public ChangeSecretResult ChangeSecret(string credentialTypeCode, string identifier, string secret) { CredentialType credentialType = _context.CredentialType.FirstOrDefault(ct => ct.Code.ToLower() == credentialTypeCode.ToLower()); if (credentialType == null) { return(new ChangeSecretResult(success: false, error: ChangeSecretResultError.CredentialTypeNotFound)); } Credential credential = _context.Credential.FirstOrDefault(c => c.CredentialTypeId == credentialType.Id && c.Identifier == identifier); if (credential == null) { return(new ChangeSecretResult(success: false, error: ChangeSecretResultError.CredentialNotFound)); } byte[] salt = Pbkdf2Hasher.GenerateRandomSalt(); string hash = Pbkdf2Hasher.ComputeHash(secret, salt); credential.Secret = hash; credential.Extra = Convert.ToBase64String(salt); _context.Credential.Update(credential); _context.SaveChanges(); return(new ChangeSecretResult(success: true)); }
public SignUpResult SignUp(UserModel user, string credentialTypeCode, string identifier, string secret) { _context.Users.Add(user); _context.SaveChanges(); CredentialType credentialType = _context.CredentialType.FirstOrDefault(ct => ct.Code.ToLower() == credentialTypeCode.ToLower()); if (credentialType == null) { return(new SignUpResult(success: false, error: SignUpResultError.CredentialTypeNotFound)); } Credential credential = new Credential(); credential.UserId = user.ID; credential.CredentialTypeId = credentialType.Id; credential.Identifier = identifier; if (!string.IsNullOrEmpty(secret)) { byte[] salt = Pbkdf2Hasher.GenerateRandomSalt(); string hash = Pbkdf2Hasher.ComputeHash(secret, salt); credential.Secret = hash; credential.Extra = Convert.ToBase64String(salt); } _context.Credential.Add(credential); _context.SaveChanges(); return(new SignUpResult(user: user, success: true)); }
public Credential Map(CredentialFilter filter, Credential credential, CreateOrEditViewModel createOrEdit) { if (credential.Id == 0) { credential.UserId = (int)filter.User.Id; } credential.CredentialTypeId = createOrEdit.CredentialTypeId; credential.Identifier = createOrEdit.Identifier; if (!string.IsNullOrEmpty(createOrEdit.Secret)) { if (createOrEdit.ApplyPbkdf2HashingToSecret) { byte[] salt = Pbkdf2Hasher.GenerateRandomSalt(); string hash = Pbkdf2Hasher.ComputeHash(createOrEdit.Secret, salt); credential.Secret = hash; credential.Extra = Convert.ToBase64String(salt); } else { credential.Secret = createOrEdit.Secret; } } return(credential); }
/// <summary> /// Enable: app__NoAccountLocalhost /// </summary> /// <param name="context"></param> public async Task Invoke(HttpContext context) { var isHostLocal = IsLocalhost.IsHostLocalHost(context.Connection.LocalIpAddress, context.Connection.RemoteIpAddress); var isApiCall = context.Request.Path.HasValue && (context.Request.Path.Value.StartsWith("/api") || context.Request.Path.Value.StartsWith("/realtime")); var isFromLogoutCall = context.Request.QueryString.HasValue && context.Request.QueryString.Value.Contains("fromLogout"); if (isHostLocal && !context.User.Identity.IsAuthenticated && !isApiCall && !isFromLogoutCall) { var userManager = (IUserManager)context.RequestServices.GetService(typeof(IUserManager)); var user = userManager.GetUser("email", Identifier); if (user == null) { var newPassword = Convert.ToBase64String( Pbkdf2Hasher.GenerateRandomSalt()); await userManager.SignUpAsync(string.Empty, "email", Identifier, newPassword + newPassword); user = userManager.GetUser("email", Identifier); } await userManager.SignIn(context, user, true); } await _next.Invoke(context); }
public ChangeSecretResult ChangeSecret(string credentialTypeCode, string identifier, string secret) { var credentialType = _dbContext.CredentialTypes.FirstOrDefault( ct => ct.Code.ToLower().Equals(credentialTypeCode.ToLower())); if (credentialType == null) { return(new ChangeSecretResult(success: false, error: ChangeSecretResultError.CredentialTypeNotFound)); } Credential credential = _dbContext.Credentials.TagWith("ChangeSecret").FirstOrDefault( c => c.CredentialTypeId == credentialType.Id && c.Identifier == identifier); if (credential == null) { return(new ChangeSecretResult(success: false, error: ChangeSecretResultError.CredentialNotFound)); } var salt = Pbkdf2Hasher.GenerateRandomSalt(); var hash = Pbkdf2Hasher.ComputeHash(secret, salt); credential.Secret = hash; credential.Extra = Convert.ToBase64String(salt); _dbContext.Credentials.Update(credential); _dbContext.SaveChanges(); if (IsCacheEnabled()) { _cache.Set(CredentialCacheKey(credentialType, identifier), credential, new TimeSpan(99, 0, 0)); } return(new ChangeSecretResult(success: true)); }
public IActionResult ChangePassword(ChangeSecretDto model) { var currentUser = _partnerManager.GetPartnerById(this.HttpContext.User.Identity.Name); if (currentUser.Status.Id > 2) { return(Unauthorized(new ApiResponse(-3100, "Sorry, your account is not in correct state"))); } if (currentUser.LockTime > DateTime.Now) { return(Unauthorized(new ApiResponse(-3101, $"Sorry, your account is suspended for {Utility.HowMuchLeftTime(currentUser.LockTime)}"))); } if (!System.Text.RegularExpressions.Regex.IsMatch(model.newSecret.ToString(), "^[0-9]{4,6}$")) { return(BadRequest(new ApiResponse(-3102, $"Sorry, new secret was invalid"))); } byte[] salt = Convert.FromBase64String(currentUser.Extra); string hash = Pbkdf2Hasher.ComputeHash(model.oldSecret.ToString(), salt); if (currentUser.Pwd != hash) { return(BadRequest(new ApiResponse(-3103, "Sorry, incorrect credentials"))); } byte[] newSalt = Pbkdf2Hasher.GenerateRandomSalt(); string newHash = Pbkdf2Hasher.ComputeHash(model.newSecret.ToString(), newSalt); var changeSecret = new ChangeSecretHistory(); changeSecret.CreatedBy.Id = currentUser.Id; changeSecret.CreatedBy.Account = currentUser.Account; changeSecret.AccessChannel.Id = "api"; changeSecret.OldSalt = currentUser.Extra; changeSecret.OldHash = currentUser.Pwd; changeSecret.NewSalt = Convert.ToBase64String(newSalt); changeSecret.NewHash = newHash; changeSecret.ChangeType.Id = "change"; changeSecret.NotifyBy.Id = "none"; changeSecret.PartAppUser.Id = currentUser.Id; changeSecret.PartAppUser.Account = currentUser.Account; var result = new ChangeSecretHistoryRepo(_db, _partnerManager, null).Create(changeSecret); //var result = _partnerManager.ChangePwd(currentUser.Account, currentUser.Id, model.newSecret.ToString(), false); if (!result.Success) { return(BadRequest(new ApiResponse(-3104, $"Sorry, change secrect was failed, please try later"))); } return(Ok(new ApiResponse(0, $"Changed successfully"))); }
public Credential Map(CreateOrEditViewModel createOrEdit) { Credential credential = new Credential(); if (createOrEdit.Id != null) { credential = this.RequestHandler.Storage.GetRepository <ICredentialRepository>().WithKey((int)createOrEdit.Id); } else { credential.UserId = createOrEdit.UserId; } credential.CredentialTypeId = createOrEdit.CredentialTypeId; credential.Identifier = createOrEdit.Identifier; if (!string.IsNullOrEmpty(createOrEdit.Secret)) { if (createOrEdit.ApplyPbkdf2HashingToSecret) { byte[] salt = Pbkdf2Hasher.GenerateRandomSalt(); string hash = Pbkdf2Hasher.ComputeHash(createOrEdit.Secret, salt); credential.Secret = hash; credential.Extra = Convert.ToBase64String(salt); } else { credential.Secret = createOrEdit.Secret; } } return(credential); }
/// <summary> /// Add a new user, including Roles and UserRoles /// </summary> /// <param name="name">Nice Name, default string.Emthy</param> /// <param name="credentialTypeCode">default is: Email</param> /// <param name="identifier">an email address, e.g. [email protected]</param> /// <param name="secret">Password</param> /// <returns>result object</returns> public async Task <SignUpResult> SignUpAsync(string name, string credentialTypeCode, string identifier, string secret) { var credentialType = await AddDefaultCredentialType(credentialTypeCode); var roles = AddDefaultRoles(); AddDefaultPermissions(); AddDefaultRolePermissions(); if (string.IsNullOrEmpty(identifier) || string.IsNullOrEmpty(secret)) { return(new SignUpResult(success: false, error: SignUpResultError.NullString)); } // The email is stored in the Credentials database var user = Exist(identifier); if (user == null) { // Check if user not already exist var createdDate = DateTime.UtcNow; user = new User { Name = name, Created = createdDate }; await _dbContext.Users.AddAsync(user); await _dbContext.SaveChangesAsync(); await AddUserToCache(user); // to get the Id user = await _dbContext.Users.FirstOrDefaultAsync(p => p.Created == createdDate); if (user == null) { throw new AggregateException("user should not be null"); } } // Add a user role based on a user id AddToRole(user, roles.FirstOrDefault(p => p.Code == _appSettings.AccountRegisterDefaultRole.ToString())); if (credentialType == null) { return(new SignUpResult(success: false, error: SignUpResultError.CredentialTypeNotFound)); } var credential = await _dbContext.Credentials.FirstOrDefaultAsync(p => p.Identifier == identifier); if (credential != null) { return(new SignUpResult(user: user, success: true)); } // Check if credential not already exist credential = new Credential { UserId = user.Id, CredentialTypeId = credentialType.Id, Identifier = identifier }; byte[] salt = Pbkdf2Hasher.GenerateRandomSalt(); string hash = Pbkdf2Hasher.ComputeHash(secret, salt); credential.Secret = hash; credential.Extra = Convert.ToBase64String(salt); await _dbContext.Credentials.AddAsync(credential); await _dbContext.SaveChangesAsync(); return(new SignUpResult(user: user, success: true)); }