private static bool changeRegisteredAgent(ref Agent agent, string session_id)
{
/* Check if the given agent is still connected (the session does not expire)
* If he is no, we remove it from memory
*
* If agent is removed return true, else false
*/
if (updateRegisteredAgent(agent, session_id))
{
/* If agent has been connected but the session expired (or user is connected to the same computer with an other windows sessions)
*
* In fact if client connect from a computer to be considered as connected he will need to have the given cookie (send during
* its connection attemps)
* If he does not have the same cookie it's mean that another client use the same computer but not the same windows session
*/
client_list.Remove(agent);
string ip_adress = agent.ipAdress;
agent.toDefault();//necessary
setEssentialParmsForAgent(ref agent, ip_adress);
//order of instructions is important here (as previously said)
return(true);
}
return(false);
}
private static void setNewAttempForAgent(ref Agent agent)
{
/*When user fails to connect to the database we update his number of attemps
* and eventually make him as a banned agent
*/
if (DateTime.Now.Subtract(agent.lastConnectionTime) >= TimeSpan.FromMinutes(TIME_BANNED_SESSION_MIN))
{
/* Since the number of attemps is related to the computer and not the windows session
* When nobody try to connect to the database from the computer for a certain time
* we reset the number of attemps assiociate to that computer
*/
agent.numberOfConnectionAttemps = 0;
}
agent.numberOfConnectionAttemps = agent.numberOfConnectionAttemps + 1;
//increase the number of attemps
if (agent.numberOfConnectionAttemps >= NUMBER_CONNECTION_ATTEMPS_ALLOWED)
{ //to many tries
string ip_adress = agent.ipAdress;
agent.toDefault(); //not necessary but just to be careful
setEssentialParmsForAgent(ref agent, ip_adress);
agent.banned = true; //agent is now banned
agent.banishmentStartTime = DateTime.Now;
}
}
private static bool changeBannedAgent(ref Agent agent)
{
/*Check if the given agent is no longer banned
* If so we remove it from memory
*
* If agent is removed return true, else false
*/
if (updateBannedAgent(agent))
{//agent is no longer banned
client_list.Remove(agent);
string ip_adress = agent.ipAdress;
agent.toDefault();//not necessary but just to be careful
setEssentialParmsForAgent(ref agent, ip_adress);
agent.banned = false;
/* order of instructions is important here because we have to update agent information only after removing it from database
* else there will be no corresponding agent into memory
*
* We update agent even if we remove it from memory because it will be used later to know what the client
* can acces at that time for that request
* Then for other request, since there will be no more corresponding agentin in memory, client will have to connect again
*/
return(true);
}
return(false);
}
public AccessManagementForm()
{
InitializeComponent();
list_ids = new List <int>();
list_results = new List <string>();
database = new DataBase();
DEFAULT_COLOR = display_password_state_textBox.BackColor;
agent.toDefault();
setListBox();
right_checkedListBox.DataSource = new BindingSource(SecurityManager.RIGHTS_LIST, null);
//Add to the checkedlistbox all the right (accreditation level) transcripted to text
}
public static int setConnection(string id, SecureString secure_given_password)
{
/*When a user is physically connected to the app we retrieve all the information about him in a structure Agent from the database
* If an agent is find in the database from the input id and password (given after being in an hashing function)
* then we set a timer (that represent the connection time left before disconection ) and save temporarily all the informations in a structure
*/
if (id == "" || secure_given_password == null)
{
connected_agent.toDefault();
return(ToolsClass.Definition.ERROR_INT_VALUE);;
}
Agent agent = database.getAgentByAuthentificationId(id);
if (agent.error)
{
return(ToolsClass.Definition.ERROR_INT_VALUE);
}
//Hash the password with salt saved in the database
if (agent.hashedPassword != DataProtection.getSaltHashedString(secure_given_password, agent.saltForHashe))
{ //if the stored hashe password is not equal to the given hashe password (with the salt saved in the database)
agent.toDefault(); //reset agent
}
if (agent.tableId != -1) //agent is found
{
connected_agent = agent; //save temporarily the information
return(ToolsClass.Definition.NO_ERROR_INT_VALUE);
}
else
{
connected_agent.toDefault();
}
return(ToolsClass.Definition.ERROR_INT_VALUE);
}
public static void setOnlineDisconnection(ref Agent agent)
{
/* When user want to be disconnected from the sever we remove all information about him from memory
* so the next time he will try to connect to the server there will be no more informations about him
* and he will have to connect again
*/
if (agent.tableId != -1)
{
/*If the client is in memory and registered
* because if a client who is not registered try to diconnect it will remove all his informations from server
* (and that's a problem if the user will be banned soon because he made too much attemps)
* (even the number of attemps). In other words, it could be a way to avoid beeing banned after multiple failed
* So to be disconnected client have to be registered
* (at that step assume that session expiration has been cheked before)
*/
client_list.Remove(agent);
agent.toDefault();
}
}
public static Agent getOnlineAgentFromIpAdress(string ip_adress, string cookie)
{
/* That function update informations about saved agent into the list "client_list"
* (for exemple figure out if the agent is disconnected, or not any more banned)
* Then update that infomration into memory and return it
*/
Agent agent = new Agent();
agent.toDefault();
setEssentialParmsForAgent(ref agent, ip_adress);
int index = getIndexAgentFromIpAdress(ip_adress);
if (index != -1)
{//if agent is already into memory
agent = client_list[index];
bool index_refer_to_the_same = (!changeBannedAgent(ref agent)) && (!changeRegisteredAgent(ref agent, cookie));
//update information and if there is no more reason to keep that information into memory remove it from the list "client_list"
setEssentialParmsForAgent(ref agent, ip_adress);
/* order of insctruction are important here because when call setEssentialParmsForAgent the last
* connection time is update. So if we put that call before checking data about client then the last connection time
* will be the current time which is not correct for the rest of the code
* In fact it is the last connection time before that request (request which explain why we can set the
* current time as the last connection time, because without that request the last connection time will be the one previously saved
* and not the current time)
*/
if (index_refer_to_the_same)
{// else agent has been removed from the list so index does not refer to he same as previously
client_list[index] = agent;
}
}//if the client is not registered we do nothing
return(agent);
}
public static Agent setOnlineConnection(string id, SecureString secure_given_password, string ip_adress)
{
/* When client try to establish a connection as a registered agent, he send his id and password.
* Then we check in the database those informations matches with an agent into the database
* If yes we gather all information about that agent into a structure and save it into a list "client_list"
* and the information will stay in it until the client disconnect himself or the session expired
* If no we save the ip adress of the client and update his number of attemps into the list "client_list"
*
*
* If agent was found into the database that function return it
* else retrun a standard agent with default values set
*
* On the server side, we have mutiple possible cases :
* - agent is recognise as registered agent into the database
* - agent is unknown but try to connect
* - agent is banned (because he fails to many time to connect)
* All agents are (temporarily) indistinctly stored into memory (trough the list "client_list")
* We can differianciate agent because of its internal parameters that are not the same if the agent is registered or banned or unknown
* We delete those informations from memory only when user states evoluate (for exemple if agent has been banned but now he wait enough time
* we remove information about that user from memory or when agent is disconnected we remove its informations)
* In orther words, the only way to if agent is registered (so allow to access the website) is to look if the ip adress is saved in memory
* and if he is not banned.
*
* The case "unknown agent" held to figure out the number of attemps client did : in that case we stored the ip adress and increase
* the number of attemps by one each time he fails to connect. Then when he try again but the number of attemps is too high that client
* became banned. In fact, if agent try to connect few time the ip adress of the user computer will be stored as long as a new agent
* use the same computer and succeed in connecting with the server. In otherwise, the informations will remain into memory
* The banishment is not assiociate to the a windows session but to a computer
* But when agent is registered he is from its windows session on a specific computer (and not only from the computer)
*
* This is the only function that can add a new user
*
*/
Agent agent = new Agent();
agent.toDefault();
if (id == "" || secure_given_password == null)
{
return(agent);
}
/*When the database is not used form a while the cache are clear (the database become "cold")
* So after a certain time if a user try to connect to the database it will have to wait
* that the database end to load and then wait to have the result of the request
* But the needed amount of time will almost always overpass the maximun connection time of the databse
* which will procude an error
*/
agent = database.getAgentByAuthentificationId(id);//could return an agent with error set to true
if (agent.error)
{//error from the server (not the fault of the client)
return(agent);
}
//Hash the password with salt saved in the database
if (agent.hashedPassword != DataProtection.getSaltHashedString(secure_given_password, agent.saltForHashe))
{ //if the stored hashe password is not equal to the given hashe password (with the salt saved in the database)
agent.toDefault(); //reset agent
}
int index = getIndexAgentFromIpAdress(ip_adress);
if (index == -1)//add new user
{
Agent temp_agent = new Agent();
temp_agent.toDefault();
setEssentialParmsForAgent(ref temp_agent, ip_adress);
client_list.Add(temp_agent);
index = client_list.Count - 1;
}
if (agent.tableId == -1)
{//there is no corresponding agent into the database (wrong id or password or both)
agent = client_list[index];
/*All client that send a request to the server are saved into memory with there ip adress
* So at that step when we search for a client define by its ip adress the result
* will never be out of range
*/
setNewAttempForAgent(ref agent);
/* If the user fail to connect we already have its information into memory
* In this case, we update the information abour that agent
* We can not directly add the agent into the database because agent are found by their ip adress (at the first match)
* In other words, if we have multiple agent set in memory with the same ip adress just one will be retrieve
*/
}
else
{
//agent was found into the database
agent.numberOfConnectionAttemps = 0;
//reset the number of attemp
agent.sessionId = setCookiesForClient();
//all the cookie are set at the connection and will remain the same until the next connection
}
setEssentialParmsForAgent(ref agent, ip_adress);
//registerAgentNewAttemp use agent.lastConnectionTime so order insctruction is here important and setEssentialParmsForAgent() update lastConnectionTime
client_list[index] = agent;
//again index will never be out of range
return(agent);
}