public void Userods_CheckUserAndPassoword_UpdateFailedAttemptsFromOtherMethods()
{
//First, setup the test scenario.
long group1 = UserGroupT.CreateUserGroup("usergroup1");
Userod myUser = UserodT.CreateUser(MethodBase.GetCurrentMethod().Name + DateTime.Now.Ticks, "reallystrongpassword", userGroupNumbers: new List <long>()
{
group1
});
Security.CurUser = myUser;
Security.PasswordTyped = "passwordguess#1";
CredentialsFailedAfterLoginEvent.Fired += CredentialsFailedAfterLoginEvent_Fired1;
RunTestsAgainstMiddleTier(new OpenDentBusiness.WebServices.OpenDentalServerMockIIS(user: myUser.UserName, password: myUser.Password));
//try once with the wrong password. Failed attempt should get incremented to 1.
ODException.SwallowAnyException(() => {
Userods.CheckUserAndPassword(myUser.UserName, "passwordguess#1", false);
});
//Get our updated user from the DB.
RunTestsAgainstDirectConnection();
myUser = Userods.GetUserByNameNoCache(myUser.UserName);
//Assert that we only have 1 failed attempt.
Assert.AreEqual(1, myUser.FailedAttempts);
//now wait for another method to get called
RunTestsAgainstMiddleTier(new OpenDentBusiness.WebServices.OpenDentalServerMockIIS(user: myUser.UserName, password: myUser.Password));
ODException.SwallowAnyException(() => {
Computers.UpdateHeartBeat(Environment.MachineName, false);
});
RunTestsAgainstDirectConnection();
//Get our updated user from the DB.
myUser = Userods.GetUserByNameNoCache(myUser.UserName);
//Assert that we only have 1 failed attempt.
Assert.AreEqual(1, myUser.FailedAttempts);
}
public void Userods_CheckUserAndPassword_LockoutAfterUserHasLoggedInButPasswordIsNotCorrectAfter5Attempts()
{
//First, setup the test scenario.
long group1 = UserGroupT.CreateUserGroup("usergroup1");
bool isAccountLocked = false;
Userod myUser = UserodT.CreateUser(MethodBase.GetCurrentMethod().Name + DateTime.Now.Ticks, "reallystrongpassword", userGroupNumbers: new List <long>()
{
group1
});
//Make 5 bad password attempts
for (int i = 1; i < 6; i++)
{
ODException.SwallowAnyException(() => {
Userods.CheckUserAndPassword(myUser.UserName, "passwordguess#" + i, false);
});
}
try {
//the 6th bad attempt should kick us with a message saying that our account has been locked.
Userods.CheckUserAndPassword(myUser.UserName, "passwordguess#6", false);
}
catch (Exception e) {
if (e.Message.Contains("Account has been locked due to failed log in attempts"))
{
isAccountLocked = true;
}
}
//Get our updated user from the DB.
myUser = Userods.GetUserByNameNoCache(myUser.UserName);
//Assert that we got to 5 failed attempts and that the account has been locked.
Assert.AreEqual(5, myUser.FailedAttempts);
Assert.AreEqual(true, isAccountLocked);
}
public void Userods_CheckUserAndPassoword_UpdateFailedAttemptsTo5()
{
//First, setup the test scenario.
long group1 = UserGroupT.CreateUserGroup("usergroup1");
Userod myUser = UserodT.CreateUser(MethodBase.GetCurrentMethod().Name + DateTime.Now.Ticks, "reallystrongpassword", userGroupNumbers: new List <long>()
{
group1
});
CredentialsFailedAfterLoginEvent.Fired += CredentialsFailedAfterLoginEvent_Fired1;
Security.CurUser = myUser;
Security.PasswordTyped = "passwordguess#1";
RunTestsAgainstMiddleTier();
//try with 5 incorrect passwords. Failed attempt should get incremented to 5.
for (int i = 1; i < 6; i++)
{
ODException.SwallowAnyException(() => {
try {
Userods.CheckUserAndPassword(myUser.UserName, "passwordguess#" + i, false);
}
catch (Exception e) {
}
});
}
//Get our updated user from the DB.
RunTestsAgainstDirectConnection();
myUser = Userods.GetUserByNameNoCache(myUser.UserName);
//Assert that there are 5 failed attempts.
Assert.AreEqual(5, myUser.FailedAttempts);
}
private void SetCurrentUserWOCommandQueryPerm(string userGroupName)
{
long group1 = UserGroupT.CreateUserGroup(userGroupName);
Userod userWOCommandPerm = UserodT.CreateUser(MethodBase.GetCurrentMethod().Name + DateTime.Now.Ticks, userGroupNumbers: new List <long>()
{
group1
});
Security.CurUser = userWOCommandPerm;
}
public void Userods_CheckUserAndPassword_IncreaseFailedAttemptsAfterUserHasLoggedInButPasswordIsNotCorrect()
{
//First, setup the test scenario.
//This test is intended to be tested on middle tier.
long group1 = UserGroupT.CreateUserGroup("usergroup1");
Userod myUser = UserodT.CreateUser(MethodBase.GetCurrentMethod().Name + DateTime.Now.Ticks, "reallystrongpassword", userGroupNumbers: new List <long>()
{
group1
});
RunTestsAgainstMiddleTier(new OpenDentBusiness.WebServices.OpenDentalServerMockIIS(user: myUser.UserName, password: myUser.Password));
Security.CurUser = myUser;
Security.PasswordTyped = "passwordguess#1";
CredentialsFailedAfterLoginEvent.Fired += CredentialsFailedAfterLoginEvent_Fired1;
//make a single bad password attempt.
ODException.SwallowAnyException(() => {
Userods.CheckUserAndPassword(myUser.UserName, "passwordguess#1", false);
});
//Get our user from the DB
RunTestsAgainstDirectConnection();
myUser = Userods.GetUserByNameNoCache(myUser.UserName);
//Asssert that the failed attempt got incremented correctly.
Assert.AreEqual(1, myUser.FailedAttempts);
}
