public void mapUserRoles()
{
TMConfig.Current = null;
HttpContextFactory._context = null;
var tmAuthentication = new TM_Authentication(null);
Assert.AreEqual(tmAuthentication, tmAuthentication.mapUserRoles(false) , "This should not thrown an exception");
}
public TM_WebServices(bool disable_Csrf_Check)
{
tmXmlDatabase = TM_Xml_Database.Current;
userData = tmXmlDatabase.userData();
tmAuthentication = new TM_Authentication(this).mapUserRoles(disable_Csrf_Check);
GZip.setGZipCompression_forAjaxRequests();
}
public TM_WebServices(bool disable_Csrf_Check)
{
tmXmlDatabase = TM_Xml_Database.Current;
userData = tmXmlDatabase .userData();
tmAuthentication = new TM_Authentication(this).mapUserRoles(disable_Csrf_Check);
GZip.setGZipCompression_forAjaxRequests();
}
public void authToken()
{
HttpContextFactory.Context.mock();
var request = HttpContextFactory.Request;
var tmAuthentication = new TM_Authentication(null);
Assert.AreEqual(Guid.Empty,tmAuthentication.authToken);
Assert.IsNull(request.QueryString[authVar]);
//test with an random string
request.QueryString[authVar] = 10.randomLetters();
Assert.IsNotNull(request.QueryString[authVar]);
Assert.AreEqual (Guid.Empty,tmAuthentication.authToken);
//test with an random GUID
request.QueryString[authVar] = Guid.NewGuid().str();
Assert.IsNotNull (request.QueryString[authVar]);
Assert.AreNotEqual(Guid.Empty,tmAuthentication.authToken);
}
public void TM_Authentication_mapUserRoles()
{
HttpContextFactory.Context.mock();
var tmAuthentication = new TM_Authentication(null);
Assert.NotNull (tmAuthentication.sessionID);
Assert.AreEqual(tmAuthentication.sessionID,Guid.Empty);
Assert.IsFalse(tmConfig.WindowsAuthentication.Enabled);
tmConfig.WindowsAuthentication.Enabled = true;
var identity = tmAuthentication.Current_WindowsIdentity;
changeIndentityToBeImpersonation(identity);
tmAuthentication.mapUserRoles();
var tmUser_fromSession = tmAuthentication.sessionID.session_TmUser();
Assert.AreNotEqual(tmAuthentication.sessionID,Guid.Empty); // sessionID should be set
Assert.IsTrue (tmAuthentication.sessionID.validSession());
Assert.IsNotNull (tmUser_fromSession);
Assert.AreEqual (tmUser_fromSession.UserName,identity.Name);
tmConfig.WindowsAuthentication.Enabled = false;
}
public static bool setCurrentUserPassword(this TM_UserData userData, TM_Authentication tmAuthentication, string currentPassword, string newPassword)
{
var tmUser = tmAuthentication.currentUser;
if (tmUser.notNull())
{
if (tmUser.SecretData.PasswordHash == tmUser.createPasswordHash(currentPassword))
{
var newPasswordHash = tmUser.createPasswordHash(newPassword);
if (newPasswordHash != tmUser.SecretData.PasswordHash)
{
tmUser.SecretData.PasswordHash = tmUser.createPasswordHash(newPassword);
tmUser.saveTmUser();
return true;
}
}
}
return false;
}
public static bool setCurrentUserPassword(this TM_UserData userData, TM_Authentication tmAuthentication, string currentPassword, string newPassword)
{
var tmUser = tmAuthentication.currentUser;
if (tmUser.notNull())
{
if (tmUser.SecretData.PasswordHash == tmUser.createPasswordHash(currentPassword))
{
var newPasswordHash = tmUser.createPasswordHash(newPassword);
if (newPasswordHash != tmUser.SecretData.PasswordHash)
{
tmUser.SecretData.PasswordHash = tmUser.createPasswordHash(newPassword);
tmUser.saveTmUser();
return(true);
}
}
}
return(false);
}
public Test_TM_Authentication()
{
tmAuthentication= tmWebServices.tmAuthentication;
Assert.IsFalse(tmConfig.WindowsAuthentication.Enabled);
Assert.NotNull(tmAuthentication);
}
public static bool setCurrentUserPassword(this TM_UserData userData, TM_Authentication tmAuthentication, string currentPassword, string newPassword)
{
var tmUser = tmAuthentication.currentUser;
if (tmUser.notNull())
{
if (tmUser.SecretData.PasswordHash == tmUser.createPasswordHash(currentPassword)) // check if current password matches provided value
{
var newPasswordHash = tmUser.createPasswordHash(newPassword);
if (newPasswordHash != tmUser.SecretData.PasswordHash) // check that password are not repeated
{
tmUser.logUserActivity("User Password Change", "With previous password provided");
return(tmUser.setPasswordHash(newPasswordHash));
}
}
}
return(false);
}
public void TM_Authentication_mapUserRoles()
{
HttpContextFactory.Context.mock();
var request = HttpContextFactory.Request;
var tmAuthentication = new TM_Authentication(null);
Assert.NotNull (tmAuthentication.sessionID);
Assert.AreEqual(tmAuthentication.sessionID,Guid.Empty);
Assert.IsNull (request[authVar]);
tmAuthentication.mapUserRoles();
Assert.AreEqual(tmAuthentication.sessionID,Guid.Empty);
request.QueryString[authVar] = user_AuthToken.Token.str();
Assert.IsNotNull (request[authVar]);
tmAuthentication.mapUserRoles();
Assert.AreNotEqual(tmAuthentication.sessionID,Guid.Empty);
Assert.IsTrue (tmAuthentication.sessionID.validSession());
Assert.AreEqual (tmAuthentication.sessionID.session_TmUser(), tmUser);
}
public void Login_Using_Pwd_and_Login_Using_AuthToken()
{
HttpContextFactory.Context.mock();
//Create user and login using its username and pwd
var username = 10.randomLetters();
var password = "******".add_RandomLetters(10);
var userId = userData.newUser(username,password);
var loginId = userData.login(username, password);
var tmAuthentication = new TM_Authentication(null);
Assert.Less (0, userId);
Assert.AreNotEqual(Guid.Empty, loginId);
Assert.AreEqual (Guid.Empty, tmAuthentication.sessionID);
//set current sessionId to user created above
tmAuthentication.sessionID = loginId;
Assert.AreEqual(tmAuthentication.sessionID, loginId);
Assert.AreEqual(tmAuthentication.sessionID.session_TmUser().UserID , userId);
Assert.AreEqual(tmAuthentication.sessionID.session_TmUser().UserName , username);
//set authVar to user_AuthToken and simulate the login process
HttpContextFactory.Request.QueryString[authVar] = user_AuthToken.Token.str();
tmAuthentication.mapUserRoles();
//the sessionId should now be mapped to tmUser and not to the user created above
var sessionId = tmAuthentication.sessionID;
Assert.AreNotEqual(sessionId, loginId);
Assert.AreEqual (tmAuthentication.sessionID.session_TmUser().UserName , tmUser.UserName);
//another request to tmAuthentication.mapUserRoles(); should not change session or login the user again
tmAuthentication.mapUserRoles();
Assert.AreEqual (sessionId, tmAuthentication.sessionID);
}
