public void NullTerminationCausesBCryptToTerminateStringInSomeFrameworksSetB(bool enhanced, string password, string leader)
{
var x = BCrypt.GenerateSalt();
string hash = BCrypt.HashPassword(password, x, enhanced);
Assert.False(BytesAreValid(SafeUTF8.GetBytes(password)));
var t1 = BCrypt.Verify(leader, hash, enhanced);
Assert.False(t1, "Null should be treated as part of password as per spec");
Assert.False(BCrypt.Verify("", hash, enhanced), "Null should be treated as part of password as per spec");
}
public ActionResult changePassword(string id, changePassword pass)
{
try
{
using (Notestash_Database_Entities db = new Notestash_Database_Entities())
{
if (pass.newPassword.Equals(pass.confirmNewPassword) && pass.newPassword.Length >= 6 && pass.newPassword.Length <= 15)
{
var passwordChanged = db.tblUsers.Where(e => e.forgotPasswordCode == new Guid(id)).FirstOrDefault();
string newPass = pass.newPassword;
var sha384Factory = HmacFactory;
var random = new CryptoRandom();
byte[] derivedKey;
string hashedPassword = null;
string passwordText = newPass;
byte[] passwordBytes = SafeUTF8.GetBytes(passwordText);
var salt = random.NextBytes(384 / 8);
using (var pbkdf2 = new PBKDF2(sha384Factory, passwordBytes, salt, 256 * 1000))
derivedKey = pbkdf2.GetBytes(384 / 8);
using (var hmac = sha384Factory())
{
hmac.Key = derivedKey;
hashedPassword = hmac.ComputeHash(passwordBytes).ToBase16();
}
passwordChanged.Password = hashedPassword;
passwordChanged.Salt = salt;
passwordChanged.forgotPasswordCode = null;
db.SaveChanges();
ModelState.AddModelError("Changed", "Password changed successfully!");
}
}
}
catch (Exception ex)
{
string s = ex.Message;
ModelState.AddModelError("BadRequest", "Error occurred, please try again!");
}
return(View());
}
public HttpResponseMessage changePassword(string id, changePassword pass)
{
try
{
using (Notestash_DatabaseEntities db = new Notestash_DatabaseEntities())
{
var passwordChanged = db.tblUsers.Where(e => e.forgotPasswordCode == new Guid(id)).FirstOrDefault();
string newPass = pass.newPassword;
var sha384Factory = HmacFactory;
var random = new CryptoRandom();
byte[] derivedKey;
string hashedPassword = null;
string passwordText = newPass;
byte[] passwordBytes = SafeUTF8.GetBytes(passwordText);
var salt = random.NextBytes(384 / 8);
using (var pbkdf2 = new PBKDF2(sha384Factory, passwordBytes, salt, 256 * 1000))
derivedKey = pbkdf2.GetBytes(384 / 8);
using (var hmac = sha384Factory())
{
hmac.Key = derivedKey;
hashedPassword = hmac.ComputeHash(passwordBytes).ToBase16();
}
passwordChanged.Password = hashedPassword;
passwordChanged.Salt = salt;
passwordChanged.forgotPasswordCode = null;
db.SaveChanges();
return(Request.CreateResponse(HttpStatusCode.OK, "Password changed successfully!"));
}
}
catch (Exception ex)
{
string s = ex.Message;
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Error occurred, please try again!"));
}
}
public string Create(UserModel objUser)
{
var sha384Factory = HmacFactory;
var random = new CryptoRandom();
byte[] derivedKey;
string hashedPassword = null;
string passwordText = objUser.Password;
byte[] passwordBytes = SafeUTF8.GetBytes(passwordText);
var salt = random.NextBytes(384 / 8);
using (var pbkdf2 = new PBKDF2(sha384Factory, passwordBytes, salt, 256 * 1000))
derivedKey = pbkdf2.GetBytes(384 / 8);
using (var hmac = sha384Factory())
{
hmac.Key = derivedKey;
hashedPassword = hmac.ComputeHash(passwordBytes).ToBase16();
}
try
{
tblUser objTblUser = new tblUser();
objTblUser.Id = objUser.Id;
objTblUser.FullName = objUser.FullName;
objTblUser.Password = hashedPassword;
objTblUser.Email = objUser.Email;
objTblUser.Salt = salt;
objTblUser.ProfilePicture = null;
objTblUser.IsEmailVerified = 0;
objTblUser.ActivationCode = Guid.NewGuid();
objTblUser.Created_at = DateTime.Now;
objTblUser.AdminOrUser = 1;
using (Notestash_DatabaseEntities db = new Notestash_DatabaseEntities())
{
DateTime present = DateTime.Now;
var userList = db.tblUsers.Where(a => a.IsEmailVerified == 0).ToList();
foreach (tblUser user in userList)
{
DateTime expire = user.Created_at.Value.AddDays(1);
if (present >= expire)
{
db.tblUsers.Remove(user);
}
}
db.SaveChanges();
var existingUser = db.tblUsers.FirstOrDefault(e => e.Email.Equals(objUser.Email));
if (existingUser == null)
{
db.tblUsers.Add(objTblUser);
db.SaveChanges();
return(objUser.Email + " " + objTblUser.ActivationCode.ToString());
}
else
{
return("exists");
}
}
}
catch (Exception ex)
{
string message = ex.ToString();
return("error");
}
}
public string Check(LoginModel objUser)
{
try
{
using (Notestash_DatabaseEntities db = new Notestash_DatabaseEntities())
{
var user = db.tblUsers.FirstOrDefault(e => e.Email.Equals(objUser.Email));
if (user == null)
{
return("invalid");
}
else
{
var sha384Factory = HmacFactory;
byte[] derivedKey;
string hashedPassword = null;
string suppliedPassword = objUser.Password;
byte[] passwordBytes = SafeUTF8.GetBytes(suppliedPassword);
using (var pbkdf2 = new PBKDF2(sha384Factory, passwordBytes, user.Salt, 256 * 1000))
derivedKey = pbkdf2.GetBytes(384 / 8);
using (var hmac = sha384Factory())
{
hmac.Key = derivedKey;
hashedPassword = hmac.ComputeHash(passwordBytes).ToBase16();
}
var userCredentials =
db.tblUsers.FirstOrDefault(e => e.Email.Equals(objUser.Email) && e.Password.Equals(hashedPassword) && e.AdminOrUser == 1);
if (userCredentials != null)
{
if (userCredentials.IsEmailVerified == 0)
{
return("inactive");
}
else
{
string token = createToken(objUser.Email);
return(token);
}
}
else
{
return("invalid");
}
}
}
}
catch (Exception ex)
{
string message = ex.ToString();
return("error");
}
}
public ActionResult SignIn(signIn User)
{
try
{
using (Notestash_Database_Entities db = new Notestash_Database_Entities())
{
var user = db.tblUsers.FirstOrDefault(e => e.Email.Equals(User.Email));
if (user != null)
{
var sha384Factory = HmacFactory;
byte[] derivedKey;
string hashedPassword = null;
string suppliedPassword = User.Password;
byte[] passwordBytes = SafeUTF8.GetBytes(suppliedPassword);
using (var pbkdf2 = new PBKDF2(sha384Factory, passwordBytes, user.Salt, 256 * 1000))
derivedKey = pbkdf2.GetBytes(384 / 8);
using (var hmac = sha384Factory())
{
hmac.Key = derivedKey;
hashedPassword = hmac.ComputeHash(passwordBytes).ToBase16();
}
var userCredentials = db.tblUsers.FirstOrDefault(e => e.Email.Equals(user.Email) && e.Password.Equals(hashedPassword) && e.AdminOrUser == 2);
if (userCredentials != null)
{
Session["Login"] = user.Id;
// cookie based login
//int timeout = User.RememberMe ? 52560 : 20;
//var ticket = new FormsAuthenticationTicket(User.Email, User.RememberMe, timeout);
//string encrypted = FormsAuthentication.Encrypt(ticket);
//var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encrypted);
//cookie.Expires = DateTime.Now.AddMinutes(timeout);
//cookie.HttpOnly = true;
//Response.Cookies.Add(cookie);
return(RedirectToAction("User_Data", "UserData"));
}
else
{
ModelState.AddModelError("WrongCredentials", "Wrong Credentials!");
}
}
else
{
ModelState.AddModelError("WrongCredentials", "Wrong Credentials!");
}
}
}
catch (Exception ex)
{
string s = ex.ToString();
ModelState.AddModelError("BadRequest", "Invalid Request!");
}
return(View());
}