public void Toggle_User_Success()
{
// Arrange
User newUser;
using (var _db = tu.CreateDataBaseContext())
{
newUser = tu.CreateUserObject();
_db.Users.Add(newUser);
_db.SaveChanges();
}
var expectedResponse = newUser;
var expectedResult = newUser.Disabled;
// ACT
UserManagementManager _umm = new UserManagementManager();
var response = _umm.ToggleUser(newUser, null);
var result = _umm.GetUser(newUser.Id);
// Assert
Assert.IsNotNull(response);
Assert.IsTrue(response == 1);
Assert.IsNotNull(result);
Assert.AreEqual(expectedResponse.Id, result.Id);
}
public LoginManagerUT()
{
lm = new LoginManager();
um = new UserManagementManager();
request = new LoginRequest();
tu = new TestingUtils();
}
public void SingleUpdateUser_Pass(int sysID, string fName, string lName, string email,
string password, string salt, string accntType, bool accountStatus, string errMsg)
{
// Arrange
// Initializing User objects to test
// User to update in DB
User user = new User(sysID, fName, lName, email, password, salt, accntType, accountStatus, errMsg);
// User performing operation
User thisUser = new User(109, null, null, null, "meMEeiaj093QNGEJOW~~~", null, "System Admin", true, null);
var um = new UserManagementManager();
bool result;
// Act
um.SingleCreateUsers(thisUser, user);
try
{
string nameChange = "Bob";
user.FirstName = nameChange; //attempts to change the user's name to Bob
result = um.SingleUpdateUser(thisUser, user, "FirstName"); //then pushes the update
//TODO: wait... shouldnt we test to see IF our DB is changing values?
}
catch (ArgumentException)
{
result = false;
}
catch (Exception) { result = false; }
// Assert
Assert.IsTrue(result);
}
public string GetEmail(string token)
{
UserManagementManager umm = new UserManagementManager();
Session session = new Session();
User user;
string email;
try
{
using (var _db = new DatabaseContext())
{
SessionService ss = new SessionService(_db);
session = ss.GetSession(token);
if (session == null)
{
return("");
}
}
var id = session.UserId;
user = umm.GetUser(id);
email = user.Email;
}
catch (ArgumentNullException)
{
throw new ArgumentNullException("Session is null");
}
return(email);
}
public void CreateNewUser_Authorized_201()
{
var controller = new UserManagementController();
var admin = _ut.CreateUserObject();
admin.IsAdministrator = true;
var adminSession = _ut.CreateSessionObject(admin);
_ut.CreateSessionInDb(adminSession);
// modify user
var newUser = new {
username = Guid.NewGuid() + "@mail.com",
city = "Long Beach",
state = "California",
country = "USA",
manager = "",
isadmin = false,
disabled = false,
};
// mock payload
var mock_payload = new CreateUserRequestDTO
{
Username = newUser.username,
City = newUser.city,
State = newUser.state,
Country = newUser.country,
Manager = newUser.manager,
IsAdmin = newUser.isadmin,
Disabled = newUser.disabled
};
var expectedStatusCode = HttpStatusCode.Created;
var endpoint = API_Route_Local + "/user/update";
controller.Request = new HttpRequestMessage
{
RequestUri = new Uri(endpoint)
};
controller.Request.Headers.Add("token", adminSession.Token);
IHttpActionResult actionresult = controller.CreateNewUser(mock_payload);
Assert.IsInstanceOfType(actionresult, typeof(NegotiatedContentResult <string>));
var contentresult = actionresult as NegotiatedContentResult <string>;
Assert.AreEqual(expectedStatusCode, contentresult.StatusCode);
// persistence test
using (var _db = _ut.CreateDataBaseContext())
{
var _userManager = new UserManagementManager(_db);
var getUser = _userManager.GetUser(newUser.username);
Assert.AreNotEqual(newUser, getUser);
Assert.AreEqual(newUser.isadmin, getUser.IsAdministrator);
}
}
public IHttpActionResult DeleteUser(string userId)
{
using (var _db = new DatabaseContext())
{
try
{
// Throws ExceptionService.NoTokenProvidedException
// Throws ExceptionService.SessionNotFoundException
var session = ControllerHelpers.ValidateAndUpdateSession(Request);
// Throws ExceptionService.InvalidModelPayloadException
ControllerHelpers.ValidateModelAndPayload(ModelState, userId);
// Throws ExceptionService.InvalidGuidException
var UserId = ControllerHelpers.ParseAndCheckId(userId);
var _userManager = new UserManagementManager(_db);
var user = _userManager.GetUser(session.UserId);
if (user.IsAdministrator)
{
_userManager.DeleteUser(UserId);
_db.SaveChanges();
var responseDeleted = Content(HttpStatusCode.OK, "User was deleted.");
return(responseDeleted);
}
else
{
return(Content(HttpStatusCode.Unauthorized, "Non-administrators cannot delete users."));
}
}
catch (Exception e) when(e is UserNotFoundException)
{
return(Content(HttpStatusCode.NotFound, e.Message));
}
catch (Exception e) when(e is InvalidGuidException)
{
return(Content(HttpStatusCode.BadRequest, e.Message));
}
catch (Exception e) when(e is NoTokenProvidedException ||
e is SessionNotFoundException)
{
return(Content(HttpStatusCode.Unauthorized, e.Message));
}
catch (Exception e) when(e is InvalidModelPayloadException)
{
return(Content(HttpStatusCode.PreconditionFailed, e.Message));
}
catch (Exception e)
{
if (e is DbUpdateException ||
e is DbEntityValidationException)
{
_db.RevertDatabaseChanges(_db);
}
return(InternalServerError());
}
}
}
public IHttpActionResult CreateNewUser([FromBody, Required] CreateUserRequestDTO payload)
{
using (var _db = new DatabaseContext())
{
try
{
// Throws ExceptionService.NoTokenProvidedException
// Throws ExceptionService.SessionNotFoundException
var session = ControllerHelpers.ValidateAndUpdateSession(Request);
// Throws ExceptionService.InvalidModelPayloadException
ControllerHelpers.ValidateModelAndPayload(ModelState, payload);
var _userManager = new UserManagementManager(_db);
var user = _userManager.GetUser(session.UserId);
if (user.IsAdministrator)
{
// Throws exception, invalid username, invalid manager guid
var newUser = _userManager.CreateUser(payload);
_db.SaveChanges();
var responseCreated = Content(HttpStatusCode.Created, "User created.");
return(responseCreated);
}
return(Content(HttpStatusCode.Unauthorized, "Non-administrators cannot delete users."));
}
catch (Exception e) when(e is UserNotFoundException)
{
return(Content(HttpStatusCode.NotFound, e.Message));
}
catch (Exception e) when(e is InvalidGuidException ||
e is InvalidEmailException)
{
return(Content(HttpStatusCode.BadRequest, e.Message));
}
catch (Exception e) when(e is NoTokenProvidedException ||
e is SessionNotFoundException)
{
return(Content(HttpStatusCode.Unauthorized, e.Message));
}
catch (Exception e) when(e is InvalidModelPayloadException)
{
return(Content(HttpStatusCode.PreconditionFailed, e.Message));
}
catch (Exception e) when(e is UserAlreadyExistsException)
{
return(Content(HttpStatusCode.Conflict, e.Message));
}
catch (Exception e)
{
if (e is DbUpdateException ||
e is DbEntityValidationException)
{
_db.RevertDatabaseChanges(_db);
}
return(InternalServerError());
}
}
}
public LoginManagerUT()
{
lm = new LoginManager();
um = new UserManagementManager();
user = um.GetUser("*****@*****.**");
//CreateUser("*****@*****.**", "passwordtest54321", new DateTime(1996, 12, 15));
request = new LoginRequest();
request.email = "*****@*****.**";
request.password = "******";
}
public async Task <IHttpActionResult> DeleteFromSSO()
{
using (var _db = new DatabaseContext())
{
try
{
// Throws ExceptionService.NoTokenProvidedException
// Throws ExceptionService.SessionNotFoundException
var session = ControllerHelpers.ValidateAndUpdateSession(Request);
var _userManager = new UserManagementManager(_db);
var user = _userManager.GetUser(session.UserId);
if (user == null)
{
return(Ok());
}
var _ssoAPIManager = new KFC_SSO_Manager(_db);
var requestSuccessful = await _ssoAPIManager.DeleteUserFromSSOviaPointmap(user);
if (requestSuccessful)
{
_userManager.DeleteUser(user.Id);
_db.SaveChanges();
return(Ok("User was deleted from Pointmap and SSO"));
}
var response = Content(HttpStatusCode.InternalServerError, "User was not able to be deleted from SSO.");
return(response);
}
catch (Exception e) when(e is InvalidGuidException)
{
return(Content(HttpStatusCode.BadRequest, e.Message));
}
catch (Exception e) when(e is NoTokenProvidedException ||
e is SessionNotFoundException)
{
return(Content(HttpStatusCode.Unauthorized, e.Message));
}
catch (Exception e) when(e is KFCSSOAPIRequestException)
{
return(Content(HttpStatusCode.ServiceUnavailable, e.Message));
}
catch (Exception e)
{
if (e is DbUpdateException ||
e is DbEntityValidationException)
{
_db.RevertDatabaseChanges(_db);
}
return(Content(HttpStatusCode.InternalServerError, e.Message));
}
}
}
public IHttpActionResult GetAllUsers()
{
using (var _db = new DatabaseContext())
{
try
{
// Throws ExceptionService.NoTokenProvidedException
// Throws ExceptionService.SessionNotFoundException
var session = ControllerHelpers.ValidateAndUpdateSession(Request);
var _userManager = new UserManagementManager(_db);
var user = _userManager.GetUser(session.UserId);
if (user.IsAdministrator)
{
var users = _userManager.GetUsers();
_db.SaveChanges();
var responseUsers = Content(HttpStatusCode.OK, users);
return(responseUsers);
}
else
{
return(Content(HttpStatusCode.Unauthorized, "Non-administrators cannot view all users."));
}
}
catch (Exception e) when(e is UserNotFoundException)
{
return(Content(HttpStatusCode.NotFound, e.Message));
}
catch (Exception e) when(e is InvalidGuidException)
{
return(Content(HttpStatusCode.BadRequest, e.Message));
}
catch (Exception e) when(e is NoTokenProvidedException ||
e is SessionNotFoundException ||
e is UserIsNotAdministratorException)
{
return(Content(HttpStatusCode.Unauthorized, e.Message));
}
catch (Exception e)
{
if (e is DbUpdateException ||
e is DbEntityValidationException)
{
_db.RevertDatabaseChanges(_db);
}
return(InternalServerError());
}
}
}
public void BulkUpdateUsers_Pass()
{
// Arrange
List <User> users = new List <User>();
// Users to update in DB
User u1 = new User(1, null, null, null, "password", null, "User", false, null);
User u2 = new User(2, null, null, null, "123", null, "User", false, null);
User u3 = new User(3, null, null, null, "", null, "User", false, null);
User u4 = new User(4, null, null, null, null, null, "User", false, null);
User u5 = new User(5, null, null, null, "bad", null, "User", false, null);
User u6 = new User(6, null, null, null, "brian", null, "User", false, null);
// User performing operation
User thisUser = new User(112, null, null, null, "meMEeiaj093QNGEJOW~~~", null, "System Admin", true, null);
users.Add(u1);
users.Add(u2);
users.Add(u3);
users.Add(u4);
users.Add(u5);
users.Add(u6);
var um = new UserManagementManager();
// Act
um.BulkCreateUsers(thisUser, users, false);
List <List <User> > expected = new List <List <User> >()
{
users, // Passed ID's
new List <User>()
{
} // Failed ID's
};
string nameChange = "Bob";
foreach (User u in users)
{
u.FirstName = nameChange;
}
List <List <User> > actual = um.BulkUpdateUsers(thisUser, users, "FirstName");
// Assert
CollectionAssert.AreEqual(expected[0], actual[0]);
CollectionAssert.AreEqual(expected[1], actual[1]);
}
public IHttpActionResult GetUser()
{
using (var _db = new DatabaseContext())
{
try
{
// Throws ExceptionService.NoTokenProvidedException
// Throws ExceptionService.SessionNotFoundException
var session = ControllerHelpers.ValidateAndUpdateSession(Request);
UserManagementManager _userManager = new UserManagementManager(_db);
var user = _userManager.GetUser(session.UserId);
_db.SaveChanges();
var responseData = new GetUserResponseData
{
id = user.Id,
username = user.Username,
disabled = user.Disabled,
isAdmin = user.IsAdministrator
};
var responseUser = Content(HttpStatusCode.OK, responseData);
return(responseUser);
}
catch (Exception e) when(e is UserNotFoundException)
{
return(Content(HttpStatusCode.NotFound, e.Message));
}
catch (Exception e) when(e is InvalidGuidException)
{
return(Content(HttpStatusCode.BadRequest, e.Message));
}
catch (Exception e) when(e is NoTokenProvidedException ||
e is SessionNotFoundException ||
e is UserIsNotAdministratorException)
{
return(Content(HttpStatusCode.Unauthorized, e.Message));
}
catch (Exception e)
{
if (e is DbUpdateException ||
e is DbEntityValidationException)
{
_db.RevertDatabaseChanges(_db);
}
return(InternalServerError());
}
}
}
public IHttpActionResult SetRole([FromBody, Required] ParkingMasterFrontendDTO request)
{
UserManagementManager _userManager = new UserManagementManager();
ResponseDTO <ParkingMasterFrontendDTO> response = _userManager.SetRole(request);
if (response.Data != null)
{
return(Ok(response.Data));
}
else
{
ResponseDTO <HttpStatusCode> statusResponse = ResponseManager.ConvertErrorToStatus(response.Error);
return(Content(statusResponse.Data, statusResponse.Error));
}
}
public async Task <Session> Register(string Username, Guid ssoID)
{
var _userManagementManager = new UserManagementManager(_db);
try
{
var user = _userManagementManager.CreateUser(Username, ssoID);
var _authorizationManager = new AuthorizationManager(_db);
Session session = _authorizationManager.CreateSession(user);
return(session);
}
catch (UserAlreadyExistsException e)
{
throw new UserAlreadyExistsException(e.Message);
}
}
[Route("sso/user/delete")] // Request from sso to delete user self from sso to all apps
public IHttpActionResult DeleteViaSSO([FromBody, Required] LoginRequestPayload requestPayload)
{
using (var _db = new DatabaseContext())
{
try
{
// Throws ExceptionService.InvalidModelPayloadException
ControllerHelpers.ValidateModelAndPayload(ModelState, requestPayload);
// Throws ExceptionService.InvalidGuidException
var userSSOID = ControllerHelpers.ParseAndCheckId(requestPayload.SSOUserId);
// Check valid signature
var _ssoServiceAuth = new SignatureService();
var validSignature = _ssoServiceAuth.IsValidClientRequest(userSSOID.ToString(), requestPayload.Email, requestPayload.Timestamp, requestPayload.Signature);
if (!validSignature)
{
return(Content(HttpStatusCode.Unauthorized, "Invalid Token signature."));
}
var _userManagementManager = new UserManagementManager(_db);
// Throw exception if user does not exist
var user = _userManagementManager.GetUser(userSSOID);
if (user == null)
{
return(Content(HttpStatusCode.OK, "User does not exist"));
}
_userManagementManager.DeleteUser(userSSOID);
_db.SaveChanges();
return(Ok("User was deleted"));
}
catch (Exception e) when(e is InvalidGuidException ||
e is InvalidModelPayloadException)
{
return(Content(HttpStatusCode.BadRequest, e.Message));
}
catch (Exception e)
{
if (e is DbUpdateException ||
e is DbEntityValidationException)
{
_db.RevertDatabaseChanges(_db);
}
return(Content(HttpStatusCode.InternalServerError, e.Message));
}
}
}
public void Create_User_Using_Manager_NotRealEmail()
{
// Arrange
string email = Guid.NewGuid() + ".com";
string password = (Guid.NewGuid()).ToString();
DateTime dob = DateTime.UtcNow;
// Act
using (var _db = tu.CreateDataBaseContext())
{
_umm = new UserManagementManager(_db);
var response = _umm.CreateUser(email, Guid.NewGuid());
// Assert
//expects exception
}
}
public void Enable_User_Success()
{
// Arrange
User newUser = tu.CreateUserInDb();
var expectedResponse = newUser;
var expectedResult = false;
// ACT
UserManagementManager _umm = new UserManagementManager();
var response = _umm.EnableUser(newUser);
var result = _umm.GetUser(newUser.Id);
// Assert
Assert.IsTrue(response == 1);
Assert.IsNotNull(result);
Assert.AreEqual(expectedResult, result.Disabled);
}
public IHttpActionResult Delete() // User delete self from pointmap
{
using (var _db = new DatabaseContext())
{
try
{
// Throws ExceptionService.NoTokenProvidedException
// Throws ExceptionService.SessionNotFoundException
var session = ControllerHelpers.ValidateAndUpdateSession(Request);
var _userManager = new UserManagementManager(_db);
// Throw exception if user not found
var user = _userManager.GetUser(session.UserId);
if (user == null)
{
return(Content(HttpStatusCode.NotFound, "User does not exist."));
}
// Delete user self and their sessions
_userManager.DeleteUser(user.Id);
_db.SaveChanges();
var response = Content(HttpStatusCode.OK, "User was deleted from Pointmap.");
return(response);
}
catch (Exception e) when(e is InvalidGuidException)
{
return(Content(HttpStatusCode.BadRequest, e.Message));
}
catch (Exception e) when(e is NoTokenProvidedException ||
e is SessionNotFoundException)
{
return(Content(HttpStatusCode.Unauthorized, e.Message));
}
catch (Exception e)
{
if (e is DbUpdateException ||
e is DbEntityValidationException)
{
_db.RevertDatabaseChanges(_db);
}
return(Content(HttpStatusCode.InternalServerError, e.Message));
}
}
}
public IHttpActionResult LogoutViaSSO([FromBody] LogoutRequestPayload requestPayload)
{
using (var _db = new DatabaseContext())
{
try
{
// throws ExceptionService.InvalidModelPayloadException
ControllerHelpers.ValidateModelAndPayload(ModelState, requestPayload);
// throws ExceptionService.InvalidGuidException
var userSSOID = ControllerHelpers.ParseAndCheckId(requestPayload.SSOUserId);
var _userManagementManager = new UserManagementManager(_db);
var user = _userManagementManager.GetUser(userSSOID);
if (user == null)
{
return(Content(HttpStatusCode.OK, "User does not exist."));
}
var _userManager = new UserManager(_db);
_userManager.Logout(user);
_db.SaveChanges();
return(Ok("User was logged out."));
}
catch (Exception e) when(e is InvalidGuidException ||
e is InvalidModelPayloadException)
{
return(Content(HttpStatusCode.BadRequest, e.Message));
}
catch (Exception e) when(e is UserNotFoundException)
{
return(Content(HttpStatusCode.NotFound, e.Message));
}
catch (Exception e)
{
if (e is DbUpdateException ||
e is DbEntityValidationException)
{
_db.RevertDatabaseChanges(_db);
}
return(Content(HttpStatusCode.InternalServerError, e.Message));
}
}
}
public void Toggle_User_Success()
{
// Arrange
newUser = tu.CreateUserInDb();
var expectedResult = !newUser.Disabled;
// ACT
using (var _db = new DatabaseContext())
{
_umm = new UserManagementManager(_db);
_umm.ToggleUser(newUser, true);
_db.SaveChanges();
var result = _umm.GetUser(newUser.Id);
// Assert
Assert.IsNotNull(result);
Assert.AreEqual(expectedResult, result.Disabled);
}
}
public async void LogoutFromSSO(string Username, Guid ssoID, long timestamp, string signature)
{
// Check if valid signature request
var validSignature = _ssoServiceAuth.IsValidClientRequest(ssoID.ToString(), Username, timestamp, signature);
if (!validSignature)
{
throw new InvalidTokenSignatureException("Session is not valid.");
}
_userManagementManager = new UserManagementManager(_db);
var _userManager = new UserManager(_db);
var user = _userManagementManager.GetUser(ssoID);
if (user == null)
{
return;
}
// Delete all sessions of the user
_userManager.Logout(user);
}
public IHttpActionResult Delete([FromBody, Required] ParkingMasterFrontendDTO request)
{
if (request == null)
{
return(Content((HttpStatusCode)400, "Request is null."));
}
UserManagementManager userManager = new UserManagementManager();
ResponseDTO <bool> managerResponse = userManager.DeleteUser(request);
if (managerResponse.Data)
{
return(Ok());
}
else
{
ResponseDTO <HttpStatusCode> statusResponse = ResponseManager.ConvertErrorToStatus(managerResponse.Error);
return(Content(statusResponse.Data, statusResponse.Error));
}
}
public IHttpActionResult LogoutUser([FromBody, Required] SsoUserRequestDTO request)
{
if (request == null)
{
return(Content((HttpStatusCode)400, "Request is null."));
}
UserManagementManager _userManagementManager = new UserManagementManager();
ResponseDTO <HttpStatusCode> managerResponse = _userManagementManager.LogoutUser(request);
if (managerResponse.Data != (HttpStatusCode)200)
{
return(Content(managerResponse.Data, managerResponse.Error));
}
else
{
return(Ok());
}
}
public void Create_User_Using_Manager()
{
// Arrange
string Username = Guid.NewGuid() + "@" + Guid.NewGuid() + ".com";
string password = (Guid.NewGuid()).ToString();
DateTime dob = DateTime.UtcNow;
// Act
using (var _db = tu.CreateDataBaseContext())
{
_umm = new UserManagementManager(_db);
var response = _umm.CreateUser(Username, Guid.NewGuid());
_db.SaveChanges();
var result = _umm.GetUser(response.Id);
// Assert
Assert.IsNotNull(response);
Assert.IsNotNull(result);
Assert.AreEqual(Username, result.Username);
}
}
public string GetEmail(string token)
{
UserManagementManager umm = new UserManagementManager();
SessionService ss = new SessionService();
Session session = new Session();
User user;
string email;
using (var _db = new DatabaseContext())
{
session = ss.GetSession(_db, token);
Console.WriteLine(session);
}
var id = session.UserId;
user = umm.GetUser(id);
email = user.Email;
return(email);
}
public async Task <IHttpActionResult> DeleteFromAll([FromBody, Required] ParkingMasterFrontendDTO request)
{
LoginManager loginManager = new LoginManager();
UserManagementManager userManager = new UserManagementManager();
ResponseDTO <ParkingMasterFrontendDTO> response = loginManager.SessionChecker(request.Token);
if (response.Data != null)
{
var deleteResponse = await userManager.DeleteUserFromApps(Guid.Parse(response.Data.Id));
if (deleteResponse.IsSuccessStatusCode)
{
return(Ok());
}
else
{
ResponseDTO <HttpStatusCode> statusResponse = ResponseManager.ConvertErrorToStatus(response.Error);
return(Content(statusResponse.Data, statusResponse.Error));
}
}
return(Content((HttpStatusCode)404, response.Error));
}
public static List <PermissionContract> GetAllResourcesPermissions(Guid token, Guid?projectID)
{
return(UserManagementManager.GetAllResourcesPermissions(token, projectID));
}
public static Dictionary <String, String> GetUserAttributesDictionary(Guid token, Guid userID, Guid projectID)
{
return(UserManagementManager.GetUserAttributesDictionary(token, userID, projectID));
}
public static List <AttributeValueContract> GetAttributeValues(Guid token, Guid parentID, Guid projectID)
{
return(UserManagementManager.GetAttributeValues(token, parentID, projectID));
}
public static PermissionContract GetResourcePermission(Guid token, String resourcePath)
{
return(UserManagementManager.GetResourcePermission(token, resourcePath));
}
