public void Given_PasswordString_Then_HashedAsExpected() { var securedPassword = new SecuredPassword("password"); Assert.AreNotEqual("password", securedPassword.Hash); Assert.AreEqual(256, securedPassword.Hash.Length); }
public void Verify_WhenMatching_ReturnsTrue() { var securedPassword = new SecuredPassword("password"); var result = securedPassword.Verify("password"); Assert.That(result, Is.True); }
public async Task Given_UserIsReusingAPassword_When_ValidatePassword_Then_ErrorReturned(HashStrategyKind hashStrategy) { // Arrange var password = "******"; var previousPassword = new SecuredPassword(password, hashStrategy); _configuration.MaxNumberOfPreviousPasswords = 4; var user = new User { PreviousPasswords = new List <PreviousPassword> { new PreviousPassword { Hash = Convert.ToBase64String(previousPassword.Hash), Salt = Convert.ToBase64String(previousPassword.Salt), HashStrategy = previousPassword.HashStrategy } } }; // Act var result = await _sut.ValidatePassword(user, password, _bannedWords); // Assert Assert.That(result.Succeeded, Is.False); Assert.That(result.Errors.Count(), Is.EqualTo(1)); Assert.That(result.Errors.Single(), Is.EqualTo("You cannot use any of your 4 previous passwords")); }
public void Given_PasswordString_Then_HashedAsExpected() { var securedPassword = new SecuredPassword("password", HashStrategyKind.Pbkdf210001Iterations); Assert.AreNotEqual("password", securedPassword.Hash); Assert.AreEqual(256, securedPassword.Hash.Length); }
public void Given_PasswordString_Then_HashedAsExpected() { var securedPassword = new SecuredPassword("password", HashStrategyKind.Argon248KWorkCost); Assert.AreNotEqual("password", securedPassword.Hash); Assert.AreEqual(416, securedPassword.Hash.Length); }
public void Given_SecuredPasswordIsDifferentToGiven_Then_VerifiesFalse() { var securedPassword = new SecuredPassword("password"); var result = securedPassword.Verify("Password"); Assert.IsFalse(result); }
public void Given_SecuredPasswordGenerated_Then_VerifiesOk() { var securedPassword = new SecuredPassword("password"); var result = securedPassword.Verify("password"); Assert.IsTrue(result); }
public void Verify_WhenDifferent_ReturnsFalse() { var securedPassword = new SecuredPassword("password"); var result = securedPassword.Verify("Password"); Assert.That(result, Is.False); }
public void IsHashed_AsExpected() { var securedPassword = new SecuredPassword("password"); Assert.That(securedPassword.Hash, Is.Not.EqualTo("password")); Assert.That(securedPassword.Hash.Length, Is.EqualTo(256)); }
} // End of addUseer() protected Dictionary <String, String> getClientInfomation() { /* this method returns a doctionary that contains all the information obtain from client*/ Dictionary <String, String> clientInfomation = new Dictionary <String, String>(); String txt_Address2 = ""; if (txtAddress2.Text != null) { txt_Address2 += txtAddress2.Text; } clientInfomation.Add("FirstName", txtFirstName.Text); clientInfomation.Add("LastName", txtLastName.Text); clientInfomation.Add("Address1", txtAddress1.Text); clientInfomation.Add("Address2", txt_Address2); clientInfomation.Add("City", txtCity.Text); clientInfomation.Add("State", drpStates.Text); clientInfomation.Add("ZipCode", txtZipCode.Text); clientInfomation.Add("Username", txtUsername.Text); clientInfomation.Add("Email", txtEmail.Text); clientInfomation.Add("Passwd", SecuredPassword.GenerateHash(txtPassword.Text)); String txt_Address2_Ship = ""; if (txtAddress2.Text != null) { txt_Address2_Ship += txtAddress2_Ship.Text; } clientInfomation.Add("Address1_Ship", txtAddress1_Ship.Text); clientInfomation.Add("Address2_Ship", txt_Address2_Ship); clientInfomation.Add("City_Ship", txtCity_Ship.Text); clientInfomation.Add("State_Ship", drpStates_Ship.Text); clientInfomation.Add("ZipCode_Ship", txtZipCode_Ship.Text); return(clientInfomation); }
public void Given_SecuredPasswordIsDifferentToGiven_Then_VerifiesFalse() { var securedPassword = new SecuredPassword("password", HashStrategyKind.Pbkdf210001Iterations); var securedPassword2 = new SecuredPassword("Password2", HashStrategyKind.Pbkdf210001Iterations); var result = securedPassword.Equals(securedPassword2); Assert.IsFalse(result); }
public void Given_PasswordHashWithIterationsChanged_Then_PasswordHashesDoNotMatch() { var password = "******"; var securedPassword = new SecuredPassword(password, HashStrategyKind.Argon248KWorkCost); var securedPassword2 = new SecuredPassword(password, HashStrategyKind.Pbkdf28000Iterations); Assert.IsFalse(securedPassword2.Equals(securedPassword)); }
public void Given_PasswordVerifiesIsNull_Then_ThrowsException() { Assert.Throws <ArgumentNullException>(() => { var result = new SecuredPassword(null, HashStrategyKind.Pbkdf25009Iterations); } ); }
public void Given_SecuredPasswordIsDifferentToGiven_Then_VerifiesFalse() { var securedPassword = new SecuredPassword("password", HashStrategyKind.Argon248KWorkCost); var securedPassword2 = new SecuredPassword("Password2", HashStrategyKind.Argon248KWorkCost); var result = securedPassword.Equals(securedPassword2); Assert.IsFalse(result); }
public static User EncodeUsersPassword(User user) { SecuredPassword secPass = ComputeHash(user.Password, GenerateRandomByte()); user.Password = secPass.HashedSaltedPassword; user.Salt = secPass.Salt; return(user); }
public void Given_WhenRehydratedAndMatching_Then_ReturnsTrue() { var securedPassword = new SecuredPassword("password123"); var rehydrated = new SecuredPassword(securedPassword.Hash, securedPassword.Salt); var result = rehydrated.Verify("password123"); Assert.IsTrue(result); }
public void Verify_WhenRehydrated_AndMatching_ReturnsTrue() { var securedPassword = new SecuredPassword("password123"); var rehydrated = new SecuredPassword(securedPassword.Hash, securedPassword.Salt); var result = rehydrated.Verify("password123"); Assert.That(result, Is.True); }
public void Given_PasswordHashWithIterationsChanged_Then_PasswordHashesDoNotMatch() { string password = "******"; var securedPassword = new SecuredPassword(password, HashStrategyKind.Pbkdf210001Iterations); var securedPassword2 = new SecuredPassword(password, HashStrategyKind.Pbkdf210001Iterations); Assert.IsFalse(securedPassword2.Equals(securedPassword)); }
public void Given_TwoIdenticalPasswords_Then_HashsGeneratedAreUnique() { var securedPassword = new SecuredPassword("password"); var securedPassword2 = new SecuredPassword("password"); Assert.IsNotNull(securedPassword.Hash); Assert.IsNotNull(securedPassword2.Hash); Assert.AreNotEqual(securedPassword.Hash, securedPassword2.Hash); }
public void Generates_Unique_Salt() { var securedPassword = new SecuredPassword("password"); var securedPassword2 = new SecuredPassword("password"); Assert.That(securedPassword.Salt, Is.Not.Null); Assert.That(securedPassword2.Salt, Is.Not.Null); Assert.That(securedPassword.Salt, Is.Not.EqualTo(securedPassword2.Salt)); }
public void Given_TwoIdenticalPasswords_Then_HashsGeneratedAreUnique() { var securedPassword = new SecuredPassword("password", HashStrategyKind.Pbkdf210001Iterations); var securedPassword2 = new SecuredPassword("password", HashStrategyKind.Pbkdf210001Iterations); Assert.IsNotNull(securedPassword.Hash); Assert.IsNotNull(securedPassword2.Hash); Assert.AreNotEqual(securedPassword.Hash, securedPassword2.Hash); }
public void Generates_Unique_Hash() { var securedPassword = new SecuredPassword("password"); var securedPassword2 = new SecuredPassword("password"); Assert.That(securedPassword.Hash, Is.Not.Null); Assert.That(securedPassword2.Hash, Is.Not.Null); Assert.That(securedPassword.Hash, Is.Not.EqualTo(securedPassword2.Hash)); }
public void Given_TwoIdenticalPasswords_Then_SaltsGeneratedAreUnique() { var securedPassword = new SecuredPassword("password", HashStrategyKind.Argon248KWorkCost); var securedPassword2 = new SecuredPassword("password", HashStrategyKind.Argon248KWorkCost); Assert.IsNotNull(securedPassword.Salt); Assert.IsNotNull(securedPassword2.Salt); Assert.AreNotEqual(securedPassword.Salt, securedPassword2.Salt); }
public void Given_WhenRehydratedAndMatching_Then_ReturnsTrue() { var password = "******"; var securedPassword = new SecuredPassword(password, HashStrategyKind.Argon248KWorkCost); var rehydrated = new SecuredPassword(password, securedPassword.Hash, securedPassword.Salt, HashStrategyKind.Argon248KWorkCost); Assert.IsTrue(securedPassword.Equals(rehydrated)); Assert.IsTrue(rehydrated.IsValid); }
public void GivenTheFollowingUsersAreSetupInTheDatabase(Table table) { var usersToCreate = table.CreateSet <UserToCreate>().ToList(); var users = new List <User>(); var hashStrategy = (HashStrategyKind)Convert.ToInt32(ConfigurationManager.AppSettings["DefaultHashStrategy"]); var encryptor = new Encryption(); var adminRole = SeDatabase.GetRoleByName("Admin"); foreach (var userToCreate in usersToCreate) { string encryptedSecurityAnswer; string encryptedSecurityAnswerSalt; var securePassword = new SecuredPassword(userToCreate.Password, hashStrategy); var securityQuestion = SeDatabase.GetLookupItemsByLookupType(Consts.LookupTypeId.SecurityQuestion).Single(a => a.Description == userToCreate.SecurityQuestion); encryptor.Encrypt(ConfigurationManager.AppSettings["EncryptionPassword"], Convert.ToInt32(ConfigurationManager.AppSettings["EncryptionIterationCount"]), userToCreate.SecurityAnswer, out encryptedSecurityAnswerSalt, out encryptedSecurityAnswer); var user = new User { UserName = userToCreate.UserName, FirstName = userToCreate.FirstName, LastName = userToCreate.LastName, TelNoWork = userToCreate.WorkTelephoneNumber, TelNoHome = userToCreate.HomeTelephoneNumber, TelNoMobile = userToCreate.MobileTelephoneNumber, Title = userToCreate.Title, Town = userToCreate.Town, Postcode = userToCreate.Postcode, SkypeName = userToCreate.SkypeName, HashStrategy = hashStrategy, PasswordHash = Convert.ToBase64String(securePassword.Hash), PasswordSalt = Convert.ToBase64String(securePassword.Salt), SecurityQuestionLookupItemId = securityQuestion.Id, SecurityAnswer = encryptedSecurityAnswer, SecurityAnswerSalt = encryptedSecurityAnswerSalt, Approved = true, EmailVerified = true, Enabled = true, PasswordLastChangedDateUtc = DateTime.UtcNow, PasswordResetToken = string.IsNullOrWhiteSpace(userToCreate.PasswordResetToken) ? null : userToCreate.PasswordResetToken, PasswordResetExpiryDateUtc = userToCreate.PasswordResetExpiry == "[One day from now]" ? (DateTime?)DateTime.UtcNow.AddDays(1) : null, NewEmailAddress = string.IsNullOrWhiteSpace(userToCreate.NewEmailAddress) ? null : userToCreate.NewEmailAddress, NewEmailAddressToken = string.IsNullOrWhiteSpace(userToCreate.NewEmailAddressToken) ? null : userToCreate.NewEmailAddressToken, NewEmailAddressRequestExpiryDateUtc = userToCreate.NewEmailAddressRequestExpiryDate == "[One day from now]" ? (DateTime?)DateTime.UtcNow.AddDays(1) : null, PasswordExpiryDateUtc = userToCreate.PasswordExpiryDate == "[Expired]" ? (DateTime?)DateTime.Now.AddDays(-1) : null }; if (userToCreate.IsAdmin) { user.UserRoles = new List <UserRole> { new UserRole { RoleId = adminRole.Id, UserId = 1 } }; } users.Add(user); } SeDatabase.SetUsers(users); }
public void Given_SecuredPasswordGenerated_Then_MatchesAnIdenticalHash() { var securedPassword = new SecuredPassword("password", HashStrategyKind.Argon248KWorkCost); var securedPassword2 = new SecuredPassword("password", securedPassword.Hash, securedPassword.Salt, HashStrategyKind.Argon248KWorkCost); Assert.IsTrue(securedPassword2.IsValid); Assert.AreEqual(securedPassword.HashStrategy, securedPassword2.HashStrategy); Assert.AreEqual(securedPassword.HashingParameter, securedPassword2.HashingParameter); }
public void CreatePasswordHashAndSaltForSeeding() { var password = "******"; var securedPassword = new SecuredPassword(password, HashStrategyKind.Pbkdf25009Iterations); var storedSalt = Convert.ToBase64String(securedPassword.Salt); var storedHash = Convert.ToBase64String(securedPassword.Hash); Debug.WriteLine("salt for password {0} is {1}", password, storedSalt); Debug.WriteLine("hash for password {0} is {1}", password, storedHash); }
public void CreatePasswordHashAndSaltForSeeding() { string password = "******"; var securedPassword = new SecuredPassword(password, HashStrategyKind.Pbkdf210001Iterations); var storedSalt = Convert.ToBase64String(securedPassword.Salt); var storedHash = Convert.ToBase64String(securedPassword.Hash); System.Diagnostics.Debug.WriteLine($"salt for password {password} is {storedSalt}"); System.Diagnostics.Debug.WriteLine($"hash for password {password} is {storedHash}"); }
public void CreatePasswordHashAndSaltForSeeding() { string password = "******"; var securedPassword = new SecuredPassword(password, HashStrategyKind.Argon2_48kWorkCost); var storedSalt = Convert.ToBase64String(securedPassword.Salt); var storedHash = Convert.ToBase64String(securedPassword.Hash); System.Diagnostics.Debug.WriteLine(string.Format("salt for password {0} is {1}", password, storedSalt)); System.Diagnostics.Debug.WriteLine(string.Format("hash for password {0} is {1}", password, storedHash)); }
public static AccountModel New(string username, SecuredPassword password, AccessType accountType) { return(new AccountModel { Identity = DEAFULT_IDENTITY, Username = username, Password = password, AccessType = accountType, IsActive = true }); }