tags:

views:

120

answers:

3
Q: 

What is wrong with this class? (design wise)

Following up from this question: http://stackoverflow.com/questions/1962175/designing-application-classes

What is wrong (from a design point of view) with this class:

I'm trying to refactor this class and it's abstract base class (Logon) and the fact it's actually horrible design. I wrote it myself (pretty much when I was a newbie). I'm finding it hard to refactor and want some input on it?

 class NewUserLogon : Logon, ILogonNewUser, IDisposable
    {
        #region Member Variables

        System.Windows.Forms.Form _frm = new MainWindow();

        SQLDatabase.SQLDynamicDatabase sql;
        SQLDatabase.DatabaseLogin dblogin;
        LogonData lgndata;
        System.Security.SecureString securepassword;
        PasswordEncrypt.Collections.CreatedItems items;

        LogonEventArgs e = new LogonEventArgs();

        #endregion

        #region Constructors
        // for DI
        public NewUserLogon(PasswordEncrypt.Collections.CreatedItems items) : base (items)
        {
            this.items = items;
        }
        #endregion

        #region Public Methods
        public new void Dispose()
        {
        }

        public  bool? ReadFromRegistry(HashedUsername username, HashedPassword hashedpassword)
        {
            return RegistryEdit.ReadFromRegistry(username, hashedpassword);
        }

        public  bool WriteToRegistry(HashedUsername username, HashedPassword hashedpassword)
        {
            return RegistryEdit.WriteToRegistry(username, hashedpassword);
        }

        public override void Login(TextBox username, TextBox password)
        {
            base.Login(username, password);
            Login(username.Text, password.Text);
        }
        #endregion

        #region Protected Methods
        protected override void Login(string username, string password) // IS INSECURE!!! ONLY USE HASHES 
        {
            base.Login(username, password);

            if (_user is NewUserLogon) // new user
            {
                sql = new PasswordEncrypt.SQLDatabase.SQLDynamicDatabase();
                dblogin = new SQLDatabase.DatabaseLogin();
                lgndata = base._logondata;
                securepassword = new System.Security.SecureString();

                // Set Object for eventhandler
                items.SetDatabaseLogin = dblogin;
                items.SetSQLDynamicDatabase = sql; // recreates L
                items.Items = items;

                string generatedusername;

                // write new logondata to registry
                if (this.WriteToRegistry(lgndata.HahsedUserName, lgndata.HashedPsw))
                {
                    try
                    {
                        // Generate DB Password...
                        dblogin.GenerateDBPassword();

                        // get generated password into securestring
                        securepassword = dblogin.Password;

                        //generate database username
                        generatedusername = dblogin.GenerateDBUserName(username);

                        if (generatedusername == "Already Exists")
                        {
                            throw new Exception("Username Already Exists");
                        }

                        //create SQL Server database
                        try
                        {
                            sql.CreateSQLDatabase(dblogin, username);
                        }
                        catch (Exception ex)
                        {
                            //System.Windows.Forms.MessageBox.Show(ex.Message);
                            e.ErrorMessage = ex.Message;
                            e.Success = false;
                            OnError(this, e);
                        }
                    }
                    catch (Exception exc)
                    {
                        e.Success = false;
                        e.ErrorMessage = exc.Message;
                        OnError(this, e);
                    }
                    OnNewUserLoggedIn(this, e); // tell UI class to start loading... 
                }
                else
                {
                    System.Windows.Forms.MessageBox.Show("Unable to write to Registry!", "Registry Error", System.Windows.Forms.MessageBoxButtons.OK, System.Windows.Forms.MessageBoxIcon.Exclamation);
                }
            }

            else if (_user is ExistingUserLogon) // exising user
            {

               bool? compare = base._regRead;
               lgndata = base._logondata;

                if (compare == true)
                {
                   //Tell GUI to quit the 'busydialog' thread
                    OnMessage(this, e);
                    LogonFrm frm = LogonFrm.LogonFormInstance;

                   // tell user he already exists and just needs to login
                    // ask if user wants to logon straight away
                    System.Windows.Forms.DialogResult dlgres; 
                    dlgres = System.Windows.Forms.MessageBox.Show("Your login already exists, do you wan to login now?", "Login Exists", System.Windows.Forms.MessageBoxButtons.YesNo, System.Windows.Forms.MessageBoxIcon.Question);

                    if (dlgres == System.Windows.Forms.DialogResult.Yes)
                    {
                        ExistingUserLogon existinguser = new ExistingUserLogon(compare, lgndata);
                        existinguser.Error += new ErrorStatus(frm._newuser_Error);
                        existinguser.loginname = username;
                        existinguser.LoginNewUser();

                        ///TELL GUI THAT USER LOGIN SUCCEEDED, THROUGH EVENT
                        e.Success = true;
                        OnNewUserLoggedIn(this, e);

                    }
                    else
                    {  
                        e.Success = false;
                        e.ErrorMessage = "Failed";
                        OnError(this, e);

                    }
                }

            }


        }
        #endregion
    }
+2  A: 

Your protected Login is way too long.

Daniel A. White  2009-12-26 00:28:54
Thank you for that! :)
Tony  2009-12-26 00:33:42
A: 

Security should be a cross cutting concern, not a base class. I don't know if you have aspect oriented programming techniques available to you, but extending a base class with security built into it seems like an abuse of inheritance to me.

duffymo  2009-12-26 00:33:37
so you mean do not let classes with security related stuff be inheritable?
Tony  2009-12-26 00:39:45
No, I'm saying that I'd prefer adding security as aspects rather than using inheritance.
duffymo  2009-12-26 01:18:27
+4  A: 

Your class tries to do too many things. Try to separate different responsibilities into separate classes (eg database access and UI stuff).
And why are you instantiating a new Form at the beginning of your class and don't seem to use it further on?

Mez  2009-12-26 00:38:55
Thanks for noticing the unused _frm variable... What would you do with the MessageBox.Show(); call in the middle of this class? Only use it in UI classes and create a helper to handle error messages?
Tony  2009-12-26 00:45:20
Yup. Single Responsibility Principle. And lots of dependencies (new keywords) - difficult to test in isolation.
TrueWill  2009-12-26 00:57:46
so on the dependencies, use IOC or DI or refactor into smaller classes?
Tony  2009-12-26 01:00:32

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?