public static void ConfigurePasswordOptions(this PasswordOptions output, IPasswordConfiguration input)
 {
     output.RequiredLength         = input.RequiredLength;
     output.RequireNonAlphanumeric = input.RequireNonLetterOrDigit;
     output.RequireDigit           = input.RequireDigit;
     output.RequireLowercase       = input.RequireLowercase;
     output.RequireUppercase       = input.RequireUppercase;
 }
        public void Get_Stored_Password_Hashed()
        {
            IPasswordConfiguration passwordConfiguration = Mock.Of <IPasswordConfiguration>(x => x.HashAlgorithmType == Constants.Security.AspNetUmbraco8PasswordHashAlgorithmName);
            var passwordSecurity = new LegacyPasswordSecurity();

            var salt   = LegacyPasswordSecurity.GenerateSalt();
            var stored = salt + "ThisIsAHashedPassword";

            var result = passwordSecurity.ParseStoredHashPassword(passwordConfiguration.HashAlgorithmType, stored, out string initSalt);

            Assert.AreEqual("ThisIsAHashedPassword", result);
        }
        public void Format_Pass_For_Storage_Hashed()
        {
            IPasswordConfiguration passwordConfiguration = Mock.Of <IPasswordConfiguration>(x => x.HashAlgorithmType == Constants.Security.AspNetUmbraco8PasswordHashAlgorithmName);
            var passwordSecurity = new LegacyPasswordSecurity();

            var salt   = LegacyPasswordSecurity.GenerateSalt();
            var stored = "ThisIsAHashedPassword";

            var result = passwordSecurity.FormatPasswordForStorage(passwordConfiguration.HashAlgorithmType, stored, salt);

            Assert.AreEqual(salt + "ThisIsAHashedPassword", result);
        }
        public void Check_Password_Hashed_KeyedHashAlgorithm()
        {
            IPasswordConfiguration passwordConfiguration = Mock.Of <IPasswordConfiguration>(x => x.HashAlgorithmType == Constants.Security.AspNetUmbraco8PasswordHashAlgorithmName);
            var passwordSecurity = new LegacyPasswordSecurity();

            var pass           = "******";
            var hashed         = passwordSecurity.HashNewPassword(passwordConfiguration.HashAlgorithmType, pass, out string salt);
            var storedPassword = passwordSecurity.FormatPasswordForStorage(passwordConfiguration.HashAlgorithmType, hashed, salt);

            var result = passwordSecurity.VerifyPassword(passwordConfiguration.HashAlgorithmType, "ThisIsAHashedPassword", storedPassword);

            Assert.IsTrue(result);
        }
        protected PasswordConfiguration(IPasswordConfiguration configSettings)
        {
            if (configSettings == null)
            {
                throw new ArgumentNullException(nameof(configSettings));
            }

            RequiredLength          = configSettings.RequiredLength;
            RequireNonLetterOrDigit = configSettings.RequireNonLetterOrDigit;
            RequireDigit            = configSettings.RequireDigit;
            RequireLowercase        = configSettings.RequireLowercase;
            RequireUppercase        = configSettings.RequireUppercase;
            HashAlgorithmType       = configSettings.HashAlgorithmType;
            MaxFailedAccessAttemptsBeforeLockout = configSettings.MaxFailedAccessAttemptsBeforeLockout;
        }
Example #6
0
    /// <summary>
    ///     Returns the configuration of the membership provider used to configure change password editors
    /// </summary>
    /// <param name="passwordConfiguration"></param>
    /// <param name="allowManuallyChangingPassword"></param>
    /// <returns></returns>
    public static IDictionary <string, object> GetConfiguration(
        this IPasswordConfiguration passwordConfiguration,
        bool allowManuallyChangingPassword = false) =>
    new Dictionary <string, object>
    {
        { "minPasswordLength", passwordConfiguration.RequiredLength },

        // TODO: This doesn't make a ton of sense with asp.net identity and also there's a bunch of other settings
        // that we can consider with IPasswordConfiguration, but these are currently still based on how membership providers worked.
        { "minNonAlphaNumericChars", passwordConfiguration.GetMinNonAlphaNumericChars() },

        // A flag to indicate if the current password box should be shown or not, only a user that has access to change other user/member passwords
        // doesn't have to specify the current password for the user/member. A user changing their own password must specify their current password.
        { "allowManuallyChangingPassword", allowManuallyChangingPassword },
    };
 public static int GetMinNonAlphaNumericChars(this IPasswordConfiguration passwordConfiguration)
 {
     return(passwordConfiguration.RequireNonLetterOrDigit ? 2 : 0);
 }
 public PasswordGenerator(IPasswordConfiguration passwordConfiguration) =>
 public PasswordAssistant(IPasswordConfiguration config)
 {
     Config = config;
 }
Example #10
0
 public PasswordGenerator(IPasswordConfiguration passwordConfiguration)
 {
     _passwordConfiguration = passwordConfiguration;
 }