Exemplo n.º 1
0
        private void butOK_Click(object sender, System.EventArgs e)
        {
            Userod selectedUser = null;

            if (IsMiddleTierSync)
            {
                selectedUser              = new Userod();
                selectedUser.UserName     = textUser.Text;
                selectedUser.LoginDetails = Authentication.GenerateLoginDetails(textPassword.Text, HashTypes.SHA3_512);
                Security.CurUser          = selectedUser;
                Security.PasswordTyped    = textPassword.Text;
            }
            else
            {
                if (PrefC.GetBool(PrefName.UserNameManualEntry))
                {
                    for (int i = 0; i < listUser.Items.Count; i++)
                    {
                        //Check the user name typed in using ToLower and Trim because Open Dental is case insensitive and does not allow white-space in regards to user names.
                        if (textUser.Text.Trim().ToLower() == listUser.Items[i].ToString().Trim().ToLower())
                        {
                            selectedUser = (Userod)listUser.Items[i];                          //Found the typed username
                            break;
                        }
                    }
                    if (selectedUser == null)
                    {
                        MessageBox.Show(this, "Login failed");
                        return;
                    }
                }
                else
                {
                    selectedUser = (Userod)listUser.SelectedItem;
                }
                try {
                    Userods.CheckUserAndPassword(selectedUser.UserName, textPassword.Text, false);
                }
                catch (Exception ex) {
                    MessageBox.Show(ex.Message);
                    return;
                }
                if (RemotingClient.RemotingRole == RemotingRole.ClientWeb && selectedUser.PasswordHash == "" && textPassword.Text == "")
                {
                    MessageBox.Show(this, "When using the web service, not allowed to log in with no password.  A password should be added for this user.");
                    return;
                }
                Security.CurUser       = selectedUser.Copy();
                Security.PasswordTyped = textPassword.Text;
                UserOdPrefs.SetThemeForUserIfNeeded();
            }
            //if(RemotingClient.RemotingRole==RemotingRole.ClientWeb){//Not sure we need this when connecting to CEMT, but not sure enough to delete.
            //	string password=textPassword.Text;
            //	if(Programs.UsingEcwTightOrFullMode()) {//ecw requires hash, but non-ecw requires actual password
            //		password=Userods.EncryptPassword(password,true);
            //	}
            //	Security.PasswordTyped=password;
            //}
            DialogResult = DialogResult.OK;
        }
Exemplo n.º 2
0
        public void Userods_CheckUserAndPassoword_UpdateFailedAttemptsFromOtherMethods()
        {
            //First, setup the test scenario.
            long   group1 = UserGroupT.CreateUserGroup("usergroup1");
            Userod myUser = UserodT.CreateUser(MethodBase.GetCurrentMethod().Name + DateTime.Now.Ticks, "reallystrongpassword", userGroupNumbers: new List <long>()
            {
                group1
            });

            Security.CurUser       = myUser;
            Security.PasswordTyped = "passwordguess#1";
            CredentialsFailedAfterLoginEvent.Fired += CredentialsFailedAfterLoginEvent_Fired1;
            RunTestsAgainstMiddleTier(new OpenDentBusiness.WebServices.OpenDentalServerMockIIS(user: myUser.UserName, password: myUser.Password));
            //try once with the wrong password. Failed attempt should get incremented to 1.
            ODException.SwallowAnyException(() => {
                Userods.CheckUserAndPassword(myUser.UserName, "passwordguess#1", false);
            });
            //Get our updated user from the DB.
            RunTestsAgainstDirectConnection();
            myUser = Userods.GetUserByNameNoCache(myUser.UserName);
            //Assert that we only have 1 failed attempt.
            Assert.AreEqual(1, myUser.FailedAttempts);
            //now wait for another method to get called
            RunTestsAgainstMiddleTier(new OpenDentBusiness.WebServices.OpenDentalServerMockIIS(user: myUser.UserName, password: myUser.Password));
            ODException.SwallowAnyException(() => {
                Computers.UpdateHeartBeat(Environment.MachineName, false);
            });
            RunTestsAgainstDirectConnection();
            //Get our updated user from the DB.
            myUser = Userods.GetUserByNameNoCache(myUser.UserName);
            //Assert that we only have 1 failed attempt.
            Assert.AreEqual(1, myUser.FailedAttempts);
        }
Exemplo n.º 3
0
        public void Userods_CheckUserAndPassword_LockoutAfterUserHasLoggedInButPasswordIsNotCorrectAfter5Attempts()
        {
            //First, setup the test scenario.
            long   group1          = UserGroupT.CreateUserGroup("usergroup1");
            bool   isAccountLocked = false;
            Userod myUser          = UserodT.CreateUser(MethodBase.GetCurrentMethod().Name + DateTime.Now.Ticks, "reallystrongpassword", userGroupNumbers: new List <long>()
            {
                group1
            });

            //Make 5 bad password attempts
            for (int i = 1; i < 6; i++)
            {
                ODException.SwallowAnyException(() => {
                    Userods.CheckUserAndPassword(myUser.UserName, "passwordguess#" + i, false);
                });
            }
            try {
                //the 6th bad attempt should kick us with a message saying that our account has been locked.
                Userods.CheckUserAndPassword(myUser.UserName, "passwordguess#6", false);
            }
            catch (Exception e) {
                if (e.Message.Contains("Account has been locked due to failed log in attempts"))
                {
                    isAccountLocked = true;
                }
            }
            //Get our updated user from the DB.
            myUser = Userods.GetUserByNameNoCache(myUser.UserName);
            //Assert that we got to 5 failed attempts and that the account has been locked.
            Assert.AreEqual(5, myUser.FailedAttempts);
            Assert.AreEqual(true, isAccountLocked);
        }
Exemplo n.º 4
0
        public void Userods_CheckUserAndPassoword_UpdateFailedAttemptsTo5()
        {
            //First, setup the test scenario.
            long   group1 = UserGroupT.CreateUserGroup("usergroup1");
            Userod myUser = UserodT.CreateUser(MethodBase.GetCurrentMethod().Name + DateTime.Now.Ticks, "reallystrongpassword", userGroupNumbers: new List <long>()
            {
                group1
            });

            CredentialsFailedAfterLoginEvent.Fired += CredentialsFailedAfterLoginEvent_Fired1;
            Security.CurUser       = myUser;
            Security.PasswordTyped = "passwordguess#1";
            RunTestsAgainstMiddleTier();
            //try with 5 incorrect passwords. Failed attempt should get incremented to 5.
            for (int i = 1; i < 6; i++)
            {
                ODException.SwallowAnyException(() => {
                    try {
                        Userods.CheckUserAndPassword(myUser.UserName, "passwordguess#" + i, false);
                    }
                    catch (Exception e) {
                    }
                });
            }
            //Get our updated user from the DB.
            RunTestsAgainstDirectConnection();
            myUser = Userods.GetUserByNameNoCache(myUser.UserName);
            //Assert that there are 5 failed attempts.
            Assert.AreEqual(5, myUser.FailedAttempts);
        }
Exemplo n.º 5
0
        public void Userods_CheckUserAndPassword_IncreaseFailedAttemptsAfterUserHasLoggedInButPasswordIsNotCorrect()
        {
            //First, setup the test scenario.
            //This test is intended to be tested on middle tier.
            long   group1 = UserGroupT.CreateUserGroup("usergroup1");
            Userod myUser = UserodT.CreateUser(MethodBase.GetCurrentMethod().Name + DateTime.Now.Ticks, "reallystrongpassword", userGroupNumbers: new List <long>()
            {
                group1
            });

            RunTestsAgainstMiddleTier(new OpenDentBusiness.WebServices.OpenDentalServerMockIIS(user: myUser.UserName, password: myUser.Password));
            Security.CurUser       = myUser;
            Security.PasswordTyped = "passwordguess#1";
            CredentialsFailedAfterLoginEvent.Fired += CredentialsFailedAfterLoginEvent_Fired1;
            //make a single bad password attempt.
            ODException.SwallowAnyException(() => {
                Userods.CheckUserAndPassword(myUser.UserName, "passwordguess#1", false);
            });
            //Get our user from the DB
            RunTestsAgainstDirectConnection();
            myUser = Userods.GetUserByNameNoCache(myUser.UserName);
            //Asssert that the failed attempt got incremented correctly.
            Assert.AreEqual(1, myUser.FailedAttempts);
        }