public IActionResult Change(string currentPassword, string newPassword)
{
User currentUser = Functions.getUser(_cache);
var userToChange = _db.Users.Where(a => a.Id == currentUser.Id).FirstOrDefault();
if (currentUser.isPasswordKeptAsHash == "SHA512")
{
if (Functions.Login(currentUser, currentPassword))
{
userToChange = Functions.ChangePasswordSHA(newPassword, userToChange);
_cache.Set(CacheNames.user, userToChange);
_cache.Set(CacheNames.masterPassword, userToChange.Password);
_cache.Set(CacheNames.getMasterPassword, "0");
// rehash passwords
List <Passwd> passwds = _db.Passwds.Where(a => a.UserId == currentUser.Id).ToList();
passwds = AESHelper.rehashPasswds(passwds, currentUser.Password, userToChange.Password);
_db.SaveChanges();
return(RedirectToAction("Index", "Passwd"));
}
}
else
{
if (Functions.Login(currentUser, currentPassword))
{
userToChange = Functions.ChangePasswordHMAC(newPassword, userToChange);
List <Passwd> passwds = _db.Passwds.Where(a => a.UserId == currentUser.Id).ToList();
passwds = AESHelper.rehashPasswds(passwds, currentUser.Password, userToChange.Password);
_cache.Set(CacheNames.user, userToChange);
_cache.Set(CacheNames.masterPassword, userToChange.Password);
_cache.Set(CacheNames.getMasterPassword, "0");
_db.SaveChanges();
return(RedirectToAction("Index", "Passwd"));
}
}
return(RedirectToAction("ChangePassword"));
}
public void ShouldRehashPasswordWhenMasterPasswordChanged()
{
string password0 = AESHelper.DecryptToString(Convert.FromBase64String(passwdToRehash[0].Password), userToRehash.Password);
Assert.Equal("testy", password0);
string password1 = AESHelper.DecryptToString(Convert.FromBase64String(passwdToRehash[1].Password), userToRehash.Password);
Assert.Equal("adam", password1);
var userWithChangedPassword = Functions.ChangePasswordSHA("Lab1", user);
Assert.True(Functions.Login(userWithChangedPassword, "Lab1"));
passwdToRehash = AESHelper.rehashPasswds(passwdToRehash, userToRehash.Password, userWithChangedPassword.Password);
string rehashedpassword0 = AESHelper.DecryptToString(Convert.FromBase64String(passwdToRehash[0].Password), userWithChangedPassword.Password);
Assert.Equal(password0, rehashedpassword0);
string rehashedpassword1 = AESHelper.DecryptToString(Convert.FromBase64String(passwdToRehash[1].Password), userWithChangedPassword.Password);
Assert.Equal(password1, rehashedpassword1);
}
