public Outcome Execute()
{
Outcome response = new Outcome();
if (incommingPrincipal == null)
{
ssoregresponse.isSuccessful = false;
ssoregresponse.Messages.Add("No User");
return(response);
}
HMAC256 hashing = new HMAC256();
var salt = hashing.GenerateSalt();
HashDTO hashDTO = new HashDTO()
{
Original = incommingPrincipal.Claims.Where(c => c.Type == "password")
.Select(c => c.Value).SingleOrDefault() + salt
};
ssoregresponse.username = incommingPrincipal.Claims.Where(c => c.Type == "username")
.Select(c => c.Value).SingleOrDefault();
ssoregresponse.password = hashing.Hash(hashDTO);
ssoregresponse.salt = salt;
ssoregresponse.Messages.Add("Success!");
ssoregresponse.isSuccessful = true;
response.Result = ssoregresponse;
return(response);
}
/// <summary>
/// check answers from user input
/// </summary>
/// <returns>returns true if correct answers</returns>
public Outcome Execute()
{
var response = new Outcome();
incommingAnswers.Messages = new List <string>();
if (incommingAnswers.Answers == null)
{
incommingAnswers.isSuccessful = false;
response.Result = incommingAnswers;
return(response);
}
var loginGateway = new LoginGateway();
var dbanswers = loginGateway.GetSecurityQandAs(username);
if (dbanswers.isSuccessful == false)
{
incommingAnswers.isSuccessful = false;
response.Result = incommingAnswers;
return(response);
}
// hash answers
var hashDTO = new HashDTO();
var hash = new HMAC256();
var hashedAnswers = new Dictionary <int, string>();
foreach (var keys in incommingAnswers.Answers.Keys)
{
hashDTO.Original = incommingAnswers.Answers[keys];
hashedAnswers[keys] = hash.Hash(hashDTO);
}
foreach (var keys in hashedAnswers.Keys)
{
if (hashedAnswers[keys] != dbanswers.Answers[keys])
{
incommingAnswers.isSuccessful = false;
response.Result = incommingAnswers;
return(response);
}
}
incommingAnswers.isSuccessful = true;
response.Result = incommingAnswers;
return(response);
}
protected async Task <T> GetRequest <T>(string resourse)
{
string hmacHash = HMAC256.GetHash(DefaultUrlAPI + resourse, Method.GET.ToString(), "", apiSecret);
using (var client = new RestClient(DefaultUrlAPI))
{
client.UserAgent = MyUserAgent;
var request = new RestRequest(resourse, Method.GET);
request.AddHeader("Authorization", "Basic " + Convert.ToBase64String(Encoding.UTF8.GetBytes(apiToken + ":" + hmacHash)));
IRestResponse <T> IRest = await client.Execute <T>(request);
return(IRest.Data);
}
}
public void HashPassword()
{
HMAC256 hmac256 = new HMAC256();
string password = "******";
string salt = hmac256.GenerateSalt();
HashDTO dto = new HashDTO()
{
Original = password,
Salt = salt
};
string hash = hmac256.Hash(dto);
for (int i = 0; i < 1000; i++)
{
Assert.Equal(hash, hmac256.Hash(dto));
}
}
/// <summary>
/// Execute ValidateCredentials
/// check if hash password is equal to hash pass on db
/// </summary>
/// <returns>returns true if correct pass else false</returns>
public Outcome Execute()
{
var response = new Outcome();
var hashDTO = new HashDTO()
{
Original = loginDTO.Password + responseDTO.Data.Salt
};
var hashedincommingpassword = new HMAC256().Hash(hashDTO);
if (hashedincommingpassword == responseDTO.Data.Password)
{
response.Result = true;
return(response);
}
response.Result = false;
return(response);
}
public void ValidMatch()
{
string Salt = "asdf";
string PassFromDB = "pass";
string IncommingPass = "******";
var inchashDTO = new HashDTO()
{
Original = IncommingPass + Salt
};
var dbHashDTO = new HashDTO()
{
Original = PassFromDB + Salt
};
var incomminghashpass = new HMAC256().Hash(inchashDTO);
var dbhashpass = new HMAC256().Hash(dbHashDTO);
var loginDTO = new LoginDTO()
{
Password = IncommingPass
};
var responseDTO = new ResponseDTO <LoginDTO>()
{
Data = new LoginDTO()
{
Salt = Salt
}
};
var validate = new ValidateCredentials()
{
loginDTO = loginDTO,
responseDTO = responseDTO
};
Assert.False((bool)validate.Execute().Result);
}
protected async Task <string> PostRequest(string resourse, object ob)
{
string param = JsonConvert.SerializeObject(ob).ToString();
string hmacHash = HMAC256.GetHash(DefaultUrlAPI + resourse, Method.POST.ToString(), param, apiSecret);
using (var client = new HttpClient())
{
var url = DefaultUrlAPI + resourse;
client.DefaultRequestHeaders.TryAddWithoutValidation("User-Agent", MyUserAgent);
client.DefaultRequestHeaders.Add("Authorization", "Basic " + Convert.ToBase64String(Encoding.UTF8.GetBytes(apiToken + ":" + hmacHash)));
HttpContent content = new StringContent(param, Encoding.UTF8, "application/json");
var resp = await client.PostAsync(url, content);
if (resp.IsSuccessStatusCode)
{
return(await resp.Content.ReadAsStringAsync());
}
return(null);
}
}
/// <summary>
/// Creates dto based on validated information
/// </summary>
/// <param name="user"> Validated registeration information </param>
/// <param name="geoCoordinates"> Validated Geocoordinates based on the location of registration information </param>
/// <returns> The gateway DTO needed to create the user in the database </returns>
public RegGatewayDTO CreateGatewayDTO(RegInfo user, WebAPIGeocode geoCoordinates)
{
var hmac = new HMAC256();
var salt = hmac.GenerateSalt();
// Returns null if salt was not generated (empty string)
if (salt.Equals(""))
{
return(null);
}
var hashDTO = new HashDTO()
{
Original = user.UserCredInfo.Password + salt
};
var hashPassword = hmac.Hash(hashDTO);
// Return null if hash was not generated (empty string)
if (hashPassword.Equals(""))
{
return(null);
}
var questions = new List <string>();
var answers = new List <string>();
foreach (SecurityQuestion QandA in user.SecurityQandAs)
{
questions.Add(QandA.Question);
// hashes the answer to the security question
var hmacDTO = new HashDTO()
{
Original = QandA.Answer
};
var hashAnswer = hmac.Hash(hmacDTO);
// returns null if hash was not generated
if (hashAnswer.Equals(""))
{
return(null);
}
answers.Add(hashAnswer);
}
// Maps data to the dto for the gateway
var mappedDTO = new RegGatewayDTO()
{
UserName = user.UserCredInfo.Username,
Password = hashPassword,
FirstName = user.UserProfile.FirstName,
LastName = user.UserProfile.LastName,
Type = user.UserProfile.UserType,
Skill = user.UserProfile.Skill,
Address = geoCoordinates.Street,
City = geoCoordinates.City,
State = geoCoordinates.State,
Zipcode = geoCoordinates.ZipCode,
Longitude = geoCoordinates.Longitude,
Latitude = geoCoordinates.Latitude,
UserClaims = new SetDefaultClaims().GetDefaultClaims(),
Salt = salt,
Questions = questions,
Answers = answers
};
return(mappedDTO);
}
/// <summary>
/// Set nw password for user
/// </summary>
/// <returns>return true if successful else false</returns>
public Outcome Execute()
{
var response = new Outcome();
var messages = new List <string>();
ResetPasswordResponseDTO validResponse = new ResetPasswordResponseDTO();
// Returns error if user credentials are null
if (incommingCredentials == null)
{
validResponse.isSuccessful = false;
messages.Add(AccountConstants.REGISTRATION_INVALID);
validResponse.Messages = messages;
response.Result = validResponse;
return(response);
}
var validator = new UserCredValidator();
var results = validator.Validate(incommingCredentials);
IList <ValidationFailure> failures = results.Errors;
// Returns any error messages if there was any when validating
if (failures.Any())
{
foreach (ValidationFailure failure in failures)
{
messages.Add(failure.ErrorMessage);
}
validResponse.isSuccessful = false;
validResponse.Messages = messages;
response.Result = validResponse;
return(response);
}
if (new BadPasswordService().BadPassword(incommingCredentials.Password) == true)
{
validResponse.isSuccessful = false;
messages.Add("Bad Password");
validResponse.Messages = messages;
response.Result = validResponse;
return(response);
}
HMAC256 hashPassword = new HMAC256();
string newSALT = hashPassword.GenerateSalt();
HashDTO hashDTO = new HashDTO()
{
Original = incommingCredentials.Password + newSALT
};
string newPassword = hashPassword.Hash(hashDTO);
LoginDTO newCredentials = new LoginDTO()
{
UserName = incommingCredentials.Username,
Password = newPassword,
SaltValue = newSALT
};
LoginGateway loginGateway = new LoginGateway();
response.Result = loginGateway.SetNewPass(newCredentials);
return(response);
}
