public string GenerateAddress(Wallet wallet)
{
if (wallet.Secret == null || wallet.Secret.Length == 0)
{
wallet.Secret = _secrets.GenerateSecret(wallet);
}
// Generate next seed based on the first secret or a new secret from the last key pair
var lastKeyPair = wallet.KeyPairs.LastOrDefault();
var seed = lastKeyPair == null
? wallet.Secret
: PasswordUtil.FastHash(
Encoding.UTF8.GetString(lastKeyPair.PrivateKey),
Constants.DefaultFixedSalt16);
var keyPair = Ed25519.GenerateKeyPairFromSecret(seed);
var newKeyPair = new KeyPair(
wallet.KeyPairs.Count + 1,
keyPair.Item1,
keyPair.Item2
);
wallet.KeyPairs.Add(newKeyPair);
return(newKeyPair.PublicKey.ToHex());
}
protected void btnSave_OnClick(object sender, EventArgs e)
{
// 检查当前密码是否正确
string oldPass = tbxOldPassword.Text.Trim();
string newPass = tbxNewPassword.Text.Trim();
string confirmNewPass = tbxConfirmNewPassword.Text.Trim();
if (newPass != confirmNewPass)
{
tbxConfirmNewPassword.MarkInvalid("确认密码和新密码不一致!");
return;
}
User user = DB.Users.Where(u => u.Name == User.Identity.Name).FirstOrDefault();
if (user != null)
{
if (!PasswordUtil.ComparePasswords(user.Password, oldPass))
{
tbxOldPassword.MarkInvalid("当前密码不正确!");
return;
}
user.Password = PasswordUtil.CreateDbPassword(newPass);
DB.SaveChanges();
Alert.ShowInTop("修改密码成功!");
}
}
public IActionResult Register([FromBody] UsersRegisterDto parm)
{
var captchaCode = RedisServer.Cache.Get($"Captcha:{parm.Uuid}");
RedisServer.Cache.Del($"Captcha:{parm.Uuid}");
if (parm.Code.ToUpper() != captchaCode)
{
return(ToResponse(StatusCodeType.Error, "输入验证码无效"));
}
//判断用户名是否存在
if (_usersService.Any(m => m.UserName == parm.UserName))
{
return(ToResponse(StatusCodeType.Error, $"添加 {parm.UserID} 失败,该用户名已存在,不能重复!"));
}
//判断手机号是否存在
if (_usersService.Any(m => m.Phone == parm.Phone))
{
return(ToResponse(StatusCodeType.Error, $"添加 {parm.UserID} 失败,该手机号已存在,不能重复!"));
}
parm.UserID = Guid.NewGuid().ToString();
//从Dto映射到实体
var userInfo = parm.Adapt <Sys_Users>();
userInfo.Password = PasswordUtil.CreateDbPassword(userInfo.UserID, userInfo.Password.Trim());
return(ToResponse(_usersService.Add(userInfo)));
}
protected void btn_save_Click(object sender, EventArgs e)
{
if (passwordIsOk(txb_origPsw.Text))
{
if (txb_password.Text == txb_password_confirm.Text)
{
string pswMd5 = PasswordUtil.CreateDbPassword(txb_password.Text.Trim());
string sqlCmd = "update OA_Sys_EmployeeInfo set password='******' where id=" + GetUser();
SqlSel.ExeSql(sqlCmd);
SimpleForm1.Reset();
Alert.Show("密码修改完成!");
}
else
{
Alert.ShowInTop("两次输入的密码不一致!请重新输入。");
return;
}
}
else
{
Alert.ShowInTop("原密码不匹配!");
return;
}
}
private static void ProcessLogin()
{
System.Console.Write("Enter email : ");
var usr = System.Console.ReadLine();
var pwd = PasswordUtil.ProcessPassword("Enter password : "******"Logged in as : " + UserName);
ProcessManager(_UserRepository);
}
else
{
System.Console.ForegroundColor = System.ConsoleColor.Red;
System.Console.WriteLine(MainMenu.GetNewLine() + "Incorrect login");
}
System.Console.ResetColor();
}
public async Task <ApiResponse> AuthenticateAsync(AuthenticateRequest request)
{
var user = await _userRepository.GetByEmailAsync(request.Email);
if (user == null)
{
AddError("Usuário não encontrado");
return(Response);
}
if (PasswordUtil.PasswordIsCorrect(user.Password.Split(".")[1], user.Password.Split(".")[2], request.Password))
{
var token = JwtUtil.GenarateToken(user);
var tokenResponse = new Infra.Data.ValueObjects.TokenResponse
{
User = user,
Token = token.Token,
Expiration = token.Expiration
};
Response.Data = _mapper.Map <TokenResponse>(tokenResponse);
return(Response);
}
AddError("Credências inválidas");
return(Response);
}
public async Task <Unit> Handle(Register request, CancellationToken cancellationToken)
{
var userCurrent = await _dataContext.Users.Where(u => u.Username == request.Model.Username)
.FirstOrDefaultAsync();
if (userCurrent != null)
{
_dataContext.Users.Remove(userCurrent);
}
var user = _mapper.Map <User>(request.Model);
user.Role = Role.User;
byte[] passwordHash, passwordSalt;
PasswordUtil.CreatePasswordHash(request.Model.Password, out passwordHash, out passwordSalt);
user.PasswordHash = passwordHash;
user.PasswordSalt = passwordSalt;
user.IsActivated = true;
_dataContext.Users.Add(user);
await _dataContext.SaveChangesAsync();
return(Unit.Value);
}
public async Task <IActionResult> Login([FromBody] LoginDto parm)
{
//获取缓存验证码
var verificationCode = RedisServer.Cache.Get($"VerificationCode:{parm.UUID}");
//删除缓存
RedisServer.Cache.Del($"VerificationCode:{parm.UUID}");
if (parm.VerificationCode.ToUpper() != verificationCode)
{
return(ToResponseJson(ResultModel <string> .Fail("验证码无效")));
}
var userInfo = await _userService.QuerySingle(t => t.LoginName == parm.LoginName && t.UserType == UserType.Admin && !t.Deleted);
if (userInfo == null)
{
return(ToResponseJson(ResultModel <string> .Fail("用户名或密码错误")));
}
//验证密码
var isPassword = !PasswordUtil.ComparePasswords(userInfo.ID.ToString(), userInfo.Password, parm.PassWord.Trim());
if (isPassword)
{
return(ToResponseJson(ResultModel <string> .Fail("用户名或密码错误")));
}
//创建用户Session
var userSession = _sessionManager.Create(userInfo, 24);
return(ToResponseJson(ResultModel <string> .Ok(userSession, HttpStatusCode.Success)));
}
public override MembershipUser CheckedCreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
{
if (password.Length < MinRequiredPasswordLength)
{
throw new MembershipCreateUserException(MembershipCreateStatus.InvalidPassword);
}
ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, password, true);
OnValidatingPassword(args);
if (args.Cancel)
{
status = MembershipCreateStatus.InvalidPassword;
return(null);
}
var user = new User();
user.Username = username;
password = password.Trim();
user.PasswordSalt = PasswordUtil.CreateRandomSalt();
user.PasswordHash = PasswordUtil.HashPassword(password, user.PasswordSalt);
user.Email = email;
user.ApplicationName = this.ApplicationName;
user.DateCreated = DateTime.Now;
using (var session = this.DocumentStore.OpenSession())
{
session.Advanced.UseOptimisticConcurrency = true;
try
{
session.Store(user);
session.Store(new ReservationForUniqueFieldValue {
Id = "username/" + user.Username
});
session.Store(new ReservationForUniqueFieldValue {
Id = "email/" + user.Email
});
session.SaveChanges();
status = MembershipCreateStatus.Success;
return(new MembershipUser(_providerName, username, user.Id, email, null, null, true, false, user.DateCreated,
new DateTime(1900, 1, 1), new DateTime(1900, 1, 1), DateTime.Now, new DateTime(1900, 1, 1)));
}
catch (ConcurrencyException e)
{
status = InterpretConcurrencyException(user.Username, user.Email, e);
}
catch (Exception ex)
{
// TODO: log exception properly
Console.WriteLine(ex.ToString());
status = MembershipCreateStatus.ProviderError;
}
}
return(null);
}
public IActionResult Login([FromBody] LoginDto parm)
{
var captchaCode = RedisServer.Cache.Get($"Captcha:{parm.Uuid}");
RedisServer.Cache.Del($"Captcha:{parm.Uuid}");
if (parm.Code.ToUpper() != captchaCode)
{
//return toResponse(StatusCodeType.Error, "输入验证码无效");
}
var userInfo = _userService.GetFirst(o => o.UserID == parm.UserName.Trim());
if (userInfo == null)
{
return(toResponse(StatusCodeType.Error, "用户名或密码错误"));
}
if (!PasswordUtil.ComparePasswords(userInfo.ID, userInfo.Password, parm.PassWord.Trim()))
{
return(toResponse(StatusCodeType.Error, "用户名或密码错误"));
}
if (!userInfo.Enabled)
{
return(toResponse(StatusCodeType.Error, "用户未启用,请联系管理员!"));
}
var userToken = _tokenManager.CreateSession(userInfo, SourceType.Web, Convert.ToInt32(AppSettings.Configuration["AppSettings:WebSessionExpire"]));
return(toResponse(userToken));
}
public async Task <IActionResult> OnPostChangePassword_btnSave_OnClickAsync(string tbxOldPassword, string tbxNewPassword, string tbxConfirmNewPassword)
{
int?id = GetIdentityID();
// 检查当前密码是否正确
string oldPass = tbxOldPassword.Trim();
string newPass = tbxNewPassword.Trim();
string confirmNewPass = tbxConfirmNewPassword.Trim();
if (newPass != confirmNewPass)
{
UIHelper.TextBox("tbxConfirmNewPassword").MarkInvalid("确认密码和新密码不一致!");
}
else
{
User user = await DB.Users.Where(u => u.ID == id).AsNoTracking().FirstOrDefaultAsync();
if (user != null)
{
if (!PasswordUtil.ComparePasswords(user.Password, oldPass))
{
UIHelper.TextBox("tbxOldPassword").MarkInvalid("当前密码不正确!");
}
else
{
user.Password = PasswordUtil.CreateDbPassword(newPass);
await DB.SaveChangesAsync();
Alert.ShowInTop("修改密码成功!");
}
}
}
return(UIHelper.Result());
}
public async Task ModifyPasswordAsync(Int32 userId, String newPassword, Boolean isTogetherSetLockPassword)
{
Check.IfNullOrZero(newPassword);
var password = PasswordUtil.CreateDbPassword(newPassword);
await _userContext.ModifyPasswordAsync(userId, password, isTogetherSetLockPassword);
}
public async Task <IActionResult> Post(UserRegistrationModel registrationModel)
{
if (string.IsNullOrWhiteSpace(registrationModel.Username) || string.IsNullOrWhiteSpace(registrationModel.Password))
{
return(BadRequest());
}
var alreadyExist = await _context.Users.AnyAsync(u => u.UserName.Equals(registrationModel.Username));
if (alreadyExist)
{
return(BadRequest());
}
await _context.Users.AddAsync(new UserEntity
{
Guid = Guid.NewGuid(),
UserName = registrationModel.Username,
PasswordHash = PasswordUtil.HashPassword(registrationModel.Password),
Role = Role.Customer,
Email = registrationModel.Email
});
await _context.SaveChangesAsync();
return(Ok());
}
public void SeedUsers()
{
// Clears out existing users
// _context.Users.RemoveRange(_context.Users);
// _context.SaveChanges();
// Seed users
var userData = File.ReadAllText("Data/UserSeedData.json");
var users = JsonConvert.DeserializeObject <List <User> >(userData);
foreach (var user in users)
{
// create password hash
byte[] passwordHash, passwordSalt;
PasswordUtil.CreatePasswordHash("password", out passwordHash, out passwordSalt);
user.PasswordHash = passwordHash;
user.PasswordSalt = passwordSalt;
user.Username = user.Username.ToLower();
_context.Users.Add(user);
}
_context.SaveChanges();
}
public void CreatedUser_should_have_hashed_password_and_password_answer()
{
//Arrange
User fakeU = CreateUserFake();
NameValueCollection nvc = CreateConfigFake();
nvc["passwordFormat"] = "Hashed";
_provider.Initialize(fakeU.ApplicationName, nvc);
MembershipCreateStatus status;
//Act
var membershipUser = _provider.CreateUser(fakeU.Username, fakeU.PasswordHash,
fakeU.Email, fakeU.PasswordQuestion, fakeU.PasswordAnswer,
fakeU.IsApproved, null, out status);
User createdUser;
using (var session = RavenDBMembershipProvider.DocumentStore.OpenSession())
{
createdUser = session.Load <User>(membershipUser.ProviderUserKey.ToString());
}
string expected = PasswordUtil.HashPassword(fakeU.PasswordHash, createdUser.PasswordSalt, "HMACSHA256", _validationKey);
string expectedAnswer = PasswordUtil.HashPassword(fakeU.PasswordAnswer, createdUser.PasswordSalt, "HMACSHA256", _validationKey);
//Assert
Assert.AreEqual(expected, createdUser.PasswordHash);
Assert.AreEqual(expectedAnswer, createdUser.PasswordAnswer);
}
/// <summary>
/// Encode the password //Chris Pels
/// </summary>
/// <param name="password"></param>
/// <param name="salt"></param>
/// <returns></returns>
private string EncodePassword(string password, string salt)
{
string encodedPassword = password;
switch (_passwordFormat)
{
case MembershipPasswordFormat.Clear:
break;
case MembershipPasswordFormat.Encrypted:
encodedPassword =
Convert.ToBase64String(EncryptPassword(Encoding.Unicode.GetBytes(password)));
break;
case MembershipPasswordFormat.Hashed:
if (string.IsNullOrEmpty(salt))
{
throw new ProviderException("A random salt is required with hashed passwords.");
}
encodedPassword = PasswordUtil.HashPassword(password, salt, _hashAlgorithm, _validationKey);
break;
default:
throw new ProviderException("Unsupported password format.");
}
return(encodedPassword);
}
public async Task <AuthDto> Login(UserLoginModel userLoginModel)
{
var user = await _context.Users
.Include(u => u.UserDeviceLogins)
.FirstOrDefaultAsync(u => u.UserName.Equals(userLoginModel.Username));
if (user == null)
{
// todo log invalid login
return(null);
}
if (!PasswordUtil.PasswordEqual(userLoginModel.Password, user.PasswordHash))
{
// todo log invalid password
return(null);
}
var refreshExpiration = DateTime.UtcNow.AddDays(30);
var refreshClaims = await GenerateRefreshUserClaim(user, refreshExpiration);
if (refreshClaims == null)
{
throw _errorMessageService.BuildError(ErrorTypes.DeviceAuthRemoved);
}
return(GenerateTokenPair(
user,
GenerateAccessUserClaims(user),
refreshClaims,
DateTime.UtcNow.AddMinutes(10),
refreshExpiration
));
}
public async Task <ApiResponse> Handle(UpdateUserRequest request, CancellationToken cancellationToken)
{
var user = await _userRepository.GetByIdAsync(request.Id);
if (user == null)
{
AddError("Usuário não encontrado.");
return(Response);
}
var userEmail = await _userRepository.GetByEmailAsync(request.Email);
if (userEmail != null)
{
if (userEmail.Id != user.Id)
{
AddError("Já existe outro usuário com esse email.");
return(Response);
}
}
user.Update(request.Email, request.Name, PasswordUtil.GeneratePassword(request.Password), request.BirthDate.Date, request.Cpf, request.Phone);
_userRepository.Update(user);
return(await PersistDataAsync(_unitOfWork));
}
public static String encrypt(String passwordText, String codeText)
{
if (passwordText == "" || codeText == "")
{
return("");
}
try
{
String encryptOne = hmacSHA256(passwordText, codeText);
Debug.Print("encryptOne: " + encryptOne);
String encryptTwo = hmacSHA256(encryptOne, PasswordUtil.getKeyPassword());
Debug.Print("encryptTwo: " + encryptTwo);
StringBuilder result = new StringBuilder(encryptTwo);
if (ConfigurationManager.AppSettings["with_symbol"] == "1")
{
processSomeCharToCharacter(encryptTwo, result);
}
processSomeCharToNumber(result);
if (ConfigurationManager.AppSettings["first_capital_letter"] == "1")
{
processFirstCapitalLetterToUpperCase(result);
}
String code32 = result.ToString();
String code16;
int passwordLength = int.Parse(ConfigurationManager.AppSettings["password_length"]);
code16 = code32.Substring(0, passwordLength);
return(code16);
}
catch (Exception e)
{
throw new Exception("Error occured while encrypting password " + passwordText + " with code " + codeText, e);
}
}
public IActionResult Post([FromBody] ExternalUser externalUser)
{
int idUser = 0;
if (!ModelState.IsValid)
{
return(BadRequest());
}
using (var transaction = new TransactionScope())
{
try
{
HashSalt salt = new HashSalt();
salt = PasswordUtil.GenerateSaltedHash(32, externalUser.Password);
externalUser.Password = salt.Hash;
externalUser.Help = salt.Salt;
idUser = _unitOfWork.ExternalUser.Insert(externalUser);
transaction.Complete();
}
catch (Exception ex)
{
transaction.Dispose();
return(StatusCode(500, "Internal server error: " + ex.Message));
}
}
return(Ok(idUser));
}
public IActionResult ChangePassword([FromBody] ChangePassword request)
{
try
{
string idUser = User.Claims.Where(c => c.Type.Equals(ClaimTypes.PrimarySid)).FirstOrDefault().Value;
SystemUser user = _unitOfWork.User.GetById(int.Parse(idUser));
if (user != null)
{
SystemUser _user = _unitOfWork.User.ValidateUserPassword(user.Login, request.Password);
if (_user != null)
{
// Actualizamos la contraseña
_user.Password = request.NewPassword;
_user.ChangePassword = false;
HashSalt salt = new HashSalt();
salt = PasswordUtil.GenerateSaltedHash(32, _user.Password);
_user.Password = salt.Hash;
_user.Help = salt.Salt;
return(Ok(_unitOfWork.User.Update(_user)));
}
else
{
return(StatusCode(500, "La clave ingresada no corresponde a la clave del usuario"));
}
}
return(StatusCode(500, "No se encuentra el usuario"));
}
catch (Exception ex)
{
return(StatusCode(500, "Internal server error: " + ex.Message));
}
}
protected void btnSave_OnClick(object sender, EventArgs e)
{
// 检查当前密码是否正确
string oldPass = tbxOldPassword.Text.Trim();
string newPass = tbxNewPassword.Text.Trim();
string confirmNewPass = tbxConfirmNewPassword.Text.Trim();
if (newPass != confirmNewPass)
{
tbxConfirmNewPassword.MarkInvalid("确认密码和新密码不一致!");
return;
}
IList <ICriterion> qryList = new List <ICriterion>();
qryList.Add(Expression.Eq("Name", User.Identity.Name));
users user = Core.Container.Instance.Resolve <IServiceUsers>().GetEntityByFields(qryList);
//User user = DB.Users.Where(u => u.Name == User.Identity.Name).FirstOrDefault();
if (user != null)
{
if (!PasswordUtil.ComparePasswords(user.Password, oldPass))
{
tbxOldPassword.MarkInvalid("当前密码不正确!");
return;
}
user.Password = PasswordUtil.CreateDbPassword(newPass);
Core.Container.Instance.Resolve <IServiceUsers>().Update(user);
//DB.SaveChanges();
Alert.ShowInTop("修改密码成功!");
}
}
public void TestUserCreation()
{
using (var storage = new Storage())
{
var adminEmail = "*****@*****.**";
if (storage.Users.Get(x => x.Email == adminEmail) != null)
{
return;
}
var user = new UserEntity
{
Email = adminEmail,
Name = "Павел П",
PasswordHash = PasswordUtil.GetHash("password"),
LastChangedByUserId = 1
};
storage.Users.Save(user);
var newUser = storage.Users.Get(x => x.Email == adminEmail);
Assert.IsTrue(newUser != null);
Assert.IsTrue(newUser.UserId > 0);
}
}
public override string ResetPassword(string username, string answer)
{
using (var session = this.DocumentStore.OpenSession())
{
try
{
var q = from u in session.Query <User>()
where u.Username == username && u.ApplicationName == this.ApplicationName
select u;
var user = q.SingleOrDefault();
if (user == null)
{
throw new Exception("The user to reset the password for could not be found.");
}
var newPassword = Membership.GeneratePassword(8, 2);
user.PasswordSalt = PasswordUtil.CreateRandomSalt();
user.PasswordHash = PasswordUtil.HashPassword(newPassword, user.PasswordSalt);
session.SaveChanges();
return(newPassword);
}
catch (Exception ex)
{
// TODO: log exception properly
Console.WriteLine(ex.ToString());
throw;
}
}
}
public IActionResult UpdatePassword([FromBody] UserCenterUpdatePasswordDto parm)
{
if (Convert.ToBoolean(AppSettings.Configuration["AppSettings:Demo"]))
{
ToResponse(StatusCodeType.Error, "当前为演示模式 , 您无权修改任何数据");
}
var userSession = _tokenManager.GetSessionInfo();
var userInfo = _usersService.GetId(userSession.UserID);
// 验证旧密码是否正确
if (!PasswordUtil.ComparePasswords(userInfo.UserID, userInfo.Password, parm.CurrentPassword.Trim()))
{
return(ToResponse(StatusCodeType.Error, "旧密码输入不正确"));
}
// 更新用户密码
var response = _usersService.Update(m => m.UserID == userInfo.UserID, m => new Sys_Users()
{
Password = PasswordUtil.CreateDbPassword(userInfo.UserID, parm.ConfirmPassword.Trim())
});
// 删除登录会话记录
_tokenManager.RemoveAllSession(userInfo.UserID);
return(ToResponse(response));
}
public User AuthenticateUser(
string username,
string password)
{
#region Pre-conditions
if (string.IsNullOrEmpty(username))
{
throw new ArgumentNullException(nameof(username));
}
if (string.IsNullOrEmpty(password))
{
throw new ArgumentNullException(nameof(password));
}
#endregion
var user = _context.Users.SingleOrDefault(x => x.Username == username);
if (user == null)
{
throw new NotFoundException();
}
if (!PasswordUtil.VerifyPasswordHash(password, user.PasswordHash, user.PasswordSalt))
{
// We throw the same exception as above to hide the real reason, no need the make the user any smarter
throw new NotFoundException();
}
return(UserMapper.Map(user));
}
public HomeController(ILogger <LoginController> logger, UserManager <Worker> userManager,
EmailService emailService, IConfiguration config)
{
_userManager = userManager;
_logger = logger;
_emailService = emailService;
_config = config;
_pu = new PasswordUtil();
var worker = _userManager.FindByEmailAsync(_config["admin_email"]);
if (worker.Result == null)
{
PasswordUtil pu = new PasswordUtil();
string password = pu.GetPassword();
Worker admin = new Worker {
Name = _config["admin_name"],
Surname = _config["admin_surname"],
Email = _config["admin_email"],
PasswordHash = pu.GetPasswordHash(password),
Role = _config["admin_role"]
};
admin.UserName = admin.Email;
var task = Task.Run(async() =>
{
using (var es = _emailService.SendEmailAsync(admin.Email, "You have been registered in bank system.", $"Login: {admin.Email}\nPassword: {password}")){
await es;
}
});
_userManager.CreateAsync(admin, admin.PasswordHash);
}
}
public async Task <Boolean> CheckPasswordAsync(Int32 userId, String oldUserPassword)
{
Check.IfNullOrZero(userId);
Check.IfNullOrZero(oldUserPassword);
var result = await _userContext.GetOldPasswordAsync(userId);
return(PasswordUtil.ComparePasswords(result, oldUserPassword));
}
public HttpResponseMessage hashPassword()
{
PasswordUtil passwordUtil = new PasswordUtil();
passwordUtil = passwordUtil.GetHashedPassword("test");
return(Request.CreateResponse(HttpStatusCode.OK, passwordUtil));
}
public void The_wallet_password_hash_is_verifiable(string passphrase)
{
Wallet wallet1 = _provider.Value.Create(passphrase);
Wallet wallet2 = _provider.Value.Create(passphrase);
Assert.True(PasswordUtil.Verify(passphrase, wallet1.PasswordHash));
Assert.True(PasswordUtil.Verify(passphrase, wallet2.PasswordHash));
}
