public void ValidarNovaSenha()
{
string password = "******";
HashWithSaltResult hwsr = ControleSenha.Instance.GerarNovaSenha(password);
Assert.IsTrue(ControleSenha.Instance.ValidarSenhaAtual(hwsr, password));
}
public static Korisnik LoginUser(LoginModel user)
{
ResultModel result = new ResultModel();
Korisnik kor = null;
//login user
using (var db = new ggwpDBEntities())
{
string dbSalt = "ggwp";
PWSHasher pwHasher = new PWSHasher();
byte[] saltBytes = Encoding.ASCII.GetBytes(dbSalt);
HashWithSaltResult hashResult = pwHasher.HashWithGivenSalt(user.password, 64, saltBytes);
try
{
kor = db.Korisnik.Where(x => x.username.Equals(user.username)).SingleOrDefault();
}
catch (InvalidOperationException ex)
{
return(null);
}
if (hashResult.Digest.Equals(kor.password) && user.username.Equals(kor.username))
{
result.SetResults(KorisnikToModel(kor), true);
}
else
{
kor = null;
}
}
return(kor);
}
public static ResultModel CreateUser(UserModel user)
{
ResultModel result = new ResultModel();
//create new user
PWSHasher pwHasher = new PWSHasher();
byte[] saltBytes = Encoding.ASCII.GetBytes("ggwp");
HashWithSaltResult hashResult = pwHasher.HashWithGivenSalt(user.password, 64, saltBytes);
user.password = hashResult.Digest;
using (var db = new ggwpDBEntities())
{
Korisnik newKorisnik = new Korisnik();
newKorisnik.username = user.username;
newKorisnik.password = user.password;
newKorisnik.email = user.email;
newKorisnik.ime = user.ime;
newKorisnik.dob = user.dob;
db.Korisnik.Add(newKorisnik);
db.SaveChanges();
user.id = newKorisnik.id;
result.SetResults(user, true);
}
return(result);
}
public async Task <int> AddApplicationAsync(ApplicationCreateDto applicationCreateDto)
{
if (applicationCreateDto == null ||
string.IsNullOrWhiteSpace(applicationCreateDto.DisplayName) ||
string.IsNullOrWhiteSpace(applicationCreateDto.Password))
{
throw new ArgumentException("Application name and password must be provided.");
}
if (await _applicationRepository.TryGetByDisplayNameAsync(applicationCreateDto.DisplayName) != null)
{
throw new ArgumentException($"Application with DisplayName {applicationCreateDto.DisplayName} already exists.");
}
ApplicationEntity application = applicationCreateDto.ToApplication();
HashWithSaltResult hashWithSaltResultDto = _passwordWithSaltHasher.HashPassword(applicationCreateDto.Password);
application.PasswordHash = hashWithSaltResultDto.Hash;
application.PasswordSalt = hashWithSaltResultDto.Salt;
_applicationRepository.Add(application);
await _unitOfWork.CommitAsync();
return(application.Id);
}
private void BtnConfirmar_Click(object sender, EventArgs e)
{
if (string.IsNullOrWhiteSpace(SenNova.Text) || string.IsNullOrWhiteSpace(ConfSenha.Text) ||
string.IsNullOrWhiteSpace(SenAtual.Text))
{
MessageBox.Show("Os campos senha, confirmar ou senha atual estão vazios");
return;
}
if (!ControleSenha.Instance.ValidarSenhas(SenNova.Text, ConfSenha.Text))
{
MessageBox.Show("As senhas digitadas nos campos senha e confirmar senha devem ser iguais.");
return;
}
if (!ControleSenha.Instance.ValidarSenhaAtual(HashWithSalt, SenAtual.Text))
{
MessageBox.Show("A senha atual não está correta");
return;
}
HashWithSaltResult hashWithSalt = ControleSenha.Instance.GerarNovaSenha(SenNova.Text);
HashWithSalt = hashWithSalt;
LimparCampos();
Close();
}
public bool CheckPassword(string password, string hash, string salt)
{
byte[] passwordBytes = Encoding.Unicode.GetBytes(password);
byte[] saltBytes = Convert.FromBase64String(salt);
HashWithSaltResult result = HashPassword(passwordBytes, saltBytes);
return(result.Hash == hash);
}
public void HashWithSaltTest()
{
PasswordHashing ph = new PasswordHashing();
string password = "******";
HashWithSaltResult hashResult = ph.HashWithSalt(password, 64, SHA512.Create());
HashWithSaltResult hashResult2 = ph.HashWithSalt(password, hashResult.Salt, SHA512.Create());
Assert.AreEqual <string>(hashResult.CipherText, hashResult2.CipherText);
}
public void ValidarNovaSenha()
{
PasswordWithSaltHasher pws = new PasswordWithSaltHasher();
string password = "******";
HashWithSaltResult hwsr = pws.HashWithSalt(password, 64, SHA512.Create());
HashWithSaltResult hwsr2 = pws.HashWithSalt(password, hwsr.Salt, SHA512.Create());
Assert.AreEqual(hwsr.Digest, hwsr2.Digest);
}
public void WhenHashingPasswordThenValidPasswordIsMatched(string password)
{
// Arrange
IPasswordWithSaltHasher passwordHasher = new PasswordWithSaltHasherSha512();
// Act
HashWithSaltResult hashResult = passwordHasher.HashPassword(password);
bool isMatched = passwordHasher.CheckPassword(password, hashResult.Hash, hashResult.Salt);
// Assert
Assert.AreEqual(true, isMatched);
}
public void WhenHashingPasswordThenWrongPasswordIsUnmatched(string password)
{
// Arrange
IPasswordWithSaltHasher passwordHasher = new PasswordWithSaltHasherSha512();
string wrongPassword = password + "wrong";
// Act
HashWithSaltResult hashResult = passwordHasher.HashPassword(password);
bool isMatched = passwordHasher.CheckPassword(wrongPassword, hashResult.Hash, hashResult.Salt);
// Assert
Assert.AreEqual(false, isMatched);
}
private async void RegistrerNewUser(UserRegistrationData usRegData)
{
fbUserRegistration = new FbUserRegistration();
string macAddres = HelperUserData.GetMacAddress();
string localIP = HelperUserData.GetLocalIPAddress();
HashWithSaltResult hashSalt = HelperUserData.HashWithSalt(usRegData.Pass, 32, new SHA256Managed());
string pSalt = hashSalt.Salt;
string hasPass = hashSalt.Digest;
UserDB userDB = new UserDB(usRegData.UserName, macAddres, pSalt, hasPass);
await fbUserRegistration.CreateNewUser(userDB, usRegData.Pass, usRegData.Email, OnUserRegistrationErrorMesage);
GameSceneManager.Instance.SetActiveWaitForLoad(false);
}
public void Consulta_ItemSelecionado(Usuario obj)
{
PasswordWithSaltHasher pwHasher = new PasswordWithSaltHasher();
HashWithSalt = pwHasher.HashWithSalt(obj.HashSenha, 64, SHA512.Create());
HashWithSaltResult hashWithSaltResult = new HashWithSaltResult(HashWithSalt.Salt, HashWithSalt.Digest);
UsuarioAtual = obj;
Codigo.Text = obj.Codigo.ToString();
hashWithSaltResult.Digest = obj.HashSenha;
hashWithSaltResult.Salt = obj.HashSalt;
HashWithSalt = hashWithSaltResult;
Nome.Text = obj.Nome;
Login.Text = obj.Login;
Tipo.SelectedItem = obj.Tipo;
}
public static HashWithSaltResult HashPassword(string password)
{
PasswordWithSaltHasher pwHasher = new PasswordWithSaltHasher();
HashWithSaltResult hashResultSha256 = new HashWithSaltResult();
try
{
hashResultSha256 = pwHasher.HashWithSalt(password, 64, SHA256.Create());
}
catch (Exception ex)
{
Logger.Exception(ex, System.Reflection.MethodBase.GetCurrentMethod().Name);
}
return(hashResultSha256);
}
public bool ResetPassword(string userAuth, string newPassword)
{
IEnumerable <Claim> claims = JwtManager.JwtTokenGetClaims(userAuth);
string email = claims.FirstOrDefault(claim => claim.Type == "Email").Value;
string Password = claims.FirstOrDefault(claim => claim.Type == "Password").Value;
User user = GetUserByEmail(email);
if (user.Password == Password)
{
HashWithSaltResult hashResultSha256 = pwHasher.HashWithSalt(newPassword, user.Email);
string newHashPassword = hashResultSha256.Digest + hashResultSha256.Salt;
userCRUD.ResetPassword(user, newHashPassword);
return(true);
}
return(false);
}
public ErrorMessage CreateInfluencerUser(InfluencerUser user)
{
//Unvalid - if(ValidationUtil.ValidateInfluenceUser(user))
if (true)
{
try
{
if (!userCRUD.IsEmailExist((user.Email)))
{
HashWithSaltResult hashResultSha256 = pwHasher.HashWithSalt(user.Password, user.Email);
user.Password = hashResultSha256.Digest + hashResultSha256.Salt;
userCRUD.AddUser(user);
ErrorMessage message = new ErrorMessage
{
Code = HttpStatusCode.OK
};
return message;
}
else
{
ErrorMessage message = new ErrorMessage
{
Message = "Mail already exists!",
Code = HttpStatusCode.Unauthorized
};
return message;
}
}
catch (Exception e)
{
throw e;
}
}
else
{
ErrorMessage message = new ErrorMessage
{
Message = "Validation Error",
Code = HttpStatusCode.InternalServerError
};
return message;
}
}
/// <summary>
/// Tries to register user on db
/// </summary>
/// <param name="user"></param>
/// <returns></returns>
public static bool registerUser(UserData user)
{
bool result = false;
string SQLRegisterUser = "******" +
"(@userName, @cipherText, @salt, 0, 3)";
// Generate salt for user to use on password
PasswordHashing ph = new PasswordHashing();
HashWithSaltResult hashResult = ph.HashWithSalt(user.password, 64, SHA512.Create());
using (Con = new SqlConnection(DBConnection.DbConnectionString)) {
int insertedAfflicted = Con.Execute(SQLRegisterUser, new { userName = user.userName, cipherText = hashResult.CipherText, salt = hashResult.Salt });
if (insertedAfflicted > 0)
{
result = true;
}
}
return(result);
}
public ErrorMessage Login(LoginModal loginModal)
{
if (string.IsNullOrEmpty(loginModal.Email) || string.IsNullOrEmpty(loginModal.Password))
{
ErrorMessage message = new ErrorMessage
{
Code = HttpStatusCode.NotModified,
Message = "Validation Error"
};
return(message);
}
else
{
try
{
HashWithSaltResult hashResultSha256 = pwHasher.HashWithSalt(loginModal.Password, loginModal.Email);
loginModal.Password = hashResultSha256.Digest + hashResultSha256.Salt;
User user = usersCRUD.Login(loginModal);
if (user != null)
{
ErrorMessage message = new ErrorMessage
{
Code = HttpStatusCode.OK,
};
return(message);
}
else
{
ErrorMessage message = new ErrorMessage
{
Code = HttpStatusCode.NotModified,
Message = "Validation Error"
};
return(message);
}
}
catch (Exception e)
{
throw e;
}
}
}
/// <summary>
/// Verifies user password with salt on db
/// </summary>
/// <param name="user">The user to try to login with</param>
/// <returns></returns>
public static bool loginUser(UserData user)
{
bool result = false;
string SQLLoginUser = "******";
PasswordHashing ph = new PasswordHashing();
// Get Salt and check agains server entry
string salt = getUserSalt(user);
if (salt != null)
{
HashWithSaltResult hashResult = ph.HashWithSalt(user.password, salt, SHA512.Create());
using (Con = new SqlConnection(DBConnection.DbConnectionString)) {
int vertices = Con.Query <int>(SQLLoginUser, new { userName = user.userName, password = hashResult.CipherText }).FirstOrDefault();
if (vertices >= 3)
{
result = true;
}
;
}
}
;
return(result);
}
