From b8a32edc29fd2a639aeac6814317cfe9d3b353d0 Mon Sep 17 00:00:00 2001
From: John Cardinal <support@ayanova.com>
Date: Wed, 22 May 2019 00:13:23 +0000
Subject: [PATCH]

---
 server/AyaNova/Controllers/AuthController.cs |  4 +++-
 server/AyaNova/biz/BizRoles.cs               | 20 +++++++++++---------
 2 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/server/AyaNova/Controllers/AuthController.cs b/server/AyaNova/Controllers/AuthController.cs
index dfd315c3..7572f3c6 100644
--- a/server/AyaNova/Controllers/AuthController.cs
+++ b/server/AyaNova/Controllers/AuthController.cs
@@ -71,7 +71,7 @@ namespace AyaNova.Api.Controllers
             {
                 return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
             }
-            int nFailedAuthDelay = 10000;
+            int nFailedAuthDelay = 3000;//should be just long enough to make brute force a hassle but short enough to not annoy people who just mistyped their creds to login
 
 
 #if (DEBUG)
@@ -116,6 +116,7 @@ namespace AyaNova.Api.Controllers
                             { "exp", exp.ToUnixTimeSeconds().ToString() },//in payload exp must be in unix epoch time per standard
                             { "iss", Issuer },
                             { "id", "1" },
+                            { "name","Manager Account - TESTING"},
                             { "ayanova/roles", "0" }
                         };
                 string TestToken = Jose.JWT.Encode(payload, secretKey, Algorithm);
@@ -197,6 +198,7 @@ namespace AyaNova.Api.Controllers
                             { "exp", exp.ToUnixTimeSeconds().ToString() },//in payload exp must be in unix epoch time per standard
                             { "iss", "ayanova.com" },
                             { "id", u.Id.ToString() },
+                            { "name", u.Name},
                             { "ayanova/roles", ((int)u.Roles).ToString() }
                         };
 
diff --git a/server/AyaNova/biz/BizRoles.cs b/server/AyaNova/biz/BizRoles.cs
index 226ed93f..77ab64eb 100644
--- a/server/AyaNova/biz/BizRoles.cs
+++ b/server/AyaNova/biz/BizRoles.cs
@@ -36,7 +36,7 @@ namespace AyaNova.Biz
             //            
             roles.Add(AyaType.User, new BizRoleSet()
             {
-                Change = AuthorizationRoles.BizAdminFull,                
+                Change = AuthorizationRoles.BizAdminFull,
                 ReadFullRecord = AuthorizationRoles.BizAdminLimited
             });
 
@@ -157,26 +157,28 @@ namespace AyaNova.Biz
 
             #region output as JSON for client side
 #if (DEBUG)
-     
-     //################## HOW TO USE ##########
-     //##############  Uncomment SerializeObject line, put a break on lastRoles, copy from the output in the LOG (good for javascript with quotes formatted that way) #######
-     // #### NEED to separately take a copy and update "lastRoles" string here by copying from the variable watch in the debugger because need the C# format escaped quotes string
+
+            //################## HOW TO USE ##########
+            //##############  Uncomment SerializeObject line, put a break on lastRoles, copy from the output in the LOG (good for javascript with quotes formatted that way) #######
+            // #### NEED to separately take a copy and update "lastRoles" string here by copying from the variable watch in the debugger because need the C# format escaped quotes string
 
             //GENERATE JSON FROM ROLES
-            string json = Newtonsoft.Json.JsonConvert.SerializeObject(roles, Newtonsoft.Json.Formatting.None);            
-            
+            string json = Newtonsoft.Json.JsonConvert.SerializeObject(roles, Newtonsoft.Json.Formatting.None);
+
             //Output roles JSON FRAGMENT string for CLIENT to log
             System.Diagnostics.Debugger.Log(1, "JSONFRAGMENTFORCLIENT", "BizRoles.cs -> Client roles JSON fragment:");
             System.Diagnostics.Debugger.Log(1, "JSONFRAGMENTFORCLIENT", json);
 
             //ONGOING VALIDATION TO CATCH MISMATCH WHEN NEW ROLES ADDED (wont' catch changes to existing unfortunately)
-            var lastRoles = "{\r\n  \"User\": {\r\n    \"Change\": 2,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 1\r\n  },\r\n  \"UserOptions\": {\r\n    \"Change\": 2,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 1\r\n  },\r\n  \"Widget\": {\r\n    \"Change\": 34,\r\n    \"EditOwn\": 256,\r\n    \"ReadFullRecord\": 17\r\n  },\r\n  \"ServerState\": {\r\n    \"Change\": 16384,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 32767\r\n  },\r\n  \"License\": {\r\n    \"Change\": 16386,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 8193\r\n  },\r\n  \"LogFile\": {\r\n    \"Change\": 0,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 24576\r\n  },\r\n  \"JobOperations\": {\r\n    \"Change\": 16384,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 8195\r\n  },\r\n  \"AyaNova7Import\": {\r\n    \"Change\": 16384,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 0\r\n  },\r\n  \"Metrics\": {\r\n    \"Change\": 0,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 24576\r\n  },\r\n  \"Locale\": {\r\n    \"Change\": 16386,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 32767\r\n  },\r\n  \"DataFilter\": {\r\n    \"Change\": 2,\r\n    \"EditOwn\": 32767,\r\n    \"ReadFullRecord\": 32767\r\n  },\r\n  \"FormCustom\": {\r\n    \"Change\": 2,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 32767\r\n  }\r\n}";
+            // var lastRoles = "{\r\n  \"User\": {\r\n    \"Change\": 2,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 1\r\n  },\r\n  \"UserOptions\": {\r\n    \"Change\": 2,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 1\r\n  },\r\n  \"Widget\": {\r\n    \"Change\": 34,\r\n    \"EditOwn\": 256,\r\n    \"ReadFullRecord\": 17\r\n  },\r\n  \"ServerState\": {\r\n    \"Change\": 16384,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 32767\r\n  },\r\n  \"License\": {\r\n    \"Change\": 16386,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 8193\r\n  },\r\n  \"LogFile\": {\r\n    \"Change\": 0,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 24576\r\n  },\r\n  \"JobOperations\": {\r\n    \"Change\": 16384,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 8195\r\n  },\r\n  \"AyaNova7Import\": {\r\n    \"Change\": 16384,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 0\r\n  },\r\n  \"Metrics\": {\r\n    \"Change\": 0,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 24576\r\n  },\r\n  \"Locale\": {\r\n    \"Change\": 16386,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 32767\r\n  },\r\n  \"DataFilter\": {\r\n    \"Change\": 2,\r\n    \"EditOwn\": 32767,\r\n    \"ReadFullRecord\": 32767\r\n  },\r\n  \"FormCustom\": {\r\n    \"Change\": 2,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 32767\r\n  }\r\n}";
+            var lastRoles = "{\"User\":{\"Change\":2,\"ReadFullRecord\":1},\"UserOptions\":{\"Change\":2,\"ReadFullRecord\":1},\"Widget\":{\"Change\":34,\"ReadFullRecord\":17},\"ServerState\":{\"Change\":16384,\"ReadFullRecord\":32767},\"License\":{\"Change\":16386,\"ReadFullRecord\":8193},\"LogFile\":{\"Change\":0,\"ReadFullRecord\":24576},\"JobOperations\":{\"Change\":16384,\"ReadFullRecord\":8195},\"AyaNova7Import\":{\"Change\":16384,\"ReadFullRecord\":0},\"Metrics\":{\"Change\":0,\"ReadFullRecord\":24576},\"Locale\":{\"Change\":16386,\"ReadFullRecord\":32767},\"DataFilter\":{\"Change\":2,\"ReadFullRecord\":32767},\"FormCustom\":{\"Change\":2,\"ReadFullRecord\":32767}}";
+
             Dictionary<AyaType, BizRoleSet> lastRolesDeserialized = Newtonsoft.Json.JsonConvert.DeserializeObject<Dictionary<AyaType, BizRoleSet>>(lastRoles);
             if (lastRolesDeserialized.Count != roles.Count)
             {
                 throw new System.ArgumentException("BizRoles::Constructor - roles were modified from last snapshot for client!!!");
             }
-            
+
 
 #endif
             #endregion