public void mapUserRoles()
 {
     TMConfig.Current = null;
     HttpContextFactory._context = null;
     var tmAuthentication = new TM_Authentication(null);
     Assert.AreEqual(tmAuthentication, tmAuthentication.mapUserRoles(false) , "This should not thrown an exception");
 }
Example #2
0
 public TM_WebServices(bool disable_Csrf_Check)
 {
     tmXmlDatabase    = TM_Xml_Database.Current;
     userData         = tmXmlDatabase.userData();
     tmAuthentication = new TM_Authentication(this).mapUserRoles(disable_Csrf_Check);
     GZip.setGZipCompression_forAjaxRequests();
 }
Example #3
0
 public TM_WebServices(bool disable_Csrf_Check)
 {
     tmXmlDatabase       = TM_Xml_Database.Current;
     userData            = tmXmlDatabase  .userData();
     tmAuthentication	= new TM_Authentication(this).mapUserRoles(disable_Csrf_Check);
     GZip.setGZipCompression_forAjaxRequests();
 }
        public void authToken()
        {
            HttpContextFactory.Context.mock();
            var request = HttpContextFactory.Request;
            var tmAuthentication = new TM_Authentication(null);

            Assert.AreEqual(Guid.Empty,tmAuthentication.authToken);
            Assert.IsNull(request.QueryString[authVar]);

            //test with an random string
            request.QueryString[authVar] = 10.randomLetters();
            Assert.IsNotNull(request.QueryString[authVar]);
            Assert.AreEqual (Guid.Empty,tmAuthentication.authToken);

            //test with an random GUID
            request.QueryString[authVar] = Guid.NewGuid().str();
            Assert.IsNotNull  (request.QueryString[authVar]);
            Assert.AreNotEqual(Guid.Empty,tmAuthentication.authToken);
        }
        public void TM_Authentication_mapUserRoles()
        {
            HttpContextFactory.Context.mock();
            var tmAuthentication = new TM_Authentication(null);
            Assert.NotNull (tmAuthentication.sessionID);
            Assert.AreEqual(tmAuthentication.sessionID,Guid.Empty);
            Assert.IsFalse(tmConfig.WindowsAuthentication.Enabled);

            
            tmConfig.WindowsAuthentication.Enabled = true;
            var identity = tmAuthentication.Current_WindowsIdentity;
            changeIndentityToBeImpersonation(identity);
            
            tmAuthentication.mapUserRoles();

            var tmUser_fromSession = tmAuthentication.sessionID.session_TmUser();

            Assert.AreNotEqual(tmAuthentication.sessionID,Guid.Empty); // sessionID should be set
            Assert.IsTrue     (tmAuthentication.sessionID.validSession());
            Assert.IsNotNull  (tmUser_fromSession);
            Assert.AreEqual   (tmUser_fromSession.UserName,identity.Name);
            
            tmConfig.WindowsAuthentication.Enabled = false;
        }
Example #6
0
 public static bool setCurrentUserPassword(this TM_UserData userData, TM_Authentication tmAuthentication, string currentPassword, string newPassword)
 {
     var tmUser = tmAuthentication.currentUser;
     if (tmUser.notNull())
     {
         if (tmUser.SecretData.PasswordHash == tmUser.createPasswordHash(currentPassword))
         {
             var newPasswordHash =  tmUser.createPasswordHash(newPassword);
             if (newPasswordHash != tmUser.SecretData.PasswordHash)
             {
                 tmUser.SecretData.PasswordHash = tmUser.createPasswordHash(newPassword);
                 tmUser.saveTmUser();
                 return true;
             }
         }
     }
     return false;
 }
        public static bool          setCurrentUserPassword(this TM_UserData userData, TM_Authentication tmAuthentication, string currentPassword, string newPassword)
        {
            var tmUser = tmAuthentication.currentUser;

            if (tmUser.notNull())
            {
                if (tmUser.SecretData.PasswordHash == tmUser.createPasswordHash(currentPassword))
                {
                    var newPasswordHash = tmUser.createPasswordHash(newPassword);
                    if (newPasswordHash != tmUser.SecretData.PasswordHash)
                    {
                        tmUser.SecretData.PasswordHash = tmUser.createPasswordHash(newPassword);
                        tmUser.saveTmUser();
                        return(true);
                    }
                }
            }
            return(false);
        }
Example #8
0
 public Test_TM_Authentication()
 {
     tmAuthentication= tmWebServices.tmAuthentication;
     Assert.IsFalse(tmConfig.WindowsAuthentication.Enabled);
     Assert.NotNull(tmAuthentication);
 }
Example #9
0
        public static bool          setCurrentUserPassword(this TM_UserData userData, TM_Authentication tmAuthentication, string currentPassword, string newPassword)
        {
            var tmUser = tmAuthentication.currentUser;

            if (tmUser.notNull())
            {
                if (tmUser.SecretData.PasswordHash == tmUser.createPasswordHash(currentPassword)) // check if current password matches provided value
                {
                    var newPasswordHash = tmUser.createPasswordHash(newPassword);
                    if (newPasswordHash != tmUser.SecretData.PasswordHash)                        // check that password are not repeated
                    {
                        tmUser.logUserActivity("User Password Change", "With previous password provided");
                        return(tmUser.setPasswordHash(newPasswordHash));
                    }
                }
            }
            return(false);
        }
        public void TM_Authentication_mapUserRoles()
        {
            HttpContextFactory.Context.mock();
            var request = HttpContextFactory.Request;
            var tmAuthentication = new TM_Authentication(null);
            Assert.NotNull (tmAuthentication.sessionID);
            Assert.AreEqual(tmAuthentication.sessionID,Guid.Empty);
            Assert.IsNull  (request[authVar]);

            tmAuthentication.mapUserRoles();
            Assert.AreEqual(tmAuthentication.sessionID,Guid.Empty);

            request.QueryString[authVar] = user_AuthToken.Token.str();

            Assert.IsNotNull  (request[authVar]);

            tmAuthentication.mapUserRoles();
            Assert.AreNotEqual(tmAuthentication.sessionID,Guid.Empty);
            Assert.IsTrue     (tmAuthentication.sessionID.validSession());
            Assert.AreEqual   (tmAuthentication.sessionID.session_TmUser(), tmUser);
        }
        public void Login_Using_Pwd_and_Login_Using_AuthToken()
        {
            HttpContextFactory.Context.mock();

            //Create user and login using its username and pwd
            var username         = 10.randomLetters();
            var password         = "******".add_RandomLetters(10);
            var userId           = userData.newUser(username,password);
            var loginId          = userData.login(username, password);
            var tmAuthentication = new TM_Authentication(null);

            Assert.Less       (0, userId);
            Assert.AreNotEqual(Guid.Empty, loginId);
            Assert.AreEqual   (Guid.Empty, tmAuthentication.sessionID);

            //set current sessionId to user created above
            tmAuthentication.sessionID = loginId;
            Assert.AreEqual(tmAuthentication.sessionID, loginId);
            Assert.AreEqual(tmAuthentication.sessionID.session_TmUser().UserID   , userId);
            Assert.AreEqual(tmAuthentication.sessionID.session_TmUser().UserName , username);

            //set authVar to user_AuthToken and simulate the login process
            HttpContextFactory.Request.QueryString[authVar] = user_AuthToken.Token.str();
            tmAuthentication.mapUserRoles();

            //the sessionId should now be mapped to tmUser and not to the user created above
            var sessionId = tmAuthentication.sessionID;
            Assert.AreNotEqual(sessionId, loginId);
            Assert.AreEqual   (tmAuthentication.sessionID.session_TmUser().UserName , tmUser.UserName);

            //another request to tmAuthentication.mapUserRoles(); should not change session or login the user again
            tmAuthentication.mapUserRoles();
            Assert.AreEqual  (sessionId, tmAuthentication.sessionID);
        }