/// <summary>
/// Contructor expecting DBContext and Automapper config as dependencies
/// </summary>
/// <param name="context">POAMDbContext which holds the POAM list</param>
/// <param name="mapper">Automapper config reference</param>
/// <param name="configuration">Configuration setttings for the application</param>
/// <param name="entityservice">Service to deal with application entities</param>
public POAMController(POAMDbContext context, IMapper mapper, IConfiguration configuration, IEntityService entityservice)
{
_context = context;
_mapper = mapper;
_configuration = configuration;
_entityservice = entityservice;
}
public async Task AddApartmentSuccessful()
{
var context = new POAMDbContext();
RemoveUser(context);
var user = CreateUser(context);
Authentication.Instance.UserLogin(user);
RemoveApartment(context, "DummyBuilding");
var apartment = GenerateApartment();
var apartmentController = new ApartmentController(context);
var result = await apartmentController.AddApartment(apartment);
var existingApartment = context.Apartment.FirstOrDefault(a => a.Building == "DummyBuilding");
Assert.NotNull(existingApartment);
var redirectResult = Assert.IsType <RedirectToActionResult>(result);
Assert.NotNull(redirectResult);
Assert.Equal("MainPage", redirectResult.ActionName);
Authentication.Instance.Logout();
RemoveApartment(context, "DummyBuilding");
}
public async Task FinalizeContractNotAdmin()
{
var context = new POAMDbContext();
RemoveContract(context, "dummyContract");
var contract = GenerateContract();
RemoveAdmin(context);
Authentication.Instance.AdminLogin(CreateAdmin(context));
var contractController = new ContractController(context);
await contractController.AddContract(contract);
Authentication.Instance.Logout();
RemoveAdmin(context);
var result = await contractController.FinalizeContract(contract.IdContract);
var existingContract = context.Contract.FirstOrDefault(c => c.Provider == "dummyContract");
Assert.NotNull(existingContract);
var redirectResult = Assert.IsType <RedirectResult>(result);
Assert.NotNull(redirectResult);
Assert.Equal("~/MainPage", redirectResult.Url);
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, POAMDbContext context)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
Initialize(context);
}
public static void Initialize(POAMDbContext context)
{
context.Database.EnsureCreated();
if (context.Owner.FirstOrDefault(o => o.Username == "admin") == null)
{
String adminUsername = "******";
String adminPassword = "******";
String salt = Authentication.Instance.GetRandomSalt();
String hashedPassword = Authentication.Instance.HashPassword(adminPassword, salt);
String email = "*****@*****.**";
String fullName = " System Admin";
String phone = "0000000000000";
var admin = new Owner
{
Username = adminUsername,
PassSalt = salt,
Password = hashedPassword,
IsAdmin = true,
Email = email,
FullName = fullName,
Telephone = phone
};
context.Add(admin);
context.SaveChanges();
}
}
public async Task AddContractSuccessful()
{
var context = new POAMDbContext();
RemoveContract(context, "dummyContract");
var contract = GenerateContract();
RemoveAdmin(context);
Authentication.Instance.AdminLogin(CreateAdmin(context));
var contractController = new ContractController(context);
var result = await contractController.AddContract(contract);
var existingContract = context.Contract.FirstOrDefault(c => c.Provider == "dummyContract");
Assert.NotNull(existingContract);
var redirectResult = Assert.IsType <RedirectToActionResult>(result);
Assert.NotNull(redirectResult);
Assert.Equal("ContractsList", redirectResult.ActionName);
Authentication.Instance.Logout();
RemoveContract(context, "dummyContract");
RemoveAdmin(context);
}
public void RemoveApartment(POAMDbContext context, string building)
{
var existingApartment = context.Apartment.FirstOrDefault(a => a.Building == building);
if (existingApartment != null)
{
context.Remove(existingApartment);
context.SaveChanges();
}
}
public void RemoveAdmin(POAMDbContext context)
{
var existingOwner = context.Owner.FirstOrDefault(o => o.Username == "dummyAdmin");
if (existingOwner != null)
{
context.Remove(existingOwner);
context.SaveChanges();
}
}
public void RemoveContract(POAMDbContext context, string contractProvider)
{
var existingContract = context.Contract.FirstOrDefault(c => c.Provider == contractProvider);
if (existingContract != null)
{
context.Remove(existingContract);
context.SaveChanges();
}
}
public async Task MainPageNotLoggedIn()
{
var context = new POAMDbContext();
var apartmentController = new ApartmentController(context);
var result = await apartmentController.MainPage();
var redirectResult = Assert.IsType <RedirectResult>(result);
Assert.NotNull(redirectResult);
Assert.Equal("~/Home/Index", redirectResult.Url);
}
public async Task UserSuccessfulLogin()
{
var context = new POAMDbContext();
var ownerController = new OwnerController(context);
var result = await ownerController.Login(CreateUser(context));
var redirectResult = Assert.IsType <ViewResult>(result);
Assert.NotNull(redirectResult);
Assert.True(string.IsNullOrEmpty(redirectResult.ViewName) || redirectResult.ViewName == "MainPage");
}
public Owner CreateUser(POAMDbContext context)
{
var dummyUser = GenerateUser(context);
var existingOwner = context.Owner.FirstOrDefault(o => o.Username == "dummyUser");
if (existingOwner == null)
{
context.Add(dummyUser);
context.SaveChanges();
}
return(dummyUser);
}
public async Task LoginUsernameNotExisting()
{
var context = new POAMDbContext();
var ownerController = new OwnerController(context);
var user = CreateUser(context);
user.Username = "******";
var result = await ownerController.Login(user);
var redirectResult = Assert.IsType <ViewResult>(result);
Assert.NotNull(redirectResult);
Assert.True(string.IsNullOrEmpty(redirectResult.ViewName) || redirectResult.ViewName == "Login");
}
public Owner GenerateUser(POAMDbContext context)
{
var dummyUser = new Owner();
dummyUser.Username = "******";
var dummyPassword = "******";
dummyUser.PassSalt = Authentication.Instance.GetRandomSalt();
dummyUser.Password = Authentication.Instance.HashPassword(dummyPassword, dummyUser.PassSalt);
dummyUser.FullName = "Dummy User";
dummyUser.Email = "*****@*****.**";
dummyUser.Telephone = "0333333333333";
dummyUser.IsAdmin = false;
return(dummyUser);
}
public async Task LoginWrongPassword()
{
var context = new POAMDbContext();
var ownerController = new OwnerController(context);
var user = CreateUser(context);
user.Password = "******";
var result = await ownerController.Login(user);
var redirectResult = Assert.IsType <ViewResult>(result);
Assert.NotNull(redirectResult);
Assert.True(string.IsNullOrEmpty(redirectResult.ViewName) || redirectResult.ViewName == "Login");
}
public async Task AddOwnerNotAdmin()
{
var context = new POAMDbContext();
var ownerController = new OwnerController(context);
RemoveUser(context);
var user = GenerateUser(context);
var result = await ownerController.AddOwner(user);
var existingOwner = context.Owner.FirstOrDefault(o => o.Username == user.Username);
Assert.Null(existingOwner);
var redirectResult = Assert.IsType <RedirectResult>(result);
Assert.NotNull(redirectResult);
Assert.Equal("~/Home/Index", redirectResult.Url);
}
public async Task AddApartmentUserNotLoggedIn()
{
var context = new POAMDbContext();
RemoveApartment(context, "DummyBuilding");
var apartment = GenerateApartment();
var apartmentController = new ApartmentController(context);
var result = await apartmentController.AddApartment(apartment);
var existingApartment = context.Apartment.FirstOrDefault(a => a.Building == "DummyBuilding");
Assert.Null(existingApartment);
var redirectResult = Assert.IsType <RedirectResult>(result);
Assert.NotNull(redirectResult);
Assert.Equal("~/Home/Index", redirectResult.Url);
}
public async Task AddOwnerFailedUsernameExisting()
{
var context = new POAMDbContext();
var ownerController = new OwnerController(context);
RemoveAdmin(context);
var user = CreateUser(context);
Authentication.Instance.AdminLogin(CreateAdmin(context));
var result = await ownerController.AddOwner(user);
var redirectResult = Assert.IsType <ViewResult>(result);
Assert.NotNull(redirectResult);
Assert.True(string.IsNullOrEmpty(redirectResult.ViewName) || redirectResult.ViewName == "AddOwner");
Authentication.Instance.Logout();
RemoveAdmin(context);
}
public async Task ApartmentsOwnedLoggedIn()
{
var context = new POAMDbContext();
RemoveUser(context);
Authentication.Instance.UserLogin(CreateUser(context));
var apartmentController = new ApartmentController(context);
var result = await apartmentController.ApartmentsOwned();
var redirectResult = Assert.IsType <ViewResult>(result);
Assert.NotNull(redirectResult);
Assert.True(string.IsNullOrEmpty(redirectResult.ViewName) || redirectResult.ViewName == "ApartmentsOwned");
var model = Assert.IsAssignableFrom <IEnumerable <Apartment> >(redirectResult.ViewData.Model);
Authentication.Instance.Logout();
RemoveUser(context);
}
public Owner CreateAdmin(POAMDbContext context)
{
var dummyAdmin = new Owner();
dummyAdmin.Username = "******";
var dummyPassword = "******";
dummyAdmin.PassSalt = Authentication.Instance.GetRandomSalt();
dummyAdmin.Password = Authentication.Instance.HashPassword(dummyPassword, dummyAdmin.PassSalt);
dummyAdmin.FullName = "Dummy Admin";
dummyAdmin.Email = "*****@*****.**";
dummyAdmin.Telephone = "0333333333333";
dummyAdmin.IsAdmin = true;
var existingOwner = context.Owner.FirstOrDefault(o => o.Username == "dummyAdmin");
if (existingOwner == null)
{
context.Add(dummyAdmin);
context.SaveChanges();
}
return(dummyAdmin);
}
public async Task AddOwnerSuccessful()
{
var context = new POAMDbContext();
var ownerController = new OwnerController(context);
RemoveAdmin(context);
RemoveUser(context);
Authentication.Instance.AdminLogin(CreateAdmin(context));
var user = GenerateUser(context);
var result = await ownerController.AddOwner(user);
var existingOwner = context.Owner.FirstOrDefault(o => o.Username == user.Username);
Assert.NotNull(existingOwner);
var redirectResult = Assert.IsType <RedirectToActionResult>(result);
Assert.NotNull(redirectResult);
Assert.Equal("OwnersList", redirectResult.ActionName);
Authentication.Instance.Logout();
RemoveAdmin(context);
}
public ApartmentController(POAMDbContext context)
{
_context = context;
}
public ContractController(POAMDbContext context)
{
_context = context;
}
/// <summary>
/// Service constructor. Takes the POAMDbContext as dependency
/// </summary>
/// <param name="context"></param>
public EntityService(POAMDbContext context, IExcelService excelService)
{
_context = context;
_excelService = excelService;
}
public WaterConsumptionController(POAMDbContext context)
{
_context = context;
}
/// <summary>
/// Constructor with the DB context as DI
/// </summary>
/// <param name="context">Dependency injection param</param>
public LookUpDataService(POAMDbContext context)
{
_context = context;
}
/// <summary>
/// Constructor for the controller
/// </summary>
/// <param name="context">DB context</param>
/// <param name="entityservice">Entity service</param>
public ExcelController(POAMDbContext context, IEntityService entityservice)
{
_context = context;
_entityservice = entityservice;
}
public ReceiptController(POAMDbContext context)
{
_context = context;
}
public static void Initialize(IServiceProvider services)
{
var env = services.GetRequiredService <IHostingEnvironment>();
using (var context = new POAMDbContext(services.GetRequiredService <DbContextOptions <POAMDbContext> >()))
{
var authSystems = new List <AuthSystem>();
if (!context.AuthSystems.Any())
{
authSystems.Add(new AuthSystem {
Name = @"REGIS"
});
authSystems.Add(new AuthSystem {
Name = @"REDMACS"
});
authSystems.Add(new AuthSystem {
Name = @"Terremark"
});
context.AuthSystems.AddRange(authSystems);
context.SaveChanges();
}
var riskLevels = new List <RiskLevel>();
if (!context.RiskLevels.Any())
{
riskLevels.Add(new RiskLevel {
ID = 1, Name = "VL", Description = "Very Low"
});
riskLevels.Add(new RiskLevel {
ID = 2, Name = "L", Description = "Low"
});
riskLevels.Add(new RiskLevel {
ID = 3, Name = "M", Description = "Medium"
});
riskLevels.Add(new RiskLevel {
ID = 4, Name = "H", Description = "High"
});
riskLevels.Add(new RiskLevel {
ID = 5, Name = "VH", Description = "Very High"
});
context.RiskLevels.AddRange(riskLevels);
context.SaveChanges();
}
var statuses = new List <Status>();
if (!context.Statuses.Any())
{
statuses.Add(new Status {
ID = 1, Name = "Planned/Pending"
});
statuses.Add(new Status {
ID = 2, Name = "Canceled"
});
statuses.Add(new Status {
ID = 3, Name = "Completed"
});
statuses.Add(new Status {
ID = 4, Name = "In Progress"
});
statuses.Add(new Status {
ID = 5, Name = "Delayed"
});
statuses.Add(new Status {
ID = 6, Name = "Existing Risk Acceptance"
});
statuses.Add(new Status {
ID = 7, Name = "Risk Accpetance"
});
context.Statuses.AddRange(statuses);
context.SaveChanges();
}
var delayReasons = new List <DelayReason>();
if (!context.DelayReasons.Any())
{
delayReasons.Add(new DelayReason {
ID = 1, Name = "Weakness/Priority changed"
});
delayReasons.Add(new DelayReason {
ID = 2, Name = "Original completetion time underestimated"
});
delayReasons.Add(new DelayReason {
ID = 3, Name = "Funds not allocated/Insufficient funding"
});
delayReasons.Add(new DelayReason {
ID = 4, Name = "Assigned funds withdrawn"
});
delayReasons.Add(new DelayReason {
ID = 5, Name = "Dependency on other task(s)"
});
delayReasons.Add(new DelayReason {
ID = 6, Name = "Contractor delay"
});
delayReasons.Add(new DelayReason {
ID = 7, Name = "Procurement delay"
});
delayReasons.Add(new DelayReason {
ID = 8, Name = "Personnel shortage"
});
delayReasons.Add(new DelayReason {
ID = 9, Name = "Technology delay/dependency"
});
delayReasons.Add(new DelayReason {
ID = 10, Name = "Policy delay/dependency"
});
delayReasons.Add(new DelayReason {
ID = 11, Name = "Moratorium on development"
});
delayReasons.Add(new DelayReason {
ID = 12, Name = "Other"
});
delayReasons.Add(new DelayReason {
ID = 13, Name = "Not Applicable"
});
context.DelayReasons.AddRange(delayReasons);
context.SaveChanges();
}
var responsiblepocs = new List <ResponsiblePOC>();
if (!context.ResponsiblePOCs.Any())
{
responsiblepocs.Add(new ResponsiblePOC {
ID = new Guid(), Name = "Lai Lee-Birman", Description = "System Owner"
});
responsiblepocs.Add(new ResponsiblePOC {
ID = new Guid(), Name = "SOC", Description = "Security Office"
});
responsiblepocs.Add(new ResponsiblePOC {
ID = new Guid(), Name = "Jeremy Holmes", Description = "Information Steward"
});
context.ResponsiblePOCs.AddRange(responsiblepocs);
context.SaveChanges();
}
if (env.IsProduction())
{
return;
}
if (!context.POAMs.Any())
{
var weakness = new Weakness();
if (!context.Weaknesses.Any())
{
//weakness.ID = 1;
weakness.OriginalRecommendation = @"REGIS is not currently PIV-enabled.";
weakness.Risk = @"Risk: Lack of PIV implementation leaves the system more
vulnerable to unauthorized access, making financial data that is transmitted through
REGIS more vulnerable to unauthorized disclosure and modification.";
}
string recommendation = @"The Assessment Team recommends raising the Risk Level of this POAM from
Moderate to High as the scheduled completion date for PIV compliance was September 30, 2015.
The Assessment Team recommends removing IA-7 from this POAM, as REGIS does not have any
cryptographic modules within its authorization boundary.The System Owner and developers
have determined that MyAccess is not an option for PIV implementation; the team is
researching the use of Integrated Windows Authentication (IWA) for PIV-enabled access.
This POAM is delayed due to the System Owner working with the developers to determine
if IWA is a suitable option to implement PIV authentication; it was determined
that MyAccess was not a viable solution.";
var poam = new POAM
{
ActualFinishDate = null,
ActualStartDate = null,
AuthSystem = authSystems.SingleOrDefault(item => item.Name == "REGIS"),
ControlID = @"IA-2(1), IA-2(2), IA-2(8), IA-2(12), IA-5(2), IA-5(11), IA-7",
CostJustification = @"Minimum Organizational Cost",
CreateDate = DateTime.Now,
CSAMPOAMID = "55475",
DelayReason = delayReasons.FirstOrDefault(item => item.Name.StartsWith("Technology", StringComparison.OrdinalIgnoreCase)),
Number = 1,
PlannedFinishDate = new DateTime(2018, 5, 1),
PlannedStartDate = new DateTime(2017, 5, 1),
Recommendation = recommendation,
ResourcesRequired = 100.0M,
ResponsiblePOCs = responsiblepocs.Where(item => item.Name == "Lai Lee-Birman" || item.Name == "SOC").ToList(),
RiskLevel = riskLevels.SingleOrDefault(item => item.Name == "H"),
ScheduledCompletionDate = new DateTime(2016, 9, 1),
Status = statuses.SingleOrDefault(item => item.Name == "Delayed"),
Weakness = weakness
};
context.POAMs.Add(poam);
weakness = new Weakness();
if (!context.Weaknesses.Any())
{
//weakness.ID = 2;
weakness.OriginalRecommendation = @"RA-2: During the assessment, REGIS information system data types were not validated by the Information Steward.
PL-2: The System Characterization was unable to be properly updated with the most accurate system data types. ";
weakness.Risk = @"Risk: The risk of not properly categorizing the system makes it difficult to understand the scope of REGIS
and what the effect might be on the overall security posture of the system which may lead to improper security settings and management. ";
}
recommendation = @"The Assessment Team recommends that the REGIS Information Steward provide additional information on the types of data that are stored
and transmitted by the system, in order to correctly verify the Security Categorization. Data types should be mapped to Information
Types in accordance with SP 800-60, Volume II, to verify the accuracy of the current FIPS 199 and overall FIPS 200 level of Moderate.
The System Characterization should be reviewed and updated as necessary to document all changes that have been made to the system.
This POAM is delayed because the REGIS Information Steward did not verify that the list of data types listed in the SCD are comprehensive,
to include all data types that REGIS stores, transmits and processes. ";
poam = new POAM
{
ActualFinishDate = null,
ActualStartDate = new DateTime(2016, 9, 1),
AuthSystem = authSystems.SingleOrDefault(item => item.Name == "REGIS"),
ControlID = @"PL-2, RA-2",
CostJustification = @"Minimum Organizational Cost",
CreateDate = DateTime.Now,
CSAMPOAMID = "60028",
DelayReason = delayReasons.FirstOrDefault(item => item.Name.StartsWith("Other", StringComparison.OrdinalIgnoreCase)),
Number = 2,
PlannedFinishDate = new DateTime(2018, 5, 1),
PlannedStartDate = new DateTime(2017, 5, 1),
Recommendation = recommendation,
ResourcesRequired = 100.0M,
ResponsiblePOCs = responsiblepocs.Where(item => item.Name.Contains("Jeremy")).ToList(),
RiskLevel = riskLevels.SingleOrDefault(item => item.Name == "H"),
ScheduledCompletionDate = new DateTime(2016, 9, 1),
Status = statuses.SingleOrDefault(item => item.Name == "Delayed"),
Weakness = weakness
};
context.POAMs.Add(poam);
context.SaveChanges();
}
}
}
public EmployeeController(POAMDbContext context)
{
_context = context;
}
