public ActionResult EditPassword(EditPasswordViewModel model, long id)
{
try
{
if (!ModelState.IsValid)
{
return(View(model));
}
var user = _userManager.GetById(id);
if (user.password != PasswordHashing.HashPassword
(model.Password, user.passwordSalt))
{
throw new Exception(Resource.WrongPassword);
}
var newSalt = PasswordHashing.GenerateSaltValue();
user.passwordSalt = newSalt;
user.password = PasswordHashing.HashPassword(model.NewPassword, newSalt);
_userManager.Update(user);
return(RedirectToRoute("UserPage"));
}
catch (Exception e)
{
model.Error = e.Message;
return(View(model));
}
}
public async Task <ServiceResponse <UserDto> > PasswordChange(PasswordChangeDto pwdChange)
{
ServiceResponse <UserDto> serviceResponse = new ServiceResponse <UserDto>();
PasswordHashing ph = new PasswordHashing();
User entity = new User();
try
{
entity = _context.Users.First(u => u.Username == pwdChange.Username);
if (ph.IsValid(pwdChange.CurrentPassword, entity.Salt, entity.Hash))
{
entity.Salt = Encoding.Unicode.GetString(ph.GetSalt());
entity.Hash = Encoding.Unicode.GetString(ph.GetKey(pwdChange.NewPassword, Encoding.Unicode.GetBytes(entity.Salt)));
_context.SaveChanges();
serviceResponse.Data = _mapper.Map <UserDto>(entity);
}
else
{
throw new Exception("Wrong current password!");
}
}
catch (Exception ex)
{
serviceResponse.Success = false;
serviceResponse.Message = (ex.InnerException != null) ? ex.InnerException.Message : ex.Message;
}
return(serviceResponse);
}
public ActionResult ChangePassword(ChangeOldPasswordViewModel suvm)
{
var PwdHashing = new PasswordHashing();
string emailAddress = Session["Username"].ToString();
var chkUser = (from l in db.Users
where l.UserEmail == emailAddress
select l).FirstOrDefault();
if (chkUser != null)
{
try
{
var decriptPwd = PwdHashing.Encrypt(suvm.UserPassword);
chkUser.UserPassword = decriptPwd;
chkUser.UserConfirmPassword = decriptPwd;
db.SaveChanges();
ViewBag.DisplayMessage = "success";
ModelState.AddModelError("", "Your password reset was successful!");
}
catch (Exception)
{
ViewBag.DisplayMessage = "Info";
ModelState.AddModelError("", "password reset was not successful, please try again!");
}
}
else
{
ViewBag.DisplayMessage = "Info";
ModelState.AddModelError("", "Email address does not exist!");
}
return(View());
}
public ActionResult Login(UserProfile profile)
{
using (var context = new DVTManagementSystemContext())
{
try
{
var PasswordHashingmMethod = new PasswordHashing();
string HashedPassword = PasswordHashingmMethod.HashInput(profile.PasswordHash);
var user = context.UserProfiles.Single(u => u.EmailAddress == profile.EmailAddress && u.PasswordHash == profile.PasswordHash && u.IsApproved == true);
if (user != null)
{
Session["FirstName"] = user.FirstName.ToString();
Session["LastName"] = user.FirstName.ToString();
return(RedirectToAction("Dashboard", "Applicant"));
}
}
catch (System.Exception)
{
ModelState.AddModelError(string.Empty, "Username or Password is incorrect");
}
}
return(View());
}
public ActionResult Register(RegisterViewModel registerViewModel)
{
if (!ModelState.IsValid)
{
return(View(registerViewModel));
}
var user = registerViewModel.GetUser();
var salt = RandomString(128);
var hash = PasswordHashing.GetPasswordHash(registerViewModel.Password, salt);
var userRole = _roleService.GetRoles(r => r.Name == "user").FirstOrDefault();
user.Roles = new List <Role> {
userRole
};
user.PasswordSalt = salt;
user.PasswordHash = hash;
try
{
_userService.AddUser(user);
_userService.Save();
return(RedirectToAction("Login"));
}
catch
{
ModelState.AddModelError("", $"User with login {user.Login} already exists!");
return(View(registerViewModel));
}
}
private void signUpButton_Click(object sender, EventArgs e)
{
try
{
PasswordHashing passwordHashing = new PasswordHashing();
UsersRepository usersRepository = new UsersRepository();
FileCreation fileCreation = new FileCreation();
Validations();
User user = new User(usernameBox.Text,
passwordHashing.creatingHashedPassword(passwordBox.Text),
fileCreation.createFile(usernameBox.Text));
user.fileLocation = fileCreation.EncryptWithAES(user.fileLocation);
usersRepository.AddNewUserToDB(user);
usersRepository.ChangeFileName(user);
DialogResult dialog = MessageBox.Show("You signed up successfully!", "OK", MessageBoxButtons.OK);
if (dialog == DialogResult.OK)
{
MainWindow.loggedInUser = user;
LoggedIn loggedIn = new LoggedIn();
loggedIn.ShowDialog();
}
}
catch (Exception exc)
{
MessageBox.Show(exc.Message);
}
}
public void PasswordIsHashedTest()
{
string input = "Password";
string output = PasswordHashing.HashPassword(input);
Assert.AreNotEqual(input, output);
}
public async Task <ServiceResponse <GetUserDto> > Login(LoginDto login)
{
ServiceResponse <GetUserDto> serviceResponse = new ServiceResponse <GetUserDto>();
PasswordHashing ph = new PasswordHashing();
User entity = new User();
try
{
entity = _context.Users.First(u => u.Username == login.Username);
if (ph.IsValid(login.Hash, entity.Salt, entity.Hash))
{
serviceResponse.Data = _mapper.Map <GetUserDto>(_context.Users.Include(u => u.UserBooks).FirstOrDefault(u => u.Id == entity.Id));
}
else
{
throw new Exception("");
}
}
catch (Exception ex)
{
serviceResponse.Success = false;
serviceResponse.Message += (ex.InnerException != null) ? ex.InnerException.Message : ex.Message;
if (serviceResponse.Message == "")
{
serviceResponse.Message = "Niepoprawny login lub hasło.";
}
}
return(serviceResponse);
}
// Кога корисникот креира свој акаунт
private void btnSingUpVerify_Click(object sender, EventArgs e)
{
this.Hide();
// Се креира Please Wait инстанца која праќа Query на Azure за да се креира акаунт
PleaseWait W = new PleaseWait(txtUsernameSignUp.Text.Trim(), PasswordHashing.hashPassword(txtPasswrodSignUp.Text), txtFirstName.Text.Trim(), txtLastName.Text.Trim());
W.ShowDialog();
bool success = W.sigupOK;
W.Dispose();
// Доколку успешно е регистриран
if (success)
{
MessageBox.Show("Succesfull registration !");
this.DialogResult = DialogResult.OK;
}
// Доколку не е успешено регистриран
else
{
TryAgain N = new TryAgain();
N.ShowDialog();
this.Show();
N.Dispose();
}
}
public async Task UpdateUserPasswordAsync(UserPasswordUpdateModel passwordUpdate)
{
var userId = passwordUpdate.UserId;
var password = PasswordHashing.GeneratePassword(passwordUpdate.Password);
await _userRepository.UpdateUserPasswordAsync(userId, password);
}
public void Correct_Password_Wrong_Encoding_Should_Not_Match(HashingAlgo hashingAlgo)
{
var originalHashConfig = new HashingConfig
{
GenratePerPasswordSalt = true,
GlobalSalt = null,
SaltedPasswordFormat = SaltedPasswordFormat,
HashingAlgo = hashingAlgo,
PasswordHashEncodingType = EncodingType.Hex
};
var mismatchedHashConfig = new HashingConfig
{
GenratePerPasswordSalt = true,
GlobalSalt = null,
SaltedPasswordFormat = SaltedPasswordFormat,
HashingAlgo = hashingAlgo,
PasswordHashEncodingType = EncodingType.Base64
};
var passwordHashing = new PasswordHashing();
var hash = passwordHashing.GetHash(CorrectPassword, originalHashConfig);
var match = passwordHashing.CheckPassword(hash, mismatchedHashConfig, CorrectPassword);
Assert.False(match);
}
public int Register(string email, string password, string foreignLanguage)
{
int foreignLanguageId = GetForeignLanguageByName(foreignLanguage);
password = PasswordHashing.Hash(password);
return(_accountRepository.Register(email, password, foreignLanguageId));
}
public void TooHighComplexityPasswordTest()
{
string password = "******";
PasswordHashing provider = new PasswordHashing(complexity: 25);
string hash = provider.Compute(password);
}
public void TestGenerateAndCompareHashMatch()
{
byte[] saltAndHash = Convert.FromBase64String(PasswordHashing.EncodePassword(KnownPassword.ToSecureString(), null));
byte[] salt = PasswordHashing.ExtractStoredSalt(saltAndHash);
Assert.That(salt, Is.Not.Null);
Assert.That(PasswordHashing.HashesMatch(Convert.FromBase64String(PasswordHashing.EncodePassword(KnownPassword.ToSecureString(), salt)), saltAndHash));
}
public void NullPasswordTest()
{
string password = null;
PasswordHashing provider = new PasswordHashing();
string hash = provider.Compute(password);
}
public void TestHashDoesntMatch()
{
byte[] storedHash = Convert.FromBase64String(KnownHashAndSalt);
byte[] salt = PasswordHashing.GenerateSalt();
byte[] curHash = Convert.FromBase64String(PasswordHashing.EncodePassword(KnownPassword.ToSecureString(), salt));
Assert.That(PasswordHashing.HashesMatch(storedHash, curHash), Is.False);
}
public void TestEncode()
{
byte[] storedHash = Convert.FromBase64String(KnownHashAndSalt);
byte[] salt = PasswordHashing.ExtractStoredSalt(storedHash);
byte[] curHash = Convert.FromBase64String(PasswordHashing.EncodePassword(KnownPassword.ToSecureString(), salt));
Assert.That(storedHash, Is.EqualTo(curHash), "Hashed Passphrase 'HACK' should be the same");
}
public void TestHashMatches()
{
byte[] storedHash = Convert.FromBase64String(KnownHashAndSalt);
byte[] salt = PasswordHashing.ExtractStoredSalt(storedHash);
byte[] curHash = Convert.FromBase64String(PasswordHashing.EncodePassword(KnownPassword.ToSecureString(), salt));
Assert.That(PasswordHashing.HashesMatch(storedHash, curHash), Is.True);
}
public void TestPasswordHashing()
{
var hashing = new PasswordHashing();
var hashedPassword = hashing.CreateHash("test");
var result = hashing.ValidatePassword("test", hashedPassword);
Assert.IsTrue(result);
}
public void TestExtractSalt()
{
byte[] expectedSalt = Convert.FromBase64String(KnownSalt);
byte[] storedHash = Convert.FromBase64String(KnownHashAndSalt);
byte[] salt = PasswordHashing.ExtractStoredSalt(storedHash);
Assert.That(salt, Is.EqualTo(expectedSalt));
}
public void WhitespacePasswordTest()
{
string password = "******";
PasswordHashing provider = new PasswordHashing();
string hash = provider.Compute(password);
}
public async Task SignOutUserAsync(Users userToCreate, string plainPassword)
{
string passwordSalt = PasswordHashing.CreateSalt();
userToCreate.PasswordSalt = passwordSalt;
userToCreate.PasswordHash = PasswordHashing.GenerateHash(plainPassword, passwordSalt);
await _context.Users.AddAsync(userToCreate);
}
public RegisterResponse Register(RegisterRequest request)
{
var LogExists = _campaignDbContext.Clients.Any(c => c.Login.Equals(request.Login));
var MailExists = _campaignDbContext.Clients.Any(c => c.Email.Equals(request.Email));
var PhoneNumExists = _campaignDbContext.Clients.Any(c => c.Phone.Equals(request.Phone));
if (LogExists || MailExists || PhoneNumExists)
{
throw new ClientExistsException("Such client is already exists");
}
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, request.Login),
new Claim(ClaimTypes.Name, request.LastName),
new Claim(ClaimTypes.Role, "Client"),
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("faafsasfassdgdfger524312"));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken
(
issuer: "Artem",
audience: "Clients",
claims: claims,
expires: DateTime.Now.AddMinutes(10),
signingCredentials: creds
);
var accessToken = new JwtSecurityTokenHandler().WriteToken(token);
var refreshToken = Guid.NewGuid();
var refreshT = refreshToken.ToString();
var salt = PasswordHashing.GenerateSalt();
var passwrd = PasswordHashing.Create(request.Password, salt);
var client = new Client()
{
FirstName = request.FirstName,
LastName = request.LastName,
Email = request.Email,
Phone = request.Phone,
Login = request.Login,
Password = passwrd,
RefreshToken = refreshT,
Salt = salt
};
_campaignDbContext.Add(client);
_campaignDbContext.SaveChanges();
return(new RegisterResponse
{
AccessToken = accessToken,
RefreshToken = refreshT
});
}
public async Task <bool> SaveAppUser(AppUser user, string newPasswordToHash = null)
{
bool success = true;
if (!String.IsNullOrEmpty(newPasswordToHash))
{
user.PasswordSalt = PasswordHashing.PasswordSaltInBase64();
user.PasswordHash = PasswordHashing.PasswordToHashBase64(newPasswordToHash, user.PasswordSalt);
}
try
{
using (var conn = new SqlConnection(_connectionString))
{
await conn.OpenAsync();
string upsert =
$"MERGE [AppUser] WITH (ROWLOCK) AS [T] " +
$"USING (SELECT {user.Id} AS [id]) AS [S] " +
$"ON [T].[id] = [S].[id] " +
$"WHEN MATCHED THEN UPDATE SET [SubjectId]='{user.SubjectId}', [Username]='{user.Username}', [PasswordHash]='{user.PasswordHash}', [PasswordSalt]='{user.PasswordSalt}', [ProviderName]='{user.ProviderName}', [ProviderSubjectId]='{user.ProviderSubjectId}' " +
$"WHEN NOT MATCHED THEN INSERT ([SubjectId],[Username],[PasswordHash],[PasswordSalt],[ProviderName],[ProviderSubjectId]) " +
$"VALUES ('{user.SubjectId}','{user.Username}','{user.PasswordHash}','{user.PasswordSalt}','{user.ProviderName}','{user.ProviderSubjectId}'); " +
$"SELECT SCOPE_IDENTITY();";
object result = null;
using (var cmd = new SqlCommand(upsert, conn))
{
result = await cmd.ExecuteScalarAsync();
}
int newId = (result is null || result is DBNull) ? 0 : Convert.ToInt32(result); // SCOPE_IDENTITY returns a SQL numeric(38,0) type
if (newId > 0)
{
user.Id = newId;
}
if (user.Id > 0 && user.Claims.Count > 0)
{
foreach (Claim c in user.Claims)
{
string insertIfNew =
$"MERGE [Claim] AS [T] " +
$"USING (SELECT {user.Id} AS [uid], '{c.Subject}' AS [sub], '{c.Type}' AS [type], '{c.Value}' as [val]) AS [S] " +
$"ON [T].[AppUser_id]=[S].[uid] AND [T].[Subject]=[S].[sub] AND [T].[Type]=[S].[type] AND [T].[Value]=[S].[val] " +
$"WHEN NOT MATCHED THEN INSERT ([AppUser_id],[Issuer],[OriginalIssuer],[Subject],[Type],[Value],[ValueType]) " +
$"VALUES ('{user.Id}','{c.Issuer ?? string.Empty}','{c.OriginalIssuer ?? string.Empty}','{user.SubjectId}','{c.Type}','{c.Value}','{c.ValueType ?? string.Empty}');";
using (var cmd = new SqlCommand(insertIfNew, conn))
{
await cmd.ExecuteNonQueryAsync();
}
}
}
}
}
catch
{
success = false;
}
return(success);
}
public void HashWithSaltTest()
{
PasswordHashing ph = new PasswordHashing();
string password = "******";
HashWithSaltResult hashResult = ph.HashWithSalt(password, 64, SHA512.Create());
HashWithSaltResult hashResult2 = ph.HashWithSalt(password, hashResult.Salt, SHA512.Create());
Assert.AreEqual <string>(hashResult.CipherText, hashResult2.CipherText);
}
public static UserEntity ToUserEntity(this UserCreateModel usercreateModel)
{
return(new UserEntity {
PartitionKey = Global.UserPartitionKey,
RowKey = usercreateModel.Id,
Id = usercreateModel.Id,
PasswordHash = PasswordHashing.HashPassword(usercreateModel.Password),
UserName = usercreateModel.UserName
});
}
public async Task <User> CreateUserAsync(User user)
{
var userEntity = _mapper.Map <Models.Entities.User>(user);
userEntity.Password = PasswordHashing.GeneratePassword(userEntity.Password);
var userModel = await PerformUserCreation(userEntity);
return(userModel);
}
private void btnChangePass_Click(object sender, EventArgs e)
{
try
{
var passDb = DBC.ExecuteQuery("SELECT \"password\" FROM \"APPUSER\" WHERE " +
$"username = '******';").Rows[0][0].ToString();
if (PasswordHashing.CheckPassword(txtActual.Text, passDb))
{
if (!txtNewPass.Text.Equals(txtNewPass2.Text))
{
MessageBox.Show(@"Las contraseñas nuevas no coinciden",
@"Error", MessageBoxButtons.OK,
MessageBoxIcon.Error, MessageBoxDefaultButton.Button1,
MessageBoxOptions.DefaultDesktopOnly);
}
else
{
var hashedNew = PasswordHashing.CreateHash(txtNewPass.Text);
var command = $"UPDATE \"APPUSER\" SET \"password\" = '{hashedNew}'" +
$" WHERE username = '******';";
DBC.ExecuteNonQuery(command);
MessageBox.Show(@"Contraseña actualizada", @"Completado",
MessageBoxButtons.OK,
MessageBoxIcon.Information, MessageBoxDefaultButton.Button1,
MessageBoxOptions.DefaultDesktopOnly);
}
}
else
{
MessageBox.Show(@"Su contraseña actual no es correcta", @"Error",
MessageBoxButtons.OK,
MessageBoxIcon.Error, MessageBoxDefaultButton.Button1,
MessageBoxOptions.DefaultDesktopOnly);
}
}
catch (Exception exception)
{
MessageBox.Show(exception.Message, @"Error",
MessageBoxButtons.OK,
MessageBoxIcon.Error, MessageBoxDefaultButton.Button1,
MessageBoxOptions.DefaultDesktopOnly);
}
finally
{
txtActual.Text = "";
txtActual_Leave(null, EventArgs.Empty);
txtNewPass.Text = "";
txtNewPass_Leave(null, EventArgs.Empty);
txtNewPass2.Text = "";
txtNewPass2_Leave(null, EventArgs.Empty);
}
}
public void TestExtractNoSaltProvided()
{
byte[] expectedSalt = Convert.FromBase64String(KnownSalt);
byte[] storedHash = Convert.FromBase64String("");
Assert.That(storedHash.Length, Is.LessThan(expectedSalt.Length));
byte[] salt = PasswordHashing.ExtractStoredSalt(storedHash);
Assert.That(salt, Is.Not.EqualTo(expectedSalt));
}
public void TestExtractBadSalt()
{
byte[] expectedSalt = Convert.FromBase64String(KnownSalt);
byte[] storedHash = Convert.FromBase64String("W4HzBdwizUNGfhTQJnP=");
Assert.That(storedHash.Length, Is.LessThan(expectedSalt.Length));
byte[] salt = PasswordHashing.ExtractStoredSalt(storedHash);
Assert.That(salt, Is.Not.EqualTo(expectedSalt));
}
