public void AddFailedLoginAttemptTest()
{
Security security = new Security(5,5);
string logString = "la=2;dt=" + DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
string newLogString = security.AddFailedLoginAttempt(logString);
Assert.IsTrue(newLogString.StartsWith("la=3;"));
logString = "la=0;dt=" + DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
newLogString = security.AddFailedLoginAttempt(logString);
Assert.IsTrue(newLogString.StartsWith("la=1;"));
logString = "la=2;dt=" + DateTime.Now.AddDays(-1).ToString("yyyy-MM-dd HH:mm:ss");
newLogString = security.AddFailedLoginAttempt(logString);
Assert.IsTrue(newLogString.StartsWith("la=1;"));
logString = "la=4;dt=" + DateTime.Now.AddYears(-1).ToString("yyyy-MM-dd HH:mm:ss");
newLogString = security.AddFailedLoginAttempt(logString);
Assert.IsTrue(newLogString.StartsWith("la=1;"));
logString = "la=2;dt=" + DateTime.Now.AddHours(-1).ToString("yyyy-MM-dd HH:mm:ss");
newLogString = security.AddFailedLoginAttempt(logString);
Assert.IsFalse(newLogString.StartsWith("la=3;") && newLogString.Contains(DateTime.Now.Hour.ToString()));
logString = "la=0;dt=" + DateTime.Now.AddDays(2).ToString("yyyy-MM-dd HH:mm:ss");
newLogString = security.AddFailedLoginAttempt(logString);
Assert.IsTrue(newLogString.StartsWith("la=1;") && newLogString.Contains(DateTime.Now.Hour.ToString()) && newLogString.Contains(DateTime.Now.Day.ToString()));
logString = "la=2;dt=" + DateTime.Now.AddMinutes(-1).ToString("yyyy-MM-dd HH:mm:ss");
newLogString = security.AddFailedLoginAttempt(logString);
Assert.IsTrue(newLogString.StartsWith("la=3;"));
logString = "la=2;dt=" + DateTime.Now.AddMinutes(-6).ToString("yyyy-MM-dd HH:mm:ss");
newLogString = security.AddFailedLoginAttempt(logString);
Assert.IsTrue(newLogString.StartsWith("la=1;"));
logString = "";
newLogString = security.AddFailedLoginAttempt(logString);
Assert.IsTrue(newLogString.StartsWith("la=1;"));
logString = null;
newLogString = security.AddFailedLoginAttempt(logString);
Assert.IsTrue(newLogString.StartsWith("la=1;"));
}
public ActionResult Login(LoginViewModel model)
{
if (ModelState.IsValid)
{
var security = new Util.Security(5, 5); // TODO: retrieve settings from DB
if (security.AllowLogin((string)Session["loginHistory"]))
{
ml_User user = _service.Load(model.userEmail, model.userPassword);
if (user != null && user.ID > 0)
{
FormsAuthentication.SetAuthCookie(user.ID.ToString(), false);
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, user.ID.ToString(), DateTime.Now, DateTime.Now.AddMinutes(60), false, ((Util.Enum.UserStatus)user.userStatus).ToString());
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket));
Response.Cookies.Add(cookie);
Session["CurrentUser"] = user;
return RedirectToAction("List", "Workout");
}
else
{
Session["loginHistory"] = security.AddFailedLoginAttempt((string)Session["loginHistory"]);
ModelState.AddModelError("", "Fehlerhafter Benutzername und/oder Passwort.");
}
}
else
{
ModelState.AddModelError("", Resources.Translations.Home_Anonymous_LoginTimeout);
}
}
return View();
}