public void MultiEncryptingShouldntBreakIt()
{
//cleanup
foreach (var c in CatalogueRepository.GetAllObjects <DataAccessCredentials>().Where(c => c.Name.Equals("frankieFran")))
{
c.DeleteInDatabase();
}
DataAccessCredentials creds = new DataAccessCredentials(CatalogueRepository, "frankieFran");
try
{
//as soon as you set a password it should be encrypted by the credentials class in memory
creds.Password = "******";
Assert.AreNotEqual("fish", creds.Password);
Assert.AreEqual("fish", creds.GetDecryptedPassword()); //but we should still be able to decrypt it
//set the password to the encrypted password
creds.Password = creds.Password;
//should still work
Assert.AreNotEqual("fish", creds.Password);
Assert.AreEqual("fish", creds.GetDecryptedPassword()); //but we should still be able to decrypt it
}
finally
{
creds.DeleteInDatabase();
}
}
public void CreateNewCredentialsThenGetByUsernamePasswordCombo()
{
var newCredentials = new DataAccessCredentials(CatalogueRepository, "bob");
newCredentials.Username = "******";
newCredentials.Password = "******";
newCredentials.SaveToDatabase();
var newCopy = CatalogueRepository.GetAllObjects <DataAccessCredentials>("WHERE Username='******'").SingleOrDefault();
Assert.IsNotNull(newCopy);
try
{
Assert.NotNull(newCopy);
Assert.AreEqual(newCredentials.ID, newCopy.ID);
Assert.AreEqual(newCredentials.Username, newCopy.Username);
Assert.AreEqual(newCredentials.GetDecryptedPassword(), newCopy.GetDecryptedPassword());
Assert.AreEqual(newCredentials.Password, newCopy.Password);
}
finally
{
newCredentials.DeleteInDatabase();
}
}
public void MigrationOfOldPasswordsTest()
{
//cleanup
foreach (var c in CatalogueRepository.GetAllObjects <DataAccessCredentials>().Where(c => c.Name.Equals("frankieFran")))
{
c.DeleteInDatabase();
}
//create a new credentials
DataAccessCredentials creds = new DataAccessCredentials(CatalogueRepository, "frankieFran");
try
{
//update the database to an unencrypted password (like would be the case before software patch)
using (var con = CatalogueRepository.GetConnection())
{
var cmd = DatabaseCommandHelper.GetCommand("UPDATE DataAccessCredentials set Password = '******' where Name='frankieFran'", con.Connection, con.Transaction);
Assert.AreEqual(1, cmd.ExecuteNonQuery());
}
DataAccessCredentials newCopy = CatalogueRepository.GetObjectByID <DataAccessCredentials>(creds.ID);
Assert.AreEqual("fish", newCopy.GetDecryptedPassword());
Assert.AreNotEqual("fish", newCopy.Password);
}
finally
{
creds.DeleteInDatabase();
}
}
public void DataAccessCredentialsEncryption()
{
//cleanup
foreach (var c in CatalogueRepository.GetAllObjects <DataAccessCredentials>().Where(c => c.Name.Equals("frankieFran")))
{
c.DeleteInDatabase();
}
DataAccessCredentials creds = new DataAccessCredentials(CatalogueRepository, "frankieFran");
try
{
//as soon as you set a password it should be encrypted by the credentials class in memory
creds.Password = "******";
Assert.AreNotEqual("fish", creds.Password);
Assert.AreEqual("fish", creds.GetDecryptedPassword());//but we should still be able to decrypt it
//save it
creds.SaveToDatabase();
using (var con = CatalogueRepository.GetConnection())
{
string value;
using (var cmd = DatabaseCommandHelper.GetCommand("Select Password from DataAccessCredentials where Name='frankieFran'", con.Connection, con.Transaction))
value = (string)cmd.ExecuteScalar();
//ensure password in database is encrypted
Assert.AreNotEqual("fish", value);
Assert.AreEqual(creds.Password, value);//does value in database match value in memory (encrypted)
}
//get a new copy out of the database
DataAccessCredentials newCopy = CatalogueRepository.GetObjectByID <DataAccessCredentials>(creds.ID);
Assert.AreEqual(creds.Password, newCopy.Password); //passwords should match
Assert.AreNotEqual("fish", creds.Password); //neither should be fish
Assert.AreNotEqual("fish", newCopy.Password);
//both should decrypt to the same value (fish
Assert.AreEqual("fish", creds.GetDecryptedPassword());
Assert.AreEqual("fish", newCopy.GetDecryptedPassword());
}
finally
{
creds.DeleteInDatabase();
}
}
public void GetConnectionStringFromCatalogueWhereOneTableInfoUsesACredentialsOverride()
{
Catalogue c = new Catalogue(CatalogueRepository, "GetConnectionStringFromCatalogueWhereOneTableInfoUsesACredentialsOverride");
CatalogueItem ci = new CatalogueItem(CatalogueRepository, c, "GetConnectionStringFromCatalogueWhereOneTableInfoUsesACredentialsOverride");
TableInfo t = new TableInfo(CatalogueRepository, "Test");
ColumnInfo col = new ColumnInfo(CatalogueRepository, "[mydatabase].dbo.test.col", "varchar(10)", t);
var extractionInformation = new ExtractionInformation(CatalogueRepository, ci, col, col.Name);
DataAccessCredentials cred = null;
try
{
t.Server = "myserver";
t.Database = "mydatabase";
cred = new DataAccessCredentials(CatalogueRepository, "bob");
cred.Username = "******";
cred.Password = "******";
Assert.AreNotEqual("pass", cred.Password);
Assert.AreEqual("pass", cred.GetDecryptedPassword());
cred.SaveToDatabase();
t.SetCredentials(cred, DataAccessContext.InternalDataProcessing);
t.SaveToDatabase();
var constr = (SqlConnectionStringBuilder)c.GetDistinctLiveDatabaseServer(DataAccessContext.InternalDataProcessing, false).Builder;
Assert.AreEqual("myserver", constr.DataSource);
Assert.False(constr.IntegratedSecurity);
Assert.AreEqual("bob", constr.UserID);
Assert.AreEqual("pass", constr.Password);
}
finally
{
t.DeleteInDatabase();
if (cred != null)
{
cred.DeleteInDatabase();
}
c.DeleteInDatabase();//no need to delete ci because of cascades
}
}