Ejemplo n.º 1
0
        public async Task <bool> CheckPasswordAsync(string password, RegisteredUser user)
        {
            var ret       = false;
            var lockEntry = ServerContext.ServiceTable.GetOrCreate(user.Username).UserLock;
            await lockEntry.WithConcurrentReadAsync(Task.Run(() =>
            {
                //Calculate hash and compare
                var cryptoHelper = new AuthCryptoHelper(user.Crypto.Conf);
                var pwKey        =
                    cryptoHelper.CalculateUserPasswordHash(password, user.Crypto.Salt);
                ret = StructuralComparisons.StructuralEqualityComparer.Equals(pwKey, user.Crypto.Key);
            }));

            return(ret);
        }
Ejemplo n.º 2
0
        private RegisteredUser RegisterUser(RegistrationRequest regRequest)
        {
            RegisteredUser newUserRecord = null;

            if (FindUserByUsernameAsync(regRequest.Username).GetAwaiter().GetResult() != null)
            {
                //BAD! Another conflicting user exists!
                throw new SecurityException("A user with the same username already exists!");
            }
            var db = new DatabaseAccessService().OpenOrCreateDefault();
            var registeredUsers = db.GetCollection <RegisteredUser>(DatabaseAccessService.UsersCollectionDatabaseKey);

            using (var trans = db.BeginTrans())
            {
                // Calculate cryptographic info
                var cryptoConf        = PasswordCryptoConfiguration.CreateDefault();
                var cryptoHelper      = new AuthCryptoHelper(cryptoConf);
                var pwSalt            = cryptoHelper.GenerateSalt();
                var encryptedPassword =
                    cryptoHelper.CalculateUserPasswordHash(regRequest.Password, pwSalt);
                // Create user
                newUserRecord = new RegisteredUser
                {
                    Identifier = Guid.NewGuid().ToString(),
                    Username   = regRequest.Username,
                    ApiKey     = StringUtils.SecureRandomString(AuthCryptoHelper.DefaultApiKeyLength),
                    Crypto     = new ItemCrypto
                    {
                        Salt = pwSalt,
                        Conf = cryptoConf,
                        Key  = encryptedPassword
                    },
                    StorageQuota = ServerContext.Configuration.DefaultQuota
                };
                // Add the user to the database
                registeredUsers.Insert(newUserRecord);

                // Index database
                registeredUsers.EnsureIndex(x => x.Identifier);
                registeredUsers.EnsureIndex(x => x.ApiKey);
                registeredUsers.EnsureIndex(x => x.Username);

                trans.Commit();
            }
            return(newUserRecord);
        }
Ejemplo n.º 3
0
 public async Task ChangeUserPasswordAsync(RegisteredUser user, string newPassword)
 {
     var lockEntry = ServerContext.ServiceTable.GetOrCreate(user.Username).UserLock;
     await lockEntry.WithExclusiveWriteAsync(Task.Run(async() =>
     {
         // Recompute password crypto
         var cryptoConf        = PasswordCryptoConfiguration.CreateDefault();
         var cryptoHelper      = new AuthCryptoHelper(cryptoConf);
         var pwSalt            = cryptoHelper.GenerateSalt();
         var encryptedPassword =
             cryptoHelper.CalculateUserPasswordHash(newPassword, pwSalt);
         user.Crypto = new ItemCrypto
         {
             Salt = pwSalt,
             Conf = cryptoConf,
             Key  = encryptedPassword
         };
         // Save changes
         await UpdateUserInDatabaseAsync(user);
     }));
 }