public void User_Ban_Test()
{
var controller = TestHelper.Resolve<UsersController>();
var context = new FakeControllerContext(controller);
var sessionWrapper = new SessionWrapper(context.HttpContext);
sessionWrapper.SetUser(ServicesTests.GetTestUser(), AuthenticationProvider.CustomDb);
controller.ControllerContext = context;
controller.Ban(0, ModeratorReason.Spamming, null);
Assert.IsFalse((bool)controller.ViewData.Model);
}
public void PreventFloodAttribute_Role_Test()
{
//set up context
var controller = TestHelper.Resolve<TopicsController>();
var controllerContext = new FakeControllerContext(controller, "http://localhost");
var executingFilterContext = new ActionExecutingContext(controllerContext, new FakeActionDescriptor(), new Dictionary<string, object>());
var executedfilterContext = new ActionExecutedContext(controllerContext, new FakeActionDescriptor(), false, null);
var httpContext = (FakeHttpContext) controllerContext.HttpContext;
httpContext.CleanCache();
//set up attr
var attr = new PreventFloodAttribute(typeof(EmptyResult));
attr.Config.SpamPrevention.FloodControl.TimeBetweenPosts = 5;
attr.Config.SpamPrevention.FloodControl.IgnoreForRole = UserRole.Moderator; //ignore for moderator or admin
var session = new SessionWrapper(httpContext);
session.SetUser(new User() { Role = UserRole.Moderator }, AuthenticationProvider.CustomDb);
//first execution
attr.OnActionExecuting(executingFilterContext);
Assert.AreNotEqual<bool?>(true, (bool?)controller.ViewBag.ShowCaptcha);
attr.OnActionExecuted(executedfilterContext);
//second execution: must NOT be considered as flooding
attr.OnActionExecuting(executingFilterContext);
Assert.AreNotEqual<bool?>(true, (bool?)controller.ViewBag.ShowCaptcha);
attr.OnActionExecuted(executedfilterContext);
}
/// <summary>
/// Logs the user in or creates the a site user account if the user does not exist, based on membership user.
/// Sets the logged user in the session.
/// </summary>
/// <exception cref="ValidationException"></exception>
/// <returns>The user id of the authenticated user</returns>
public static int TryFinishMembershipLogin(SessionWrapper session, MembershipUser membershipUser, IUsersService service)
{
if (membershipUser == null)
{
throw new ArgumentNullException("Can not finish membership signin with membership not set.");
}
var siteUser = service.GetByProviderId(AuthenticationProvider.Membership, membershipUser.ProviderUserKey.ToString());
if (siteUser == null)
{
//User does not exist on Nearforums db
siteUser = new User();
siteUser.UserName = membershipUser.UserName;
siteUser.Email = membershipUser.Email;
siteUser = service.Add(siteUser, AuthenticationProvider.Membership, membershipUser.ProviderUserKey.ToString());
}
session.SetUser(siteUser, AuthenticationProvider.Membership);
return siteUser.Id;
}
/// <summary>
/// Logs the user in or creates the user account if the user does not exist.
/// Sets the logged user in the session.
/// </summary>
public static int OpenIdFinishLogin(IAuthenticationResponse response, SessionWrapper session, IUsersService service, bool enableClaimsRequest)
{
string externalId = response.ClaimedIdentifier.ToString();
User user = service.GetByProviderId(AuthenticationProvider.OpenId, externalId);
var claimsResponse = response.GetExtension<ClaimsResponse>();
string name = enableClaimsRequest ? claimsResponse.Nickname : response.FriendlyIdentifierForDisplay;
if (user == null)
{
user = new User(0, name);
if (enableClaimsRequest)
{
user.Email = claimsResponse.Email;
user.BirthDate = claimsResponse.BirthDate;
}
user = service.Add(user, AuthenticationProvider.OpenId, externalId);
}
else
{
if (enableClaimsRequest && !claimsResponse.Email.Equals(user.Email, StringComparison.CurrentCultureIgnoreCase))
{
user.Email = claimsResponse.Email;
service.Edit(user);
}
}
session.SetUser(user, AuthenticationProvider.OpenId);
return user.Id;
}
public void User_Warn_Dismiss_Test()
{
var controller = TestHelper.Resolve<UsersController>();
var context = new FakeControllerContext(controller);
var sessionWrapper = new SessionWrapper(context.HttpContext);
sessionWrapper.SetUser(ServicesTests.GetTestUser(), AuthenticationProvider.CustomDb);
controller.ControllerContext = context;
controller.WarnDismiss();
//True if a record was affected.
Assert.IsTrue((bool)controller.ViewData.Model);
}
public void User_Manage_Access_Test()
{
var controller = TestHelper.Resolve<UsersController>();
var context = new FakeControllerContext(controller);
var sessionWrapper = new SessionWrapper(context.HttpContext);
sessionWrapper.SetUser(new User() { Role = UserRole.Member }, AuthenticationProvider.CustomDb);
controller.ControllerContext = context;
try
{
controller.Ban(0, ModeratorReason.Spamming, null);
Assert.Fail("The user banning is not a moderator or admin");
}
catch (System.Security.SecurityException)
{
}
}
