public void TestPluginEnableAlreadyEnabled() {
var security = new SecurityController();
var plugins = (CorePluginController)new CorePluginController() {
Shared = {
Security = security
}
}.Execute();
plugins.Tunnel(new Command() {
Origin = CommandOrigin.Local,
CommandType = CommandType.PluginsEnable,
Scope = {
PluginGuid = plugins.LoadedPlugins.First().PluginGuid
}
});
ICommandResult result = plugins.Tunnel(new Command() {
Origin = CommandOrigin.Local,
CommandType = CommandType.PluginsEnable,
Scope = {
PluginGuid = plugins.LoadedPlugins.First().PluginGuid
}
});
Assert.IsFalse(result.Success);
Assert.AreEqual(CommandResultType.Failed, result.CommandResultType);
}
public void TestCannotAuthenticateAgainstDifferentTokenId() {
const string identifier = "192.168.1.1";
AccessTokenModel accessToken = new AccessTokenModel() {
Account = new AccountModel() {
Username = "******",
PasswordHash = "MyPasswordHash"
}
};
var token = accessToken.Generate(identifier);
var security = new SecurityController();
security.Tunnel(CommandBuilder.SecurityAddGroup("GroupName").SetOrigin(CommandOrigin.Local));
security.Tunnel(CommandBuilder.SecurityGroupAddAccount("GroupName", "Phogue").SetOrigin(CommandOrigin.Local));
security.Tunnel(CommandBuilder.SecurityAccountSetPasswordHash("Phogue", "MyPasswordHash").SetOrigin(CommandOrigin.Local));
// Now append the token onto the account.
security.Tunnel(CommandBuilder.SecurityAccountAppendAccessToken("Phogue", accessToken.Id, accessToken.TokenHash, accessToken.LastTouched).SetOrigin(CommandOrigin.Local));
// Now validate that we can authenticate against the newly appended token hash
ICommandResult result = security.Tunnel(CommandBuilder.SecurityAccountAuthenticateToken(Guid.NewGuid(), token, identifier).SetOrigin(CommandOrigin.Local));
Assert.IsFalse(result.Success);
Assert.AreEqual(CommandResultType.Failed, result.CommandResultType);
}
public void TestSecurityAddGroupDuplicateGroupName() {
var security = new SecurityController();
ICommandResult result = security.Tunnel(new Command() {
Origin = CommandOrigin.Local,
CommandType = CommandType.SecurityAddGroup,
Parameters = TestHelpers.ObjectListToContentList(new List<Object>() {
"GroupName"
})
});
// Test that the group was initially added.
Assert.AreEqual(security.Groups.Last().Name, "GroupName");
// Now readd the same group name.
result = security.Tunnel(new Command() {
Origin = CommandOrigin.Local,
CommandType = CommandType.SecurityAddGroup,
Parameters = TestHelpers.ObjectListToContentList(new List<Object>() {
"GroupName"
})
});
// Test the second result, make sure it failed.
Assert.IsFalse(result.Success);
Assert.AreEqual(result.CommandResultType, CommandResultType.AlreadyExists);
}
public void TestCheckByAccountUsernameIsIdentical() {
var security = new SecurityController();
security.Tunnel(new Command() {
Origin = CommandOrigin.Local,
CommandType = CommandType.SecurityAddGroup,
Parameters = TestHelpers.ObjectListToContentList(new List<Object>() {
"GroupName"
})
});
// Now add a user.
security.Tunnel(new Command() {
Origin = CommandOrigin.Local,
CommandType = CommandType.SecurityGroupAddAccount,
Parameters = TestHelpers.ObjectListToContentList(new List<Object>() {
"GroupName",
"Phogue"
})
});
// Now change the language of the account.
ICommandResult result = security.DispatchIdentityCheck(new Command() {
Authentication = {
Username = "******"
}
}, "Phogue");
// Make sure it was successful.
Assert.IsTrue(result.Success);
Assert.AreEqual(result.CommandResultType, CommandResultType.Success);
}
public void TestGroupDoesNotExist() {
var security = new SecurityController();
security.Tunnel(CommandBuilder.SecurityAddGroup("ThisIsValid").SetOrigin(CommandOrigin.Local));
ICommandResult result = security.Tunnel(CommandBuilder.SecurityGroupRemovePermissionTrait("ThisIsNotValid", CommandType.VariablesSet.ToString(), PermissionTraitsType.Boolean).SetOrigin(CommandOrigin.Local));
Assert.IsFalse(result.Success);
Assert.AreEqual(CommandResultType.DoesNotExists, result.CommandResultType);
}
public void TestGroupDoesNotExist() {
var security = new SecurityController();
security.Tunnel(CommandBuilder.SecurityAddGroup("ThisIsValid").SetOrigin(CommandOrigin.Local));
ICommandResult result = security.Tunnel(CommandBuilder.SecuritySetPredefinedStreamPermissions("ThisIsNotValid").SetOrigin(CommandOrigin.Local));
Assert.IsFalse(result.Success);
Assert.AreEqual(CommandResultType.DoesNotExists, result.CommandResultType);
}
public void TestGuestGroupFailure() {
var security = new SecurityController();
ICommandResult result = security.Tunnel(CommandBuilder.SecuritySetPredefinedStreamPermissions("Guest").SetOrigin(CommandOrigin.Local));
// Make sure it was not successful.
Assert.IsFalse(result.Success);
Assert.AreEqual(CommandResultType.InvalidParameter, result.CommandResultType);
}
public void TestPermissionsdescriptionAppended() {
var security = new SecurityController();
security.Tunnel(CommandBuilder.SecurityAddGroup("GroupName").SetOrigin(CommandOrigin.Local));
security.Tunnel(CommandBuilder.SecurityGroupSetPermissionDescription("GroupName", CommandType.VariablesSet.ToString(), "Description!").SetOrigin(CommandOrigin.Local));
var group = security.Groups.First(item => item.Name == "GroupName");
Assert.AreEqual("Description!", group.Permissions.First(permission => permission.CommandType == CommandType.VariablesSet).Description);
}
public void TestEmptyUid() {
var security = new SecurityController();
// Remove a player, though no accounts/players/groups exist.
ICommandResult result = security.Tunnel(CommandBuilder.SecurityRemovePlayer(CommonProtocolType.DiceBattlefield3, String.Empty).SetOrigin(CommandOrigin.Local));
// Validate the command failed and returned the correct error status.
Assert.IsFalse(result.Success);
Assert.AreEqual(result.CommandResultType, CommandResultType.InvalidParameter);
Assert.IsNull(security.Groups.SelectMany(group => group.Accounts).SelectMany(account => account.Players).FirstOrDefault());
}
public void TestEmptyUsername() {
var security = new SecurityController();
security.Tunnel(CommandBuilder.SecurityAddGroup("GroupName").SetOrigin(CommandOrigin.Local));
// Now add the user.
ICommandResult result = security.Tunnel(CommandBuilder.SecurityGroupAddAccount("GroupName", String.Empty).SetOrigin(CommandOrigin.Local));
// Make sure the account was successfully created.
Assert.IsFalse(result.Success);
Assert.AreEqual(result.CommandResultType, CommandResultType.InvalidParameter);
}
public void TestSuccess() {
var security = new SecurityController();
security.Tunnel(CommandBuilder.SecurityAddGroup("GroupName").SetOrigin(CommandOrigin.Local));
ICommandResult result = security.Tunnel(CommandBuilder.SecuritySetPredefinedStreamPermissions("GroupName").SetOrigin(CommandOrigin.Local));
// Make sure it was not successful.
Assert.IsTrue(result.Success);
Assert.AreEqual(CommandResultType.Success, result.CommandResultType);
}
public void TestTwoExpiredTwoRemoved() {
var security = new SecurityController();
security.Tunnel(CommandBuilder.SecurityAddGroup("GroupName").SetOrigin(CommandOrigin.Local));
security.Tunnel(CommandBuilder.SecurityGroupAddAccount("GroupName", "Phogue").SetOrigin(CommandOrigin.Local));
security.Tunnel(CommandBuilder.SecurityAccountAppendAccessToken("Phogue", Guid.NewGuid(), "Token Hash One", DateTime.Now.AddDays(-3)).SetOrigin(CommandOrigin.Local));
security.Tunnel(CommandBuilder.SecurityAccountAppendAccessToken("Phogue", Guid.NewGuid(), "Token Hash Two", DateTime.Now.AddDays(-3)).SetOrigin(CommandOrigin.Local));
security.Poke();
Assert.IsEmpty(security.Groups.First(group => group.Name == "GroupName").Accounts.First().AccessTokens);
}
public void TestRemoveAccountByLocalSuccess() {
var security = new SecurityController();
security.Tunnel(CommandBuilder.SecurityAddGroup("GroupName").SetOrigin(CommandOrigin.Local));
security.Tunnel(CommandBuilder.SecurityGroupAddAccount("GroupName", "Phogue").SetOrigin(CommandOrigin.Local));
ICommandResult result = security.Tunnel(CommandBuilder.SecurityRemoveAccount("Phogue").SetOrigin(CommandOrigin.Local));
// Make sure the command failed. The user cannot remove their own account.
Assert.IsTrue(result.Success);
Assert.AreEqual(CommandResultType.Success, result.CommandResultType);
}
public void TestPermissionsTraitAppended() {
var security = new SecurityController();
security.Tunnel(CommandBuilder.SecurityAddGroup("GroupName").SetOrigin(CommandOrigin.Local));
security.Tunnel(CommandBuilder.SecurityGroupAppendPermissionTrait("GroupName", CommandType.VariablesSet.ToString(), PermissionTraitsType.Boolean).SetOrigin(CommandOrigin.Local));
var group = security.Groups.First(item => item.Name == "GroupName");
Assert.AreEqual(new List<String>() { PermissionTraitsType.Boolean }, group.Permissions.First(permission => permission.CommandType == CommandType.VariablesSet).Traits);
}
public void TestNoneExpiredNoneRemoved() {
var security = new SecurityController();
security.Tunnel(CommandBuilder.SecurityAddGroup("GroupName").SetOrigin(CommandOrigin.Local));
security.Tunnel(CommandBuilder.SecurityGroupAddAccount("GroupName", "Phogue").SetOrigin(CommandOrigin.Local));
security.Tunnel(CommandBuilder.SecurityAccountAppendAccessToken("Phogue", Guid.NewGuid(), "Token Hash One", DateTime.Now).SetOrigin(CommandOrigin.Local));
security.Tunnel(CommandBuilder.SecurityAccountAppendAccessToken("Phogue", Guid.NewGuid(), "Token Hash Two", DateTime.Now).SetOrigin(CommandOrigin.Local));
security.Poke();
Assert.AreEqual(2, security.Groups.First(group => group.Name == "GroupName").Accounts.First().AccessTokens.Count);
}
public void TestSuccess() {
var security = new SecurityController();
security.Tunnel(CommandBuilder.SecurityAddGroup("GroupName").SetOrigin(CommandOrigin.Local));
ICommandResult result = security.Tunnel(CommandBuilder.SecurityGroupAppendPermissionTrait("GroupName", CommandType.VariablesSet.ToString(), PermissionTraitsType.Boolean).SetOrigin(CommandOrigin.Local));
// Make sure it was not successful.
Assert.IsTrue(result.Success);
Assert.AreEqual(CommandResultType.Success, result.CommandResultType);
}
public void TestInsufficientPermissions() {
var security = new SecurityController();
security.Tunnel(CommandBuilder.SecurityAddGroup("GroupName").SetOrigin(CommandOrigin.Local));
ICommandResult result = security.Tunnel(CommandBuilder.SecuritySetPredefinedStreamPermissions("GroupName").SetOrigin(CommandOrigin.Remote).SetAuthentication(new CommandAuthenticationModel() {
Username = "******"
}));
Assert.IsFalse(result.Success);
Assert.AreEqual(CommandResultType.InsufficientPermissions, result.CommandResultType);
}
public void TestAccountDoesNotExist() {
var security = new SecurityController();
security.Tunnel(CommandBuilder.SecurityAddGroup("GroupName").SetOrigin(CommandOrigin.Local));
security.Tunnel(CommandBuilder.SecurityGroupAddAccount("GroupName", "Phogue").SetOrigin(CommandOrigin.Local));
// Now change the password of the account.
ICommandResult result = security.Tunnel(CommandBuilder.SecurityAccountSetPasswordHash("DoesNotExist", BCrypt.Net.BCrypt.HashPassword("password", BCrypt.Net.BCrypt.GenerateSalt())).SetOrigin(CommandOrigin.Local));
// Validate that we could not set a password and the result returned false.
Assert.IsFalse(result.Success);
Assert.AreEqual(CommandResultType.DoesNotExists, result.CommandResultType);
}
public void TestInsufficientPermissions() {
var security = new SecurityController();
security.Tunnel(CommandBuilder.SecurityAddGroup("GroupName").SetOrigin(CommandOrigin.Local));
ICommandResult result = security.Tunnel(CommandBuilder.SecurityGroupRemovePermissionTrait("GroupName", CommandType.VariablesSet.ToString(), PermissionTraitsType.Boolean).SetOrigin(CommandOrigin.Remote).SetAuthentication(new CommandAuthenticationModel() {
Username = "******"
}));
Assert.IsFalse(result.Success);
Assert.AreEqual(CommandResultType.InsufficientPermissions, result.CommandResultType);
}
public void TestAddSuccess() {
var security = new SecurityController();
security.Tunnel(CommandBuilder.SecurityAddGroup("GroupName").SetOrigin(CommandOrigin.Local));
// Now add the user.
ICommandResult result = security.Tunnel(CommandBuilder.SecurityGroupAddAccount("GroupName", "Phogue").SetOrigin(CommandOrigin.Local));
// Make sure the account was successfully created.
Assert.IsTrue(result.Success);
Assert.AreEqual(result.CommandResultType, CommandResultType.Success);
Assert.AreEqual(security.Groups.SelectMany(group => group.Accounts).First().Username, "Phogue");
}
public void TestEmptyId() {
var security = new SecurityController();
security.Tunnel(CommandBuilder.SecurityAddGroup("GroupName").SetOrigin(CommandOrigin.Local));
security.Tunnel(CommandBuilder.SecurityGroupAddAccount("GroupName", "Phogue").SetOrigin(CommandOrigin.Local));
// Now append the token onto the account.
ICommandResult result = security.Tunnel(CommandBuilder.SecurityAccountAppendAccessToken("Phogue", Guid.Empty, "TokenHash", DateTime.Now).SetOrigin(CommandOrigin.Local));
// Validate that we could not set a password and the result returned false.
Assert.IsFalse(result.Success);
Assert.AreEqual(result.CommandResultType, CommandResultType.InvalidParameter);
}
public void TestEmptyUidFailure() {
var security = new SecurityController();
security.Tunnel(CommandBuilder.SecurityAddGroup("GroupName").SetOrigin(CommandOrigin.Local));
security.Tunnel(CommandBuilder.SecurityGroupAddAccount("GroupName", "Phogue").SetOrigin(CommandOrigin.Local));
// Now add a player to the "Phogue" account.
ICommandResult result = security.Tunnel(CommandBuilder.SecurityAccountAddPlayer("Phogue", CommonProtocolType.DiceBattlefield3, String.Empty).SetOrigin(CommandOrigin.Local));
// Validate the player was added successfully.
Assert.IsFalse(result.Success);
Assert.AreEqual(result.CommandResultType, CommandResultType.InvalidParameter);
}
public void TestSetSuccess() {
var security = new SecurityController();
security.Tunnel(CommandBuilder.SecurityAddGroup("GroupName").SetOrigin(CommandOrigin.Local));
security.Tunnel(CommandBuilder.SecurityGroupAddAccount("GroupName", "Phogue").SetOrigin(CommandOrigin.Local));
// Now change the language of the account.
ICommandResult result = security.Tunnel(CommandBuilder.SecurityAccountSetPreferredLanguageCode("Phogue", "de-DE").SetOrigin(CommandOrigin.Local));
// Make sure it was successful.
Assert.IsTrue(result.Success);
Assert.AreEqual(result.CommandResultType, CommandResultType.Success);
Assert.AreEqual(security.Groups.Last().Accounts.First().PreferredLanguageCode, "de-DE");
}
public void TestCannotAuthenticateAgainstEmptyTokenList() {
const string identifier = "192.168.1.1";
var security = new SecurityController();
security.Tunnel(CommandBuilder.SecurityAddGroup("GroupName").SetOrigin(CommandOrigin.Local));
security.Tunnel(CommandBuilder.SecurityGroupAddAccount("GroupName", "Phogue").SetOrigin(CommandOrigin.Local));
// Now validate that we can authenticate against the newly appended token hash
ICommandResult result = security.Tunnel(CommandBuilder.SecurityAccountAuthenticateToken(Guid.NewGuid(), "token", identifier).SetOrigin(CommandOrigin.Local));
Assert.IsFalse(result.Success);
Assert.AreEqual(CommandResultType.Failed, result.CommandResultType);
}
public void TestAccountDoesNotExist() {
String generatedAuthenticatePassword = StringExtensions.RandomString(10);
var security = new SecurityController();
security.Tunnel(CommandBuilder.SecurityAddGroup("GroupName").SetOrigin(CommandOrigin.Local));
security.Tunnel(CommandBuilder.SecurityGroupAddAccount("GroupName", "ThisExists").SetOrigin(CommandOrigin.Local));
// Now authenticate against an empty security object which has no accounts.
ICommandResult result = security.Tunnel(CommandBuilder.SecurityAccountAuthenticate("DoesNotExist", generatedAuthenticatePassword, String.Empty).SetOrigin(CommandOrigin.Local));
// Validate that we get nothing back.
Assert.IsFalse(result.Success);
Assert.AreEqual(CommandResultType.Failed, result.CommandResultType);
}
public void TestRemoveOwnAccountFailure() {
var security = new SecurityController();
security.Tunnel(CommandBuilder.SecurityAddGroup("GroupName").SetOrigin(CommandOrigin.Local));
security.Tunnel(CommandBuilder.SecurityGroupAddAccount("GroupName", "Phogue").SetOrigin(CommandOrigin.Local));
security.Tunnel(CommandBuilder.SecurityGroupSetPermission("GroupName", CommandType.SecurityRemoveAccount, 1).SetOrigin(CommandOrigin.Local));
ICommandResult result = security.Tunnel(CommandBuilder.SecurityRemoveAccount("Phogue").SetOrigin(CommandOrigin.Remote).SetAuthentication(new CommandAuthenticationModel() {
Username = "******"
}));
// Make sure the command failed. The user cannot remove their own account.
Assert.IsFalse(result.Success);
Assert.AreEqual(result.CommandResultType, CommandResultType.InvalidParameter);
}
public void TestSecurityRemoveAccountModel() {
var security = new SecurityController();
security.Tunnel(CommandBuilder.SecurityAddGroup("GroupName").SetOrigin(CommandOrigin.Local));
security.Tunnel(CommandBuilder.SecurityGroupAddAccount("GroupName", "Phogue").SetOrigin(CommandOrigin.Local));
// Test that the group was initially added.
Assert.AreEqual(security.Groups.Last().Accounts.First().Username, "Phogue");
ICommandResult result = security.Tunnel(CommandBuilder.SecurityRemoveAccount("Phogue").SetOrigin(CommandOrigin.Local));
// Make sure it was successful.
Assert.IsTrue(result.Success);
Assert.AreEqual(0, security.Groups.Last().Accounts.Count);
}
public void TestAddSuccess() {
var security = new SecurityController();
security.Tunnel(CommandBuilder.SecurityAddGroup("GroupName").SetOrigin(CommandOrigin.Local));
security.Tunnel(CommandBuilder.SecurityGroupAddAccount("GroupName", "Phogue").SetOrigin(CommandOrigin.Local));
// Now add a player to the "Phogue" account.
ICommandResult result = security.Tunnel(CommandBuilder.SecurityAccountAddPlayer("Phogue", CommonProtocolType.DiceBattlefield3, "ABCDEF").SetOrigin(CommandOrigin.Local));
// Validate the player was added successfully.
Assert.IsTrue(result.Success);
Assert.AreEqual(result.CommandResultType, CommandResultType.Success);
Assert.AreEqual(security.Groups.SelectMany(group => group.Accounts).SelectMany(account => account.Players).First().ProtocolType, CommonProtocolType.DiceBattlefield3);
Assert.AreEqual(security.Groups.SelectMany(group => group.Accounts).SelectMany(account => account.Players).First().Uid, "ABCDEF");
}
public void TestInsufficientPermission() {
var security = new SecurityController();
security.Tunnel(CommandBuilder.SecurityAddGroup("GroupName").SetOrigin(CommandOrigin.Local));
security.Tunnel(CommandBuilder.SecurityGroupAddAccount("GroupName", "Phogue").SetOrigin(CommandOrigin.Local));
ICommandResult result = security.Tunnel(CommandBuilder.SecurityAccountSetPasswordHash("Phogue", BCrypt.Net.BCrypt.HashPassword("password", BCrypt.Net.BCrypt.GenerateSalt()))
.SetOrigin(CommandOrigin.Remote)
.SetAuthentication(new CommandAuthenticationModel() {
Username = "******"
})
);
Assert.IsFalse(result.Success);
Assert.AreEqual(CommandResultType.InsufficientPermissions, result.CommandResultType);
}
public void TestInsufficientPermission() {
var security = new SecurityController();
security.Tunnel(CommandBuilder.SecurityAddGroup("GroupName").SetOrigin(CommandOrigin.Local));
security.Tunnel(CommandBuilder.SecurityGroupAddAccount("GroupName", "Phogue").SetOrigin(CommandOrigin.Local));
ICommandResult result = security.Tunnel(CommandBuilder.SecurityAccountAppendAccessToken("Phogue", Guid.NewGuid(), "TokenHash", DateTime.Now)
.SetOrigin(CommandOrigin.Remote)
.SetAuthentication(new CommandAuthenticationModel() {
Username = "******"
})
);
Assert.IsFalse(result.Success);
Assert.AreEqual(CommandResultType.InsufficientPermissions, result.CommandResultType);
}