public void GivenIMakeANoteOfTheSecurityInformationAndSaltForUser(string userName)
        {
            var user = SeDatabase.GetUsers().Single(a => a.UserName == userName);

            ScenarioContext.Current.SetHash(user.SecurityAnswer);
            ScenarioContext.Current.SetSalt(user.SecurityAnswerSalt);
        }
Esempio n. 2
0
        public void ThenTheUserHasThePasswordExpiryDateSet(string userName)
        {
            var user = SeDatabase.GetUsers().Single(a => a.UserName == userName);

            Assert.IsTrue(user.PasswordExpiryDateUtc.HasValue, $"User {user.UserName} should have had the password expiry date set");
            Assert.That(user.PasswordExpiryDateUtc.Value, Is.LessThan(DateTime.UtcNow));
        }
Esempio n. 3
0
        public void GivenIHaveTheFollowingLogsInTheSystem(Table table)
        {
            var dataToCreate = table.CreateSet <Log>().ToList();

            dataToCreate.ForEach(a => a.TimeStamp = DateTime.Now);
            SeDatabase.SetLogs(dataToCreate);
        }
Esempio n. 4
0
        public void ThenIHaveALogInTheSystemMatchingTheFollowing(Table table)
        {
            var logModel = table.CreateInstance <LogModel>();
            var logs     = SeDatabase.GetLogs();

            Assert.IsTrue(logs.Count(a => a.Level == logModel.Level && a.Message.Contains(logModel.Message)) == 1, "Log does not match message");
        }
Esempio n. 5
0
        public void GivenIMakeANoteOfThePasswordAndSaltFor(string userName)
        {
            var user = SeDatabase.GetUsers().Single(a => a.UserName == userName);

            ScenarioContext.Current.SetHash(user.PasswordHash);
            ScenarioContext.Current.SetSalt(user.PasswordSalt);
        }
        public void ThenTheUserDoesNotHaveThePasswordExpiryDateSet(string userName)
        {
            var user = SeDatabase.GetUsers().Single(a => a.UserName == userName);

            Assert.IsFalse(user.PasswordExpiryDateUtc.HasValue,
                           $"User {user.UserName} should not have the password expiry date set");
        }
Esempio n. 7
0
        public void ThenThePasswordResetTokenAndExpiryForUserAreNotSet(string userName)
        {
            var user = SeDatabase.GetUsers().Single(a => a.UserName == userName);

            Assert.IsTrue(string.IsNullOrEmpty(user.PasswordResetToken), $"User {user.UserName} should have had the password reset token cleared");
            Assert.IsFalse(user.PasswordResetExpiryDateUtc.HasValue, $"User {user.UserName} should have had the password reset token expiry date cleared");
        }
Esempio n. 8
0
        public void ThenTheUserHasThePasswordResetTokenSetAndPasswordResetExpirySetToMinutes(string userName, int expiryMinutes)
        {
            var user = SeDatabase.GetUsers().Single(a => a.UserName == userName);

            Assert.IsTrue(!string.IsNullOrEmpty(user.PasswordResetToken), $"User {user.UserName} should have had the password reset token set");
            Assert.IsTrue(user.PasswordResetExpiryDateUtc.HasValue, $"User {user.UserName} should have had the password reset token expiry date set");
            Assert.That(user.PasswordResetExpiryDateUtc.Value, Is.GreaterThan(DateTime.UtcNow.AddMinutes(expiryMinutes)));
        }
Esempio n. 9
0
        public void ThenTheUserHasTheNewEmailAddressTokenAndExpiryCleared(string userName)
        {
            var user = SeDatabase.GetUsers().Single(a => a.UserName == userName);

            Assert.IsNull(user.NewEmailAddress, "New Email Address should be cleared");
            Assert.IsNull(user.NewEmailAddressToken, $"User {user.UserName} should have had the new email address token cleared");
            Assert.IsFalse(user.NewEmailAddressRequestExpiryDateUtc.HasValue, $"User {user.UserName} should have had the new email address expiry date cleared");
        }
Esempio n. 10
0
        public void GivenTheFollowingUsersAreSetupInTheDatabase(Table table)
        {
            var usersToCreate = table.CreateSet <UserToCreate>().ToList();
            var users         = new List <User>();
            var hashStrategy  = (HashStrategyKind)Convert.ToInt32(ConfigurationManager.AppSettings["DefaultHashStrategy"]);
            var encryptor     = new Encryption();
            var adminRole     = SeDatabase.GetRoleByName("Admin");

            foreach (var userToCreate in usersToCreate)
            {
                string encryptedSecurityAnswer;
                string encryptedSecurityAnswerSalt;
                var    securePassword   = new SecuredPassword(userToCreate.Password, hashStrategy);
                var    securityQuestion = SeDatabase.GetLookupItemsByLookupType(Consts.LookupTypeId.SecurityQuestion).Single(a => a.Description == userToCreate.SecurityQuestion);
                encryptor.Encrypt(ConfigurationManager.AppSettings["EncryptionPassword"], Convert.ToInt32(ConfigurationManager.AppSettings["EncryptionIterationCount"]), userToCreate.SecurityAnswer, out encryptedSecurityAnswerSalt, out encryptedSecurityAnswer);

                var user = new User
                {
                    UserName     = userToCreate.UserName,
                    FirstName    = userToCreate.FirstName,
                    LastName     = userToCreate.LastName,
                    TelNoWork    = userToCreate.WorkTelephoneNumber,
                    TelNoHome    = userToCreate.HomeTelephoneNumber,
                    TelNoMobile  = userToCreate.MobileTelephoneNumber,
                    Title        = userToCreate.Title,
                    Town         = userToCreate.Town,
                    Postcode     = userToCreate.Postcode,
                    SkypeName    = userToCreate.SkypeName,
                    HashStrategy = hashStrategy,
                    PasswordHash = Convert.ToBase64String(securePassword.Hash),
                    PasswordSalt = Convert.ToBase64String(securePassword.Salt),
                    SecurityQuestionLookupItemId = securityQuestion.Id,
                    SecurityAnswer                      = encryptedSecurityAnswer,
                    SecurityAnswerSalt                  = encryptedSecurityAnswerSalt,
                    Approved                            = true,
                    EmailVerified                       = true,
                    Enabled                             = true,
                    PasswordLastChangedDateUtc          = DateTime.UtcNow,
                    PasswordResetToken                  = string.IsNullOrWhiteSpace(userToCreate.PasswordResetToken) ? null : userToCreate.PasswordResetToken,
                    PasswordResetExpiryDateUtc          = userToCreate.PasswordResetExpiry == "[One day from now]" ? (DateTime?)DateTime.UtcNow.AddDays(1) : null,
                    NewEmailAddress                     = string.IsNullOrWhiteSpace(userToCreate.NewEmailAddress) ? null : userToCreate.NewEmailAddress,
                    NewEmailAddressToken                = string.IsNullOrWhiteSpace(userToCreate.NewEmailAddressToken) ? null : userToCreate.NewEmailAddressToken,
                    NewEmailAddressRequestExpiryDateUtc = userToCreate.NewEmailAddressRequestExpiryDate == "[One day from now]" ? (DateTime?)DateTime.UtcNow.AddDays(1) : null,
                    PasswordExpiryDateUtc               = userToCreate.PasswordExpiryDate == "[Expired]" ? (DateTime?)DateTime.Now.AddDays(-1) : null
                };
                if (userToCreate.IsAdmin)
                {
                    user.UserRoles = new List <UserRole> {
                        new UserRole {
                            RoleId = adminRole.Id, UserId = 1
                        }
                    };
                }
                users.Add(user);
            }
            SeDatabase.SetUsers(users);
        }
Esempio n. 11
0
        public void ThenTheUserHasTheNewEmailAddressTokenSetAndNewEmailAddressExpiryIsAtLeastMinutesFromNow(string userName, int expiryMinutes)
        {
            var user = SeDatabase.GetUsers().Single(a => a.UserName == userName);

            Assert.IsTrue(!string.IsNullOrEmpty(user.NewEmailAddress), $"User {user.UserName} should have had the new email address set");
            Assert.IsTrue(!string.IsNullOrEmpty(user.NewEmailAddressToken), $"User {user.UserName} should have had the new email address token set");
            Assert.IsTrue(user.NewEmailAddressRequestExpiryDateUtc.HasValue, $"User {user.UserName} should have had the new email address expiry date set");
            Assert.That(user.NewEmailAddressRequestExpiryDateUtc.Value, Is.GreaterThan(DateTime.UtcNow.AddMinutes(expiryMinutes)));
        }
		public void ThenTheSecurityInformationForHasChanged(string userName)
		{
			var user = SeDatabase.GetUsers().Single(a => a.UserName == userName);
			var expectedHash = ScenarioContext.Current.GetHash();
			var expectedSalt = ScenarioContext.Current.GetSalt();
			Assert.IsFalse(string.IsNullOrEmpty(expectedHash), "Hash has not previously been captured");
			Assert.IsFalse(string.IsNullOrEmpty(expectedSalt), "Salt has not previously been captured");
			Assert.That(user.PasswordHash, Is.Not.EqualTo(expectedHash), "The hash was expected to have changed");
			Assert.That(user.PasswordSalt, Is.Not.EqualTo(expectedSalt), "The salt was expected to have changed");
		}
Esempio n. 13
0
        public void ThenIHaveCertificatePolicyViolationInTheSystem(int expectedNumberOfCtViolations)
        {
            var ctWarnings = SeDatabase.GetCtWarnings();

            Repeater.DoOrTimeout(() =>
            {
                ctWarnings = SeDatabase.GetCtWarnings();
                return(ctWarnings.Count == expectedNumberOfCtViolations);
            }, TimeSpan.FromSeconds(30), TimeSpan.FromSeconds(2));
            Assert.That(ctWarnings.Count, Is.EqualTo(expectedNumberOfCtViolations), $"Was not able to find {expectedNumberOfCtViolations} ct violations in the logs");
        }
Esempio n. 14
0
        public void ThenIHaveHttpPublicKeyPinningViolationInTheSystem(int expectedNumberOfHpkpViolations)
        {
            var hpkpWarnings = SeDatabase.GetHpkpWarnings();

            Repeater.DoOrTimeout(() =>
            {
                hpkpWarnings = SeDatabase.GetHpkpWarnings();
                return(hpkpWarnings.Count == expectedNumberOfHpkpViolations);
            }, TimeSpan.FromSeconds(30), TimeSpan.FromSeconds(2));
            Assert.That(hpkpWarnings.Count, Is.EqualTo(expectedNumberOfHpkpViolations), $"Was not able to find {expectedNumberOfHpkpViolations} hpkp violations in the logs");
        }
Esempio n. 15
0
        public static void CheckForErrors()
        {
            var errors = SeDatabase.GetSystemErrors();

            Assert.That(errors.Count, Is.EqualTo(0), $"Expected No errors but found error(s) {string.Join(", ", errors.Select(a => a.Message).ToArray())}");
            var appSensorErrors = SeDatabase.GetAppSensorErrors();

            Assert.That(appSensorErrors.Count, Is.EqualTo(0), $"Expected No errors but found appSensor error(s) {string.Join(", ", appSensorErrors.Select(a => a.Message).ToArray())}");
            var cspWarnings = SeDatabase.GetCspWarnings();

            Assert.That(cspWarnings.Count, Is.EqualTo(0), $"Expected No Csp Warnings but found warnings(s) {string.Join(", ", cspWarnings.Select(a => a.Message).ToArray())}");
        }
Esempio n. 16
0
        public void GivenTheFollowingUserRolesAreSetupInTheSystemForUser(string userName, Table table)
        {
            var user      = SeDatabase.GetUsers().Single(a => a.UserName == userName);
            var userRoles = new List <UserRole>();

            foreach (var row in table.Rows)
            {
                var role     = SeDatabase.GetRoleByName(row[0]);
                var userRole = new UserRole
                {
                    UserId = user.Id,
                    RoleId = role.Id
                };
                userRoles.Add(userRole);
            }
            SeDatabase.SetUserRoles(userRoles);
        }
Esempio n. 17
0
        public void ThenIHaveTheFollowingUsersInTheSystem(Table table)
        {
            var users = SeDatabase.GetUsers();

            if (table.Header.Contains("SecurityQuestionLookupItemId"))
            {
                foreach (var tableRow in table.Rows)
                {
                    if (tableRow.ContainsKey("SecurityQuestionLookupItemId"))
                    {
                        if (!string.IsNullOrWhiteSpace(tableRow["SecurityQuestionLookupItemId"]))
                        {
                            var securityQuestionLookupItem =
                                SeDatabase.GetLookupItemByLookupTypeAndDescription(Consts.LookupTypeId.SecurityQuestion, tableRow["SecurityQuestionLookupItemId"]);
                            tableRow["SecurityQuestionLookupItemId"] = securityQuestionLookupItem.Id.ToString();
                        }
                    }
                }
            }
            table.CompareToSet(users);
        }
Esempio n. 18
0
        public static void CheckForErrors()
        {
            var errors = SeDatabase.GetSystemErrors();

            Assert.That(errors.Count, Is.EqualTo(0), $"Expected No errors but found error(s) {string.Join(", ", errors.Select(a => a.Message).ToArray())}");
        }
Esempio n. 19
0
        public void GivenTheFollowingLookupTypesAreSetUpInTheDatabase(Table table)
        {
            var itemsToCreate = table.CreateSet <LookupType>().ToList();

            SeDatabase.SetLookupTypes(itemsToCreate);
        }
Esempio n. 20
0
 public void GivenIClearDownTheDatabase()
 {
     SeDatabase.ClearDatabase();
 }
Esempio n. 21
0
        public void ThenIHaveTheFollowingUserLogsInTheSystem(Table table)
        {
            var userLogs = SeDatabase.GetUserLogs();

            table.CompareToSet(userLogs);
        }
Esempio n. 22
0
        public void GivenIHaveEntryIesInThePasswordHistoryTable(int numberOfPassWordHistoryEntries)
        {
            var passwordHistories = SeDatabase.GetPreviousPasswords();

            Assert.That(passwordHistories.Count, Is.EqualTo(numberOfPassWordHistoryEntries));
        }
        public void ThenIHaveTheFollowingUserLogsInTheSystem(Table table)
        {
            var actualAuditEdits = SeDatabase.GetUserLogs();

            table.CompareToSet(actualAuditEdits);
        }