private static bool updateBannedAgent(Agent agent) { /* return true is the agent is no longer banned * else return false */ if ((agent.banned == true) && (getRestTimeSinceBanishment(agent.banishmentStartTime) < TimeSpan.FromMinutes(0))) { return(true); } return(false); }
public static bool isOnlineSessionOpened(ref Agent agent) { /* When client open a tab and succeed in connecting to the database * then if a close the tab and open it again we send back to the client * information about the open session * If the agent exist into the memory (in the list "client_list") then return true, * else return false */ if (agent.tableId == -1) { return(false); } else { return(true); } }
public static void setOnlineDisconnection(ref Agent agent) { /* When user want to be disconnected from the sever we remove all information about him from memory * so the next time he will try to connect to the server there will be no more informations about him * and he will have to connect again */ if (agent.tableId != -1) { /*If the client is in memory and registered * because if a client who is not registered try to diconnect it will remove all his informations from server * (and that's a problem if the user will be banned soon because he made too much attemps) * (even the number of attemps). In other words, it could be a way to avoid beeing banned after multiple failed * So to be disconnected client have to be registered * (at that step assume that session expiration has been cheked before) */ client_list.Remove(agent); agent.toDefault(); } }
public static bool certifyConnection(string id, SecureString secure_given_password, string ip_adress) { /* When online user want to change his account information, he have to enter is id and password again * to validate the changes. * When the user send us the changes with its actual id and password we check into the database if the id and the password * are the same for that agent than the one saved * The agent information from database are the one who was connected previously. In other word, only the user who register to acces * the app can change its account informations from the current session * * If the authentification informations matches the method return true, else false */ bool certification = false; //resul int index = getIndexAgentFromIpAdress(ip_adress); //can not be equal to -1 because all agent are registered before the call of that function Agent current_agent = client_list[index]; //get the agent infromation from the current open registered session Agent needed_agent = database.getAgentByAuthentificationId(id); /* Get the informations of the agent found by the given id (into the database) * and not from the current agent because we want user to modify their account informations only from their own session and not from * other user session */ //Hash the password with salt saved in the database if (needed_agent.hashedPassword != DataProtection.getSaltHashedString(secure_given_password, needed_agent.saltForHashe)) {//if the stored hashe password is not equal to the given hashe password (with the salt saved in the database) //if user try too many times to changes its account informations with the wrong actual authentification informations we block that Ip adress setNewAttempForAgent(ref current_agent); certification = false; } else { //agent was found into the database current_agent.numberOfConnectionAttemps = 0; certification = true; } client_list[index] = current_agent;//save informations //again index will never be out of range return(certification); }
public static int setConnection(string id, SecureString secure_given_password) { /*When a user is physically connected to the app we retrieve all the information about him in a structure Agent from the database * If an agent is find in the database from the input id and password (given after being in an hashing function) * then we set a timer (that represent the connection time left before disconection ) and save temporarily all the informations in a structure */ if (id == "" || secure_given_password == null) { connected_agent.toDefault(); return(ToolsClass.Definition.ERROR_INT_VALUE);; } Agent agent = database.getAgentByAuthentificationId(id); if (agent.error) { return(ToolsClass.Definition.ERROR_INT_VALUE); } //Hash the password with salt saved in the database if (agent.hashedPassword != DataProtection.getSaltHashedString(secure_given_password, agent.saltForHashe)) { //if the stored hashe password is not equal to the given hashe password (with the salt saved in the database) agent.toDefault(); //reset agent } if (agent.tableId != -1) //agent is found { connected_agent = agent; //save temporarily the information return(ToolsClass.Definition.NO_ERROR_INT_VALUE); } else { connected_agent.toDefault(); } return(ToolsClass.Definition.ERROR_INT_VALUE); }
public static bool shortIdCorrespondToAgentByIndex(ref Agent agent, SecureString short_id_to_compare) { /* Check if the given short secure id is the one store in the database for the current agent * If so return true, elese return false */ string encrypted_short_id = database.getAgentEncryptedShortSecureId(agent.tableId); if (encrypted_short_id == null) { //error from database agent.error = true; //change are not store into memory just temporarely into that structure return(false); } int index = client_list.LastIndexOf(agent); //index can not be equal to -1 here because of the previous statement (from other method) SecureString agent_short_id = DataProtection.unprotect(encrypted_short_id); //get the saved short secure id from database for that specific agent bool res_authentification = SecureStringEquals(agent_short_id, short_id_to_compare); //compare the saved short id and the given one if (!res_authentification) { setNewAttempForAgent(ref agent); } else { agent.numberOfConnectionAttemps = 0; //reset the number of attemp } client_list[index] = agent;//update agent data if (agent_short_id != null) { agent_short_id.Dispose(); } if (short_id_to_compare != null) { short_id_to_compare.Dispose(); } return(res_authentification); }
private void setAgent(Agent agent) { /*Set all the fields with the stored informations about the corresponding agent*/ last_name_textBox.Text = agent.lastName.ToUpper(); first_name_textBox.Text = agent.firstName.ToLower(); job_textBox.Text = agent.job; mail_adress_textBox.Text = agent.mailAdress; setCheckedItemCheckBox(); id_textBox.Text = agent.id; //never show password and short id password_textBox.Text = ""; password_confirmation_textBox.Text = ""; short_id_textBox.Text = ""; display_password_state_textBox.Text = ""; display_password_state_textBox.BackColor = DEFAULT_COLOR; old_mail_adress = agent.mailAdress; }
private void listBox_MouseDoubleClick(object sender, MouseEventArgs e) { /*When user double click on an item we display all the informations about the * student represented by that item */ listBox.ClearSelected(); int index = listBox.IndexFromPoint(e.Location); if (index != ListBox.NoMatches) { int i = list_results.IndexOf(listBox.Items[index].ToString()); //get the index of the desired student in the list of resultas search //Then use that index to get the database id of that student with the list of ids if (i != -1) { agent = database.getAgentByIndex(list_ids[i]); setAgent(agent); } listBox.SetSelected(index, true); } }
public static Agent getOnlineAgentFromIpAdress(string ip_adress, string cookie) { /* That function update informations about saved agent into the list "client_list" * (for exemple figure out if the agent is disconnected, or not any more banned) * Then update that infomration into memory and return it */ Agent agent = new Agent(); agent.toDefault(); setEssentialParmsForAgent(ref agent, ip_adress); int index = getIndexAgentFromIpAdress(ip_adress); if (index != -1) {//if agent is already into memory agent = client_list[index]; bool index_refer_to_the_same = (!changeBannedAgent(ref agent)) && (!changeRegisteredAgent(ref agent, cookie)); //update information and if there is no more reason to keep that information into memory remove it from the list "client_list" setEssentialParmsForAgent(ref agent, ip_adress); /* order of insctruction are important here because when call setEssentialParmsForAgent the last * connection time is update. So if we put that call before checking data about client then the last connection time * will be the current time which is not correct for the rest of the code * In fact it is the last connection time before that request (request which explain why we can set the * current time as the last connection time, because without that request the last connection time will be the one previously saved * and not the current time) */ if (index_refer_to_the_same) {// else agent has been removed from the list so index does not refer to he same as previously client_list[index] = agent; } }//if the client is not registered we do nothing return(agent); }
public static Agent setOnlineConnection(string id, SecureString secure_given_password, string ip_adress) { /* When client try to establish a connection as a registered agent, he send his id and password. * Then we check in the database those informations matches with an agent into the database * If yes we gather all information about that agent into a structure and save it into a list "client_list" * and the information will stay in it until the client disconnect himself or the session expired * If no we save the ip adress of the client and update his number of attemps into the list "client_list" * * * If agent was found into the database that function return it * else retrun a standard agent with default values set * * On the server side, we have mutiple possible cases : * - agent is recognise as registered agent into the database * - agent is unknown but try to connect * - agent is banned (because he fails to many time to connect) * All agents are (temporarily) indistinctly stored into memory (trough the list "client_list") * We can differianciate agent because of its internal parameters that are not the same if the agent is registered or banned or unknown * We delete those informations from memory only when user states evoluate (for exemple if agent has been banned but now he wait enough time * we remove information about that user from memory or when agent is disconnected we remove its informations) * In orther words, the only way to if agent is registered (so allow to access the website) is to look if the ip adress is saved in memory * and if he is not banned. * * The case "unknown agent" held to figure out the number of attemps client did : in that case we stored the ip adress and increase * the number of attemps by one each time he fails to connect. Then when he try again but the number of attemps is too high that client * became banned. In fact, if agent try to connect few time the ip adress of the user computer will be stored as long as a new agent * use the same computer and succeed in connecting with the server. In otherwise, the informations will remain into memory * The banishment is not assiociate to the a windows session but to a computer * But when agent is registered he is from its windows session on a specific computer (and not only from the computer) * * This is the only function that can add a new user * */ Agent agent = new Agent(); agent.toDefault(); if (id == "" || secure_given_password == null) { return(agent); } /*When the database is not used form a while the cache are clear (the database become "cold") * So after a certain time if a user try to connect to the database it will have to wait * that the database end to load and then wait to have the result of the request * But the needed amount of time will almost always overpass the maximun connection time of the databse * which will procude an error */ agent = database.getAgentByAuthentificationId(id);//could return an agent with error set to true if (agent.error) {//error from the server (not the fault of the client) return(agent); } //Hash the password with salt saved in the database if (agent.hashedPassword != DataProtection.getSaltHashedString(secure_given_password, agent.saltForHashe)) { //if the stored hashe password is not equal to the given hashe password (with the salt saved in the database) agent.toDefault(); //reset agent } int index = getIndexAgentFromIpAdress(ip_adress); if (index == -1)//add new user { Agent temp_agent = new Agent(); temp_agent.toDefault(); setEssentialParmsForAgent(ref temp_agent, ip_adress); client_list.Add(temp_agent); index = client_list.Count - 1; } if (agent.tableId == -1) {//there is no corresponding agent into the database (wrong id or password or both) agent = client_list[index]; /*All client that send a request to the server are saved into memory with there ip adress * So at that step when we search for a client define by its ip adress the result * will never be out of range */ setNewAttempForAgent(ref agent); /* If the user fail to connect we already have its information into memory * In this case, we update the information abour that agent * We can not directly add the agent into the database because agent are found by their ip adress (at the first match) * In other words, if we have multiple agent set in memory with the same ip adress just one will be retrieve */ } else { //agent was found into the database agent.numberOfConnectionAttemps = 0; //reset the number of attemp agent.sessionId = setCookiesForClient(); //all the cookie are set at the connection and will remain the same until the next connection } setEssentialParmsForAgent(ref agent, ip_adress); //registerAgentNewAttemp use agent.lastConnectionTime so order insctruction is here important and setEssentialParmsForAgent() update lastConnectionTime client_list[index] = agent; //again index will never be out of range return(agent); }