From a15e02db542e85baa1e1655dc1321729fffd265b Mon Sep 17 00:00:00 2001
From: John Cardinal <support@ayanova.com>
Date: Tue, 4 Sep 2018 17:00:16 +0000
Subject: [PATCH]

---
 devdocs/specs/core-tags.txt                  |  2 +-
 devdocs/todo.txt                             |  1 -
 server/AyaNova/Controllers/AuthController.cs |  5 ++++
 server/AyaNova/biz/PrimeData.cs              |  1 +
 server/AyaNova/biz/TagBiz.cs                 | 10 +++----
 server/AyaNova/biz/TagMapBiz.cs              |  6 ++--
 server/AyaNova/models/Tag.cs                 |  4 +--
 server/AyaNova/util/AySchema.cs              |  2 +-
 server/AyaNova/util/Seeder.cs                | 24 +++++++++++++--
 test/raven-integration/User/UserInactive.cs  | 31 ++++++++++++++++++++
 10 files changed, 70 insertions(+), 16 deletions(-)
 create mode 100644 test/raven-integration/User/UserInactive.cs

diff --git a/devdocs/specs/core-tags.txt b/devdocs/specs/core-tags.txt
index 6c58df0b..78dd3af1 100644
--- a/devdocs/specs/core-tags.txt
+++ b/devdocs/specs/core-tags.txt
@@ -16,7 +16,7 @@ FORMAT
 Copied from stack overflow
 tags ...
 
-    must be no longer than 35 characters
+    must be no longer than 255 characters (35 in Stack overflow, but why limit it?)
     spaces are replaced by dashes, no spaces in a tag
     always converts to lower invariant culture
     - (probably not this, utf-8 ok: must use the ascii character set a-z 0-9 + # - .)
diff --git a/devdocs/todo.txt b/devdocs/todo.txt
index 506bb3e3..07fff4a6 100644
--- a/devdocs/todo.txt
+++ b/devdocs/todo.txt
@@ -22,7 +22,6 @@ Overall plan for now: anything standing in the way of making the initial client
 	- v7importusers (on hold?)
 		- Mostly done for now with the exception of client id and headoffice id which await the client and headoffice objects respectively and their importers
 
-	- Is 35char long enough for tags?  Why is there a limit?  Can it be 50?
 	- Why are inactive users allowed to login?
 	- Seed data is seeding users inactive, sb active
 
diff --git a/server/AyaNova/Controllers/AuthController.cs b/server/AyaNova/Controllers/AuthController.cs
index f1020d31..3c329986 100644
--- a/server/AyaNova/Controllers/AuthController.cs
+++ b/server/AyaNova/Controllers/AuthController.cs
@@ -104,6 +104,11 @@ namespace AyaNova.Api.Controllers
                     }
 
 
+                    //If the user is inactive they may not login
+                    if (!u.Active)
+                    {
+                        return StatusCode(401, new ApiErrorResponse(ApiErrorCode.NOT_AUTHORIZED, null, "User deactivated"));
+                    }
 
                     //build the key (JWT set in startup.cs)
                     byte[] secretKey = System.Text.Encoding.ASCII.GetBytes(ServerBootConfig.AYANOVA_JWT_SECRET);
diff --git a/server/AyaNova/biz/PrimeData.cs b/server/AyaNova/biz/PrimeData.cs
index 19c200cf..d2e8d17b 100644
--- a/server/AyaNova/biz/PrimeData.cs
+++ b/server/AyaNova/biz/PrimeData.cs
@@ -28,6 +28,7 @@ namespace AyaNova.Biz
             //get a db and logger
             ILogger log = AyaNova.Util.ApplicationLogging.CreateLogger("PrimeData");
             User u = new User();
+            u.Active=true;
             u.Name = "AyaNova Administrator";
             u.Salt = Hasher.GenerateSalt();
             u.Login = "manager";
diff --git a/server/AyaNova/biz/TagBiz.cs b/server/AyaNova/biz/TagBiz.cs
index dd49d582..c9119064 100644
--- a/server/AyaNova/biz/TagBiz.cs
+++ b/server/AyaNova/biz/TagBiz.cs
@@ -70,8 +70,8 @@ namespace AyaNova.Biz
             inObj = System.Text.RegularExpressions.Regex.Replace(inObj, "-+", "-");
             //Ensure doesn't start or end with a dash
             inObj = inObj.Trim('-');
-            //No longer than 35 characters
-            inObj = StringUtil.MaxLength(inObj, 35);
+            //No longer than 255 characters
+            inObj = StringUtil.MaxLength(inObj, 255);
             return inObj;
         }
 
@@ -212,9 +212,9 @@ namespace AyaNova.Biz
             if (string.IsNullOrWhiteSpace(inObj))
                 AddError(ValidationErrorType.RequiredPropertyEmpty, "Name");
 
-            //Name must be less than 35 characters
-            if (inObj.Length > 35)
-                AddError(ValidationErrorType.LengthExceeded, "Name", "35 char max");
+            //Name must be less than 255 characters
+            if (inObj.Length > 255)
+                AddError(ValidationErrorType.LengthExceeded, "Name", "255 char max");
 
             //Name must be unique
             if (ct.Tag.Where(m => m.Name == inObj).FirstOrDefault() != null)
diff --git a/server/AyaNova/biz/TagMapBiz.cs b/server/AyaNova/biz/TagMapBiz.cs
index e7eb40ed..5a30cf3e 100644
--- a/server/AyaNova/biz/TagMapBiz.cs
+++ b/server/AyaNova/biz/TagMapBiz.cs
@@ -147,9 +147,9 @@ namespace AyaNova.Biz
             // if (string.IsNullOrWhiteSpace(inObj))
             //     AddError(ValidationErrorType.RequiredPropertyEmpty, "Name");
 
-            // //Name must be less than 35 characters
-            // if (inObj.Length > 35)
-            //     AddError(ValidationErrorType.LengthExceeded, "Name", "35 char max");
+            // //Name must be less than 255 characters
+            // if (inObj.Length > 255)
+            //     AddError(ValidationErrorType.LengthExceeded, "Name", "255 char max");
 
             return;
         }
diff --git a/server/AyaNova/models/Tag.cs b/server/AyaNova/models/Tag.cs
index ccbc2525..269b8fa8 100644
--- a/server/AyaNova/models/Tag.cs
+++ b/server/AyaNova/models/Tag.cs
@@ -14,8 +14,8 @@ namespace AyaNova.Models
 
         [Required]
         public long OwnerId { get; set; }
-        [Required]
-        public string Name { get; set; }//max 35 characters ascii set        
+        [Required, MaxLength(255)]
+        public string Name { get; set; }//max 255 characters ascii set        
 
     }
 }
diff --git a/server/AyaNova/util/AySchema.cs b/server/AyaNova/util/AySchema.cs
index f4c4de8a..0d765f08 100644
--- a/server/AyaNova/util/AySchema.cs
+++ b/server/AyaNova/util/AySchema.cs
@@ -201,7 +201,7 @@ namespace AyaNova.Util
             {
                 LogUpdateMessage(log);
 
-                exec("CREATE TABLE atag (id BIGSERIAL PRIMARY KEY, ownerid bigint not null, name varchar(35) not null)");
+                exec("CREATE TABLE atag (id BIGSERIAL PRIMARY KEY, ownerid bigint not null, name varchar(255) not null)");
                 exec("CREATE UNIQUE INDEX tagname_idx ON atag (name);");
                 exec("CREATE TABLE atagmap (id BIGSERIAL PRIMARY KEY, ownerid bigint not null," +
                "tagid bigint not null REFERENCES atag (id), tagtoobjectid bigint not null, tagtoobjecttype integer not null)");
diff --git a/server/AyaNova/util/Seeder.cs b/server/AyaNova/util/Seeder.cs
index 3b559a02..0d100f6e 100644
--- a/server/AyaNova/util/Seeder.cs
+++ b/server/AyaNova/util/Seeder.cs
@@ -16,7 +16,7 @@ namespace AyaNova.Util
 
         public enum SeedLevel { SmallOneManShopTrialDataSet, MediumLocalServiceCompanyTrialDataSet, LargeCorporateMultiRegionalTrialDataSet };
 
-    
+
         //////////////////////////////////////////////////////
         //Seed database for trial and testing purposes
         // 
@@ -199,6 +199,9 @@ namespace AyaNova.Util
             //PRIVACY TEST USER - this is used for a test to see if user info leaks into the logs
             GenSeedUser(1, AuthorizationRoles.OpsAdminLimited, UserType.NonSchedulable, "TEST_PRIVACY_USER_ACCOUNT", "TEST_PRIVACY_USER_ACCOUNT");
 
+             //TEST NOT ACTIVE - this is used for a test to see if inactive user can login
+            GenSeedUser(1, AuthorizationRoles.OpsAdminLimited, UserType.NonSchedulable, false, "TEST_INACTIVE", "TEST_INACTIVE");
+
         }
 
 
@@ -206,17 +209,32 @@ namespace AyaNova.Util
 
 
 
+        /// <summary>
+        /// Generate seed user with active=true
+        /// (override to save typing)
+        /// </summary>
+        /// <param name="count"></param>
+        /// <param name="roles"></param>
+        /// <param name="userType"></param>
+        /// <param name="login"></param>
+        /// <param name="password"></param>
+        public static void GenSeedUser(int count, AuthorizationRoles roles, UserType userType, string login, string password)
+        {
+            GenSeedUser(count, roles, userType, true, login, password);
+        }
+
         //////////////////////////////////////////////////////
         //Seed user - default login / pw is first name
         //
-        public static void GenSeedUser(int count, AuthorizationRoles roles, UserType userType, string login = null, string password = null)
+        public static void GenSeedUser(int count, AuthorizationRoles roles, UserType userType, bool active = true, string login = null, string password = null)
         {
             AyContext ct = ServiceProviderProvider.DBContext;
 
             for (int x = 0; x < count; x++)
             {
                 User u = new User();
-                u.OwnerId=1;
+                u.Active = active;
+                u.OwnerId = 1;
                 var p = new Bogus.Person();
                 u.Name = p.FullName;
                 u.Salt = Hasher.GenerateSalt();
diff --git a/test/raven-integration/User/UserInactive.cs b/test/raven-integration/User/UserInactive.cs
new file mode 100644
index 00000000..3cf4976c
--- /dev/null
+++ b/test/raven-integration/User/UserInactive.cs
@@ -0,0 +1,31 @@
+using System;
+using Xunit;
+using Newtonsoft.Json.Linq;
+using FluentAssertions;
+
+namespace raven_integration
+{
+
+    public class UserInactive
+    {
+
+        /// <summary>
+        /// Inactive user should not be able to login
+        /// </summary>       
+        [Fact]
+        public async void InactiveUserCantLogin()
+        {
+            dynamic creds = new JObject();
+            creds.password = creds.login = "TEST_INACTIVE";
+            ApiResponse a = await Util.PostAsync("Auth", null, creds.ToString());
+            Util.ValidateErrorCodeResponse(a,2004, 401);
+        }
+
+
+
+
+
+        //==================================================
+
+    }//eoc
+}//eons