Esempio n. 1
0
        public void ApiUserInfoTest(string password)
        {
            var username           = RandomString();
            var apiKey             = RandomString();
            var IP                 = "127.0.0.1";
            var requestManager     = FakeRequestManager.Create();
            var membershipProvider = new MockCMSMembershipProvider();

            membershipProvider.ValidUsers.Add(new CmsData.User {
                Username = username, Password = password
            });
            var roleProvider = new MockCMSRoleProvider();

            db.SetSetting("ApiUserInfoKey", apiKey);
            db.SetSetting("ApiUserInfoIPList", IP);

            CreateUser(username, password);
            requestManager.CurrentHttpContext.Request.Headers["Authorization"]       = BasicAuthenticationString(username, password);
            requestManager.CurrentHttpContext.Request.Headers["ApiKey"]              = apiKey;
            requestManager.CurrentHttpContext.Request.ServerVariables["REMOTE_ADDR"] = IP;
            CMSMembershipProvider.SetCurrentProvider(membershipProvider);
            CMSRoleProvider.SetCurrentProvider(roleProvider);

            var controller = new ExternalServicesController(requestManager);

            controller.ApiUserInfo();
        }
        public void GetTest(string extraRole, bool valid)
        {
            var username           = RandomString();
            var password           = RandomString();
            var membershipProvider = new MockCMSMembershipProvider {
                ValidUser = true
            };
            var roleProvider = new MockCMSRoleProvider();
            var db           = DatabaseFixture.NewDbContext();
            var context      = ContextTestUtils.CreateMockHttpContext();

            roleProvider.UserRoles.AddRange(new[] { "APIOnly", extraRole });
            db.WriteContentSql("GetTest", "--API\r\nSELECT TOP 10 * FROM dbo.People");
            CreateUser(username, password, roles: new[] { "Access" });
            context.Headers["Authorization"] = BasicAuthenticationString(username, password);
            CMSMembershipProvider.SetCurrentProvider(membershipProvider);
            CMSRoleProvider.SetCurrentProvider(roleProvider);

            var authenticated = AuthHelper.AuthenticateDeveloper(HttpContextFactory.Current, additionalRole: "APIOnly").IsAuthenticated;

            authenticated.ShouldBe(valid);
            if (valid)
            {
                var controller = new CustomController(new Lifecycle.RequestManager())
                {
                    Request = new HttpRequestMessage(HttpMethod.Get, "http://localhost/CustomAPI/GetTest")
                };
                var results = controller.Get("GetTest");

                results.Count().ShouldBeGreaterThan(0);
                (results.First().PeopleId as int?).ShouldNotBeNull();
            }
        }
Esempio n. 3
0
        public void FetchInvolvementTest()
        {
            var username           = RandomString();
            var password           = RandomString();
            var user               = CreateUser(username, password);
            var requestManager     = FakeRequestManager.Create();
            var membershipProvider = new MockCMSMembershipProvider {
                ValidUser = true
            };
            var roleProvider = new MockCMSRoleProvider();

            db.OrganizationMembers.InsertOnSubmit(new OrganizationMember
            {
                Organization = db.Organizations.First(),
                Person       = user.Person,
                MemberTypeId = MemberTypeCode.Member
            });
            db.SubmitChanges();
            CMSMembershipProvider.SetCurrentProvider(membershipProvider);
            CMSRoleProvider.SetCurrentProvider(roleProvider);
            requestManager.CurrentHttpContext.Request.Headers["Authorization"] = BasicAuthenticationString(username, password);
            var controller = new MobileAPIv2Controller(requestManager);
            var message    = new MobileMessage {
                argInt = user.PeopleId.Value
            };
            var data   = message.ToString();
            var result = controller.FetchInvolvement(data) as MobileMessage;

            result.ShouldNotBeNull();
            result.count.ShouldBe(1);
            result.error.ShouldBe(0);
            var orgs = JsonConvert.DeserializeObject <List <MobileInvolvement> >(result.data);

            orgs.Count.ShouldBe(1);
        }
    /// <summary>
    /// Handling login authenticate event.
    /// </summary>
    /// <param name="sender">Sender.</param>
    /// <param name="e">Authenticate event arguments.</param>
    private void loginElem_Authenticate(object sender, AuthenticateEventArgs e)
    {
        if (MFAuthenticationHelper.IsMultiFactorRequiredForUser(loginElem.UserName))
        {
            var plcPasscodeBox = loginElem.FindControl("plcPasscodeBox");
            var plcLoginInputs = loginElem.FindControl("plcLoginInputs");
            var txtPasscode    = loginElem.FindControl("txtPasscode") as CMSTextBox;

            if (txtPasscode == null)
            {
                return;
            }
            if (plcPasscodeBox == null)
            {
                return;
            }
            if (plcLoginInputs == null)
            {
                return;
            }

            // Handle passcode
            string passcode = txtPasscode.Text;
            txtPasscode.Text = "";

            var provider = new CMSMembershipProvider();

            // Validate username and password
            if (plcLoginInputs.Visible)
            {
                if (provider.MFValidateCredentials(loginElem.UserName, loginElem.Password))
                {
                    // Show passcode screen
                    plcLoginInputs.Visible = false;
                    plcPasscodeBox.Visible = true;
                }
            }
            // Validate passcode
            else
            {
                if (provider.MFValidatePasscode(loginElem.UserName, passcode))
                {
                    e.Authenticated = true;
                }
            }
        }
        else
        {
            try
            {
                e.Authenticated = Membership.Provider.ValidateUser(loginElem.UserName, loginElem.Password);
            }
            catch (ConfigurationException ex)
            {
                EventLogProvider.LogException("LogonMiniForm", "VALIDATEUSER", ex);
                var provider = new CMSMembershipProvider();
                e.Authenticated = provider.ValidateUser(loginElem.UserName, loginElem.Password);
            }
        }
    }
Esempio n. 5
0
        public void UpdatePersonTest(int electronic, int statement, int envelope)
        {
            var username           = RandomString();
            var password           = RandomString();
            var user               = CreateUser(username, password);
            var requestManager     = FakeRequestManager.Create();
            var membershipProvider = new MockCMSMembershipProvider {
                ValidUser = true
            };
            var roleProvider = new MockCMSRoleProvider();

            CMSMembershipProvider.SetCurrentProvider(membershipProvider);
            CMSRoleProvider.SetCurrentProvider(roleProvider);
            requestManager.CurrentHttpContext.Request.Headers["Authorization"] = BasicAuthenticationString(username, password);
            var controller = new MobileAPIv2Controller(requestManager);
            var message    = new MobileMessage
            {
                argInt   = user.PeopleId.Value,
                instance = RandomString(),
                data     = $@"[{{""type"":62,""value"":{electronic}}},{{""type"":63,""value"":{statement}}},{{""type"":64,""value"":{envelope}}}]",
            };
            var data   = message.ToString();
            var result = controller.UpdatePerson(data) as MobileMessage;

            result.ShouldNotBeNull();
            result.count.ShouldBe(1);
            result.error.ShouldBe(0);
            db.Refresh(RefreshMode.OverwriteCurrentValues, user.Person);
            user.Person.EnvelopeOptionsId.ShouldBe(envelope);
            user.Person.ElectronicStatement.ShouldBe(electronic != 0);
            user.Person.ContributionOptionsId.ShouldBe(statement);
        }
Esempio n. 6
0
        public void AuthenticateMobileWithSessionTokenTest()
        {
            var username       = RandomString();
            var password       = RandomString();
            var user           = CreateUser(username, password);
            var requestManager = FakeRequestManager.Create();
            var sessionToken   = new ApiSession
            {
                CreatedDate      = DateTime.Now,
                LastAccessedDate = DateTime.Now,
                SessionToken     = Guid.NewGuid(),
                UserId           = user.UserId,
            };

            db.ApiSessions.InsertOnSubmit(sessionToken);
            db.SubmitChanges();

            requestManager.CurrentHttpContext.Request.Headers["SessionToken"] = sessionToken.SessionToken.ToString();
            var membershipProvider = new MockCMSMembershipProvider {
                ValidUser = true
            };
            var roleProvider = new MockCMSRoleProvider();

            CMSMembershipProvider.SetCurrentProvider(membershipProvider);
            CMSRoleProvider.SetCurrentProvider(roleProvider);

            var result = AccountModel.AuthenticateMobile(requestManager.CurrentDatabase, requestManager.CurrentImageDatabase);

            result.ErrorMessage.ShouldBeNullOrEmpty();
            result.IsValid.ShouldBeTrue();
            result.Status.ShouldBe(UserValidationStatus.Success);
        }
Esempio n. 7
0
        public void FetchGivingSummaryTest(decimal contribution, string count, string comment, string total, string contribCount)
        {
            var username           = RandomString();
            var password           = RandomString();
            var user               = CreateUser(username, password);
            var requestManager     = FakeRequestManager.Create();
            var membershipProvider = new MockCMSMembershipProvider {
                ValidUser = true
            };
            var roleProvider = new MockCMSRoleProvider();

            CMSMembershipProvider.SetCurrentProvider(membershipProvider);
            CMSRoleProvider.SetCurrentProvider(roleProvider);
            requestManager.CurrentHttpContext.Request.Headers["Authorization"] = BasicAuthenticationString(username, password);
            var year = DateTime.Now.Year;

            if (contribution > 0)
            {
                var c = new Contribution()
                {
                    PeopleId             = user.PeopleId,
                    ContributionAmount   = contribution,
                    ContributionDate     = new DateTime(year, 7, 2),
                    ContributionStatusId = ContributionStatusCode.Recorded,
                    ContributionTypeId   = ContributionTypeCode.Online,
                    CreatedDate          = DateTime.Now,
                    FundId = 1
                };
                db.Contributions.InsertOnSubmit(c);
                db.SubmitChanges();
            }
            var controller = new MobileAPIv2Controller(requestManager);
            var message    = new MobileMessage
            {
                argInt = 0
            };
            var data   = message.ToString();
            var result = controller.FetchGivingSummary(data) as MobileMessage;

            result.ShouldNotBeNull();
            result.count.ShouldBe(1);
            result.error.ShouldBe(0);
            var summary = JsonConvert.DeserializeObject <MobileGivingSummary>(result.data);

            summary.Count.ShouldBe(1);
            var current = summary[$"{year}"];

            current.ShouldNotBeNull();
            current.title.ShouldBe($"{year}");
            current.comment.ShouldBe(comment);
            current.count.ShouldBe(count);
            current.loaded.ShouldBe(1);
            current.total.ShouldBe(total);
            current.summary[0].title.ShouldBe("Contributions");
            current.summary[0].comment.ShouldBe(comment);
            current.summary[0].count.ShouldBe(contribCount);
            current.summary[0].showAsPledge.ShouldBe(0);
        }
Esempio n. 8
0
        public void RecordAttendTest(string setting)
        {
            var now = DateTime.Now;

            db.SetSetting("AttendCountUpdatesOffline", setting);
            db.SubmitChanges();
            var username = RandomString();
            var password = RandomString();
            var user     = CreateUser(username, password);
            var org      = CreateOrganization();

            org.FirstMeetingDate    = now.AddDays(-7);
            org.RollSheetVisitorWks = 2;
            org.AllowAttendOverlap  = true;
            org.CanSelfCheckin      = true;
            org.NoSecurityLabel     = true;
            org.NumCheckInLabels    = 0;
            db.SubmitChanges();
            var meetingTime = new DateTime(now.Year, now.Month, now.Day, now.Hour, now.Minute - (now.Minute % 15), 0);

            Meeting.FetchOrCreateMeeting(db, org.OrganizationId, meetingTime, noautoabsents: true);

            var requestManager     = FakeRequestManager.Create();
            var context            = requestManager.CurrentHttpContext;
            var membershipProvider = new MockCMSMembershipProvider {
                ValidUser = true
            };
            var roleProvider = new MockCMSRoleProvider();

            roleProvider.UserRoles.Add("Checkin");
            CMSMembershipProvider.SetCurrentProvider(membershipProvider);
            CMSRoleProvider.SetCurrentProvider(roleProvider);
            context.Request.Headers["Authorization"] = BasicAuthenticationString(username, password);

            var controller = new CheckInAPIController(requestManager);
            var json       = $@"{{
    ""rebranded"": ""false"",
    ""argInt"": ""0"",
    ""version"": ""2"",
    ""id"": ""0"",
    ""data"": ""{{\""orgID\"":{org.OrganizationId},\""present\"":true,\""datetime\"":\""{meetingTime:s}\"",\""peopleID\"":{user.PeopleId}}}"",
    ""device"": ""1"",
    ""argString"": """",
    ""count"": ""0""
}}";
            var result     = controller.RecordAttend(json) as CheckInMessage;

            db.DeleteSetting("AttendCountUpdatesOffline");

            result.error.ShouldBe(0);
            result.count.ShouldBe(1);
        }
Esempio n. 9
0
    /// <summary>
    /// Handling login authenticate event.
    /// </summary>
    /// <param name="sender">Sender.</param>
    /// <param name="e">Authenticate event arguments.</param>
    private void Login1_Authenticate(object sender, AuthenticateEventArgs e)
    {
        if (MFAuthenticationHelper.IsMultiFactorRequiredForUser(Login1.UserName))
        {
            var plcPasscodeBox = Login1.FindControl("plcPasscodeBox");
            var plcLoginInputs = Login1.FindControl("plcLoginInputs");
            var txtPasscode    = Login1.FindControl("txtPasscode") as CMSTextBox;

            if (txtPasscode == null)
            {
                return;
            }
            if (plcPasscodeBox == null)
            {
                return;
            }
            if (plcLoginInputs == null)
            {
                return;
            }

            // Handle passcode
            string passcode = txtPasscode.Text;
            txtPasscode.Text = string.Empty;

            var provider = new CMSMembershipProvider();

            // Validate username and password
            if (plcLoginInputs.Visible)
            {
                if (provider.MFValidateCredentials(Login1.UserName, Login1.Password))
                {
                    // Show passcode screen
                    plcLoginInputs.Visible = false;
                    plcPasscodeBox.Visible = true;
                }
            }
            // Validate passcode
            else
            {
                if (provider.MFValidatePasscode(Login1.UserName, passcode))
                {
                    e.Authenticated = true;
                }
            }
        }
        else
        {
            e.Authenticated = Membership.Provider.ValidateUser(Login1.UserName, Login1.Password);
        }
    }
        private IRequestManager SetupRequestManager()
        {
            var username = RandomString();
            var password = RandomString();

            user = CreateUser(username, password);
            var requestManager     = FakeRequestManager.Create();
            var membershipProvider = new MockCMSMembershipProvider {
                ValidUser = true
            };
            var roleProvider = new MockCMSRoleProvider();

            CMSMembershipProvider.SetCurrentProvider(membershipProvider);
            CMSRoleProvider.SetCurrentProvider(roleProvider);
            requestManager.CurrentHttpContext.Request.Headers["Authorization"] = BasicAuthenticationString(username, password);
            return(requestManager);
        }
Esempio n. 11
0
        public void PortraitTest()
        {
            Person personWithPortrait = db.People.Where(p => p.PictureId != null).First();

            var requestManager     = FakeRequestManager.Create();
            var membershipProvider = new MockCMSMembershipProvider {
                ValidUser = false
            };
            var roleProvider = new MockCMSRoleProvider();

            CMSMembershipProvider.SetCurrentProvider(membershipProvider);
            CMSRoleProvider.SetCurrentProvider(roleProvider);

            var controller = new APIPersonController(requestManager);
            var routeData  = new RouteData();

            controller.ControllerContext = new ControllerContext(requestManager.CurrentHttpContext, routeData, controller);
            var result = controller.Portrait(personWithPortrait.Picture.MediumId, 100, 100) as HttpStatusCodeResult;

            result?.StatusCode.ShouldBe(400);

            var username = RandomString();
            var password = RandomString();
            var user     = CreateUser(username, password);

            HttpCookie AuthCookie = new HttpCookie("Authorization");

            AuthCookie.Value   = BasicAuthenticationString(username, password);
            AuthCookie.Expires = DateTime.Now.AddMinutes(5);
            membershipProvider = new MockCMSMembershipProvider {
                ValidUser = true
            };
            CMSMembershipProvider.SetCurrentProvider(membershipProvider);
            requestManager.CurrentHttpContext.Request.Cookies.Add(AuthCookie);

            controller = new APIPersonController(requestManager);
            routeData  = new RouteData();
            controller.ControllerContext = new ControllerContext(requestManager.CurrentHttpContext, routeData, controller);
            result = controller.Portrait(personWithPortrait.Picture.MediumId, 100, 100) as HttpStatusCodeResult;
            result?.StatusCode.ShouldBe(200);
        }
Esempio n. 12
0
        public void authenticateTest(string password)
        {
            var username           = RandomString();
            var requestManager     = FakeRequestManager.Create();
            var membershipProvider = new MockCMSMembershipProvider();

            membershipProvider.ValidUsers.Add(new CmsData.User {
                Username = username, Password = password
            });
            var roleProvider = new MockCMSRoleProvider();

            CreateUser(username, password);
            requestManager.CurrentHttpContext.Request.Headers["Authorization"] = BasicAuthenticationString(username, password);
            CMSMembershipProvider.SetCurrentProvider(membershipProvider);
            CMSRoleProvider.SetCurrentProvider(roleProvider);

            var mobileAuth = new MobileAuthentication(db, "");

            mobileAuth.authenticate("");

            mobileAuth.getErrorMessage().ShouldBe("Authenticated");
            mobileAuth.hasError().ShouldBeFalse();
        }
Esempio n. 13
0
        public void AuthenticatedLinkTest()
        {
            var username           = RandomString();
            var password           = RandomString();
            var user               = CreateUser(username, password);
            var requestManager     = FakeRequestManager.Create();
            var membershipProvider = new MockCMSMembershipProvider {
                ValidUser = true
            };
            var roleProvider = new MockCMSRoleProvider();

            CMSMembershipProvider.SetCurrentProvider(membershipProvider);
            CMSRoleProvider.SetCurrentProvider(roleProvider);
            db.OrganizationMembers.InsertOnSubmit(new OrganizationMember
            {
                Organization = db.Organizations.First(),
                Person       = user.Person,
                MemberTypeId = MemberTypeCode.Member
            });
            db.SubmitChanges();
            requestManager.CurrentHttpContext.Request.Headers["Authorization"] = BasicAuthenticationString(username, password);
            var controller = new MobileAPIv2Controller(requestManager);
            var message    = new MobileMessage
            {
                device    = (int)MobileMessage.Device.ANDROID,
                argString = $"/Person2/{user.PeopleId}/Resources"
            };
            var data   = message.ToString();
            var result = controller.AuthenticatedLink(data) as MobileMessage;
            var token  = db.OneTimeLinks
                         .Where(t => t.Querystring == username && t.Expires < DateTime.Now.AddMinutes(16))
                         .OrderByDescending(t => t.Expires).First().Id.ToCode();

            result.ShouldNotBeNull();
            result.error.ShouldBe(0);
            result.data.ShouldEndWith($"/Logon?otltoken={token}&ReturnUrl=%2fPerson2%2f{user.PeopleId}%2fResources%3fsource%3dAndroid");
        }
Esempio n. 14
0
        public void AuthenticateMobileWithUsernameAndPasswordTest()
        {
            var username       = RandomString();
            var password       = RandomString();
            var user           = CreateUser(username, password);
            var requestManager = FakeRequestManager.Create();
            var db             = requestManager.CurrentDatabase;
            var idb            = requestManager.CurrentImageDatabase;

            requestManager.CurrentHttpContext.Request.Headers["Authorization"] = BasicAuthenticationString(username, password);
            var membershipProvider = new MockCMSMembershipProvider {
                ValidUser = true
            };
            var roleProvider = new MockCMSRoleProvider();

            CMSMembershipProvider.SetCurrentProvider(membershipProvider);
            CMSRoleProvider.SetCurrentProvider(roleProvider);

            var result = AccountModel.AuthenticateMobile(db, idb);

            result.ErrorMessage.ShouldBeNullOrEmpty();
            result.IsValid.ShouldBeTrue();
            result.Status.ShouldBe(UserValidationStatus.Success);
        }
Esempio n. 15
0
        public void FetchGivingHistoryTest(decimal contribution, int total, int prevTotal, int yearCount, int prevYearCount)
        {
            var username           = RandomString();
            var password           = RandomString();
            var user               = CreateUser(username, password);
            var requestManager     = FakeRequestManager.Create();
            var membershipProvider = new MockCMSMembershipProvider {
                ValidUser = true
            };
            var roleProvider = new MockCMSRoleProvider();

            CMSMembershipProvider.SetCurrentProvider(membershipProvider);
            CMSRoleProvider.SetCurrentProvider(roleProvider);
            requestManager.CurrentHttpContext.Request.Headers["Authorization"] = BasicAuthenticationString(username, password);
            var Now  = DateTime.Now;
            var year = Now.Year;

            if (contribution > 0)
            {
                GenerateContribution(contribution, user, Now);
                GenerateContribution(contribution * 10m, user, Now, ContributionTypeCode.Stock);
                GenerateContribution(contribution * 4m, user, Now.AddYears(-1));
            }
            var controller = new MobileAPIv2Controller(requestManager);
            var message    = new MobileMessage
            {
                argInt = 0
            };
            var data   = message.ToString();
            var result = controller.FetchGivingHistory(data) as BaseMessage;

            result.ShouldNotBeNull();
            result.count.ShouldBe(1);
            result.error.ShouldBe(0);
            var history = JsonConvert.DeserializeObject <MobileGivingHistory>(result.data);

            history.lastYear.ShouldBe(year - 1);
            history.lastYearTotal.ShouldBe(prevTotal);
            history.thisYear.ShouldBe(year);
            if (contribution > 0)
            {
                history.yearToDateTotal.ShouldBe(total);
            }
            history.entries.Count.ShouldBe(yearCount);
            if (yearCount > 1)
            {
                var sum = history.entries.Sum(e => e.amount);
                sum.ShouldBe(total);
            }

            message = new MobileMessage
            {
                argInt  = Now.Year - 1,
                version = 9
            };
            data   = message.ToString();
            result = controller.FetchGivingHistory(data) as BaseMessage;
            result.ShouldNotBeNull();
            result.count.ShouldBe(1);
            result.error.ShouldBe(0);
            history = JsonConvert.DeserializeObject <MobileGivingHistory>(result.data);
            history.lastYear.ShouldBe(year - 2);
            history.lastYearTotal.ShouldBe(0);
            history.thisYear.ShouldBe(year - 1);
            if (contribution > 0)
            {
                history.yearToDateTotal.ShouldBe(prevTotal);
            }
            history.entries.Count.ShouldBe(prevYearCount);
            if (yearCount > 1)
            {
                var sum = history.entries.Sum(e => e.amount);
                sum.ShouldBe(prevTotal);
            }
        }
Esempio n. 16
0
        public void FetchGivingSummaryTest(decimal contribution, string count, string comment, string total, string prevTotal, string contribCount, int yearCount)
        {
            var username           = RandomString();
            var password           = RandomString();
            var user               = CreateUser(username, password);
            var requestManager     = FakeRequestManager.Create();
            var membershipProvider = new MockCMSMembershipProvider {
                ValidUser = true
            };
            var roleProvider = new MockCMSRoleProvider();

            CMSMembershipProvider.SetCurrentProvider(membershipProvider);
            CMSRoleProvider.SetCurrentProvider(roleProvider);
            requestManager.CurrentHttpContext.Request.Headers["Authorization"] = BasicAuthenticationString(username, password);
            var Now       = DateTime.Now;
            var year      = Now.Year;
            var fund1Name = db.ContributionFunds.Where(c => c.FundId == 1).Select(c => c.FundName).Single();

            if (contribution > 0)
            {
                GenerateContribution(contribution, user, Now);
                GenerateContribution(contribution * 4m, user, Now.AddYears(-1));
            }
            var controller = new MobileAPIv2Controller(requestManager);
            var message    = new MobileMessage
            {
                argInt = 0
            };
            var data   = message.ToString();
            var result = controller.FetchGivingSummary(data) as MobileMessage;

            result.ShouldNotBeNull();
            result.count.ShouldBe(1);
            result.error.ShouldBe(0);
            var summary = JsonConvert.DeserializeObject <MobileGivingSummary>(result.data);

            summary.Count.ShouldBe(yearCount);
            var current = summary[$"{year}"];

            current.ShouldNotBeNull();
            current.title.ShouldBe($"{year}");
            current.comment.ShouldBe(comment);
            current.count.ShouldBe(count);
            current.loaded.ShouldBe(1);
            current.total.ShouldBe(total);
            current.summary[0].title.ShouldBe("Contributions");
            current.summary[0].comment.ShouldBe(comment);
            current.summary[0].count.ShouldBe(contribCount);
            current.summary[0].showAsPledge.ShouldBe(0);
            if (contribution > 0)
            {
                current.summary[0].funds[0].name.ShouldBe(fund1Name);
                current.summary[0].funds[0].given.ShouldBe(total);
            }
            message = new MobileMessage
            {
                argInt = Now.Year - 1
            };
            data   = message.ToString();
            result = controller.FetchGivingSummary(data) as MobileMessage;
            result.ShouldNotBeNull();
            result.count.ShouldBe(1);
            result.error.ShouldBe(0);
            summary = JsonConvert.DeserializeObject <MobileGivingSummary>(result.data);
            summary.Count.ShouldBe(yearCount);
            if (contribution > 0)
            {
                var previous = summary[$"{year - 1}"];
                previous.ShouldNotBeNull();
                previous.title.ShouldBe($"{year - 1}");
                previous.comment.ShouldBe(comment);
                previous.count.ShouldBe(count);
                previous.loaded.ShouldBe(1);
                previous.total.ShouldBe(prevTotal);
                previous.summary[0].title.ShouldBe("Contributions");
                previous.summary[0].comment.ShouldBe(comment);
                previous.summary[0].count.ShouldBe(contribCount);
                previous.summary[0].showAsPledge.ShouldBe(0);
                previous.summary[0].funds[0].name.ShouldBe(fund1Name);
                previous.summary[0].funds[0].given.ShouldBe(prevTotal);
            }
        }
    /// <summary>
    /// Handling login authenticate event.
    /// </summary>
    /// <param name="sender">Sender.</param>
    /// <param name="e">Authenticate event arguments.</param>
    private void Login1_Authenticate(object sender, AuthenticateEventArgs e)
    {
        if (MFAuthenticationHelper.IsMultiFactorRequiredForUser(Login1.UserName))
        {
            var plcPasscodeBox = Login1.FindControl("plcPasscodeBox");
            var plcLoginInputs = Login1.FindControl("plcLoginInputs");
            var txtPasscode = Login1.FindControl("txtPasscode") as CMSTextBox;

            if (txtPasscode == null)
            {
                return;
            }
            if (plcPasscodeBox == null)
            {
                return;
            }
            if (plcLoginInputs == null)
            {
                return;
            }

            // Handle passcode
            string passcode = txtPasscode.Text;
            txtPasscode.Text = string.Empty;

            var provider = new CMSMembershipProvider();

            // Validate username and password
            if (plcLoginInputs.Visible)
            {
                if (provider.MFValidateCredentials(Login1.UserName, Login1.Password))
                {
                    // Show passcode screen
                    plcLoginInputs.Visible = false;
                    plcPasscodeBox.Visible = true;
                }
            }
            // Validate passcode
            else
            {
                if (provider.MFValidatePasscode(Login1.UserName, passcode))
                {
                    e.Authenticated = true;
                }
            }
        }
        else
        {
            e.Authenticated = Membership.Provider.ValidateUser(Login1.UserName, Login1.Password);
        }
    }
Esempio n. 18
0
    /// <summary>
    /// Prepares the callback result.
    /// </summary>
    public string GetCallbackResult()
    {
        var user = MembershipContext.AuthenticatedUser;

        if (!user.Enabled)
        {
            return("accountLocked");
        }

        if (userValidates)
        {
            if (RequestHelper.IsWindowsAuthentication())
            {
                return(UnlockScreen());
            }

            // User wants to revalidate his session
            if (UserInfoProvider.IsUserPasswordDifferent(user, validatePassword))
            {
                // Password is invalid
                AuthenticationHelper.CheckInvalidPasswordAttempts(user, SiteContext.CurrentSiteName);

                if (!user.Enabled)
                {
                    return("accountLocked");
                }
                return("valbad");
            }

            if (userWaitingForPasscode)
            {
                return(GeneratePasscode(user));
            }

            // Password is correct
            return(UnlockScreen());
        }

        if (passcValidates)
        {
            var membershipProvider = new CMSMembershipProvider();
            if (membershipProvider.MFValidatePasscode(user, validatePasscode, false))
            {
                return(UnlockScreen());
            }

            if (!user.Enabled)
            {
                return("accountLocked");
            }
            return("wrongPassc|" + GetString("mfauthentication.passcode.wrong"));
        }

        if (CMSPage.IsScreenLocked)
        {
            if (userAsksForState)
            {
                // Screen is locked
                return("isLocked|True");
            }

            if (!userIsLoggingOut)
            {
                return("");
            }

            // User wants to logout
            string signOutUrl = SystemContext.ApplicationPath.TrimEnd('/') + "/default.aspx";

            if (IsCMSDesk)
            {
                // LiveID sign out URL is set if this LiveID session
                AuthenticationHelper.SignOut(ref signOutUrl);
            }
            else
            {
                AuthenticationHelper.SignOut();
            }

            return("logout|" + signOutUrl);
        }

        // Check if ScreenLock is active
        if (!SecurityHelper.IsScreenLockEnabled(SiteContext.CurrentSiteName))
        {
            return("disabled");
        }

        // User is canceling countdown and wants to stay active
        if (userCanceling)
        {
            SecurityHelper.LogScreenLockAction();
            return("cancelOk|" + SecurityHelper.GetSecondsToShowScreenLockAction(SiteContext.CurrentSiteName));
        }

        if ((int)timeLeft.TotalSeconds <= 0)
        {
            // User was inactive too long - lock screen
            CMSPage.IsScreenLocked = true;
            return("lockScreen");
        }

        if ((int)timeLeft.TotalSeconds <= secondsToWarning)
        {
            // Lock screen timeout is close - display warning
            return("showWarning|" + ((int)timeLeft.TotalSeconds).ToString());
        }

        // User is active - hide warning and lock screen (if opened)
        return("hideWarning|" + ((int)timeLeft.TotalSeconds - secondsToWarning).ToString());
    }
    /// <summary>
    /// Prepares the callback result.
    /// </summary>
    public string GetCallbackResult()
    {
        var user = MembershipContext.AuthenticatedUser;

        if (!user.Enabled)
        {
            return "accountLocked";
        }

        if (userValidates)
        {
            if (RequestHelper.IsWindowsAuthentication())
            {
                return UnlockScreen();
            }

            // User wants to revalidate his session
            if (UserInfoProvider.IsUserPasswordDifferent(user, validatePassword))
            {
                // Password is invalid
                AuthenticationHelper.CheckInvalidPasswordAttempts(user, SiteContext.CurrentSiteName);

                if (!user.Enabled)
                {
                    return "accountLocked";
                }
                return "valbad";
            }

            if (userWaitingForPasscode)
            {
                return GeneratePasscode(user);
            }

            // Password is correct
            return UnlockScreen();
        }

        if (passcValidates)
        {
            var membershipProvider = new CMSMembershipProvider();
            if (membershipProvider.MFValidatePasscode(user, validatePasscode, false))
            {
                return UnlockScreen();
            }

            if (!user.Enabled)
            {
                return "accountLocked";
            }
            return "wrongPassc|" + GetString("mfauthentication.passcode.wrong");
        }

        if (CMSPage.IsScreenLocked)
        {
            if (userAsksForState)
            {
                // Screen is locked
                return "isLocked|True";
            }

            if (!userIsLoggingOut)
            {
                return "";
            }

            // User wants to logout
            string signOutUrl = SystemContext.ApplicationPath.TrimEnd('/') + "/default.aspx";

            if (IsCMSDesk)
            {
                // LiveID sign out URL is set if this LiveID session
                AuthenticationHelper.SignOut(ref signOutUrl);
            }
            else
            {
                AuthenticationHelper.SignOut();
            }

            return "logout|" + signOutUrl;
        }

        // Check if ScreenLock is active
        if (!SecurityHelper.IsScreenLockEnabled(SiteContext.CurrentSiteName))
        {
            return "disabled";
        }

        // User is canceling countdown and wants to stay active
        if (userCanceling)
        {
            SecurityHelper.LogScreenLockAction();
            return "cancelOk|" + SecurityHelper.GetSecondsToShowScreenLockAction(SiteContext.CurrentSiteName);
        }

        if ((int)timeLeft.TotalSeconds <= 0)
        {
            // User was inactive too long - lock screen
            CMSPage.IsScreenLocked = true;
            return "lockScreen";
        }

        if ((int)timeLeft.TotalSeconds <= secondsToWarning)
        {
            // Lock screen timeout is close - display warning
            return "showWarning|" + ((int)timeLeft.TotalSeconds).ToString();
        }

        // User is active - hide warning and lock screen (if opened)
        return "hideWarning|" + ((int)timeLeft.TotalSeconds - secondsToWarning).ToString();
    }
Esempio n. 20
0
        public void QuickSignInTest(bool useEmail)
        {
            var requestManager = FakeRequestManager.Create();

            db = requestManager.CurrentDatabase;
            var membershipProvider = new MockCMSMembershipProvider {
                ValidUser = true
            };
            var roleProvider = new MockCMSRoleProvider();
            var build        = "2020.2.1";

            CMSMembershipProvider.SetCurrentProvider(membershipProvider);
            CMSRoleProvider.SetCurrentProvider(roleProvider);
            var person = CreatePerson();

            person.CellPhone    = RandomPhoneNumber();
            person.EmailAddress = RandomEmailAddress();
            db.SetSetting("UseMobileQuickSignInCodes", "true");
            db.SetSetting("TwilioToken", RandomString());
            db.SetSetting("TwilioSid", RandomString());
            var group = db.SMSGroups.FirstOrDefault(g => g.SystemFlag == true);

            if (group == null)
            {
                group = new SMSGroup {
                    SystemFlag = true, Name = "System Group", Description = ""
                };
                db.SMSGroups.InsertOnSubmit(group);
                db.SubmitChanges();
            }
            db.SMSNumbers.InsertOnSubmit(new SMSNumber {
                GroupID = group.Id, Number = RandomPhoneNumber(), LastUpdated = DateTime.Now
            });
            db.SubmitChanges();
            string messageBody = "";

            if (useEmail)
            {
                db.SMTPClient = new MockEmailClient
                {
                    Receive = (to, from, subject, body) => {
                        messageBody = body;
                    }
                };
            }
            else
            {
                TwilioHelper.MockSender = (to, from, body, statusCallback) => {
                    messageBody = body;
                    return(new TwilioMessageResult {
                        Status = "Sent"
                    });
                };
            }

            var controller = new MobileAPIv2Controller(requestManager);
            var message    = new MobileMessage
            {
                device    = (int)MobileMessage.Device.ANDROID,
                instance  = RandomString(),
                argString = useEmail ? person.EmailAddress : person.CellPhone,
                build     = build,
            };

            var data   = message.ToString();
            var result = controller.QuickSignIn(data) as MobileMessage;

            result.ShouldNotBeNull();
            result.error.ShouldBe(0);
            messageBody.ShouldNotBeEmpty();

            requestManager.CurrentHttpContext.Request.Headers["Authorization"] = "Quick " + FindCode(messageBody);
            message = new MobileMessage
            {
                device   = (int)MobileMessage.Device.ANDROID,
                instance = message.instance,
                build    = build,
            };
            data   = message.ToString();
            result = controller.QuickSignInUsers(data) as MobileMessage;
            result.ShouldNotBeNull();
            result.error.ShouldBe(0);
            result.count.ShouldBeGreaterThan(0);
            result.data.ShouldNotBeEmpty();

            var list = JsonConvert.DeserializeObject <IEnumerable <MobileQuickSignInUser> >(result.data);
            var user = list.First();

            user.userID.ShouldBe(0);
            user.peopleID.ShouldBe(person.PeopleId);
            user.name.ShouldBe(person.Name);
            user.user.ShouldBe("Create User");
            var device = db.MobileAppDevices.SingleOrDefault(m => m.InstanceID == message.instance);

            device.ShouldNotBeNull();
            device.AppVersion.ShouldBe(build);
            Should.Equals(device.DeviceTypeID, MobileMessage.Device.ANDROID);

            //Test QuickSignInCreateUser
            message = new MobileMessage
            {
                device   = (int)MobileMessage.Device.ANDROID,
                instance = device.InstanceID,
                build    = build,
                argInt   = person.PeopleId,
            };
            data   = message.ToString();
            result = controller.QuickSignInCreateUser(data) as MobileMessage;
            result.ShouldNotBeNull();
            result.error.ShouldBe(0);
            result.count.ShouldBe(0);
            result.data.ShouldNotBeEmpty();
            result.id.ShouldBeGreaterThan(0);
            var userId   = result.id;
            var username = result.data;

            //Test SetDevicePIN
            var pin = "1234";

            message = new MobileMessage
            {
                device    = (int)MobileMessage.Device.ANDROID,
                instance  = device.InstanceID,
                build     = build,
                argInt    = userId,
                argString = pin.Sha256Hash(),
            };
            data   = message.ToString();
            result = controller.SetDevicePIN(data) as MobileMessage;
            result.ShouldNotBeNull();
            result.error.ShouldBe(0);
            result.count.ShouldBe(0);
            result.data.ShouldNotBeEmpty();

            //Test PIN authorization by getting the user's own profile
            requestManager.CurrentHttpContext.Request.Headers["Authorization"] = "PIN " + Convert.ToBase64String(Encoding.ASCII.GetBytes($"{username}:{pin.Sha256Hash()}"));
            message = new MobileMessage
            {
                device   = (int)MobileMessage.Device.ANDROID,
                instance = device.InstanceID,
                build    = build,
                argInt   = person.PeopleId,
            };
            data   = message.ToString();
            result = controller.FetchPerson(data) as MobileMessage;
            result.ShouldNotBeNull();
            result.error.ShouldBe(0);
            result.count.ShouldBe(1);
            result.data.ShouldNotBeEmpty();
        }