/// <summary> /// Change the specified user account password. /// </summary> /// <param name="jsonPasswordChangeRequest">The password change details.</param> /// <returns></returns> private HttpResponseMessage ChangePasswordSoftwarePlatform(JsonPasswordChangeRequest jsonPasswordChangeRequest) { using (new SecurityBypassContext()) { try { UserAccountValidator.Authenticate(jsonPasswordChangeRequest.Username, jsonPasswordChangeRequest.OldPassword, jsonPasswordChangeRequest.Tenant, true, true); } catch (ArgumentException ex) { throw new InvalidCredentialException("Invalid user name, password or tenant", ex); } RequestContext context = ReadiNow.IO.RequestContext.GetContext(); UserAccount account = ReadiNow.Model.Entity.Get <UserAccount>(context.Identity.Id, true); // Can only change the password via this method if the password is already expired. if (account == null || !UserAccountValidator.HasAccountPasswordExpired(account)) { throw new InvalidCredentialException("Invalid user name, password or tenant"); } account.Password = jsonPasswordChangeRequest.NewPassword; account.Save(); } return(new HttpResponseMessage(HttpStatusCode.OK)); }
public void Authenticate_LockoutActiveUserOnly(UserAccountStatusEnum_Enumeration status, bool expectLockedOut) { const string password = "******"; UserAccount userAccount; PasswordPolicy passwordPolicy; passwordPolicy = Entity.Get <PasswordPolicy>("core:passwordPolicyInstance"); userAccount = new UserAccount(); userAccount.Name = "Test user " + Guid.NewGuid(); userAccount.AccountStatus_Enum = status; userAccount.Password = password; userAccount.Save(); for (int i = 0; i < passwordPolicy.AccountLockoutThreshold; i++) { try { UserAccountValidator.Authenticate( userAccount.Name, userAccount.Password + "_foo", // Invalid password RequestContext.GetContext().Tenant.Name, false); } catch (Exception) { // This will throw exceptions if the user is locked, disabled or expired. Ignore these exceptions in this test. } } userAccount = Entity.Get <UserAccount>(userAccount.Id); Assert.That(userAccount.AccountStatus_Enum, expectLockedOut ? Is.EqualTo(UserAccountStatusEnum_Enumeration.Locked) : Is.EqualTo(status)); }
public void Authenticate_ExpiredPassword(bool skipExpiryCheck, bool neverExpires) { const string password = "******"; UserAccount userAccount; PasswordPolicy passwordPolicy = Entity.Get <PasswordPolicy>("core:passwordPolicyInstance"); int maximumPasswordAge = passwordPolicy.MaximumPasswordAge ?? 0; Assert.AreNotEqual(0, maximumPasswordAge); userAccount = new UserAccount(); userAccount.Name = "Test user " + Guid.NewGuid(); userAccount.AccountStatus_Enum = UserAccountStatusEnum_Enumeration.Active; userAccount.PasswordNeverExpires = neverExpires; userAccount.Password = password; userAccount.Save(); // Set the password as being expired userAccount.PasswordLastChanged = DateTime.UtcNow.AddDays(-1 * (maximumPasswordAge + 1)); userAccount.Save(); if (skipExpiryCheck || neverExpires) { UserAccountValidator.Authenticate(userAccount.Name, password, RequestContext.GetContext().Tenant.Name, false, skipExpiryCheck); } else { Assert.That( () => UserAccountValidator.Authenticate(userAccount.Name, password, RequestContext.GetContext().Tenant.Name, false, skipExpiryCheck), Throws.TypeOf <PasswordExpiredException>()); } }
public void Authenticate_OK() { const string password = "******"; UserAccount userAccount = null; userAccount = new UserAccount(); userAccount.Name = "Test user " + Guid.NewGuid(); userAccount.AccountStatus_Enum = UserAccountStatusEnum_Enumeration.Active; userAccount.Password = password; userAccount.Save(); Assert.That( () => UserAccountValidator.Authenticate(userAccount.Name, password, RequestContext.GetContext().Tenant.Name, false), Throws.Nothing); userAccount = Entity.Get <UserAccount>(userAccount.Id); // Not updating LastLogin for now //Assert.That( // userAccount.LastLogon, // Is.EqualTo(DateTime.UtcNow).Within(TimeSpan.FromSeconds(5))); Assert.That( userAccount.AccountStatus_Enum, Is.EqualTo(UserAccountStatusEnum_Enumeration.Active)); Assert.That( userAccount.BadLogonCount, Is.Null.Or.EqualTo(0)); }
public void Authenticate_PasswordLength(int passwordLengthAdjustment, bool expectPasswordTooLongException) { Assert.That( () => UserAccountValidator.Authenticate("Administrator", "a".PadLeft(UserAccountValidator.MaxPasswordLength + passwordLengthAdjustment), "edc", false), expectPasswordTooLongException ? (Constraint)Throws.TypeOf <InvalidCredentialException>().And.Property("Message").StartsWith("Password cannot be longer than") : Throws.TypeOf <InvalidCredentialException>().And.Property("Message").EqualTo(UserAccountValidator.InvalidUserNameOrPasswordMessage)); }
public UserManagementService( IUserContext applicationContext, IUserAccountRepository userAccountRepository, ICryptographicService cryptographicService, IQueueDispatcher <IMessage> dispatcher) : base(applicationContext, dispatcher) { Check.NotNull(userAccountRepository, "userAccountRepository cannot be null"); _userAccountRepository = userAccountRepository; _cryptographicService = cryptographicService; _userAccountValidator = new UserAccountValidator(_userAccountRepository); }
public void Authenticate_BadUsername() { const string username = "******"; const string password = "******"; Assert.That(Entity.GetByField <UserAccount>(username, new EntityRef("core:name")), Is.Empty, "User name exists"); Assert.That( () => UserAccountValidator.Authenticate(username, password, RequestContext.GetContext().Tenant.Name, false), Throws.TypeOf <InvalidCredentialException>()); }
public UserManagementService( IUserContext applicationContext, IRepositorySessionFactory repositorySessionFactory, IUserAccountRepository userAccountRepository, ICryptographicService cryptographicService, IQueueDispatcher<IMessage> dispatcher) : base(applicationContext, repositorySessionFactory, dispatcher) { Check.NotNull(userAccountRepository, "userAccountRepository cannot be null"); _userAccountRepository = userAccountRepository; _cryptographicService = cryptographicService; _userAccountValidator = new UserAccountValidator(_userAccountRepository); }
public void Should_FailValidation_When_UsernameContainsSpecialCharacters() { // Arrange var userAccountValidator = new UserAccountValidator(); var userAccount = new UserAccount(username: "******", password: "******", isActive: true, isFirstTimeUser: false, roleType: "public"); // Act var result = userAccountValidator.Validate(userAccount, ruleSet: "CreateUser"); var isValid = result.IsValid; // Assert isValid.Should().Be(false); }
public void Should_FailValidation_When_PasswordIsEmpty() { // Arrange var userAccountValidator = new UserAccountValidator(); var userAccount = new UserAccount(username: "******", password: "", isActive: true, isFirstTimeUser: false, roleType: "public"); // Act var result = userAccountValidator.Validate(userAccount, ruleSet: "CreateUser"); var isValid = result.IsValid; // Assert isValid.Should().Be(false); }
public void Should_FailSsoValidation_When_UsernameIsEmpty() { // Arrange var userAccountValidator = new UserAccountValidator(); var userAccount = new UserAccount(username: "", password: "******", isActive: false, isFirstTimeUser: false, roleType: "public"); // Act var result = userAccountValidator.Validate(userAccount, ruleSet: "SsoRegistration"); var isValid = result.IsValid; // Assert result.IsValid.Should().BeFalse(); isValid.Should().Be(false); }
static void Main(string[] args) { var userAccount = new UserAccount { FirstName = "", Username = "******", EmailAddress = "hello_simongilbert.net", MobilePhoneNumber = "07890123456", DateOfBirth = new DateTime(2019, 11, 24), }; var validator = new UserAccountValidator(); validator.ValidateAndThrow(userAccount); }
public void Authenticate_BadPassword() { const string password = "******"; UserAccount userAccount; userAccount = new UserAccount(); userAccount.Name = "Test user " + Guid.NewGuid(); userAccount.AccountStatus_Enum = UserAccountStatusEnum_Enumeration.Active; userAccount.Password = password; userAccount.Save(); Assert.That( () => UserAccountValidator.Authenticate(userAccount.Name, password + "_", RequestContext.GetContext().Tenant.Name, false), Throws.TypeOf <InvalidCredentialException>()); }
public static void ChangePassword(string oldPassword, string newPassword, int userId, Func <int, UserAccount> getUserAccountById, Action <string> setPasswordForUserId) { var userAccount = getUserAccountById(userId); // any validator can throw exception if validation fails UserAccountValidator.IsEnabled(userAccount); UserAccountValidator.PasswordMatches(userAccount, oldPassword); PasswordValidator.IsStrongEnough(newPassword); setPasswordForUserId(newPassword, userId); }
public IHttpActionResult Challenge([FromUri] string clientVersion = null) { try { UserAccountValidator.Challenge(); return(Ok()); } catch { EventLog.Application.WriteWarning("Failed Challenge."); } return(Unauthorized()); }
static void Main(string[] args) { UserAccount userAccount = UserAccountDataCapture.CaptureFirstName(); userAccount = UserAccountDataCapture.CaptureLastName(); bool isUserAccountValid = UserAccountValidator.Validate(userAccount); if (!isUserAccountValid) { StandardMessages.EndApplication(); return; } AccountGenerator.CreateAccount(userAccount); StandardMessages.EndApplication(); }
public void User_Account_Is_Valid() { var expectedIsValid = true; var viewModel = new UserAccountViewModel { FirstName = "Simon", Username = "******", EmailAddress = "*****@*****.**", MobilePhoneNumber = "+447890123456", }; var validator = new UserAccountValidator(); var validationResult = validator.Validate(viewModel); Assert.Equal(expectedIsValid, validationResult.IsValid); }
public void User_Account_Is_Valid() { var expectedIsValid = true; var userAccount = new UserAccount { FirstName = "Simon", Username = "******", EmailAddress = "*****@*****.**", MobilePhoneNumber = "+447890123456", DateOfBirth = new DateTime(1987, 11, 24), }; var validator = new UserAccountValidator(); var validationResult = validator.Validate(userAccount); Assert.Equal(expectedIsValid, validationResult.IsValid); }
public void User_Account_Is_Not_Valid() { var expectedIsValid = false; var userAccount = new UserAccount { FirstName = "", Username = "******", EmailAddress = "hello_simongilbert.net", MobilePhoneNumber = "07890123456", DateOfBirth = new DateTime(2019, 11, 24), }; var validator = new UserAccountValidator(); var validationResult = validator.Validate(userAccount); Assert.Equal(expectedIsValid, validationResult.IsValid); }
public void ValidateAccountStatus(string accountStatus, Type exceptionType) { UserAccount userAccount; var status = ( UserAccountStatusEnum_Enumeration )Enum.Parse(typeof(UserAccountStatusEnum_Enumeration), accountStatus); userAccount = new UserAccount( ); userAccount.Name = "Test user " + Guid.NewGuid( ); userAccount.AccountStatus_Enum = status; userAccount.Password = "******"; userAccount.Save( ); if (exceptionType == null) { UserAccountValidator.ValidateAccountStatus(userAccount, false); } else { Assert.Throws(exceptionType, () => UserAccountValidator.ValidateAccountStatus(userAccount, false)); } }
/// <summary> /// Determine the user account associated with this API key. /// Return null if the user account is invalid. /// </summary> /// <param name="apiKey">The API key</param> /// <returns>The user account, or null if the user account is somehow unavailable or locked.</returns> private UserAccount GetValidUserAccount(ApiKey apiKey) { // Get the user account UserAccount userAccount = apiKey.ApiKeyUserAccount; if (userAccount == null) { return(null); } // Validate the account status try { UserAccountValidator.ValidateAccountStatus(userAccount, true); } catch (AuthenticationException) // note: there are various types that derive from this { return(null); } return(userAccount); }
public void Authenticate_DisabledTenant() { const string password = "******"; UserAccount userAccount; Tenant tenant; long tenantId; userAccount = new UserAccount(); userAccount.Name = "Test user " + Guid.NewGuid(); userAccount.AccountStatus_Enum = UserAccountStatusEnum_Enumeration.Active; userAccount.Password = password; userAccount.Save(); tenantId = RequestContext.GetContext().Tenant.Id; try { RequestContext.SetSystemAdministratorContext(); tenant = Entity.Get <Tenant>(tenantId, true); tenant.IsTenantDisabled = true; tenant.Save(); RequestContext.SetTenantAdministratorContext("EDC"); Assert.That( () => UserAccountValidator.Authenticate(userAccount.Name, password, RequestContext.GetContext().Tenant.Name, false), Throws.TypeOf <TenantDisabledException>()); } finally { RequestContext.SetSystemAdministratorContext(); tenant = Entity.Get <Tenant>(tenantId, true); tenant.IsTenantDisabled = false; tenant.Save(); RequestContext.SetTenantAdministratorContext("EDC"); } }
/// <summary> /// Validates the specified username and password. /// </summary> /// <param name="username"> /// A string containing the username of the account to to validate. /// </param> /// <param name="password"> /// A string containing the password of the account to validate. /// </param> public override void Validate(string username, string password) { if (String.IsNullOrEmpty(username)) { throw new ArgumentException("The specified username parameter is invalid."); } string tenant = string.Empty; // Split the tenant and username fields string[] credentials = username.Split(new char[] { '\\' }, StringSplitOptions.RemoveEmptyEntries); if (credentials.Length > 1) { tenant = credentials[0]; username = credentials[1]; } // Validate the credentials // Don't store the credentials in the thread context. // This is due to the fact that the validator may operate on a different // thread than the actual service code. UserAccountValidator.Validate(username, password, tenant, false); }
public void Authenticate_EmptyTenant() { Assert.That(() => UserAccountValidator.Authenticate("username", "password", "", false), Throws.TypeOf <ArgumentNullException>().And.Property("ParamName").EqualTo("tenant")); }
/// <summary> /// Signs a software platform user into the system. /// </summary> /// <param name="jsonLoginCredential">The json login credential.</param> /// <returns></returns> private HttpResponseMessage <LoginResult> SigninSoftwarePlatform(JsonLoginCredential jsonLoginCredential) { var userAgent = Request?.Headers?.UserAgent?.ToString(); try { using (new SecurityBypassContext( )) { try { UserAccountValidator.Authenticate(jsonLoginCredential.Username, jsonLoginCredential.Password, jsonLoginCredential.Tenant, true); } catch (ArgumentException ex) { throw new InvalidCredentialException("Invalid user name, password or tenant", ex); } RequestContext context = ReadiNow.IO.RequestContext.GetContext( ); RequestContextData contextData; UserAccount account = ReadiNow.Model.Entity.Get <UserAccount>(context.Identity.Id, true); if (account != null) { ///// // If we are in integration test mode, update the test authorization info. ///// if (TestAuthorization.IsEnabled) { TestAuthorization.Instance.SetTokenIdentifier(context.Tenant.Id, WellKnownAliases.CurrentTenant.ReadiNowIdentityProviderInstance, account.Name); } // Update cache contextData = Factory.IdentityProviderRequestContextCache.GetRequestContextData(ReadiNow.IO.RequestContext.TenantId, WellKnownAliases.CurrentTenant.ReadiNowIdentityProviderInstance, jsonLoginCredential.Username, true); } else { throw new InvalidOperationException("No UserAccount found."); } ReadiNowIdentityProvider identityProvider = ReadiNow.Model.Entity.Get <ReadiNowIdentityProvider>(WellKnownAliases.CurrentTenant.ReadiNowIdentityProviderInstance); if (!(identityProvider.IsProviderEnabled ?? true)) { throw new AuthenticationException("The identity provider is not enabled."); } contextData.Identity.IdentityProviderTypeAlias = LoginConstants.ReadiNowIdentityProviderTypeAlias; CookieHelper.CreateAuthenticationAndXsrfCookies(ReadiNow.IO.RequestContext.TenantId, WellKnownAliases.CurrentTenant.ReadiNowIdentityProviderInstance, jsonLoginCredential.Username, account.Id, jsonLoginCredential.Persistent); AuditLogInstance.Get().OnLogon(true, jsonLoginCredential.Username, userAgent); return(new HttpResponseMessage <LoginResult>(GetSuccessfulLoginResult(contextData, account.Id), HttpStatusCode.OK)); } } catch (Exception exc) { if (ReadiNow.IO.RequestContext.IsSet) { AuditLogInstance.Get().OnLogon(false, jsonLoginCredential.Username, userAgent); } EventLog.Application.WriteWarning("Software Platform login error. Username: {0}, Tenant: {1}. {2}", jsonLoginCredential.Username ?? "<null>", jsonLoginCredential.Tenant ?? "<null>", exc.Message); throw; // rely on the ExceptionFilter to handle it. } }
public void Validate_NullPassword() { Assert.That(() => UserAccountValidator.Validate("username", null, "tenant", false), Throws.TypeOf <ArgumentNullException>().And.Property("ParamName").EqualTo("password")); }