Beispiel #1
0
 public void Test02SignUserInViaIdentityCookie()
 {
     FullInputContext context = new FullInputContext(true);
     SignInSystem signInType = SignInSystem.Identity;
     CallingUser user = new CallingUser(signInType, null, null, null, context.SiteList);
     string cookie = TestUserAccounts.GetModeratorAccount.Cookie;
     string policy = "http://identity/policies/dna/adult";
     int siteID = 1;
     Assert.IsTrue(user.IsUserSignedIn(cookie, policy, siteID, ""));
     Assert.IsTrue(user.IsUserA(UserTypes.Moderator));
     Assert.IsFalse(user.IsUserA(UserTypes.Editor));
 }
Beispiel #2
0
 public void Test02SignUserInViaIdentityCookie()
 {
     FullInputContext context = new FullInputContext("");
     SignInSystem signInType = SignInSystem.Identity;
     CallingUser user = new CallingUser(signInType, null, null, null, TestUserAccounts.GetModeratorAccount.UserName, context.SiteList);
     string cookie = TestUserAccounts.GetModeratorAccount.Cookie;
     string policy = "comment";
     int siteID = 1;
     Assert.IsTrue(user.IsUserSignedIn(cookie, policy, siteID, "", null, Guid.Empty));
     Assert.IsTrue(user.IsUserA(UserTypes.Moderator));
     Assert.IsFalse(user.IsUserA(UserTypes.Editor));
 }
Beispiel #3
0
        private Stream AddCallingUserToOutputStream(CallingUser user)
        {
            if (!user.IsSecureRequest)
            {
                user.IdentityUserID = "";
                user.TeamID = 0;
                user.TwitterUserID = "";
                user.IdentityUserName = "";
                user.LastSynchronisedDate = DateTime.Now;
            }

            return GetOutputStream(user);
        }
Beispiel #4
0
        private CallingUser GetCallingUserInfoInternal(string sitename)
        {
            var user = GetCallingUserInfoInternalFull(sitename);

            var userWithLessDetail = new CallingUser(SignInSystem.Identity, null, null,null,null, null);

            userWithLessDetail.UserID = user.UserID;
            userWithLessDetail.UserName = user.UserName;
            userWithLessDetail.UsersListOfGroups = user.UsersListOfGroups;
            userWithLessDetail.Status = user.Status;
            userWithLessDetail.SiteSuffix = user.SiteSuffix;
            
            return userWithLessDetail;
        }
Beispiel #5
0
 public void Test03SignUserInAndAddThemToAcesGroup()
 {
     FullInputContext context = new FullInputContext(true);
     SignInSystem signInType = SignInSystem.Identity;
     CallingUser user = new CallingUser(signInType, context.ReaderCreator, null, null, context.SiteList);
     string cookie = TestUserAccounts.GetModeratorAccount.Cookie;
     string policy = "http://identity/policies/dna/adult";
     int siteID = 1;
     Assert.IsTrue(user.IsUserSignedIn(cookie, policy, siteID, ""));
     Assert.IsTrue(user.IsUserA(UserTypes.Moderator));
     Assert.IsFalse(user.GetUsersGroupsForSite().Exists(x => x.Name == "aces"));
     Assert.IsTrue(user.AddUserToGroup("Aces"));
     Assert.IsTrue(user.GetUsersGroupsForSite().Exists(x => x.Name == "aces"));
 }
Beispiel #6
0
 public void Test03SignUserInAndAddThemToAcesGroup()
 {
     FullInputContext context = new FullInputContext("dotnetmoderator");
     SignInSystem signInType = SignInSystem.Identity;
     CallingUser user = new CallingUser(signInType, context.ReaderCreator, null, null, TestUserAccounts.GetModeratorAccount.UserName, context.SiteList);
     string cookie = TestUserAccounts.GetModeratorAccount.Cookie;
     string policy = "comment";
     int siteID = 1;
     Assert.IsTrue(user.IsUserSignedIn(cookie, policy, siteID, TestUserAccounts.GetModeratorAccount.UserName, null, Guid.Empty));
     Assert.IsTrue(user.IsUserA(UserTypes.Moderator));
     Assert.IsFalse(user.GetUsersGroupsForSite().Exists(x => x.Name == "aces"));
     Assert.IsTrue(user.AddUserToGroup("Aces"));
     Assert.IsTrue(user.GetUsersGroupsForSite().Exists(x => x.Name.ToLower() == "aces"));
 }
Beispiel #7
0
        public void UserDoesNotGetsUDNGNameSetFromDisplayNameForNonKidsSiteUsingIDv4()
        {
            string cookie = "debugcookie";
            string policy = "u16comments";
            int siteID = 1;
            string identityUserName = TestUserAccounts.GetNormalUserAccount.UserName;
            string dnaUserName = "******";
            string originalSiteSuffix = "OriginalSiteSuffix";
            string ipAddress = "0.0.0.0";
            Guid BBCUid = new Guid();
            bool isKidsSite = false;
            bool useIdV4 = true;
            string useUDNG = "http://UDNG.bbc.co.uk";

            ICacheManager mockedCacheManager;
            IDnaDiagnostics mockedDiagnostics;
            ISiteList mockedSiteList;
            IDnaDataReaderCreator mockedCreator;
            SetupCallingUserSenario(siteID, dnaUserName, originalSiteSuffix, isKidsSite, useIdV4, useUDNG, out mockedCacheManager, out mockedDiagnostics, out mockedSiteList, out mockedCreator);

            _mocks.ReplayAll();

            var bannedEmails = new BannedEmails(mockedCreator, mockedDiagnostics, mockedCacheManager, new List<string>(), new List<string>());

            CallingUser callingUser = new CallingUser(SignInSystem.DebugIdentity, mockedCreator, mockedDiagnostics, null, identityUserName, mockedSiteList);

            Assert.IsTrue(callingUser.IsUserSignedIn(cookie, policy, siteID, identityUserName, ipAddress, BBCUid));
            Assert.AreNotEqual(originalSiteSuffix, callingUser.SiteSuffix);
            Assert.AreNotEqual(identityUserName, callingUser.SiteSuffix);
        }
Beispiel #8
0
        public void CommentCreate_WithCharLimit_SuperUser()
        {
            //normal user
            ICallingUser user = new CallingUser(SignInSystem.DebugIdentity, null, null, null, TestUserAccounts.GetSuperUserAccount.UserName, _siteList);
            user.IsUserSignedInSecure(TestUtils.TestUserAccounts.GetSuperUserAccount.Cookie, TestUtils.TestUserAccounts.GetSuperUserAccount.SecureCookie, site.IdentityPolicy, site.SiteID, null, Guid.Empty);

            bool shouldAssertCharLimit = false;

            SetupforumAndTestCharLimit(user, shouldAssertCharLimit);
        }
Beispiel #9
0
        private static void SubsOnly(CallingUser callingUser)
        {
            bool authorised = callingUser.IsUserA(UserTypes.SubEditor) || callingUser.IsUserA(BBC.Dna.Users.UserTypes.Editor) || callingUser.IsUserA(BBC.Dna.Users.UserTypes.SuperUser);

            if (!authorised)
            {
                throw new DnaWebProtocolException(ApiException.GetError(ErrorType.NotAuthorized));
            }
        }
Beispiel #10
0
        private Article SaveArticle(ISite site, CallingUser callingUser, Article article, string siteName, bool isNewArticle, int h2g2Id)
        {
            // Check: does user have edit permission
            if ((!isNewArticle) && !article.HasEditPermission(callingUser))
            {
                throw new DnaWebProtocolException(ApiException.GetError(ErrorType.UserDoesNotHavePermissionToEditArticle));
            }

            // Check: profanities
            bool moderateProfanities = false;
            string matchingProfanity;
            List<Term> terms = null;
            CheckForProfanities(site, article.Subject + " " + article.GuideMLAsString, out moderateProfanities, out matchingProfanity, out terms);

            // Check: url filter
            if ((siteList.GetSiteOptionValueBool(site.SiteID, "General", "IsURLFiltered")) && !((callingUser.IsUserA(UserTypes.Editor) || callingUser.IsUserA(UserTypes.Notable))))
            {
                List<string> nonAllowedMatches = new List<string>();
                UrlFilter urlFilter = new UrlFilter();

                UrlFilter.FilterState result = urlFilter.CheckForURLs(article.Subject + " " + article.GuideMLAsString, nonAllowedMatches, site.SiteID, readerCreator);

                if (result == UrlFilter.FilterState.Fail)
                {
                    throw new DnaWebProtocolException(ApiException.GetError(ErrorType.ArticleContainsURLs));
                }
            }

            // Check: email filter
            if ((siteList.GetSiteOptionValueBool(site.SiteID, "Forum", "EmailAddressFilter")) && !((callingUser.IsUserA(UserTypes.Editor) || callingUser.IsUserA(UserTypes.Notable))))
            {
                if (EmailAddressFilter.CheckForEmailAddresses(article.Subject + " " + article.GuideMLAsString))
                {
                    throw new DnaWebProtocolException(ApiException.GetError(ErrorType.ArticleContainsEmailAddress));
                }
            }

            if (isNewArticle)
            {
                article.CreateNewArticle(cacheManager, readerCreator, callingUser.UserID, site.SiteID);

                //Users subscribed to this author should have their subscribed content updated.
                callingUser.UpdateUserSubscriptions(readerCreator, article.H2g2Id);

            }
            else // existing article
            {
                //Don't overwrite the existing editor of the article 
                int editorId = 0;
                try
                {
                     editorId = article.ArticleInfo.PageAuthor.Editor.user.UserId;
                    if (editorId == 0)
                    {
                        editorId = callingUser.UserID;
                    }
                }
                catch
                {
                    editorId = callingUser.UserID;
                }
                article.UpdateArticle(cacheManager, readerCreator, editorId);
            }

            // set the archive status
            if (callingUser.IsUserA(UserTypes.Editor))
            {
                article.SetArticleForumArchiveStatus(readerCreator, false);
            }


            // moderate isUserImmuneFromModeration needed
            bool isSiteModerated = !(site.ModerationStatus == BBC.Dna.Moderation.Utils.ModerationStatus.SiteStatus.UnMod);
            bool isUserModerated = (callingUser.IsPreModerated || callingUser.IsPostModerated);
            bool isArticleModerated = ((article.ArticleInfo.ModerationStatus == BBC.Dna.Moderation.Utils.ModerationStatus.ArticleStatus.PreMod) || article.ArticleInfo.ModerationStatus == BBC.Dna.Moderation.Utils.ModerationStatus.ArticleStatus.PostMod);
            bool isArticleInModeration = article.IsArticleIsInModeration(readerCreator);
            bool isUserInSinbin = (callingUser.IsAutoSinBin == 1);
            bool isUserImmuneFromModeration = callingUser.HasSpecialEditPermissions(article.H2g2Id);

            // Queue, update moderation status and hide the guide entry.
            int modID = 0;
            if (!isUserImmuneFromModeration)
            {
                if (isSiteModerated || isUserModerated || isArticleModerated || isArticleInModeration || moderateProfanities || isUserInSinbin)
                {
                    if (!String.IsNullOrEmpty(matchingProfanity)) { matchingProfanity = "Profanities: " + matchingProfanity; }

                    article.QueueForModeration(readerCreator, matchingProfanity, ref modID);

                }
            }


            if (article.HiddenStatus == (int)BBC.Dna.Moderation.Utils.CommentStatus.Hidden.NotHidden)
            {
                //visible
                article.UnhideArticle(readerCreator, 0, 0, callingUser.UserID);
            }
            else
            {
                // hidden
                article.HideArticle(readerCreator, 0, 0, callingUser.UserID);
            }

            
            article.UpdateResearchers(readerCreator);

            return article;
        }
Beispiel #11
0
 public void Test04CheckSignedInNormalUserBelongsToTheCorrectGroups()
 {
     FullInputContext context = new FullInputContext(true);
     SignInSystem signInType = SignInSystem.Identity;
     CallingUser user = new CallingUser(signInType, null, null, null, context.SiteList);
     string cookie = TestUserAccounts.GetNormalUserAccount.Cookie;
     string policy = "http://identity/policies/dna/adult";
     int siteID = 1;
     Assert.IsTrue(user.IsUserSignedIn(cookie, policy, siteID, ""));
     Assert.IsTrue(user.IsUserA(UserTypes.NormalUser), "User should be a normal user");
     Assert.IsFalse(user.IsUserA(UserTypes.SuperUser), "User should not be a super user");
     Assert.IsFalse(user.IsUserA(UserTypes.Moderator), "User should not be a moderator");
     Assert.IsFalse(user.IsUserA(UserTypes.Editor), "User should not be a editor");
     Assert.IsFalse(user.IsUserA(UserTypes.Notable), "User should not be a notable");
 }
Beispiel #12
0
        /// <summary>
        /// gets the calling user or uses the notsignedin forum user
        /// </summary>
        /// <param name="site"></param>
        /// <param name="forum"></param>
        /// <returns></returns>
        protected CallingUser GetCallingUserOrNotSignedInUser(ISite site, Forum forum)
        {
            CallingUser callingUser = null;
            bool userSignedIn = false;
            if (site != null)
            {
                if (String.IsNullOrEmpty(site.IdentityPolicy))
                {
                    callingUser = new CallingUser(SignInSystem.SSO, readerCreator, dnaDiagnostic, cacheManager, debugDnaUserId, siteList);
                    userSignedIn = callingUser.IsUserSignedIn(QueryStringHelper.GetCookieValueAsString("SSO2-UID", ""), site.SSOService, site.SiteID, "", _iPAddress, bbcUidCookie);
                }
                else
                {
                    callingUser = new CallingUser(SignInSystem.Identity, readerCreator, dnaDiagnostic, cacheManager, debugDnaUserId, siteList);
                    userSignedIn = callingUser.IsUserSignedInSecure(QueryStringHelper.GetCookieValueAsString("IDENTITY", ""), QueryStringHelper.GetCookieValueAsString("IDENTITY-HTTPS", ""), site.IdentityPolicy, site.SiteID, _iPAddress, bbcUidCookie);
                }
                // Check to see if we've got a user who's signed in, but not logged in. This usualy means they haven't agreed T&Cs
                if (callingUser.GetSigninStatus == CallingUser.SigninStatus.SignedInNotLoggedIn)
                {
                    throw new DnaWebProtocolException(new ApiException(site.IdentityPolicy, ErrorType.FailedTermsAndConditions));
                }
            }

            if ((callingUser == null || !userSignedIn) && (forum.allowNotSignedInCommenting && forum.NotSignedInUserId != 0))
            {
                userSignedIn = callingUser.CreateUserFromDnaUserID(forum.NotSignedInUserId, site.SiteID);
            }

            if (callingUser == null || !userSignedIn)
            {
                throw new DnaWebProtocolException(ApiException.GetError(ErrorType.MissingUserCredentials));
            }

            return callingUser;
        }
Beispiel #13
0
 public void Test07CheckSignedInModeratorBelongsToTheCorrectGroups()
 {
     FullInputContext context = new FullInputContext("");
     SignInSystem signInType = SignInSystem.Identity;
     CallingUser user = new CallingUser(signInType, null, null, null, TestUserAccounts.GetModeratorAccount.UserName, context.SiteList);
     string cookie = TestUserAccounts.GetModeratorAccount.Cookie;
     string policy = "comment";
     int siteID = 1;
     Assert.IsTrue(user.IsUserSignedIn(cookie, policy, siteID, "", null, Guid.Empty));
     Assert.IsTrue(user.IsUserA(UserTypes.NormalUser), "User should be a normal user");
     Assert.IsFalse(user.IsUserA(UserTypes.SuperUser), "User should not be a super user");
     Assert.IsTrue(user.IsUserA(UserTypes.Moderator), "User should be a moderator");
     Assert.IsFalse(user.IsUserA(UserTypes.Editor), "User should not be a editor");
     Assert.IsFalse(user.IsUserA(UserTypes.Notable), "User should not be a notable");
 }