private static bool updateBannedAgent(Agent agent)
{
/* return true is the agent is no longer banned
* else return false
*/
if ((agent.banned == true) && (getRestTimeSinceBanishment(agent.banishmentStartTime) < TimeSpan.FromMinutes(0)))
{
return(true);
}
return(false);
}
public static bool isOnlineSessionOpened(ref Agent agent)
{
/* When client open a tab and succeed in connecting to the database
* then if a close the tab and open it again we send back to the client
* information about the open session
* If the agent exist into the memory (in the list "client_list") then return true,
* else return false
*/
if (agent.tableId == -1)
{
return(false);
}
else
{
return(true);
}
}
public static void setOnlineDisconnection(ref Agent agent)
{
/* When user want to be disconnected from the sever we remove all information about him from memory
* so the next time he will try to connect to the server there will be no more informations about him
* and he will have to connect again
*/
if (agent.tableId != -1)
{
/*If the client is in memory and registered
* because if a client who is not registered try to diconnect it will remove all his informations from server
* (and that's a problem if the user will be banned soon because he made too much attemps)
* (even the number of attemps). In other words, it could be a way to avoid beeing banned after multiple failed
* So to be disconnected client have to be registered
* (at that step assume that session expiration has been cheked before)
*/
client_list.Remove(agent);
agent.toDefault();
}
}
public static bool certifyConnection(string id, SecureString secure_given_password, string ip_adress)
{
/* When online user want to change his account information, he have to enter is id and password again
* to validate the changes.
* When the user send us the changes with its actual id and password we check into the database if the id and the password
* are the same for that agent than the one saved
* The agent information from database are the one who was connected previously. In other word, only the user who register to acces
* the app can change its account informations from the current session
*
* If the authentification informations matches the method return true, else false
*/
bool certification = false; //resul
int index = getIndexAgentFromIpAdress(ip_adress); //can not be equal to -1 because all agent are registered before the call of that function
Agent current_agent = client_list[index]; //get the agent infromation from the current open registered session
Agent needed_agent = database.getAgentByAuthentificationId(id);
/* Get the informations of the agent found by the given id (into the database)
* and not from the current agent because we want user to modify their account informations only from their own session and not from
* other user session
*/
//Hash the password with salt saved in the database
if (needed_agent.hashedPassword != DataProtection.getSaltHashedString(secure_given_password, needed_agent.saltForHashe))
{//if the stored hashe password is not equal to the given hashe password (with the salt saved in the database)
//if user try too many times to changes its account informations with the wrong actual authentification informations we block that Ip adress
setNewAttempForAgent(ref current_agent);
certification = false;
}
else
{
//agent was found into the database
current_agent.numberOfConnectionAttemps = 0;
certification = true;
}
client_list[index] = current_agent;//save informations
//again index will never be out of range
return(certification);
}
public static int setConnection(string id, SecureString secure_given_password)
{
/*When a user is physically connected to the app we retrieve all the information about him in a structure Agent from the database
* If an agent is find in the database from the input id and password (given after being in an hashing function)
* then we set a timer (that represent the connection time left before disconection ) and save temporarily all the informations in a structure
*/
if (id == "" || secure_given_password == null)
{
connected_agent.toDefault();
return(ToolsClass.Definition.ERROR_INT_VALUE);;
}
Agent agent = database.getAgentByAuthentificationId(id);
if (agent.error)
{
return(ToolsClass.Definition.ERROR_INT_VALUE);
}
//Hash the password with salt saved in the database
if (agent.hashedPassword != DataProtection.getSaltHashedString(secure_given_password, agent.saltForHashe))
{ //if the stored hashe password is not equal to the given hashe password (with the salt saved in the database)
agent.toDefault(); //reset agent
}
if (agent.tableId != -1) //agent is found
{
connected_agent = agent; //save temporarily the information
return(ToolsClass.Definition.NO_ERROR_INT_VALUE);
}
else
{
connected_agent.toDefault();
}
return(ToolsClass.Definition.ERROR_INT_VALUE);
}
public static bool shortIdCorrespondToAgentByIndex(ref Agent agent, SecureString short_id_to_compare)
{
/* Check if the given short secure id is the one store in the database for the current agent
* If so return true, elese return false
*/
string encrypted_short_id = database.getAgentEncryptedShortSecureId(agent.tableId);
if (encrypted_short_id == null)
{ //error from database
agent.error = true; //change are not store into memory just temporarely into that structure
return(false);
}
int index = client_list.LastIndexOf(agent); //index can not be equal to -1 here because of the previous statement (from other method)
SecureString agent_short_id = DataProtection.unprotect(encrypted_short_id); //get the saved short secure id from database for that specific agent
bool res_authentification = SecureStringEquals(agent_short_id, short_id_to_compare); //compare the saved short id and the given one
if (!res_authentification)
{
setNewAttempForAgent(ref agent);
}
else
{
agent.numberOfConnectionAttemps = 0;
//reset the number of attemp
}
client_list[index] = agent;//update agent data
if (agent_short_id != null)
{
agent_short_id.Dispose();
}
if (short_id_to_compare != null)
{
short_id_to_compare.Dispose();
}
return(res_authentification);
}
private void setAgent(Agent agent)
{
/*Set all the fields with the stored informations about the corresponding agent*/
last_name_textBox.Text = agent.lastName.ToUpper();
first_name_textBox.Text = agent.firstName.ToLower();
job_textBox.Text = agent.job;
mail_adress_textBox.Text = agent.mailAdress;
setCheckedItemCheckBox();
id_textBox.Text = agent.id;
//never show password and short id
password_textBox.Text = "";
password_confirmation_textBox.Text = "";
short_id_textBox.Text = "";
display_password_state_textBox.Text = "";
display_password_state_textBox.BackColor = DEFAULT_COLOR;
old_mail_adress = agent.mailAdress;
}
private void listBox_MouseDoubleClick(object sender, MouseEventArgs e)
{
/*When user double click on an item we display all the informations about the
* student represented by that item
*/
listBox.ClearSelected();
int index = listBox.IndexFromPoint(e.Location);
if (index != ListBox.NoMatches)
{
int i = list_results.IndexOf(listBox.Items[index].ToString());
//get the index of the desired student in the list of resultas search
//Then use that index to get the database id of that student with the list of ids
if (i != -1)
{
agent = database.getAgentByIndex(list_ids[i]);
setAgent(agent);
}
listBox.SetSelected(index, true);
}
}
public static Agent getOnlineAgentFromIpAdress(string ip_adress, string cookie)
{
/* That function update informations about saved agent into the list "client_list"
* (for exemple figure out if the agent is disconnected, or not any more banned)
* Then update that infomration into memory and return it
*/
Agent agent = new Agent();
agent.toDefault();
setEssentialParmsForAgent(ref agent, ip_adress);
int index = getIndexAgentFromIpAdress(ip_adress);
if (index != -1)
{//if agent is already into memory
agent = client_list[index];
bool index_refer_to_the_same = (!changeBannedAgent(ref agent)) && (!changeRegisteredAgent(ref agent, cookie));
//update information and if there is no more reason to keep that information into memory remove it from the list "client_list"
setEssentialParmsForAgent(ref agent, ip_adress);
/* order of insctruction are important here because when call setEssentialParmsForAgent the last
* connection time is update. So if we put that call before checking data about client then the last connection time
* will be the current time which is not correct for the rest of the code
* In fact it is the last connection time before that request (request which explain why we can set the
* current time as the last connection time, because without that request the last connection time will be the one previously saved
* and not the current time)
*/
if (index_refer_to_the_same)
{// else agent has been removed from the list so index does not refer to he same as previously
client_list[index] = agent;
}
}//if the client is not registered we do nothing
return(agent);
}
public static Agent setOnlineConnection(string id, SecureString secure_given_password, string ip_adress)
{
/* When client try to establish a connection as a registered agent, he send his id and password.
* Then we check in the database those informations matches with an agent into the database
* If yes we gather all information about that agent into a structure and save it into a list "client_list"
* and the information will stay in it until the client disconnect himself or the session expired
* If no we save the ip adress of the client and update his number of attemps into the list "client_list"
*
*
* If agent was found into the database that function return it
* else retrun a standard agent with default values set
*
* On the server side, we have mutiple possible cases :
* - agent is recognise as registered agent into the database
* - agent is unknown but try to connect
* - agent is banned (because he fails to many time to connect)
* All agents are (temporarily) indistinctly stored into memory (trough the list "client_list")
* We can differianciate agent because of its internal parameters that are not the same if the agent is registered or banned or unknown
* We delete those informations from memory only when user states evoluate (for exemple if agent has been banned but now he wait enough time
* we remove information about that user from memory or when agent is disconnected we remove its informations)
* In orther words, the only way to if agent is registered (so allow to access the website) is to look if the ip adress is saved in memory
* and if he is not banned.
*
* The case "unknown agent" held to figure out the number of attemps client did : in that case we stored the ip adress and increase
* the number of attemps by one each time he fails to connect. Then when he try again but the number of attemps is too high that client
* became banned. In fact, if agent try to connect few time the ip adress of the user computer will be stored as long as a new agent
* use the same computer and succeed in connecting with the server. In otherwise, the informations will remain into memory
* The banishment is not assiociate to the a windows session but to a computer
* But when agent is registered he is from its windows session on a specific computer (and not only from the computer)
*
* This is the only function that can add a new user
*
*/
Agent agent = new Agent();
agent.toDefault();
if (id == "" || secure_given_password == null)
{
return(agent);
}
/*When the database is not used form a while the cache are clear (the database become "cold")
* So after a certain time if a user try to connect to the database it will have to wait
* that the database end to load and then wait to have the result of the request
* But the needed amount of time will almost always overpass the maximun connection time of the databse
* which will procude an error
*/
agent = database.getAgentByAuthentificationId(id);//could return an agent with error set to true
if (agent.error)
{//error from the server (not the fault of the client)
return(agent);
}
//Hash the password with salt saved in the database
if (agent.hashedPassword != DataProtection.getSaltHashedString(secure_given_password, agent.saltForHashe))
{ //if the stored hashe password is not equal to the given hashe password (with the salt saved in the database)
agent.toDefault(); //reset agent
}
int index = getIndexAgentFromIpAdress(ip_adress);
if (index == -1)//add new user
{
Agent temp_agent = new Agent();
temp_agent.toDefault();
setEssentialParmsForAgent(ref temp_agent, ip_adress);
client_list.Add(temp_agent);
index = client_list.Count - 1;
}
if (agent.tableId == -1)
{//there is no corresponding agent into the database (wrong id or password or both)
agent = client_list[index];
/*All client that send a request to the server are saved into memory with there ip adress
* So at that step when we search for a client define by its ip adress the result
* will never be out of range
*/
setNewAttempForAgent(ref agent);
/* If the user fail to connect we already have its information into memory
* In this case, we update the information abour that agent
* We can not directly add the agent into the database because agent are found by their ip adress (at the first match)
* In other words, if we have multiple agent set in memory with the same ip adress just one will be retrieve
*/
}
else
{
//agent was found into the database
agent.numberOfConnectionAttemps = 0;
//reset the number of attemp
agent.sessionId = setCookiesForClient();
//all the cookie are set at the connection and will remain the same until the next connection
}
setEssentialParmsForAgent(ref agent, ip_adress);
//registerAgentNewAttemp use agent.lastConnectionTime so order insctruction is here important and setEssentialParmsForAgent() update lastConnectionTime
client_list[index] = agent;
//again index will never be out of range
return(agent);
}
