private void butOK_Click(object sender, System.EventArgs e)
{
Userod selectedUser = null;
if (IsMiddleTierSync)
{
selectedUser = new Userod();
selectedUser.UserName = textUser.Text;
selectedUser.LoginDetails = Authentication.GenerateLoginDetails(textPassword.Text, HashTypes.SHA3_512);
Security.CurUser = selectedUser;
Security.PasswordTyped = textPassword.Text;
}
else
{
if (PrefC.GetBool(PrefName.UserNameManualEntry))
{
for (int i = 0; i < listUser.Items.Count; i++)
{
//Check the user name typed in using ToLower and Trim because Open Dental is case insensitive and does not allow white-space in regards to user names.
if (textUser.Text.Trim().ToLower() == listUser.Items[i].ToString().Trim().ToLower())
{
selectedUser = (Userod)listUser.Items[i]; //Found the typed username
break;
}
}
if (selectedUser == null)
{
MessageBox.Show(this, "Login failed");
return;
}
}
else
{
selectedUser = (Userod)listUser.SelectedItem;
}
try {
Userods.CheckUserAndPassword(selectedUser.UserName, textPassword.Text, false);
}
catch (Exception ex) {
MessageBox.Show(ex.Message);
return;
}
if (RemotingClient.RemotingRole == RemotingRole.ClientWeb && selectedUser.PasswordHash == "" && textPassword.Text == "")
{
MessageBox.Show(this, "When using the web service, not allowed to log in with no password. A password should be added for this user.");
return;
}
Security.CurUser = selectedUser.Copy();
Security.PasswordTyped = textPassword.Text;
UserOdPrefs.SetThemeForUserIfNeeded();
}
//if(RemotingClient.RemotingRole==RemotingRole.ClientWeb){//Not sure we need this when connecting to CEMT, but not sure enough to delete.
// string password=textPassword.Text;
// if(Programs.UsingEcwTightOrFullMode()) {//ecw requires hash, but non-ecw requires actual password
// password=Userods.EncryptPassword(password,true);
// }
// Security.PasswordTyped=password;
//}
DialogResult = DialogResult.OK;
}
public void Userods_CheckUserAndPassoword_UpdateFailedAttemptsFromOtherMethods()
{
//First, setup the test scenario.
long group1 = UserGroupT.CreateUserGroup("usergroup1");
Userod myUser = UserodT.CreateUser(MethodBase.GetCurrentMethod().Name + DateTime.Now.Ticks, "reallystrongpassword", userGroupNumbers: new List <long>()
{
group1
});
Security.CurUser = myUser;
Security.PasswordTyped = "passwordguess#1";
CredentialsFailedAfterLoginEvent.Fired += CredentialsFailedAfterLoginEvent_Fired1;
RunTestsAgainstMiddleTier(new OpenDentBusiness.WebServices.OpenDentalServerMockIIS(user: myUser.UserName, password: myUser.Password));
//try once with the wrong password. Failed attempt should get incremented to 1.
ODException.SwallowAnyException(() => {
Userods.CheckUserAndPassword(myUser.UserName, "passwordguess#1", false);
});
//Get our updated user from the DB.
RunTestsAgainstDirectConnection();
myUser = Userods.GetUserByNameNoCache(myUser.UserName);
//Assert that we only have 1 failed attempt.
Assert.AreEqual(1, myUser.FailedAttempts);
//now wait for another method to get called
RunTestsAgainstMiddleTier(new OpenDentBusiness.WebServices.OpenDentalServerMockIIS(user: myUser.UserName, password: myUser.Password));
ODException.SwallowAnyException(() => {
Computers.UpdateHeartBeat(Environment.MachineName, false);
});
RunTestsAgainstDirectConnection();
//Get our updated user from the DB.
myUser = Userods.GetUserByNameNoCache(myUser.UserName);
//Assert that we only have 1 failed attempt.
Assert.AreEqual(1, myUser.FailedAttempts);
}
public void Userods_CheckUserAndPassword_LockoutAfterUserHasLoggedInButPasswordIsNotCorrectAfter5Attempts()
{
//First, setup the test scenario.
long group1 = UserGroupT.CreateUserGroup("usergroup1");
bool isAccountLocked = false;
Userod myUser = UserodT.CreateUser(MethodBase.GetCurrentMethod().Name + DateTime.Now.Ticks, "reallystrongpassword", userGroupNumbers: new List <long>()
{
group1
});
//Make 5 bad password attempts
for (int i = 1; i < 6; i++)
{
ODException.SwallowAnyException(() => {
Userods.CheckUserAndPassword(myUser.UserName, "passwordguess#" + i, false);
});
}
try {
//the 6th bad attempt should kick us with a message saying that our account has been locked.
Userods.CheckUserAndPassword(myUser.UserName, "passwordguess#6", false);
}
catch (Exception e) {
if (e.Message.Contains("Account has been locked due to failed log in attempts"))
{
isAccountLocked = true;
}
}
//Get our updated user from the DB.
myUser = Userods.GetUserByNameNoCache(myUser.UserName);
//Assert that we got to 5 failed attempts and that the account has been locked.
Assert.AreEqual(5, myUser.FailedAttempts);
Assert.AreEqual(true, isAccountLocked);
}
public void Userods_CheckUserAndPassoword_UpdateFailedAttemptsTo5()
{
//First, setup the test scenario.
long group1 = UserGroupT.CreateUserGroup("usergroup1");
Userod myUser = UserodT.CreateUser(MethodBase.GetCurrentMethod().Name + DateTime.Now.Ticks, "reallystrongpassword", userGroupNumbers: new List <long>()
{
group1
});
CredentialsFailedAfterLoginEvent.Fired += CredentialsFailedAfterLoginEvent_Fired1;
Security.CurUser = myUser;
Security.PasswordTyped = "passwordguess#1";
RunTestsAgainstMiddleTier();
//try with 5 incorrect passwords. Failed attempt should get incremented to 5.
for (int i = 1; i < 6; i++)
{
ODException.SwallowAnyException(() => {
try {
Userods.CheckUserAndPassword(myUser.UserName, "passwordguess#" + i, false);
}
catch (Exception e) {
}
});
}
//Get our updated user from the DB.
RunTestsAgainstDirectConnection();
myUser = Userods.GetUserByNameNoCache(myUser.UserName);
//Assert that there are 5 failed attempts.
Assert.AreEqual(5, myUser.FailedAttempts);
}
public void Userods_CheckUserAndPassword_IncreaseFailedAttemptsAfterUserHasLoggedInButPasswordIsNotCorrect()
{
//First, setup the test scenario.
//This test is intended to be tested on middle tier.
long group1 = UserGroupT.CreateUserGroup("usergroup1");
Userod myUser = UserodT.CreateUser(MethodBase.GetCurrentMethod().Name + DateTime.Now.Ticks, "reallystrongpassword", userGroupNumbers: new List <long>()
{
group1
});
RunTestsAgainstMiddleTier(new OpenDentBusiness.WebServices.OpenDentalServerMockIIS(user: myUser.UserName, password: myUser.Password));
Security.CurUser = myUser;
Security.PasswordTyped = "passwordguess#1";
CredentialsFailedAfterLoginEvent.Fired += CredentialsFailedAfterLoginEvent_Fired1;
//make a single bad password attempt.
ODException.SwallowAnyException(() => {
Userods.CheckUserAndPassword(myUser.UserName, "passwordguess#1", false);
});
//Get our user from the DB
RunTestsAgainstDirectConnection();
myUser = Userods.GetUserByNameNoCache(myUser.UserName);
//Asssert that the failed attempt got incremented correctly.
Assert.AreEqual(1, myUser.FailedAttempts);
}