");
            Userod myUser = UserodT.CreateUser(MethodBase.GetCurrentMethod().Name + DateTime.Now.Ticks, "reallystrongpassword", userGroupNumbers: new List <long>()
            {
                group1
            });

            Security.CurUser       = myUser;
            Security.PasswordTyped = "passwordguess#1";
            CredentialsFailedAfterLoginEvent.Fired += CredentialsFailedAfterLoginEvent_Fired1;
            RunTestsAgainstMiddleTier(new OpenDentBusiness.WebServices.OpenDentalServerMockIIS(user: myUser.UserName, password: myUser.Password));
            //try once with the wrong password. Failed attempt should get incremented to 1.
            ODException.SwallowAnyException(() => {
                Userods.CheckUserAndPassword(myUser.UserName, "passwordguess#1", false);
            });
            //Get our updated user from the DB.
            RunTestsAgainstDirectConnection();
            myUser = Userods.GetUserByNameNoCache(myUser.UserName);
            //Assert that we only have 1 failed attempt.
            Assert.AreEqual(1, myUser.FailedAttempts);
            //now wait for another method to get called
            RunTestsAgainstMiddleTier(new OpenDentBusiness.WebServices.OpenDentalServerMockIIS(user: myUser.UserName, password: myUser.Password));
            ODException.SwallowAnyException(() => {
                Computers.UpdateHeartBeat(Environment.MachineName, false);
            });
            RunTestsAgainstDirectConnection();
            //Get our updated user from the DB.
            myUser = Userods.GetUserByNameNoCache(myUser.UserName);
            //Assert that we only have 1 failed attempt.
            Assert.AreEqual(1, myUser.FailedAttempts);
        }
Beispiel #2
0
        public void Userods_CheckUserAndPassword_LockoutAfterUserHasLoggedInButPasswordIsNotCorrectAfter5Attempts()
        {
            //First, setup the test scenario.
            long   group1          = UserGroupT.CreateUserGroup("usergroup1");
            bool   isAccountLocked = false;
            Userod myUser          = UserodT.CreateUser(MethodBase.GetCurrentMethod().Name + DateTime.Now.Ticks, "reallystrongpassword", userGroupNumbers: new List <long>()
            {
                group1
            });

            //Make 5 bad password attempts
            for (int i = 1; i < 6; i++)
            {
                ODException.SwallowAnyException(() => {
                    Userods.CheckUserAndPassword(myUser.UserName, "passwordguess#" + i, false);
                });
            }
            try {
                //the 6th bad attempt should kick us with a message saying that our account has been locked.
                Userods.CheckUserAndPassword(myUser.UserName, "passwordguess#6", false);
            }
            catch (Exception e) {
                if (e.Message.Contains("Account has been locked due to failed log in attempts"))
                {
                    isAccountLocked = true;
                }
            }
            //Get our updated user from the DB.
            myUser = Userods.GetUserByNameNoCache(myUser.UserName);
            //Assert that we got to 5 failed attempts and that the account has been locked.
            Assert.AreEqual(5, myUser.FailedAttempts);
            Assert.AreEqual(true, isAccountLocked);
        }
Beispiel #3
0
        public void Userods_CheckUserAndPassoword_UpdateFailedAttemptsTo5()
        {
            //First, setup the test scenario.
            long   group1 = UserGroupT.CreateUserGroup("usergroup1");
            Userod myUser = UserodT.CreateUser(MethodBase.GetCurrentMethod().Name + DateTime.Now.Ticks, "reallystrongpassword", userGroupNumbers: new List <long>()
            {
                group1
            });

            CredentialsFailedAfterLoginEvent.Fired += CredentialsFailedAfterLoginEvent_Fired1;
            Security.CurUser       = myUser;
            Security.PasswordTyped = "passwordguess#1";
            RunTestsAgainstMiddleTier();
            //try with 5 incorrect passwords. Failed attempt should get incremented to 5.
            for (int i = 1; i < 6; i++)
            {
                ODException.SwallowAnyException(() => {
                    try {
                        Userods.CheckUserAndPassword(myUser.UserName, "passwordguess#" + i, false);
                    }
                    catch (Exception e) {
                    }
                });
            }
            //Get our updated user from the DB.
            RunTestsAgainstDirectConnection();
            myUser = Userods.GetUserByNameNoCache(myUser.UserName);
            //Assert that there are 5 failed attempts.
            Assert.AreEqual(5, myUser.FailedAttempts);
        }
Beispiel #4
0
        public void Userods_CheckUserAndPassword_IncreaseFailedAttemptsAfterUserHasLoggedInButPasswordIsNotCorrect()
        {
            //First, setup the test scenario.
            //This test is intended to be tested on middle tier.
            long   group1 = UserGroupT.CreateUserGroup("usergroup1");
            Userod myUser = UserodT.CreateUser(MethodBase.GetCurrentMethod().Name + DateTime.Now.Ticks, "reallystrongpassword", userGroupNumbers: new List <long>()
            {
                group1
            });

            RunTestsAgainstMiddleTier(new OpenDentBusiness.WebServices.OpenDentalServerMockIIS(user: myUser.UserName, password: myUser.Password));
            Security.CurUser       = myUser;
            Security.PasswordTyped = "passwordguess#1";
            CredentialsFailedAfterLoginEvent.Fired += CredentialsFailedAfterLoginEvent_Fired1;
            //make a single bad password attempt.
            ODException.SwallowAnyException(() => {
                Userods.CheckUserAndPassword(myUser.UserName, "passwordguess#1", false);
            });
            //Get our user from the DB
            RunTestsAgainstDirectConnection();
            myUser = Userods.GetUserByNameNoCache(myUser.UserName);
            //Asssert that the failed attempt got incremented correctly.
            Assert.AreEqual(1, myUser.FailedAttempts);
        }