public void ApiUserInfoTest(string password)
{
var username = RandomString();
var apiKey = RandomString();
var IP = "127.0.0.1";
var requestManager = FakeRequestManager.Create();
var membershipProvider = new MockCMSMembershipProvider();
membershipProvider.ValidUsers.Add(new CmsData.User {
Username = username, Password = password
});
var roleProvider = new MockCMSRoleProvider();
db.SetSetting("ApiUserInfoKey", apiKey);
db.SetSetting("ApiUserInfoIPList", IP);
CreateUser(username, password);
requestManager.CurrentHttpContext.Request.Headers["Authorization"] = BasicAuthenticationString(username, password);
requestManager.CurrentHttpContext.Request.Headers["ApiKey"] = apiKey;
requestManager.CurrentHttpContext.Request.ServerVariables["REMOTE_ADDR"] = IP;
CMSMembershipProvider.SetCurrentProvider(membershipProvider);
CMSRoleProvider.SetCurrentProvider(roleProvider);
var controller = new ExternalServicesController(requestManager);
controller.ApiUserInfo();
}
public void GetTest(string extraRole, bool valid)
{
var username = RandomString();
var password = RandomString();
var membershipProvider = new MockCMSMembershipProvider {
ValidUser = true
};
var roleProvider = new MockCMSRoleProvider();
var db = DatabaseFixture.NewDbContext();
var context = ContextTestUtils.CreateMockHttpContext();
roleProvider.UserRoles.AddRange(new[] { "APIOnly", extraRole });
db.WriteContentSql("GetTest", "--API\r\nSELECT TOP 10 * FROM dbo.People");
CreateUser(username, password, roles: new[] { "Access" });
context.Headers["Authorization"] = BasicAuthenticationString(username, password);
CMSMembershipProvider.SetCurrentProvider(membershipProvider);
CMSRoleProvider.SetCurrentProvider(roleProvider);
var authenticated = AuthHelper.AuthenticateDeveloper(HttpContextFactory.Current, additionalRole: "APIOnly").IsAuthenticated;
authenticated.ShouldBe(valid);
if (valid)
{
var controller = new CustomController(new Lifecycle.RequestManager())
{
Request = new HttpRequestMessage(HttpMethod.Get, "http://localhost/CustomAPI/GetTest")
};
var results = controller.Get("GetTest");
results.Count().ShouldBeGreaterThan(0);
(results.First().PeopleId as int?).ShouldNotBeNull();
}
}
public void FetchInvolvementTest()
{
var username = RandomString();
var password = RandomString();
var user = CreateUser(username, password);
var requestManager = FakeRequestManager.Create();
var membershipProvider = new MockCMSMembershipProvider {
ValidUser = true
};
var roleProvider = new MockCMSRoleProvider();
db.OrganizationMembers.InsertOnSubmit(new OrganizationMember
{
Organization = db.Organizations.First(),
Person = user.Person,
MemberTypeId = MemberTypeCode.Member
});
db.SubmitChanges();
CMSMembershipProvider.SetCurrentProvider(membershipProvider);
CMSRoleProvider.SetCurrentProvider(roleProvider);
requestManager.CurrentHttpContext.Request.Headers["Authorization"] = BasicAuthenticationString(username, password);
var controller = new MobileAPIv2Controller(requestManager);
var message = new MobileMessage {
argInt = user.PeopleId.Value
};
var data = message.ToString();
var result = controller.FetchInvolvement(data) as MobileMessage;
result.ShouldNotBeNull();
result.count.ShouldBe(1);
result.error.ShouldBe(0);
var orgs = JsonConvert.DeserializeObject <List <MobileInvolvement> >(result.data);
orgs.Count.ShouldBe(1);
}
/// <summary>
/// Handling login authenticate event.
/// </summary>
/// <param name="sender">Sender.</param>
/// <param name="e">Authenticate event arguments.</param>
private void loginElem_Authenticate(object sender, AuthenticateEventArgs e)
{
if (MFAuthenticationHelper.IsMultiFactorRequiredForUser(loginElem.UserName))
{
var plcPasscodeBox = loginElem.FindControl("plcPasscodeBox");
var plcLoginInputs = loginElem.FindControl("plcLoginInputs");
var txtPasscode = loginElem.FindControl("txtPasscode") as CMSTextBox;
if (txtPasscode == null)
{
return;
}
if (plcPasscodeBox == null)
{
return;
}
if (plcLoginInputs == null)
{
return;
}
// Handle passcode
string passcode = txtPasscode.Text;
txtPasscode.Text = "";
var provider = new CMSMembershipProvider();
// Validate username and password
if (plcLoginInputs.Visible)
{
if (provider.MFValidateCredentials(loginElem.UserName, loginElem.Password))
{
// Show passcode screen
plcLoginInputs.Visible = false;
plcPasscodeBox.Visible = true;
}
}
// Validate passcode
else
{
if (provider.MFValidatePasscode(loginElem.UserName, passcode))
{
e.Authenticated = true;
}
}
}
else
{
try
{
e.Authenticated = Membership.Provider.ValidateUser(loginElem.UserName, loginElem.Password);
}
catch (ConfigurationException ex)
{
EventLogProvider.LogException("LogonMiniForm", "VALIDATEUSER", ex);
var provider = new CMSMembershipProvider();
e.Authenticated = provider.ValidateUser(loginElem.UserName, loginElem.Password);
}
}
}
public void UpdatePersonTest(int electronic, int statement, int envelope)
{
var username = RandomString();
var password = RandomString();
var user = CreateUser(username, password);
var requestManager = FakeRequestManager.Create();
var membershipProvider = new MockCMSMembershipProvider {
ValidUser = true
};
var roleProvider = new MockCMSRoleProvider();
CMSMembershipProvider.SetCurrentProvider(membershipProvider);
CMSRoleProvider.SetCurrentProvider(roleProvider);
requestManager.CurrentHttpContext.Request.Headers["Authorization"] = BasicAuthenticationString(username, password);
var controller = new MobileAPIv2Controller(requestManager);
var message = new MobileMessage
{
argInt = user.PeopleId.Value,
instance = RandomString(),
data = $@"[{{""type"":62,""value"":{electronic}}},{{""type"":63,""value"":{statement}}},{{""type"":64,""value"":{envelope}}}]",
};
var data = message.ToString();
var result = controller.UpdatePerson(data) as MobileMessage;
result.ShouldNotBeNull();
result.count.ShouldBe(1);
result.error.ShouldBe(0);
db.Refresh(RefreshMode.OverwriteCurrentValues, user.Person);
user.Person.EnvelopeOptionsId.ShouldBe(envelope);
user.Person.ElectronicStatement.ShouldBe(electronic != 0);
user.Person.ContributionOptionsId.ShouldBe(statement);
}
public void AuthenticateMobileWithSessionTokenTest()
{
var username = RandomString();
var password = RandomString();
var user = CreateUser(username, password);
var requestManager = FakeRequestManager.Create();
var sessionToken = new ApiSession
{
CreatedDate = DateTime.Now,
LastAccessedDate = DateTime.Now,
SessionToken = Guid.NewGuid(),
UserId = user.UserId,
};
db.ApiSessions.InsertOnSubmit(sessionToken);
db.SubmitChanges();
requestManager.CurrentHttpContext.Request.Headers["SessionToken"] = sessionToken.SessionToken.ToString();
var membershipProvider = new MockCMSMembershipProvider {
ValidUser = true
};
var roleProvider = new MockCMSRoleProvider();
CMSMembershipProvider.SetCurrentProvider(membershipProvider);
CMSRoleProvider.SetCurrentProvider(roleProvider);
var result = AccountModel.AuthenticateMobile(requestManager.CurrentDatabase, requestManager.CurrentImageDatabase);
result.ErrorMessage.ShouldBeNullOrEmpty();
result.IsValid.ShouldBeTrue();
result.Status.ShouldBe(UserValidationStatus.Success);
}
public void FetchGivingSummaryTest(decimal contribution, string count, string comment, string total, string contribCount)
{
var username = RandomString();
var password = RandomString();
var user = CreateUser(username, password);
var requestManager = FakeRequestManager.Create();
var membershipProvider = new MockCMSMembershipProvider {
ValidUser = true
};
var roleProvider = new MockCMSRoleProvider();
CMSMembershipProvider.SetCurrentProvider(membershipProvider);
CMSRoleProvider.SetCurrentProvider(roleProvider);
requestManager.CurrentHttpContext.Request.Headers["Authorization"] = BasicAuthenticationString(username, password);
var year = DateTime.Now.Year;
if (contribution > 0)
{
var c = new Contribution()
{
PeopleId = user.PeopleId,
ContributionAmount = contribution,
ContributionDate = new DateTime(year, 7, 2),
ContributionStatusId = ContributionStatusCode.Recorded,
ContributionTypeId = ContributionTypeCode.Online,
CreatedDate = DateTime.Now,
FundId = 1
};
db.Contributions.InsertOnSubmit(c);
db.SubmitChanges();
}
var controller = new MobileAPIv2Controller(requestManager);
var message = new MobileMessage
{
argInt = 0
};
var data = message.ToString();
var result = controller.FetchGivingSummary(data) as MobileMessage;
result.ShouldNotBeNull();
result.count.ShouldBe(1);
result.error.ShouldBe(0);
var summary = JsonConvert.DeserializeObject <MobileGivingSummary>(result.data);
summary.Count.ShouldBe(1);
var current = summary[$"{year}"];
current.ShouldNotBeNull();
current.title.ShouldBe($"{year}");
current.comment.ShouldBe(comment);
current.count.ShouldBe(count);
current.loaded.ShouldBe(1);
current.total.ShouldBe(total);
current.summary[0].title.ShouldBe("Contributions");
current.summary[0].comment.ShouldBe(comment);
current.summary[0].count.ShouldBe(contribCount);
current.summary[0].showAsPledge.ShouldBe(0);
}
public void RecordAttendTest(string setting)
{
var now = DateTime.Now;
db.SetSetting("AttendCountUpdatesOffline", setting);
db.SubmitChanges();
var username = RandomString();
var password = RandomString();
var user = CreateUser(username, password);
var org = CreateOrganization();
org.FirstMeetingDate = now.AddDays(-7);
org.RollSheetVisitorWks = 2;
org.AllowAttendOverlap = true;
org.CanSelfCheckin = true;
org.NoSecurityLabel = true;
org.NumCheckInLabels = 0;
db.SubmitChanges();
var meetingTime = new DateTime(now.Year, now.Month, now.Day, now.Hour, now.Minute - (now.Minute % 15), 0);
Meeting.FetchOrCreateMeeting(db, org.OrganizationId, meetingTime, noautoabsents: true);
var requestManager = FakeRequestManager.Create();
var context = requestManager.CurrentHttpContext;
var membershipProvider = new MockCMSMembershipProvider {
ValidUser = true
};
var roleProvider = new MockCMSRoleProvider();
roleProvider.UserRoles.Add("Checkin");
CMSMembershipProvider.SetCurrentProvider(membershipProvider);
CMSRoleProvider.SetCurrentProvider(roleProvider);
context.Request.Headers["Authorization"] = BasicAuthenticationString(username, password);
var controller = new CheckInAPIController(requestManager);
var json = $@"{{
""rebranded"": ""false"",
""argInt"": ""0"",
""version"": ""2"",
""id"": ""0"",
""data"": ""{{\""orgID\"":{org.OrganizationId},\""present\"":true,\""datetime\"":\""{meetingTime:s}\"",\""peopleID\"":{user.PeopleId}}}"",
""device"": ""1"",
""argString"": """",
""count"": ""0""
}}";
var result = controller.RecordAttend(json) as CheckInMessage;
db.DeleteSetting("AttendCountUpdatesOffline");
result.error.ShouldBe(0);
result.count.ShouldBe(1);
}
/// <summary>
/// Handling login authenticate event.
/// </summary>
/// <param name="sender">Sender.</param>
/// <param name="e">Authenticate event arguments.</param>
private void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
if (MFAuthenticationHelper.IsMultiFactorRequiredForUser(Login1.UserName))
{
var plcPasscodeBox = Login1.FindControl("plcPasscodeBox");
var plcLoginInputs = Login1.FindControl("plcLoginInputs");
var txtPasscode = Login1.FindControl("txtPasscode") as CMSTextBox;
if (txtPasscode == null)
{
return;
}
if (plcPasscodeBox == null)
{
return;
}
if (plcLoginInputs == null)
{
return;
}
// Handle passcode
string passcode = txtPasscode.Text;
txtPasscode.Text = string.Empty;
var provider = new CMSMembershipProvider();
// Validate username and password
if (plcLoginInputs.Visible)
{
if (provider.MFValidateCredentials(Login1.UserName, Login1.Password))
{
// Show passcode screen
plcLoginInputs.Visible = false;
plcPasscodeBox.Visible = true;
}
}
// Validate passcode
else
{
if (provider.MFValidatePasscode(Login1.UserName, passcode))
{
e.Authenticated = true;
}
}
}
else
{
e.Authenticated = Membership.Provider.ValidateUser(Login1.UserName, Login1.Password);
}
}
private IRequestManager SetupRequestManager()
{
var username = RandomString();
var password = RandomString();
user = CreateUser(username, password);
var requestManager = FakeRequestManager.Create();
var membershipProvider = new MockCMSMembershipProvider {
ValidUser = true
};
var roleProvider = new MockCMSRoleProvider();
CMSMembershipProvider.SetCurrentProvider(membershipProvider);
CMSRoleProvider.SetCurrentProvider(roleProvider);
requestManager.CurrentHttpContext.Request.Headers["Authorization"] = BasicAuthenticationString(username, password);
return(requestManager);
}
public void PortraitTest()
{
Person personWithPortrait = db.People.Where(p => p.PictureId != null).First();
var requestManager = FakeRequestManager.Create();
var membershipProvider = new MockCMSMembershipProvider {
ValidUser = false
};
var roleProvider = new MockCMSRoleProvider();
CMSMembershipProvider.SetCurrentProvider(membershipProvider);
CMSRoleProvider.SetCurrentProvider(roleProvider);
var controller = new APIPersonController(requestManager);
var routeData = new RouteData();
controller.ControllerContext = new ControllerContext(requestManager.CurrentHttpContext, routeData, controller);
var result = controller.Portrait(personWithPortrait.Picture.MediumId, 100, 100) as HttpStatusCodeResult;
result?.StatusCode.ShouldBe(400);
var username = RandomString();
var password = RandomString();
var user = CreateUser(username, password);
HttpCookie AuthCookie = new HttpCookie("Authorization");
AuthCookie.Value = BasicAuthenticationString(username, password);
AuthCookie.Expires = DateTime.Now.AddMinutes(5);
membershipProvider = new MockCMSMembershipProvider {
ValidUser = true
};
CMSMembershipProvider.SetCurrentProvider(membershipProvider);
requestManager.CurrentHttpContext.Request.Cookies.Add(AuthCookie);
controller = new APIPersonController(requestManager);
routeData = new RouteData();
controller.ControllerContext = new ControllerContext(requestManager.CurrentHttpContext, routeData, controller);
result = controller.Portrait(personWithPortrait.Picture.MediumId, 100, 100) as HttpStatusCodeResult;
result?.StatusCode.ShouldBe(200);
}
public void authenticateTest(string password)
{
var username = RandomString();
var requestManager = FakeRequestManager.Create();
var membershipProvider = new MockCMSMembershipProvider();
membershipProvider.ValidUsers.Add(new CmsData.User {
Username = username, Password = password
});
var roleProvider = new MockCMSRoleProvider();
CreateUser(username, password);
requestManager.CurrentHttpContext.Request.Headers["Authorization"] = BasicAuthenticationString(username, password);
CMSMembershipProvider.SetCurrentProvider(membershipProvider);
CMSRoleProvider.SetCurrentProvider(roleProvider);
var mobileAuth = new MobileAuthentication(db, "");
mobileAuth.authenticate("");
mobileAuth.getErrorMessage().ShouldBe("Authenticated");
mobileAuth.hasError().ShouldBeFalse();
}
public void AuthenticatedLinkTest()
{
var username = RandomString();
var password = RandomString();
var user = CreateUser(username, password);
var requestManager = FakeRequestManager.Create();
var membershipProvider = new MockCMSMembershipProvider {
ValidUser = true
};
var roleProvider = new MockCMSRoleProvider();
CMSMembershipProvider.SetCurrentProvider(membershipProvider);
CMSRoleProvider.SetCurrentProvider(roleProvider);
db.OrganizationMembers.InsertOnSubmit(new OrganizationMember
{
Organization = db.Organizations.First(),
Person = user.Person,
MemberTypeId = MemberTypeCode.Member
});
db.SubmitChanges();
requestManager.CurrentHttpContext.Request.Headers["Authorization"] = BasicAuthenticationString(username, password);
var controller = new MobileAPIv2Controller(requestManager);
var message = new MobileMessage
{
device = (int)MobileMessage.Device.ANDROID,
argString = $"/Person2/{user.PeopleId}/Resources"
};
var data = message.ToString();
var result = controller.AuthenticatedLink(data) as MobileMessage;
var token = db.OneTimeLinks
.Where(t => t.Querystring == username && t.Expires < DateTime.Now.AddMinutes(16))
.OrderByDescending(t => t.Expires).First().Id.ToCode();
result.ShouldNotBeNull();
result.error.ShouldBe(0);
result.data.ShouldEndWith($"/Logon?otltoken={token}&ReturnUrl=%2fPerson2%2f{user.PeopleId}%2fResources%3fsource%3dAndroid");
}
public void AuthenticateMobileWithUsernameAndPasswordTest()
{
var username = RandomString();
var password = RandomString();
var user = CreateUser(username, password);
var requestManager = FakeRequestManager.Create();
var db = requestManager.CurrentDatabase;
var idb = requestManager.CurrentImageDatabase;
requestManager.CurrentHttpContext.Request.Headers["Authorization"] = BasicAuthenticationString(username, password);
var membershipProvider = new MockCMSMembershipProvider {
ValidUser = true
};
var roleProvider = new MockCMSRoleProvider();
CMSMembershipProvider.SetCurrentProvider(membershipProvider);
CMSRoleProvider.SetCurrentProvider(roleProvider);
var result = AccountModel.AuthenticateMobile(db, idb);
result.ErrorMessage.ShouldBeNullOrEmpty();
result.IsValid.ShouldBeTrue();
result.Status.ShouldBe(UserValidationStatus.Success);
}
public void FetchGivingHistoryTest(decimal contribution, int total, int prevTotal, int yearCount, int prevYearCount)
{
var username = RandomString();
var password = RandomString();
var user = CreateUser(username, password);
var requestManager = FakeRequestManager.Create();
var membershipProvider = new MockCMSMembershipProvider {
ValidUser = true
};
var roleProvider = new MockCMSRoleProvider();
CMSMembershipProvider.SetCurrentProvider(membershipProvider);
CMSRoleProvider.SetCurrentProvider(roleProvider);
requestManager.CurrentHttpContext.Request.Headers["Authorization"] = BasicAuthenticationString(username, password);
var Now = DateTime.Now;
var year = Now.Year;
if (contribution > 0)
{
GenerateContribution(contribution, user, Now);
GenerateContribution(contribution * 10m, user, Now, ContributionTypeCode.Stock);
GenerateContribution(contribution * 4m, user, Now.AddYears(-1));
}
var controller = new MobileAPIv2Controller(requestManager);
var message = new MobileMessage
{
argInt = 0
};
var data = message.ToString();
var result = controller.FetchGivingHistory(data) as BaseMessage;
result.ShouldNotBeNull();
result.count.ShouldBe(1);
result.error.ShouldBe(0);
var history = JsonConvert.DeserializeObject <MobileGivingHistory>(result.data);
history.lastYear.ShouldBe(year - 1);
history.lastYearTotal.ShouldBe(prevTotal);
history.thisYear.ShouldBe(year);
if (contribution > 0)
{
history.yearToDateTotal.ShouldBe(total);
}
history.entries.Count.ShouldBe(yearCount);
if (yearCount > 1)
{
var sum = history.entries.Sum(e => e.amount);
sum.ShouldBe(total);
}
message = new MobileMessage
{
argInt = Now.Year - 1,
version = 9
};
data = message.ToString();
result = controller.FetchGivingHistory(data) as BaseMessage;
result.ShouldNotBeNull();
result.count.ShouldBe(1);
result.error.ShouldBe(0);
history = JsonConvert.DeserializeObject <MobileGivingHistory>(result.data);
history.lastYear.ShouldBe(year - 2);
history.lastYearTotal.ShouldBe(0);
history.thisYear.ShouldBe(year - 1);
if (contribution > 0)
{
history.yearToDateTotal.ShouldBe(prevTotal);
}
history.entries.Count.ShouldBe(prevYearCount);
if (yearCount > 1)
{
var sum = history.entries.Sum(e => e.amount);
sum.ShouldBe(prevTotal);
}
}
public void FetchGivingSummaryTest(decimal contribution, string count, string comment, string total, string prevTotal, string contribCount, int yearCount)
{
var username = RandomString();
var password = RandomString();
var user = CreateUser(username, password);
var requestManager = FakeRequestManager.Create();
var membershipProvider = new MockCMSMembershipProvider {
ValidUser = true
};
var roleProvider = new MockCMSRoleProvider();
CMSMembershipProvider.SetCurrentProvider(membershipProvider);
CMSRoleProvider.SetCurrentProvider(roleProvider);
requestManager.CurrentHttpContext.Request.Headers["Authorization"] = BasicAuthenticationString(username, password);
var Now = DateTime.Now;
var year = Now.Year;
var fund1Name = db.ContributionFunds.Where(c => c.FundId == 1).Select(c => c.FundName).Single();
if (contribution > 0)
{
GenerateContribution(contribution, user, Now);
GenerateContribution(contribution * 4m, user, Now.AddYears(-1));
}
var controller = new MobileAPIv2Controller(requestManager);
var message = new MobileMessage
{
argInt = 0
};
var data = message.ToString();
var result = controller.FetchGivingSummary(data) as MobileMessage;
result.ShouldNotBeNull();
result.count.ShouldBe(1);
result.error.ShouldBe(0);
var summary = JsonConvert.DeserializeObject <MobileGivingSummary>(result.data);
summary.Count.ShouldBe(yearCount);
var current = summary[$"{year}"];
current.ShouldNotBeNull();
current.title.ShouldBe($"{year}");
current.comment.ShouldBe(comment);
current.count.ShouldBe(count);
current.loaded.ShouldBe(1);
current.total.ShouldBe(total);
current.summary[0].title.ShouldBe("Contributions");
current.summary[0].comment.ShouldBe(comment);
current.summary[0].count.ShouldBe(contribCount);
current.summary[0].showAsPledge.ShouldBe(0);
if (contribution > 0)
{
current.summary[0].funds[0].name.ShouldBe(fund1Name);
current.summary[0].funds[0].given.ShouldBe(total);
}
message = new MobileMessage
{
argInt = Now.Year - 1
};
data = message.ToString();
result = controller.FetchGivingSummary(data) as MobileMessage;
result.ShouldNotBeNull();
result.count.ShouldBe(1);
result.error.ShouldBe(0);
summary = JsonConvert.DeserializeObject <MobileGivingSummary>(result.data);
summary.Count.ShouldBe(yearCount);
if (contribution > 0)
{
var previous = summary[$"{year - 1}"];
previous.ShouldNotBeNull();
previous.title.ShouldBe($"{year - 1}");
previous.comment.ShouldBe(comment);
previous.count.ShouldBe(count);
previous.loaded.ShouldBe(1);
previous.total.ShouldBe(prevTotal);
previous.summary[0].title.ShouldBe("Contributions");
previous.summary[0].comment.ShouldBe(comment);
previous.summary[0].count.ShouldBe(contribCount);
previous.summary[0].showAsPledge.ShouldBe(0);
previous.summary[0].funds[0].name.ShouldBe(fund1Name);
previous.summary[0].funds[0].given.ShouldBe(prevTotal);
}
}
/// <summary>
/// Handling login authenticate event.
/// </summary>
/// <param name="sender">Sender.</param>
/// <param name="e">Authenticate event arguments.</param>
private void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
if (MFAuthenticationHelper.IsMultiFactorRequiredForUser(Login1.UserName))
{
var plcPasscodeBox = Login1.FindControl("plcPasscodeBox");
var plcLoginInputs = Login1.FindControl("plcLoginInputs");
var txtPasscode = Login1.FindControl("txtPasscode") as CMSTextBox;
if (txtPasscode == null)
{
return;
}
if (plcPasscodeBox == null)
{
return;
}
if (plcLoginInputs == null)
{
return;
}
// Handle passcode
string passcode = txtPasscode.Text;
txtPasscode.Text = string.Empty;
var provider = new CMSMembershipProvider();
// Validate username and password
if (plcLoginInputs.Visible)
{
if (provider.MFValidateCredentials(Login1.UserName, Login1.Password))
{
// Show passcode screen
plcLoginInputs.Visible = false;
plcPasscodeBox.Visible = true;
}
}
// Validate passcode
else
{
if (provider.MFValidatePasscode(Login1.UserName, passcode))
{
e.Authenticated = true;
}
}
}
else
{
e.Authenticated = Membership.Provider.ValidateUser(Login1.UserName, Login1.Password);
}
}
/// <summary>
/// Prepares the callback result.
/// </summary>
public string GetCallbackResult()
{
var user = MembershipContext.AuthenticatedUser;
if (!user.Enabled)
{
return("accountLocked");
}
if (userValidates)
{
if (RequestHelper.IsWindowsAuthentication())
{
return(UnlockScreen());
}
// User wants to revalidate his session
if (UserInfoProvider.IsUserPasswordDifferent(user, validatePassword))
{
// Password is invalid
AuthenticationHelper.CheckInvalidPasswordAttempts(user, SiteContext.CurrentSiteName);
if (!user.Enabled)
{
return("accountLocked");
}
return("valbad");
}
if (userWaitingForPasscode)
{
return(GeneratePasscode(user));
}
// Password is correct
return(UnlockScreen());
}
if (passcValidates)
{
var membershipProvider = new CMSMembershipProvider();
if (membershipProvider.MFValidatePasscode(user, validatePasscode, false))
{
return(UnlockScreen());
}
if (!user.Enabled)
{
return("accountLocked");
}
return("wrongPassc|" + GetString("mfauthentication.passcode.wrong"));
}
if (CMSPage.IsScreenLocked)
{
if (userAsksForState)
{
// Screen is locked
return("isLocked|True");
}
if (!userIsLoggingOut)
{
return("");
}
// User wants to logout
string signOutUrl = SystemContext.ApplicationPath.TrimEnd('/') + "/default.aspx";
if (IsCMSDesk)
{
// LiveID sign out URL is set if this LiveID session
AuthenticationHelper.SignOut(ref signOutUrl);
}
else
{
AuthenticationHelper.SignOut();
}
return("logout|" + signOutUrl);
}
// Check if ScreenLock is active
if (!SecurityHelper.IsScreenLockEnabled(SiteContext.CurrentSiteName))
{
return("disabled");
}
// User is canceling countdown and wants to stay active
if (userCanceling)
{
SecurityHelper.LogScreenLockAction();
return("cancelOk|" + SecurityHelper.GetSecondsToShowScreenLockAction(SiteContext.CurrentSiteName));
}
if ((int)timeLeft.TotalSeconds <= 0)
{
// User was inactive too long - lock screen
CMSPage.IsScreenLocked = true;
return("lockScreen");
}
if ((int)timeLeft.TotalSeconds <= secondsToWarning)
{
// Lock screen timeout is close - display warning
return("showWarning|" + ((int)timeLeft.TotalSeconds).ToString());
}
// User is active - hide warning and lock screen (if opened)
return("hideWarning|" + ((int)timeLeft.TotalSeconds - secondsToWarning).ToString());
}
/// <summary>
/// Prepares the callback result.
/// </summary>
public string GetCallbackResult()
{
var user = MembershipContext.AuthenticatedUser;
if (!user.Enabled)
{
return "accountLocked";
}
if (userValidates)
{
if (RequestHelper.IsWindowsAuthentication())
{
return UnlockScreen();
}
// User wants to revalidate his session
if (UserInfoProvider.IsUserPasswordDifferent(user, validatePassword))
{
// Password is invalid
AuthenticationHelper.CheckInvalidPasswordAttempts(user, SiteContext.CurrentSiteName);
if (!user.Enabled)
{
return "accountLocked";
}
return "valbad";
}
if (userWaitingForPasscode)
{
return GeneratePasscode(user);
}
// Password is correct
return UnlockScreen();
}
if (passcValidates)
{
var membershipProvider = new CMSMembershipProvider();
if (membershipProvider.MFValidatePasscode(user, validatePasscode, false))
{
return UnlockScreen();
}
if (!user.Enabled)
{
return "accountLocked";
}
return "wrongPassc|" + GetString("mfauthentication.passcode.wrong");
}
if (CMSPage.IsScreenLocked)
{
if (userAsksForState)
{
// Screen is locked
return "isLocked|True";
}
if (!userIsLoggingOut)
{
return "";
}
// User wants to logout
string signOutUrl = SystemContext.ApplicationPath.TrimEnd('/') + "/default.aspx";
if (IsCMSDesk)
{
// LiveID sign out URL is set if this LiveID session
AuthenticationHelper.SignOut(ref signOutUrl);
}
else
{
AuthenticationHelper.SignOut();
}
return "logout|" + signOutUrl;
}
// Check if ScreenLock is active
if (!SecurityHelper.IsScreenLockEnabled(SiteContext.CurrentSiteName))
{
return "disabled";
}
// User is canceling countdown and wants to stay active
if (userCanceling)
{
SecurityHelper.LogScreenLockAction();
return "cancelOk|" + SecurityHelper.GetSecondsToShowScreenLockAction(SiteContext.CurrentSiteName);
}
if ((int)timeLeft.TotalSeconds <= 0)
{
// User was inactive too long - lock screen
CMSPage.IsScreenLocked = true;
return "lockScreen";
}
if ((int)timeLeft.TotalSeconds <= secondsToWarning)
{
// Lock screen timeout is close - display warning
return "showWarning|" + ((int)timeLeft.TotalSeconds).ToString();
}
// User is active - hide warning and lock screen (if opened)
return "hideWarning|" + ((int)timeLeft.TotalSeconds - secondsToWarning).ToString();
}
public void QuickSignInTest(bool useEmail)
{
var requestManager = FakeRequestManager.Create();
db = requestManager.CurrentDatabase;
var membershipProvider = new MockCMSMembershipProvider {
ValidUser = true
};
var roleProvider = new MockCMSRoleProvider();
var build = "2020.2.1";
CMSMembershipProvider.SetCurrentProvider(membershipProvider);
CMSRoleProvider.SetCurrentProvider(roleProvider);
var person = CreatePerson();
person.CellPhone = RandomPhoneNumber();
person.EmailAddress = RandomEmailAddress();
db.SetSetting("UseMobileQuickSignInCodes", "true");
db.SetSetting("TwilioToken", RandomString());
db.SetSetting("TwilioSid", RandomString());
var group = db.SMSGroups.FirstOrDefault(g => g.SystemFlag == true);
if (group == null)
{
group = new SMSGroup {
SystemFlag = true, Name = "System Group", Description = ""
};
db.SMSGroups.InsertOnSubmit(group);
db.SubmitChanges();
}
db.SMSNumbers.InsertOnSubmit(new SMSNumber {
GroupID = group.Id, Number = RandomPhoneNumber(), LastUpdated = DateTime.Now
});
db.SubmitChanges();
string messageBody = "";
if (useEmail)
{
db.SMTPClient = new MockEmailClient
{
Receive = (to, from, subject, body) => {
messageBody = body;
}
};
}
else
{
TwilioHelper.MockSender = (to, from, body, statusCallback) => {
messageBody = body;
return(new TwilioMessageResult {
Status = "Sent"
});
};
}
var controller = new MobileAPIv2Controller(requestManager);
var message = new MobileMessage
{
device = (int)MobileMessage.Device.ANDROID,
instance = RandomString(),
argString = useEmail ? person.EmailAddress : person.CellPhone,
build = build,
};
var data = message.ToString();
var result = controller.QuickSignIn(data) as MobileMessage;
result.ShouldNotBeNull();
result.error.ShouldBe(0);
messageBody.ShouldNotBeEmpty();
requestManager.CurrentHttpContext.Request.Headers["Authorization"] = "Quick " + FindCode(messageBody);
message = new MobileMessage
{
device = (int)MobileMessage.Device.ANDROID,
instance = message.instance,
build = build,
};
data = message.ToString();
result = controller.QuickSignInUsers(data) as MobileMessage;
result.ShouldNotBeNull();
result.error.ShouldBe(0);
result.count.ShouldBeGreaterThan(0);
result.data.ShouldNotBeEmpty();
var list = JsonConvert.DeserializeObject <IEnumerable <MobileQuickSignInUser> >(result.data);
var user = list.First();
user.userID.ShouldBe(0);
user.peopleID.ShouldBe(person.PeopleId);
user.name.ShouldBe(person.Name);
user.user.ShouldBe("Create User");
var device = db.MobileAppDevices.SingleOrDefault(m => m.InstanceID == message.instance);
device.ShouldNotBeNull();
device.AppVersion.ShouldBe(build);
Should.Equals(device.DeviceTypeID, MobileMessage.Device.ANDROID);
//Test QuickSignInCreateUser
message = new MobileMessage
{
device = (int)MobileMessage.Device.ANDROID,
instance = device.InstanceID,
build = build,
argInt = person.PeopleId,
};
data = message.ToString();
result = controller.QuickSignInCreateUser(data) as MobileMessage;
result.ShouldNotBeNull();
result.error.ShouldBe(0);
result.count.ShouldBe(0);
result.data.ShouldNotBeEmpty();
result.id.ShouldBeGreaterThan(0);
var userId = result.id;
var username = result.data;
//Test SetDevicePIN
var pin = "1234";
message = new MobileMessage
{
device = (int)MobileMessage.Device.ANDROID,
instance = device.InstanceID,
build = build,
argInt = userId,
argString = pin.Sha256Hash(),
};
data = message.ToString();
result = controller.SetDevicePIN(data) as MobileMessage;
result.ShouldNotBeNull();
result.error.ShouldBe(0);
result.count.ShouldBe(0);
result.data.ShouldNotBeEmpty();
//Test PIN authorization by getting the user's own profile
requestManager.CurrentHttpContext.Request.Headers["Authorization"] = "PIN " + Convert.ToBase64String(Encoding.ASCII.GetBytes($"{username}:{pin.Sha256Hash()}"));
message = new MobileMessage
{
device = (int)MobileMessage.Device.ANDROID,
instance = device.InstanceID,
build = build,
argInt = person.PeopleId,
};
data = message.ToString();
result = controller.FetchPerson(data) as MobileMessage;
result.ShouldNotBeNull();
result.error.ShouldBe(0);
result.count.ShouldBe(1);
result.data.ShouldNotBeEmpty();
}
